Mon.Apr 15, 2024

article thumbnail

Crickets from Chirp Systems in Smart Lock Key Leak

Krebs on Security

The U.S. government is warning that “smart locks” securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock’s maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021. Meanwhile, Chirp’s parent company, RealPage, Inc. , is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents.

Analytics 325
article thumbnail

Likely State Hackers Exploiting Palo Alto Firewall Zero-Day

Data Breach Today

Company Released a Hotfix to the Command Injection Vulnerability Firewall appliance manufacturer Palo Alto Networks rushed out a hotfix Friday to a command injection vulnerability present in its custom operating system after security researchers spotted a campaign to exploit the zero-day starting in March, likely from a state-backed threat actor.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The US Government Has a Microsoft Problem

WIRED Threat Level

Microsoft has stumbled through a series of major cybersecurity failures over the past few years. Experts say the US government’s reliance on its systems means the company continues to get a free pass.

article thumbnail

Sisense Breach Highlights Rise in Major Supply Chain Attacks

Data Breach Today

Experts Warn of Growing Threat From Supply Chain Attacks After High-Profile Breach Cybersecurity experts are sounding the alarm over a rise in supply chain attacks targeting the interconnected systems of global corporate giants after the top U.S. cyber agency urged Sisense customers to reset their credentials following an apparent hack.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

Security Affairs

The Ukrainian hacking group Blackjack used a destructive ICS malware dubbed Fuxnet in attacks against Russian infrastructure. Industrial and enterprise IoT cybersecurity firm Claroty reported that the Ukrainian Blackjack hacking group claims to have damaged emergency detection and response capabilities in Moscow and beyond the Russian capital using a destructive ICS malware dubbed Fuxnet.

IoT 145

More Trending

article thumbnail

Cisco Duo warns telephony supplier data breach exposed MFA SMS logs

Security Affairs

Cisco Duo warns that a data breach involving one of its telephony suppliers exposed multifactor authentication (MFA) messages sent by the company via SMS and VOIP to its customers. Cisco Duo warns of a data breach involving one of its telephony suppliers, compromising multifactor authentication (MFA) messages sent to customers via SMS and VOIP. The security breach occurred on April 1, 2024, the threat actors used a Provider employee’s credentials that illicitly obtained through a phishing attac

article thumbnail

Law Firm to Pay $8M to Settle Health Data Hack Lawsuit

Data Breach Today

Orrick Herrington Cyberattack Compromised Clients' Data, Affected Nearly 638,000 A global law firm that provides data breach legal services has agreed to an $8 million settlement to resolve a proposed class action lawsuit filed against the firm in the aftermath of its cyberattack last year, which affected some health sector clients and nearly 638,000 individuals.

article thumbnail

Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor

Security Affairs

Threat actors have been exploiting the recently disclosed zero-day in Palo Alto Networks PAN-OS since March 26, 2024. Palo Alto Networks and Unit 42 are investigating the activity related to CVE-2024-3400 PAN-OS flaw and discovered that threat actors have been exploiting it since March 26, 2024. CVE-2024-3400 (CVSS score of 10.0) is a critical command injection vulnerability in Palo Alto Networks PAN-OS software.

article thumbnail

You Really Are Being Surveilled All the Time

KnowBe4

“If the product is free, you are the product!” No truer words have ever been spoken. But in today’s internet-connected, ad-everywhere world, even if you are paying for the product or service, you are still the product.

Phishing 124
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

CISA adds Palo Alto Networks PAN-OS Command Injection flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto Networks PAN-OS Command Injection flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2024-3400 Palo Alto Networks PAN-OS Command Injection vulnerability to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-3400 (CVSS score of 10.0) is a critical command injection vulnerability in Palo Alto Networks PAN-OS software.

IT 141
article thumbnail

[WARNING] FBI Issues Alert on Major Phishing Campaign That Impersonates US Toll Services

KnowBe4

The FBI has issued an alert warning of a widespread SMS phishing (smishing) campaign targeting people in several US states with phony notices of unpaid tolls, BleepingComputer reports.

Phishing 122
article thumbnail

New Lattice Cryptanalytic Technique

Schneier on Security

A new paper presents a polynomial-time quantum algorithm for solving certain hard lattice problems. This could be a big deal for post-quantum cryptographic algorithms, since many of them base their security on hard lattice problems. A few things to note. One, this paper has not yet been peer reviewed. As this comment points out: “We had already some cases where efficient quantum algorithms for lattice problems were discovered, but they turned out not being correct or only worked for simple

Paper 120
article thumbnail

Data Citizens 24: Imagination increases innovation

Collibra

Last week we wrapped up our annual Data Citizens conference. This conference brought together data leaders from around the world to share insights, network and imagine a brighter data future. The overarching theme of the conference was imagination and innovation — and this theme rang true throughout all of our mainstage presentations. In a time when AI is constantly challenging us, it is important to think fast and be adaptive so that we can innovate and grow in this dynamic environment.

Analytics 118
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Vulnerability Recap 4/15/24 – Palo Alto, Microsoft, Ivanti Exploits

eSecurity Planet

Last week’s cybersecurity incidents revealed significant vulnerabilities across multiple platforms. Threats range from severe weaknesses in Ivanti’s VPN appliances to zero-day exploits in popular software such as Palo Alto Networks’ PAN-OS and Telegram’s Windows client. Typically, these vulnerabilities result in remote code execution or denial-of-service attacks, posing major dangers to users’ data security.

Libraries 106
article thumbnail

Maximize the power of your lines of defense against cyber-attacks with IBM Storage FlashSystem and IBM Storage Defender

IBM Big Data Hub

Today, cybercrime is good business. It exists because the profits are high while the risks are low. Far from stopping, cybercrime is constantly increasing. In 2023, the FBI received a record number of 880,418 complaints with potential losses exceeding USD 12.5 billion. This is a nearly 10% increase in complaints and 22% increase in losses compared to 2022.

article thumbnail

Elevate human potential with Cloud Editions (CE) 24.2

OpenText Information Management

We, at OpenText, lead groundbreaking digital transformations, providing our customers with essential tools to navigate the ever-evolving business landscape. Information holds unparalleled power, however, with AI, change is imperative, and success will favor those who swiftly embrace, accelerate, and reimagine work. The next generation of innovation will be driven by artificial intelligence (AI) and firmly rooted in effective information management.

Cloud 96
article thumbnail

4 ways generative AI addresses manufacturing challenges

IBM Big Data Hub

The manufacturing industry is in an unenviable position. Facing a constant onslaught of cost pressures, supply chain volatility and disruptive technologies like 3D printing and IoT. The industry must continually optimize process, improve efficiency, and improve overall equipment effectiveness. At the same time, there is this huge sustainability and energy transition wave.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Elevate human potential with Cloud Editions (CE) 24.2

OpenText Information Management

We, at OpenText, lead groundbreaking digital transformations, providing our customers with essential tools to navigate the ever-evolving business landscape. Information holds unparalleled power, however, with AI, change is imperative, and success will favor those who swiftly embrace, accelerate, and reimagine work. The next generation of innovation will be driven by artificial intelligence (AI) and firmly rooted in effective information management.

Cloud 96
article thumbnail

Building the human firewall: Navigating behavioral change in security awareness and culture

IBM Big Data Hub

The latest findings of the IBM X-Force® Threat Intelligence Index report highlight a shift in the tactics of attackers. Rather than using traditional hacking methods, there has been a significant 71% surge in attacks where criminals are exploiting valid credentials to infiltrate systems. Info stealers have seen a staggering 266% increase in their utilization, emphasizing their role in acquiring these credentials.

article thumbnail

US STATE-BY-STATE AI LEGISLATION SNAPSHOT via BCLP

IG Guru

Check out the article here. The post US STATE-BY-STATE AI LEGISLATION SNAPSHOT via BCLP first appeared on IG GURU.

article thumbnail

LibTech EdTech – transition, challenges and contradictions

CILIP

CILIP Copyright COnference 2024 By Gary Horrocks THE summer 2023 issue of UKeiG’s open access journal, eLucidate , featured my reflections on the implications of a Members’ Day presentation by Ken Chad on the “library technology ecosystem". "For every rally cry to embrace AI in education, there are concerns for student literacy and the demise of academic skills.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

OpenText World Europe 2024 has taken flight

OpenText Information Management

Over the course of the last six months, much has shifted in the technology landscape, and much has advanced at OpenText. At our premiere information management conference OpenText World Europe 2024 this week, the attention is focused on new innovations that meet new customer needs. Information management elevates human potential There is no doubt that the AI revolution is here.

Cloud 69
article thumbnail

Data virtualization unifies data for seamless AI and analytics

IBM Big Data Hub

Data integration stands as a critical first step in constructing any artificial intelligence (AI) application. While various methods exist for starting this process, organizations accelerate the application development and deployment process through data virtualization. Data virtualization empowers businesses to unlock the hidden potential of their data, delivering real-time AI insights for cutting-edge applications like predictive maintenance, fraud detection and demand forecasting.

article thumbnail

AI: Elevate human potential

OpenText Information Management

Greetings from ICE, a trusted partner for your AI journey. This AI-generated Yeti has had a busy six months. He’s been around the globe to visit customers, helping them figure out their initial use cases to apply AI. Don’t let his blue fur and fuzzy demeanor throw you off; ICE knows the promise of AI and is eager to help you decode what will work for your business.This trusted Yeti is helping young aviators out there earn their first wings.

Sales 64
article thumbnail

In High Demand - How Thales and DigiCert Protect Against Software Supply Chain Attacks

Thales Cloud Protection & Licensing

In High Demand - How Thales and DigiCert Protect Against Software Supply Chain Attacks madhav Tue, 04/16/2024 - 05:25 Software supply chain attacks have been rapidly increasing in the past few years. Also called backdoor attacks, they cleverly exploit third-party software vulnerabilities to access an organization’s systems and data. These infiltrations tend to be very lucrative for criminals and devastating to businesses, as a single breach can impact thousands of victims in a rapid domino effec

Risk 62
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Take productivity to new heights with AI-assisted DevOps 

OpenText Information Management

Generative AI is not just another trend anymore. The future of testing and quality management is shifting toward AI-powered software delivery. As more enterprises begin to realize its full potential, generative AI will undoubtedly reshape the total landscape of DevOps. It should go without saying that OpenText is pioneering this opportunity as a trusted partner by ushering in a new era of possibilities where generative AI complements human creativity to become tomorrow’s solutions.

Risk 59
article thumbnail

NATO’s 75th anniversary: A reminder of the importance of building resilience

CGI

As NATO commemorates its 75th anniversary this month, it prompts reflection on its enduring principles and adaptability in response to evolving security landscapes. Central to NATO's ethos is collective security, embodying the belief that unity fosters greater safety and strength. This principle is epitomized in NATO's Article 5, wherein member states pledge mutual assistance in the face of armed aggression.

article thumbnail

Drive customer success with OpenText Experience Cloud 24.2

OpenText Information Management

Customers are at the heart of every thriving business. Delving deeper is like dissecting a watermelon: while the outer layer may seem green with customer success, the true inside is vividly red. Traditional metrics like acquisition, onboarding and loyalty might look okay at first glance, but could be masking underlying issues like high turnover, frustration, and fractured experiences.

Cloud 59