Mon.Sep 25, 2023

article thumbnail

Data Breach Toll Tied to Clop Group's MOVEit Attacks Surges

Data Breach Today

2,050 Organizations Affected After Data Stolen From Secure File-Sharing Software The count of organizations affected by the Clop ransomware group's most recent mass targeting of Progress Software's secure file transfer software doubled last week. National Student Clearinghouse warned that data tied to nearly 900 colleges and universities had been stolen from its MOVEit server.

article thumbnail

GUEST ESSAY: A roadmap for the finance teams at small businesses to improve cybersecurity

The Last Watchdog

If you’re a small business looking for the secret sauce to cybersecurity, the secret is out: start with a cybersecurity policy and make the commitment to security a business-wide priority. Related: SMBs too often pay ransom Small businesses, including nonprofit organizations, are not immune to cyberattacks. The average cost of a cybersecurity breach was $4.45 million in 2023, according to IBM’s Cost of a Data Breach Report, and over 700,000 small businesses were targeted in cybersecurity attacks

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Deadglyph Backdoor Targeting Middle Eastern Government

Data Breach Today

Backdoor Is Associated With Stealth Falcon APT Group Security researchers discovered a novel backdoor targeting a governmental agency in the Middle East for espionage purposes. Deadglyph is unique because it's made up of different parts written in different programming languages: native x64 binary and a.NET assembly.

article thumbnail

Your Boss’s Spyware Could Train AI to Replace You

WIRED Threat Level

Corporations are using software to monitor employees on a large scale. Some experts fear the data these tools collect could be used to automate people out of their jobs.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Bermuda Struggles to Recover From Cyberattack

Data Breach Today

Bermuda Premier Attributes the Incident to 'Russia-Based' Attackers Bermuda government workers Monday remained cut off from email and normal telephone systems following a hacking incident disclosed late last week. Bermuda Premier David Burt on Thursday attributed the hack to "Russia-based actors," without elaborating.

More Trending

article thumbnail

How to Overcome Practitioner Concerns Over Cisco-Splunk Deal

Data Breach Today

Forrester's Allie Mellen on Issues Posed by Cisco's M&A Track Record, Splunk's Cost Security practitioners are skeptical of Cisco's proposed $28 billion Splunk purchase given the networking giant's track record around funding and investing in previous acquisition targets. Forrester's Allie Mellen expects some customers to try out other SIEM tools given Cisco's heritage in hardware.

Security 278
article thumbnail

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Security Affairs

A stealthy APT group tracked as Gelsemium was observed targeting a Southeast Asian government between 2022 and 2023. Palo Alto Unit42 researchers an APT group tracked as Gelsemium targeting a Southeast Asian government. The experts tracked the cluster as CL-STA-0046, the malicious activity spanned over six months between 2022-2023. The activity was characterized by the use of a combination of rare tools and techniques to gain access to the target network and collect intelligence from sensitive I

article thumbnail

How Will SEC Rules Affect Reporting, Tracking of Incidents?

Data Breach Today

TrustedSec's Alex Hamerstone on New US Securities and Exchange Commission Rules Under new U.S. Securities and Exchange Commission rules, companies must disclose material cybersecurity incidents and annually report on cybersecurity risk management, strategy and governance. Alex Hamerstone, advisory solutions director at TrustedSec, discussed the challenges ahead.

article thumbnail

A phishing campaign targets Ukrainian military entities with drone manual lures

Security Affairs

A phishing campaign targets Ukrainian military entities using drone manuals as lures to deliver the post-exploitation toolkit Merlin. Securonix researchers recently uncovered a phishing campaign using a Pilot-in-Command (PIC) Drone manual document as a lure to deliver a toolkit dubbed Merlin. The campaign, codenamed STARK#VORTEX by Securonix, targets Ukrainian military entities and CERT-UA attributed it to a threat actor tracked as UAC-0154.

Military 140
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

CommonSpirit Details Financial Fallout of $160M Cyberattack

Data Breach Today

No Word Yet on Hospital Chain's Cyber Insurance Claim, Multiple Lawsuits Pending Chicago-based CommonSpirit is still waiting to hear back on its insurance claim for an October 2022 ransomware attack, but the hospital chain said disruption of some facilities and "significantly" hampered billing and collection activities contributed to a $1.4 billion operating loss for the year.

Insurance 273
article thumbnail

Crooks stole $200 million worth of assets from Mixin Network

Security Affairs

Crooks stole $200 million from Mixin Network, a free, lightning fast and decentralized network for transferring digital assets. Mixin Network, the Hong Kong-based crypto firm behind a free, lightning fast and decentralized network for transferring digital assets announced it has suffered a $200 million cyber heist. The company suspended deposits and withdrawals immediately after the discovery of the security breach that took place early in the morning of September 23, 2023.

article thumbnail

Polish Privacy Regulator Probes OpenAI's ChatGPT

Data Breach Today

Agency Is the Latest in a String of European Regulators to Scrutinize the LLM The Polish data regulator launched a probe into OpenAI's ChatGPT for potential privacy violations of the European General Data Protection Regulation. The Polish regulator is the third European data protection agency to raise privacy concerns related to ChatGPT.

Privacy 267
article thumbnail

A Tricky New Way to Sneak Past Repressive Internet Censorship

WIRED Threat Level

With the number of internet blackouts on the rise, cybersecurity firm eQualitie figured out how to hide censored online news in satellite TV signals.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

CyberArk, BeyondTrust, Delinea Dominate Gartner MQ for PAM

Data Breach Today

One Identity, Wallix, Arcon Exit Leaders Space as Privileged Access Market Matures CyberArk, BeyondTrust and Delinea maintained their spots atop Gartner's privileged access management Magic Quadrant, while One Identity, Wallix and Arcon fell from the leader ranks. Over the past half-decade, PAM has gone from being required for large companies to being an insurance prerequisite.

Insurance 263
article thumbnail

Tools From Cybercrime Software Vendor W3LL Found to be Behind the Compromise of 56K Microsoft 365 Accounts

KnowBe4

A new report uncovers the scope and sophistication found in just one cybercrime vendor’s business that has aided credential harvesting and impersonation attacks for the last 6 years.

article thumbnail

UAE-Linked 'Stealth Falcon' APT Mimics Microsoft in Homoglyph Attack

Dark Reading

The cyberattackers are using the "Deadglyph" custom spyware, whose full capabilities have not yet been uncovered.

117
117
article thumbnail

Cybercriminals Use Google Looker Studio to Host Crypto Scam to Steal Money and Credentials

KnowBe4

Security researchers at Check Point have discovered yet another attack that leverages legitimate web applications to host attacks in order to bypass security scanners.

Security 126
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

MOVEit Flaw Leads to 900 University Data Breaches

Dark Reading

National Student Clearinghouse, a nonprofit serving thousands of universities with enrollment services, exposes more than 900 schools within its MOVEit environment.

article thumbnail

New Wave of Hospitality Phishing Attacks: Compromise User Credentials, Then Go Phish

KnowBe4

The hospitality sector is seeing a new wave of phishing attacks. These new attacks are more plausible because they begin with compromised credentials and move to fraudulent emails sent from within a trusted network. The compromised systems are legitimate booking sites; the victims are the guests.

Phishing 126
article thumbnail

Xenomorph Android Malware Targets Customers of 30 US Banks

Dark Reading

The Trojan had mainly been infecting banks in Europe since it first surfaced more than one year ago.

IT 114
article thumbnail

[NEW RELEASE]: Unleash the Power of Cybersecurity Education with KnowBe4’s 'Hack-A-Cat' on Roblox

KnowBe4

What do cheese, fish and cybersecurity training have in common? Each of these comes together to help keep kids informed about cyber threats and cybersecurity best practices with KnowBe4’s first ever entry into the Roblox gaming platform: Hack-A-Cat!

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Congratulations to our Jammies Awards Winners

Jamf

Congratulations to the winners of the 2023 Jammies Awards, the customer appreciation awards celebrating those who exemplify Jamf values and innovative usage of Jamf solutions.

111
111
article thumbnail

MFA Defenses Fall Victim to New Phishing-As-A-Service Offerings

KnowBe4

ZeroFox warns that phishing-as-a-service (PhaaS) offerings are increasingly including features to bypass multi-factor authentication.

Phishing 124
article thumbnail

Cyber Hygiene: A First Line of Defense Against Evolving Cyberattacks

Dark Reading

Back to basics is a good start, but too often security teams don't handle their deployment correctly. Here's how to avoid the common pitfalls.

Security 109
article thumbnail

Organizations Starting to Understand the Impact of Ransomware, But Their Efforts Not Enough to Overcome Infostealer Malware

KnowBe4

Recent findings in a SpyCloud report shows companies are starting to recognize and shift their priorities to defend against ransomware attacks, but the use of infostealer malware still has a high success rate for cybercriminals.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Satellite Images Show the Devastating Cost of Sudan’s Aerial War

WIRED Threat Level

As civil conflict continues in and above the streets of Khartoum, satellite images from the Conflict Observatory at Yale University have captured the catastrophic damage.

Security 107
article thumbnail

The Hot Seat: CISO Accountability in a New Era of SEC Regulation

Dark Reading

Updated cybersecurity regulations herald a new era of transparency and accountability in the face of escalating industry vulnerabilities.

article thumbnail

Weekly Vulnerability Recap – Sept. 25, 2023 – Flaws in Apple Devices, DevOps Tools and More

eSecurity Planet

This past week in cybersecurity saw a wide range of vulnerabilities, from Apple product patches to several flaws that hit DevSecOps teams. The Akira ransomware group made news too, expanding its attacks to include Linux-based systems, and Trend Micro issued a fix for a zero-day vulnerability in its Apex One endpoint security tools. Read about the following vulnerabilities and bugs to know what your business and security team should address, as these flaws and attacks can apply to startups and la