Thu.May 23, 2024

article thumbnail

Breach Roundup: Fluent Bit Flaw Is Risky for Cloud Providers

Data Breach Today

Also: Spanish Hacker Alcasec Arrested Again This week, Fluent Bit contains a flaw, Microsoft is nuking VBScript, Irish police and the SEC face fines, a man was sentenced for BEC, a flaw was found in Netflix's Genie, an Australia university said it was breached and Black Basta claimed an attack, and hacker Alcasec was arrested again.

Cloud 309
article thumbnail

Stark Industries Solutions: An Iron Hammer in the Cloud

Krebs on Security

The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. An investigation into Stark Industries reveals it is being used as a global proxy network that conceals the true source of cyberattacks and disinformation c

Cloud 305
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

RSAC Fireside Chat: Qwiet AI leverages graph-database technology to reduce AppSec noise

The Last Watchdog

AppSec has never been more challenging. By the same token, AppSec technology is advancing apace to help companies meet this challenge. Related: AppSec market trajectory At RSAC 2024 , I sat down with Bruce Snell , cybersecurity strategist at Qwiet.ai , to hear a break down about how Qwiet has infused it’s preZero platform, with graph-database capabilities to deliver SAST, SCA, container scanning and secrets detection in a single solution.

Marketing 278
article thumbnail

Rockwell Automation Says to Disconnect ICS From the Internet

Data Breach Today

Advisory Says Disconnecting ICS Reduces Exposure to Malicious Cyber Activities Rockwell Automation warned customers to disconnect industrial control systems from the internet, citing escalating cyberthreats and rising global geopolitical tensions. Disconnecting these systems is a proactive measure to reduce the attack surface.

266
266
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

A Leak of Biometric Police Data Is a Sign of Things to Come

WIRED Threat Level

Thousands of fingerprints and facial images linked to police in India have been exposed online. Researchers say it’s a warning of what will happen as the collection of biometric data increases.

Privacy 143

More Trending

article thumbnail

He Trained Crypto Cops to Fight Crypto Crime—and Allegedly Ran a $100M Dark Web Drug Market

WIRED Threat Level

The strange journey of Lin Rui-siang, the 23-year-old accused of running the Incognito black market, extorting his own site's users—and then refashioning himself as a legit crypto crime expert.

Marketing 142
article thumbnail

Cryptohack Roundup: $206M Gala Games Exploit

Data Breach Today

Also: Pump.fun Hack, Arrests in $73M Pig-Butchering Scam This week, Gala Games and Pump.fun were hacked; alleged pig-butchering scammers, Incognito admin and illicit banking racketeers were arrested; Pink Drainer was shut down; the U.S. House approved a crypto bill; a man pleaded guilty to wire fraud; and tech companies formed a scam-fighting coalition.

173
173
article thumbnail

APT41: The threat of KeyPlug against Italian industries

Security Affairs

Tinexta Cyber’s Zlab Malware Team uncovered a backdoor known as KeyPlug employed in attacks against several Italian industries During an extensive investigation, Tinexta Cyber’s Zlab Malware Team uncovered a backdoor known as KeyPlug , which hit for months a variety of Italian industries. This backdoor is attributed to the arsenal of APT41,a group whose origin is tied to China.

article thumbnail

Bugcrowd Buys Informer to Enhance Attack Surface Management

Data Breach Today

First Purchase in Bugcrowd's History to Boost Attack Surface Management, Visibility Bugcrowd has acquired Informer to enhance its external attack surface management, giving customers better visibility and security. The integration will bring Bugcrowd's existing bug bounty and penetration testing offerings together with new capabilities such as brand impersonation detection.

Security 162
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Chinese actor ‘Unfading Sea Haze’ remained undetected for five years

Security Affairs

A previously unknown China-linked threat actor dubbed ‘Unfading Sea Haze’ has been targeting military and government entities since 2018. Bitdefender researchers discovered a previously unknown China-linked threat actor dubbed ‘Unfading Sea Haze’ that has been targeting military and government entities since 2018. The threat group focuses on entities in countries in the South China Sea, experts noticed TTP overlap with operations attributed to APT41.

Archiving 139
article thumbnail

Air-Ground Ambulance Firm Tells 858,000 of Hack 1 Year Ago

Data Breach Today

It's the Latest Hack Reported in Recent Weeks by an Ambulance Services Provider An Illinois-based air-ground ambulance company is notifying more than 858,000 individuals that their sensitive information was compromised in a hacking incident that happened about a year ago. The breach is the latest hack on an ambulance company reported to regulators in recent weeks.

IT 162
article thumbnail

Critical SQL Injection flaws impact Ivanti Endpoint Manager (EPM)

Security Affairs

Ivanti addressed multiple flaws in the Endpoint Manager (EPM), including remote code execution vulnerabilities. Ivanti this week rolled out security patches to address multiple critical vulnerabilities in the Endpoint Manager (EPM). A remote attacker can exploit the flaws to gain code execution under certain conditions. Below is the list of the addressed vulnerabilities: CVE Description CVSS Vector CVE-2024-29822 An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 an

article thumbnail

The Aspen Institute's Jeff Greene Is Headed to CISA

Data Breach Today

Former White House, Symantec Executive Will Rejoin Government Reports say former White House cybersecurity official and cybersecurity executive Jeff Greene will join CISA to replace outgoing official Eric Goldstein as executive assistant director for cybersecurity, although the agency has not confirmed it.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

From Boredom to Engagement: Gamification in Cybersecurity Awareness

KnowBe4

As someone who can barely keep up when my 10-year-old shows me around his Minecraft worlds, I was a bit apprehensive about writing a review of our gamified cybersecurity awareness module. But hey, maybe being a bit of a klutz at gaming might actually be beneficial from a test case point of view, and who doesn't like a challenge, right?

article thumbnail

APT41: The threat of KeyPlug against Italian industries

Security Affairs

Tinexta Cyber’s Zlab Malware Team uncovered a backdoor known as KeyPlug employed in attacks against several Italian industries During an extensive investigation, Tinexta Cyber’s Zlab Malware Team uncovered a backdoor known as KeyPlug , which hit for months a variety of Italian industries. This backdoor is attributed to the arsenal of APT41,a group whose origin is tied to China.

article thumbnail

New Research Finds Phishing Scams Targeting Popular PDF Viewer

KnowBe4

Several phishing campaigns are targeting users of the Foxit PDF Reader, according to researchers at Check Point. Foxit is a popular alternative to Adobe Acrobat Reader for viewing PDF files.

Phishing 118
article thumbnail

Personal AI Assistants and Privacy

Schneier on Security

Microsoft is trying to create a personal digital assistant: At a Build conference event on Monday, Microsoft revealed a new AI-powered feature called “Recall” for Copilot+ PCs that will allow Windows 11 users to search and retrieve their past activities on their PC. To make it work, Recall records everything users do on their PC, including activities in apps, communications in live meetings, and websites visited for research.

Privacy 112
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Secure Your Site: Learn from the Top 10 Cybersecurity Experts of 2024

KnowBe4

Companies have needed a website for the last 25 years at least. But where do you host your site? The techies at HostingAdvice decided to create an extremely thorough real-world review site to share their expertise. And clearly, your organization's website is an attack vector and so cybersecurity has become critical.

article thumbnail

Dairy Farmers of America takes a fresh approach to key business processes

OpenText Information Management

At Dairy Farmers of America , we work with more than 6,200 affiliated farms across the country. As a milk marketing cooperative, we’re owned by the farmers who produce our products—and wherever you live, you’re probably not far from one of our thousands of farmer-owners. Driving 24/7 operations Because dairy products have a relatively short shelf life, our production processes must run seven days a week, 365 days a year.

ECM 109
article thumbnail

Enhance your data security posture with a no-code approach to application-level encryption

IBM Big Data Hub

Data is the lifeblood of every organization. As your organization’s data footprint expands across the clouds and between your own business lines to drive value, it is essential to secure data at all stages of the cloud adoption and throughout the data lifecycle. While there are different mechanisms available to encrypt data throughout its lifecycle ( in transit , at rest and in use ), application-level encryption (ALE) provides an additional layer of protection by encrypting data at its so

article thumbnail

US Congress Prepares Bill to Create a National Artificial Intelligence Research Resource

IG Guru

Check out the bill here. The post US Congress Prepares Bill to Create a National Artificial Intelligence Research Resource first appeared on IG GURU.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Everything You Need to Know About the Upcoming Mercury 2.1 Firmware Release

HID Global

Mercury’s latest firmware update, Version 2.1, will provide Mercury LP controllers & the new line of Mercury MP Controllers enhanced cybersecurity, integration opportunities & other benefits.

article thumbnail

5 challenges of digital workspace management and how to overcome them

Jamf

There are five notable challenges in DWM whose overarching theme boils down to just one: It’s security…but on multiple levels. Learn more about each of these challenges and how they contribute to your security posture, and what organizations can do to address them effectively.

article thumbnail

Five attributes of people-centric, outcome-driven change management

CGI

How do organizations navigate fast-paced, complex, and ongoing change while, at the same time, mitigate risks and drive business outcomes across their enterprise? Adapting work habits, transforming processes, and improving performance through change management is key, but also a major hurdle. For example, more than half of the business and technology executives we interviewed as part of our latest CGI Voice of Our Clients research cite change management as their top constraint to achieving their

Risk 52
article thumbnail

Is your Texas data protection assessment started?

Data Protection Report

As we have previously written , the Texas comprehensive privacy law, known as the Texas Data Privacy and Security Act (TDPSA), goes into effect on Monday, July 1, 2024. As a reminder, unlike other states’ comprehensive privacy laws that are currently in effect, Texas does not include a minimum number of residents for applicability. Instead, the three criteria for applicability of the TDPSA are that the company: conducts business in this state or produces a product or service consumed by reside

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Archive-It Partner News, May 2024

Archive-It

by the Archiving & Data Services team Community News Join us in Chicago! Aerial photo of the Harold Washington Library Center, Chicago Public Library Archive-It partners and friends are invited to join this year’s partner meeting on Wednesday, August 14th , to coincide with the Society of American Archivists’ ARCHIVES * RECORDS 2024 meeting in Chicago.