Thu.Aug 01, 2024

article thumbnail

Breach Roundup: Sitting Ducks in the DNS

Data Breach Today

Also: More CrowdStrike Fallout and a US Elections DDoS Warning This week, hackers exploited DNS flaws, Delta said the CrowdStrike outage cost it $500 million, the German BSI wanted the outage's root cause, the FBI said U.S. elections are safe from DDoS attacks, hackers exploited Google Ads, malware hid on Google Play apps, and a hacker stole Bausch Health data.

IT 162
article thumbnail

Black Hat Fireside Chat: Consumers demand secure mobile apps; it’s high time for brands to deliver

The Last Watchdog

Two-plus decades of enduring wave after wave of mobile app malware and fraud has finally taken its toll on users. Now comes a global survey from Appdome and OWASP that reveals the vast majority of consumers are fed up. I recently visited with Appdome CEO Tom Tovar to discuss clear signals that consumers are now insisting upon mobile apps that are private and secure, as well as convenient.

Security 147
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

A $500 Open-Source Tool Lets Anyone Hack Computer Chips With Lasers

WIRED Threat Level

The RayV Lite will make it hundreds of times cheaper for anyone to carry out physics-bending feats of hardware hacking.

IT 144
article thumbnail

Over 20,000 internet-exposed VMware ESXi instances vulnerable to CVE-2024-37085

Security Affairs

Shadowserver researchers reported that over 20,000 internet-exposed VMware ESXi instances are affected by the actively exploited flaw CVE-2024-37085. Researchers at the Shadowserver Foundation reported that approximately 20,000 VMware ESXi servers exposed online appear impacted by the exploited vulnerability CVE-2024-37085. We have started sharing exposed VMware ESXi vulnerable to CVE-2024-37085 (authentication bypass).

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

He Was an FBI Informant—and Inspired a Generation of Violent Extremists

WIRED Threat Level

Joshua Caleb Sutter infiltrated far-right extremist organizations as a confidential FBI informant, all while promoting hateful ideologies that influenced some of the internet's most violent groups.

Security 142

More Trending

article thumbnail

US CISA Appoints 1st Chief AI Officer to Boost Cyber Defense

Data Breach Today

Cyber Defense Agency Names Former CISA Senior Adviser Lisa Einstein The U.S. Cybersecurity and Infrastructure Security Agency announced Thursday the appointment of Lisa Einstein to serve as the agency's first-ever chief artificial intelligence officer, saying the role will help "institutionalize our ongoing efforts to responsibly govern our own uses of AI.

article thumbnail

Sitting Ducks attack technique exposes over a million domains to hijacking

Security Affairs

Researchers warn of an attack vector in the DNS, called the Sitting Ducks, that exposes over a million domains to hackers’ takeover. Researchers from Eclypsium and Infoblox have identified an attack vector in the domain name system (DNS), dubbed the Sitting Ducks attack. Over a dozen Russian-linked cybercriminal groups exploited this attack technique to carry out a stealth domain name hijacking.

Risk 131
article thumbnail

Education in Secure Software Development

Schneier on Security

The Linux Foundation and OpenSSF released a report on the state of education in secure software development. …many developers lack the essential knowledge and skills to effectively implement secure software development. Survey findings outlined in the report show nearly one-third of all professionals directly involved in development and deployment ­ system operations, software developers, committers, and maintainers ­ self-report feeling unfamiliar with secure software development practice

Education 117
article thumbnail

The EU AI Act is here. Are you ready?

Collibra

We’ve now hit a new era of AI — no, not some new hyper-powerful model or use case, but rather the enforcement of the EU AI Act. Organizations (and countries) around the world have been talking about this for years, and now it has become a reality. Organizations will need to comply with this new Act or, like we’ve seen in the past with laws like GDPR, face stiff penalties.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

KnowBe4 Named a Leader in the Summer 2024 G2 Grid Report for Security Orchestration, Automation, and Response (SOAR) Software

KnowBe4

We are excited to announce that KnowBe4 has been named a leader in the Summer 2024 G2 Grid Report for Security Orchestration, Automation, and Response (SOAR) for the PhishER platform for the 13th consecutive quarter!

Security 116
article thumbnail

Ever More Toxic Ransomware Brands Breed Lone Wolf Operators

Data Breach Today

Ransomware Responders See a Surge, Likely Comprising Groups' Displaced Affiliates Following the demise or disruption of both the LockBit and BlackCat - aka Alphv - ransomware groups, more attackers than ever before are choosing to work as lone wolves rather than under the ba 100 13874 0 13874 0 0 56289 0 --:--:-- --:--:-- --:--:-- 56398 nner of increasingly toxic brands - due to the risk they pose, ransomware watchers report.

article thumbnail

5 Cyber Security and ISO 27001 Myths

IT Governance

Common misconceptions and what you can do about them Contrary to common belief, the external threat – a threat actor hacking their way into your systems through technical skill alone – isn’t your biggest problem. In our previous interview with Damian Garcia, our head of GRC (governance, risk and compliance) consultancy, we learned about the internal, or insider, threat and its significance.

article thumbnail

Why Did Change Health Lowball Its 1st Breach Report to Feds?

Data Breach Today

Breach Report Says Only 500 People Affected When Actual Number Could be 100 Million Change Healthcare officials projected that the company's massive February cyberattack affected one-third of the American population. So why did the IT services provider's HIPAA breach report to federal regulators lowball the initial estimate, saying the cyberattack only affected 500 people?

IT 100
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

This Roku soundbar turned my old TV into the ultimate 4K theater experience

Collaboration 2.0

Roku's Streambar Pro gives your TV audio a boost while adding 4K streaming, and it's relatively affordable at $180.

IT 98
article thumbnail

Invitation to tender: Review of the economic & social benefits of eBook lending

CILIP

Invitation to tender: Review of the economic and social benefits of enabling more sustainable and inclusive eBook lending. Invitation to tender: Review of the economic and social benefits of enabling more sustainable and inclusive eBook lending. CILIP invites researchers to submit a proposal to conduct an independent study into the economic, social, cultural, educational and innovation and research impacts of enabling more sustainable and inclusive eBook lending and to present the findings in a

article thumbnail

16 incredibly useful things Alexa can do on Amazon Echo

Collaboration 2.0

Alexa has grown into a pervasive personal assistant. We were curious about what features the Alexa team loves that many of us haven't noticed. Here are 16 slick features you may have missed.

98
article thumbnail

Weekly Update 411

Troy Hunt

The ongoing scourge that is spyware (or, as it is commonly known, "stalkerware"), and the subsequent breaches that so often befall them continue to amaze me. More specifically, it's the way they tackle the non-consensual spying aspect of the service which, on the one hand is represented as a big "no-no" but on the others hand, the likes of Spytech in this week's update literally have a dedicated page for!

Access 89
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

“Power of Possibilities with Modern Device Management” webinar recap

Jamf

In this webinar, Kate English showed how Declarative Device Management helps make environments more secure, more native and iterates on an already strong MDM foundation.

MDM 89
article thumbnail

The best record players of 2024: Expert tested and reviewed

Collaboration 2.0

Looking for something to spin your vinyl collection? We went hands-on with some of the best record players with modern features like Bluetooth connectivity while still providing that crisp record crackle sound you know and love.

76
article thumbnail

Managing data consumption in aviation

Jamf

Learn how to manage data consumption in the aviation industry, manage and secure your Apple device fleets, enforce data usage policies and prevent cyber threats.

article thumbnail

3 ways Google just supercharged your Chrome browser with AI - and they're surprisingly useful

Collaboration 2.0

The Circle to Search experience is no longer limited to Android phones. And that's only the beginning.

76
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Highlights from Masters Conference New York 2024

eDiscovery Daily

By Rick Clark The Masters Conference for Legal Professionals in New York City hosted by Morgan Lewis LLP on July 24th was replete with insights on applying AI to eDiscovery, collecting and reviewing text and chat app data and information governance. A second conference the following day was held on “soft skills” provided valuable tips on enhancing your communication skills and your career was emceed by Rich Robinson of Toyota.

article thumbnail

Taco Bell is rolling out AI ordering in hundreds of drive-thrus. Here's how it works

Collaboration 2.0

AI technology is coming to Taco Bell, hopefully freeing up employees to lessen your wait time and provide better service.

IT 76
article thumbnail

U.S. Trades Cybercriminals to Russia in Prisoner Swap

Krebs on Security

Twenty-four prisoners were freed today in an international prisoner swap between Russia and Western countries. Among the eight Russians repatriated were several convicted cybercriminals. In return, Russia has reportedly released 16 prisoners, including Wall Street Journal reporter Evan Gershkovich and ex-U.S. Marine Paul Whelan. Among the more notable Russian hackers released in the prisoner swap is Roman Seleznev , 40, who was sentenced in 2017 to 27 years in prison for racketeering convictions

Military 260
article thumbnail

The best rugged tablets of 2024: Expert tested and reviewed

Collaboration 2.0

We tested the best rugged tablets tested against US military standards to survive drops, shocks, dirt, and moisture.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

U.S. Trades Cybercriminals to Russia in Prisoner Swap

Krebs on Security

Twenty-four prisoners were freed today in an international prisoner swap between Russia and Western countries. Among the eight Russians repatriated were several convicted cybercriminals. In return, Russia has reportedly released 16 prisoners, including Wall Street Journal reporter Evan Gershkovich and ex-U.S. Marine Paul Whelan. Among the more notable Russian hackers released in the prisoner swap is Roman Seleznev , 40, who was sentenced in 2017 to 27 years in prison for racketeering convictions

Military 242
article thumbnail

The best Linux laptops of 2024: Expert tested and reviewed

Collaboration 2.0

The best Linux laptops are user-friendly with high-end components and great battery life. We tested models from Lenovo, Dell, and more to find the top options starting at just $800.

76
article thumbnail

Finally, a portable Bluetooth speaker that sounds incredible but won't break the bank

Collaboration 2.0

The Sony Ult Field 1 pumps out surprisingly powerful audio for a speaker that costs less than you'd expect.

75