Fri.May 24, 2024

article thumbnail

ShrinkLocker Ransomware Exploits Microsoft's BitLocker

Data Breach Today

Malicious Script Targets Users in Mexico, Indonesia, Jordan Why bother building a crypto-locker when Microsoft has perfectly acceptable encryption software preloaded on desktops? Many ransomware hackers agree with that statement - and they're learning to make such attacks even harder to recover from.

article thumbnail

An XSS flaw in GitLab allows attackers to take over accounts

Security Affairs

GitLab addressed a high-severity cross-site scripting (XSS) vulnerability that allows unauthenticated attackers to take over user accounts. GitLab fixed a high-severity XSS vulnerability, tracked as CVE-2024-4835 , that allows attackers to take over user accounts. An attacker can exploit this issue by using a specially crafted page to exfiltrate sensitive user information.

Passwords 142
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

A Strategic Approach to Stopping SIM Swap Fraud

Data Breach Today

The UAE No Longer Has Cases of SIM Swap Fraud - Here's Why SIM swap fraud continues to cause substantial financial losses for both consumers and financial institutions, undermining the integrity of the financial ecosystem. In the UAE, the banking industry has incurred considerable losses from SIM swap fraud. But a strategic approach has stopped it.

IT 302
article thumbnail

Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors

Security Affairs

The use of Dynamic DNS (DDNS) services embedded in appliances can potentially expose data and devices to attacks. The use of Dynamic DNS (DDNS) services embedded in appliances, such as those provided by vendors like Fortinet or QNAP, carries cybersecurity implications. It increases the discoverability of customer devices by attackers. Advisory on security impacts related to the use of TLS in proprietary vendor Dynamic DNS (DDNS) services.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Courtroom Recording Software Hit by Supply Chain Attack

Data Breach Today

Backdoored Installer Facilitates Full, Remote Takeover, Justice AV Solutions Warns Attackers backdoored versions of widely used audiovisual recording software being distributed by Justice AV Solutions via its official download site. Experts say users should "immediately" update to patched versions, review their IT environments for signs of compromise and wipe affected endpoints.

IT 294

More Trending

article thumbnail

How Microsoft secures Generative AI

Data Breach Today

Enabling Safety in the Age of Generative AI Discover how Generative AI can be used securely and responsibly, transforming possibilities into safe realities.

Security 283
article thumbnail

CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

CISA adds Apache Flink improper access control vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a NextGen Healthcare Mirth Connect vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The issue, tracked as CVE-2020-17519 , is an improper access control vulnerability in Apache Flink.

IT 135
article thumbnail

Australian Telecom Watchdog Sues Optus Over 2022 Data Breach

Data Breach Today

Telecom Company Also Faces OAIC Investigation and Potentially Millions in Fines The Australian Communications and Media Authority says it has filed proceedings against Optus in a federal court as the company failed to protect sensitive customer data during a data breach in September 2022. The Office of the Australian Information Commissioner is also investigating the incident.

article thumbnail

Google fixes eighth actively exploited Chrome zero-day this year, the third in a month

Security Affairs

Google rolled out a new emergency security update to fix another actively exploited zero-day vulnerability in the Chrome browser. Google has released a new emergency security update to address a new vulnerability, tracked as CVE-2024-5274, in the Chrome browser, it is the eighth zero-day exploited in attacks disclosed this year. The vulnerability is a high-severity ‘type confusion’ in the V8 JavaScript engine, the Google researcher Clément Lecigne and Brendon Tiszka discovered it.

Libraries 132
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

LockBit Publishes Data Stolen in London Drugs Attack

Data Breach Today

Canadian Retail Pharmacy Chain Says It's Reviewing Exposed Data on Gang's Leak Site LockBit has begun to leak on its dark web site files of data the Russian-speaking cybercriminal gang claims to have stolen in an April attack on London Drugs. The group had threatened to publish the exfiltrated data if the Canadian retail pharmacy chain does not pay a $25 million ransom demand.

Retail 277
article thumbnail

On the Zero-Day Market

Schneier on Security

New paper: “ Zero Progress on Zero Days: How the Last Ten Years Created the Modern Spyware Market “: Abstract: Spyware makes surveillance simple. The last ten years have seen a global market emerge for ready-made software that lets governments surveil their citizens and foreign adversaries alike and to do so more easily than when such work required tradecraft.

Marketing 120
article thumbnail

ISMG Editors: UnitedHealth Group's HIPAA Breach Fallout

Data Breach Today

Also: The End of an Era at Mandiant and Privacy and Ethics Concerns Related to LLMs In the latest weekly update, ISMG editors discussed the implications of Kevin Mandia stepping down as Mandiant CEO; UnitedHealth Group's responsibility for a massive HIPAA breach at its subsidiary, Change Healthcare; and privacy concerns over large language models.

Privacy 173
article thumbnail

As Many as 1 in 7 Emails Make it Past Your Email Filters

KnowBe4

Fluctuations in consecutive quarterly reports demonstrates that organizations should be worried that their cyber defenses may not be strong enough to stop phishing attacks.

Phishing 114
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

EU Commission and Microsoft Appeal EDPS Office 365 Decision

Data Breach Today

March Decision Mandated Commission to Stem Data Flows From Its Office 365 Use The European Commission is appealing a March decision by a continental data regulator that found the commission's use of Microsoft Office apps violated Regulation (EU) 2018/1725. A commission spokesperson said the EDPS decision would undermine its "mobile and integrated IT services.

IT 173
article thumbnail

CISA Releases Cybersecurity Resources for High-Risk Communities

KnowBe4

Working to ensure all communities within the United States are educated and prepared, the Cybersecurity and Infrastructure Security Agency (CISA) has released a set of tools, services and assistance to level the playing field.

article thumbnail

AI-as-a-Service Platform Patches Critical RCE Vulnerability

Data Breach Today

Hackers Could Exploit Bug on Replicate to Steal Data, Manipulate AI Models Attackers could have exploited a now-mitigated critical vulnerability in the Replicate artificial intelligence platform to access private AI models and sensitive data, including proprietary knowledge and personal identifiable information.

article thumbnail

Cloud Security Fundamentals: Understanding the Basics

eSecurity Planet

Cloud security fundamentals are the core requirements that ensure data protection, regulatory compliance, and access management in a cloud environment. These standards assist businesses in establishing trust with their consumers, avoiding financial losses due to breaches, and ensuring business continuity. Understanding cloud security challenges and knowing the cloud security tools available in the market significantly contribute to enhanced cloud security.

Cloud 109
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

How Major Acquisitions Are Transforming Security Operations

Data Breach Today

Forrester's Allie Mellen on How Palo-QRadar and LogRhythm-Exabeam Will Reshape SIEM With LogRhythm and Exabeam merging and Palo Alto Networks purchasing IBM's QRadar SaaS assets, the security operations market is undergoing rapid transformation. Forrester Principal Analyst Allie Mellen discusses the implications of these massive moves for the future of the SIEM market.

Security 162
article thumbnail

A Practical Guide to Cyber Incident Response

IT Governance

Expert insight from our cyber incident responder Cyber attacks and data breaches are a matter of when, not if. No single measure is 100% foolproof. A determined attacker will always be able to find their way around your defences, given enough time and resources. Furthermore, as Vanessa Horton, our cyber incident responder, pointed out in an interview about anti-forensics : The cyber world is changing all the time, which means we’re playing a bit of a cat-and-mouse game.

Security 108
article thumbnail

Enhancing triparty repo transactions with IBM MQ for efficiency, security and scalability

IBM Big Data Hub

The exchange of securities between parties is a critical aspect of the financial industry that demands high levels of security and efficiency. Triparty repo dealing systems, central to these exchanges, require seamless and secure communication across different platforms. The Clearing Corporation of India Limited (CCIL) recently recommended (link resides outside ibm.com) IBM® MQ as the messaging software requirement for all its members to manage the triparty repo dealing system.

article thumbnail

The best VPN for streaming in 2024: Expert tested and reviewed

Collaboration 2.0

We tested the best VPNs for streaming that can unblock popular streaming services like Netflix, Disney+, and Hulu, from anywhere in the world.

75
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

MIT students stole $25M in seconds by exploiting ETH blockchain bug, DOJ says via Ars Technica

IG Guru

Check out the article here. The post MIT students stole $25M in seconds by exploiting ETH blockchain bug, DOJ says via Ars Technica first appeared on IG GURU.

article thumbnail

The best VPN services for iPhone and iPad in 2024: Expert tested and reviewed

Collaboration 2.0

We went hands-on with the best VPNs for your iPhone and iPad to find the best iOS VPNs to help you stream content and surf the web while keeping your devices safe.

76
article thumbnail

Adapture President Brian Kirsch to Speak at Cloudflare Partner Summit

Adapture

Atlanta IT Consultancy to Join Industry Leaders at the Cloudflare Partner Summit in New York City ATLANTA, May 24, 2024 – Adapture president, Brian Kirsch, is set to speak at the Cloudflare Partner Summit at 3 p.m. on Wednesday, May 29. He will be participating in a panel on Harnessing Collective Expertise: Lessons from the Field. Other speakers on the panel include Mark Thornberry, SVP of Vendor Management at GuidePoint Security; Matther Mammam, Founder of Serviops; Shane Baxter, Senior Directo

Cloud 52
article thumbnail

UK regulators’ strategic approaches to AI: a guide to key regulatory priorities for AI governance professionals

Data Protection Report

Background – white paper response on the UK’s approach to AI regulation In February 2024, the UK Department for Science, Innovation, and Technology (DSIT) set out the government’s proposed approach to AI regulation. It published a response to its consultation on its 2023 white paper, ‘A pro innovation approach to AI regulation ’ (the White Paper). DSIT confirmed that, for the time being, the UK will follow its proposed approach of setting cross-sectoral principles to be enforced by existing regu

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Friday Squid Blogging: Dana Squid Attacking Camera

Schneier on Security

Fantastic footage of a Dana squid attacking a camera at a depth of about a kilometer. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.