Tue.Oct 08, 2024

article thumbnail

MI5 Chief Warns of Cyberthreats to the UK

Data Breach Today

Russia, Iran and China Investing in Cyber Ops, Warns MI5 Director Ken McCallum Nation-state actors are investing aggressively in advanced cyber operations to target government information and technology in a bid to sow "mayhem on British and European streets," warned a top British intelligence official. Russia, Iran and China are using proxies and hacking agencies.

article thumbnail

Patch Tuesday, October 2024 Edition

Krebs on Security

Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Also, Adobe plugged 52 security holes across a range of products, and Apple has addressed a bug in its new macOS 15 “ Sequoia ” update that broke many cybersecurity tools.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Study: 92% of Healthcare Firms Hit by Cyberattacks This Year

Data Breach Today

Healthcare organizations should rethink some of their approach to security, enhancing focus on insider threats, improving cyber awareness training and securing mobile applications and devices, said Ryan Witt, vice president of industry solutions at Proofpoint, discussing findings of a new study.

Security 303
article thumbnail

American Water shut down some of its systems following a cyberattack

Security Affairs

American Water, the largest publicly traded water and wastewater utility company in the US, shut down some of its systems following a cyberattack. American Water, the largest U.S. water and wastewater utility company, shut down some systems following a cyberattack. American Water is an American public utility company that, through its subsidiaries, provides water and wastewater services in the United States.

IT 134
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

EU Strengthens Sanctions Against Russian Hackers

Data Breach Today

Russian Nationals, Agencies Engaged in Cyberattacks, Misinformation to be Targeted The European Council on Tuesday introduced a new sanctions framework to target Russian nationals and organizations engaged in malicious cyber activities such as election misinformation and disruptive cyberattacks. It seeks to address activities such as influence operations and hacking.

IT 303

More Trending

article thumbnail

Largest US Water Utility Hit by Cybersecurity Incident

Data Breach Today

Cyber Incident Affecting American Water Utility Company Leads to Portal Shutdown The largest regulated water and wastewater company in the United States told customers it was investigating a cybersecurity incident that led the utility to shut down its customer service portal and immediately notify law enforcement of an apparent breach.

article thumbnail

Three new Ivanti CSA zero-day actively exploited in attacks

Security Affairs

Software company Ivanti released security patches for three new CSA zero-day vulnerabilities actively exploited in attacks. Ivanti warned of three new security vulnerabilities (CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381) in its Cloud Service Appliance (CSA) that are actively exploited in attacks in the wild. Below are the descriptions of the three vulnerabilities: CVE-2024-9379 (CVSS score 6.5) – a SQL injection in the admin web console of Ivanti CSA before version 5.0.2.

article thumbnail

UN Says Asian Cybercrime Cartels Are Rising Global Threat

Data Breach Today

Crime Syndicates Too Powerful for Regional Governments to Police, UN Report Warns Cybercrime syndicates across Southeast Asia have teamed up with human traffickers, money launderers and cryptocurrency services to build an increasingly effective cybercrime ecosystem that can survive law enforcement crackdowns, according to a new United Nations report.

article thumbnail

Attackers Abuse URL Rewriting to Evade Security Filters

KnowBe4

Attackers continue to exploit URL rewriting to hide their phishing links from email security filters, according to researchers at Abnormal Security.

Security 128
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Moneygram Money Transfer Firm Reports Customer Data Breach

Data Breach Today

Stolen Data Includes Social Security Numbers and Details of Criminal Investigations MoneyGram Payment Systems, a Dallas-based money transfer system, said hackers who hit its infrastructure last month stole customer data, including contact details, Social Security numbers and information pertaining to criminal fraud investigations.

article thumbnail

Ukrainian national pleads guilty in U.S. court for operating the Raccoon Infostealer

Security Affairs

Ukrainian national pleads guilty in U.S. court for operating the Raccoon Infostealer, used to steal sensitive data globally. Ukrainian national Mark Sokolovsky has pleaded guilty in a US court to operating the Raccoon Infostealer. In October 2020, the US Justice Department charged Sokolovsky with computer fraud for allegedly infecting millions of computers with the Raccoon Infostealer.

Sales 127
article thumbnail

CISA Issues Guidance to Counter Iran’s Election Interference

Data Breach Today

CISA and FBI Warn of Iranian Hackers Targeting US Political Campaigns and Officials The Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation have issued new guidance to help U.S. political campaigns defend against increasing cyber threats from Iran, recommending stronger multi-factor authentication, phishing-resistant protocols, and vigilance against social engineering.

Phishing 289
article thumbnail

Qualcomm fixed a zero-day exploited limited, targeted attacks

Security Affairs

Qualcomm warns of 20 flaws in its products, including a potential zero-day vulnerability, in the DSP service that impacts multiple chipsets. Qualcomm addressed 20 vulnerabilities in its products, including a potential zero-day issue tracked as CVE-2024-43047 (CVSS score 7.8). The vulnerability stems from a use-after-free bug that could lead to memory corruption.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Cloudflare Acquires Kivera to Fuel Preventive Cloud Security

Data Breach Today

Kivera Integrates Controls Into Cloudflare One to Prevent Cloud Misconfigurations With the acquisition of New York-based startup Kivera, Cloudflare will enhance its Cloudflare One platform, adding proactive controls that secure cloud environments, prevent misconfigurations and improve regulatory compliance for businesses using multiple cloud providers.

Cloud 282
article thumbnail

[Cybersecurity Awareness Month] Keeping Your Mobile Devices Secure from the ‘Inside’ Out

KnowBe4

As remote work and connecting while traveling has become the norm, mobile device security responsibilities have also increased.

article thumbnail

Series wrap – The rise of the threat hunter

OpenText Information Management

As we reach the conclusion of the Threat Hunters blog series, it’s clear that the role of these cybersecurity specialists has never been more important. Over the past several weeks, we’ve delved into the world of threat hunters—exploring their day-to-day activities, the challenges they face, and the unique skills that set them apart. This series has highlighted how threat hunters are at the frontline, proactively defending organizations against increasingly sophisticated and evolving cyber threa

article thumbnail

CyberheistNews Vol 14 #41 [Wake-Up Call] Senator Falls Victim to Deepfake Scam. Are Your Users Next?

KnowBe4

CyberheistNews Vol 14 #41 [Wake-Up Call] Senator Falls Victim to Deepfake Scam. Are Your Users Next?

115
115
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

China Possibly Hacking US “Lawful Access” Backdoor

Schneier on Security

The Wall Street Journal is reporting that Chinese hackers (Salt Typhoon) penetrated the networks of US broadband providers, and might have accessed the backdoors that the federal government uses to execute court-authorized wiretap requests. Those backdoors have been mandated by law—CALEA—since 1994. It’s a weird story. The first line of the article is: “A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers.” This

Access 114
article thumbnail

What Google's U-Turn on Third-Party Cookies Means for Chrome Privacy

WIRED Threat Level

Earlier this year, Google ditched its plans to abolish support for third-party cookies in its Chrome browser. While privacy advocates called foul, the implications for users is not so clear cut.

Privacy 112
article thumbnail

Vulnerability Recap 10/8/24 – Thousands of Routers & Servers at Risk

eSecurity Planet

DrayTek routers and Linux servers are in particular danger this week, with fourteen vulnerabilities plaguing the routers and a malware strain threatening the servers. Additionally, keep an eye out for new iOS and iPadOS updates, and get ready to review system logs if you’ve had Okta Classic since July. Check your vendors’ security bulletins regularly, and make sure your team is prepared to fix vulnerabilities when they’re made known.

Risk 106
article thumbnail

I gave away my Kindle and iPad within hours of getting this tablet

Collaboration 2.0

I've been a Kindle user for over a decade, but the TCL Tab 10 Nxtpaper 5G is my new favorite e-reader for its versatile display and value.

IT 98
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Chinese Hackers Breach US Wiretapping Data, Expose Vulnerabilities

eSecurity Planet

In a significant cybersecurity breach — not as big as the NPD breach , though — Chinese hackers recently infiltrated the networks of major U.S. telecom providers, accessing highly sensitive wiretapping data. Companies like Verizon, AT&T, and Lumen Technologies were targeted in this attack, allowing unauthorized access to critical systems used for court-authorized wiretapping — a tool vital for law enforcement surveillance.

article thumbnail

Get these popular bone-conduction headphones for $55 off during October Prime Day

Collaboration 2.0

If having earbuds stuck into your ear canals doesn't appeal to you, Shokz OpenRun Pro open-ear headphones might be what you need. Get them for 31% off during Amazon Prime's Big Deal Days.

98
article thumbnail

Beyond Compliance: The Power of Proactive, Year-Round Network Pen Testing

eSecurity Planet

IT leaders know that the reason regulators and cybersecurity insurers require them to conduct network penetration testing is to ensure they’re protecting their networks from being accessed by attackers. But hackers don’t operate on the same schedule as regulators. Compliance-focused network penetration testing — conducted annually or quarterly — only helps organizations identify weaknesses that are present at the specific points in time when they’re undertaking testing.

article thumbnail

This Breville Espresso Machine is 40% off for October Prime Day

Collaboration 2.0

Got an expensive caffeine fix on a tight(er) budget? October Prime Big Deal Days is here to help. Snag this espresso machine for $200 off on Amazon now.

98
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Compliance Programs Expected to Evolve With Technology: DOJ Updates Corporate Compliance Guidance to Include Artificial Intelligence

Data Matters

On September 23, 2024, the U.S. Department of Justice (DOJ) updated its Evaluation of Corporate Compliance Programs (the ECCP) to reflect DOJ’s evolving expectations with respect to corporate compliance programs, including how those programs appropriately address the compliance risks of new technology such as artificial intelligence (AI). While the ECCP is drafted as a guidance document for prosecutors to assess the effectiveness and adequacy of a company’s compliance program, the ECCP also is a

article thumbnail

Is your data ready for AI?

Collibra

Well, is it? For many, the answer is probably not. And it isn’t because you don’t have great governance or have your data cataloged to the nines, it’s because in order for data to be ready for AI, there are a specific set of criteria that need to be checked off. We’ll get to that check list in a bit more detail later in this blog, but first a little primer on how data and AI work together.

article thumbnail

Why you don't need to pay for antivirus software anymore

Collaboration 2.0

Americans over 65 are twice as likely to pay for third-party antivirus software than those under 45. If you're still doing it, here's why you can stop.

IT 76