Wed.Mar 13, 2024

article thumbnail

Hackers Hiding Keylogger, RAT Malware in SVG Image Files

Data Breach Today

New Campaign Evades Security Tools to Deliver Agent Tesla Keylogger and XWorm RAT Threat actors are using image files or Scalable Vector Graphics files to deliver ransomware, download banking Trojans or distribute malware. The campaign uses an open-source tool, AutoSmuggle, to facilitate the delivery of malicious files through SVG or HTML files.

article thumbnail

There Are Dark Corners of the Internet. Then There's 764

WIRED Threat Level

A global network of violent predators is hiding in plain sight, targeting children on major platforms, grooming them, and extorting them to commit horrific acts of abuse.

Security 145
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Experts Say CISA's Software Attestation Form Lacks Key Parts

Data Breach Today

Form Does Not Include Mandates for Memory-Safe Programming Requirements, SBOMs Experts told ISMG a final version of the Cybersecurity and Infrastructure Security Agency's self-attestation form for federal software providers takes bold steps to ensure new technologies are made with "secure by design" principles but lacks critical components that should come in future versions.

article thumbnail

Acer Philippines disclosed a data breach after a third-party vendor hack

Security Affairs

Acer Philippines disclosed a data breach after employee data was leaked by a threat actor on a hacking forum. Acer Philippines confirmed that employee data was compromised in an attack targeting a third-party service provider. In our commitment to full transparency, we wish to inform you of a recent security incident involving a third-party vendor managing employee attendance data. pic.twitter.com/SXDeZ3I27B — Acer Philippines (@AcerPhils) March 12, 2024 Acer Inc. is a Taiwanese multinatio

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

EU Parliament Approves the Artificial Intelligence Act

Data Breach Today

Act Will Be the World's First Comprehensive and Binding Regulation for AI The European Parliament on Wednesday approved the Artificial Intelligence Act, completing a penultimate step to enacting the world's first comprehensive AI regulation. The act needs final signoff from the European Council, which is expected by May.

More Trending

article thumbnail

Chinese Cybercrime: Discretion Is the Better Part of Valor

Data Breach Today

Repeat Crackdowns Drive Criminals to Embrace Foreign-Made Encrypted Messaging Apps Criminals in China increasingly keep a low profile on public-facing forums and rely on Telegram and other encrypted foreign messaging apps to discreetly coordinate their activities or sell wares, according to a new report charting how the Chinese cybercrime ecosystem continues to evolve.

article thumbnail

Fortinet fixes critical bugs in FortiOS, FortiProxy, and FortiClientEMS

Security Affairs

Fortinet released security updates to address critical code execution vulnerabilities in FortiOS, FortiProxy, and FortiClientEMS. Fortinet this week has released security updates to fix critical code execution vulnerabilities in FortiOS, FortiProxy, and FortiClientEMS. The first vulnerability is an out-of-bounds write issue, tracked as CVE-2023-42789 (CVSS score 9.3), it can be exploited to execute unauthorized code or commands by sending specially crafted HTTP requests to vulnerable devices.

Security 139
article thumbnail

The Critical Role of Effective Onboarding

Data Breach Today

How Your Onboarding Process Can Help Improve Retention and Human Risk Mitigation A robust onboarding program is a comprehensive process that integrates new hires into the organizational culture, aligns them with company values and equips them with the necessary skills and knowledge to perform their roles effectively. Onboarding affects organizational culture and turnover rates.

Risk 289
article thumbnail

Stanford University announced that 27,000 individuals were impacted in the 2023 ransomware attack

Security Affairs

Threat actors behind the ransomware attacks that hit Stanford University in 2023 gained access to 27,000 people. Stanford University confirmed that threat actors behind the September 2023 ransomware attack had access to 27,000 people. The prestigious US university was the victim of a ransomware attack carried out by the Akira ransomware group. The Akira ransomware gang claimed the theft of 430 GB of data from the university’s systems.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Canada Sentences LockBit Hacker Mikhail Vasiliev to 4 Years

Data Breach Today

Dual Canadian-Russian National Also Agrees to US Extradition LockBit ransomware affiliate Mikhail Vasiliev on Tuesday received a nearly four-year prison sentence in Canada and consented to extradition to the United States, where he faces charges of conspiracy to commit computer intrusion. He must also pay CA$860,000 in restitution to his Canadian victims.

article thumbnail

Compromised Credentials Postings on the Dark Web Increase 20% in Just One Year

KnowBe4

Data trends show a clear upward momentum of posts from initial access brokers on the dark web, putting the spotlight on what may become cybersecurity’s greatest challenge.

Access 126
article thumbnail

The Concentrated Cyber Risk Posed by Enormous Vendors

Data Breach Today

The vast healthcare ecosystem disruption caused by the recent attack on Change Healthcare, which affected more than 100 of the company's IT products and services, underscores the concentrated cyber risk when a major vendor suffers a serious cyber incident, said Keith Fricke, partner at tw-Security.

Risk 284
article thumbnail

[Security Masterminds] The Art of Defending Against Social Engineering in the Age of AI: Insights from Rachel Tobac

KnowBe4

Social engineering attacks can seem unpredictable and challenging to defend against. However, with the right approach, organizations can better protect themselves.

Security 122
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Will Cybersecurity Get Its 1st New Unicorn Since June 2022?

Data Breach Today

Data Security Startup Cyera Seeks to Raise $150M to $200M at a Valuation of $1.55B Cyera is raising between $150 million and $200 million in a new funding round that would value the Silicon Valley-based data security startup at as much as $1.55 billion. The funding talks come just nine months after Cyera closed a $100 million Series B round at a reported $500 million valuation.

article thumbnail

New Hampshire Becomes 15th State to Enact a Comprehensive State Privacy Law

Hunton Privacy

On March 6, 2024, Governor Chris Sununu signed into law SB 255 , making New Hampshire the 15th state with a comprehensive privacy law. Applicability SB 255 applies to persons that “conduct business” in New Hampshire (“NH”) or persons that “produce products or services that are targeted to residents of” NH that, in the period of a year: (1) “controlled or processed the personal data of not less than 35,000 unique consumers, excluding personal data controlled or processed solely for the purpose of

Privacy 120
article thumbnail

Feds Launch Investigation into Change Healthcare Attack

Data Breach Today

HHS OCR Tells UnitedHealth Group it Will Scrutinize Co.'s HIPAA Compliance Federal regulators have informed UnitedHealth Group that they have launched a full-fledged investigation into a potential massive compromise of protected health information stemming from the Change Healthcare cyberattack. A potential PHI breach could affect tens of millions of individuals.

article thumbnail

AI-Driven Voice Cloning Tech Used in Vishing Campaigns

KnowBe4

Scammers are using AI technology to assist in voice phishing (vishing) campaigns, the Better Business Bureau (BBB) warns. Generative AI tools can now be used to create convincing imitations of people’s voices based on very small audio samples.

Phishing 119
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Schneider Electric and Mitsubishi Give Nozomi Networks $100M

Data Breach Today

Investment Signals Confidence in Nozomi's Cyber Tools for Critical Infrastructure Nozomi Networks notched a $100 million funding round led by Schneider Electric and Mitsubishi, spotlighting the urgent need for advanced cybersecurity measures to protect critical infrastructure, industrial control systems and IoT networks in light of the increased destructiveness of attacks.

IoT 272
article thumbnail

Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws via The Hacker News

IG Guru

Check out the article here. The post Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws via The Hacker News first appeared on IG GURU.

article thumbnail

Cloud Network Security with Agility and Scale on a Platform

Data Breach Today

Rigdon and Henry of Palo Alto Networks on Power of Software Firewalls Agility, scale and consumption - these are three business benefits brought to cloud network security by Palo Alto Networks Software Firewalls. Tiffany Henry and Katherine Rigdon of Palo Alto Networks showcase these features and the value of finding them all on a single platform.

Cloud 251
article thumbnail

European Parliament Approves the AI Act

Hunton Privacy

On March 13, 2024, the European Parliament adopted the AI Act by a majority of 523 votes in favor, 461 votes against, and 49 abstentions. The AI Act will introduce comprehensive rules to govern the use of AI in the EU, making it the first major economic bloc to regulate this technology. The European Council is now expected to formally endorse the final text of the AI Act in April 2024.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

HID Connects Podcast Season 2 Episode 3: What is the Potential of Biometrics, Really?

HID Global

Biometrics are part of our everyday lives, even if we don’t realize it. You’ll learn why in this podcast episode.

IT 59
article thumbnail

Comprehensive Guide to Scanning Medical Records

Armstrong Archives

In 2001, just 18% of U.S.-based physicians were using electronic medical record (EMR) or electronic health record (EHR) systems. As of 2021, that figure has soared to 88%. Healthcare organizations across the nation have embraced EHRs, largely thanks to their ability to reduce staff burnout and increase efficiency. While many healthcare documents are now digital, care providers still have millions of paper files that need to be digitized.

Paper 52
article thumbnail

What is threat prevention?

Jamf

Attackers are always threatening your cybersecurity. Read this blog to learn what threat prevention is, some types of threats and how to defend against them.

article thumbnail

This hidden Slack feature can power up your productivity - here's how to use it

Collaboration 2.0

Attention, Slack collaborators: Can't find what you're looking for? Slack Files has you covered.

IT 40
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

What is application management?

Jamf

Application management is a vital part of effective device and security management in business. But how can it enhance productivity, security, and user satisfaction? And how does an Apple admin keep all of these cards in the air?

article thumbnail

Microsoft Teams will merge into single app for work and personal

Collaboration 2.0

Slated for Windows 11 version 24H2, the new unified Teams app will allow you to switch between different cloud environments and accounts for personal and work access.

Cloud 40
article thumbnail

Porn Sites Need Age-Verification Systems in Texas, Court Rules

WIRED Threat Level

The US Court of Appeals for the 5th Circuit has vacated an injunction against an age-verification requirement to view internet porn in Texas.

Privacy 128