Fri.Jun 07, 2024

article thumbnail

Qilin RaaS Group Believed to Be Behind Synnovis, NHS Attack

Data Breach Today

Patient Care, Including Transplants, Still Disrupted at London Hospitals, Clinics A ransomware attack on a pathology services firm earlier this week continues to disrupt patient care, including transplants, blood testing and other services, at multiple NHS hospitals and primary care facilities in London. Russian-speaking cybercrime group Qilin is believed to be behind the attack.

article thumbnail

Microsoft Will Switch Off Recall by Default After Security Backlash

WIRED Threat Level

After weeks of withering criticism and exposed security flaws, Microsoft has vastly scaled back its ambitions for Recall, its AI-enabled silent recording feature, and added new privacy features.

Security 145
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

CISA Planning JCDC Overhaul as Experts Criticize Slow Start

Data Breach Today

Top US Cyber Defense Agency Aims to Revamp Its Key Public-Private Collaborative The Joint Cyber Defense Collaborative may get a much-needed facelift in the coming months after experts and a cybersecurity advisory committee urged the U.S. Cybersecurity and Infrastructure Security Agency to improve its operational components and clarify its membership criteria.

article thumbnail

Chinese threat actor exploits old ThinkPHP flaws since October 2023

Security Affairs

Akamai observed a Chinese-speaking group exploiting two flaws, tracked as CVE-2018-20062 and CVE-2019-9082, in ThinkPHP applications. Akamai researchers observed a Chinese threat actor exploiting two old remote code execution vulnerabilities, tracked as CVE-2018-20062 and CVE-2019-9082 , in ThinkPHP. The campaign seems to have been active since at least October 2023, it initially targeted a limited number of customers/organizations but recently became widespread.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Hypr Secures $30M to Expand Identity Protection Platform

Data Breach Today

Silver Lake Waterman Investment in Hypr Fuels Product Development, Market Expansion Hypr raised $30 million from Silver Lake Waterman to boost its identity security offerings, aiming for market expansion and a potential initial public offering. The investment supports the New York-based company's multi-product strategy in a rapidly evolving threat landscape.

Security 182

More Trending

article thumbnail

Collaborative Security: The Team Sport Approach

Data Breach Today

By decentralizing the ownership of cybersecurity and increasing security consciousness among everyone in the organization, businesses can improve their security posture, said Dom Lombardi, the vice president of security and trust at Kandji. He discussed the concept of collaborative security.

Security 182
article thumbnail

Pandabuy was extorted twice by the same threat actor

Security Affairs

Chinese shopping platform Pandabuy previously paid a ransom demand to an extortion group that extorted the company again this week. The story of the attack against the Chinese shopping platform Pandabuy demonstrates that paying a ransom to an extortion group is risky to the victims. BleepingComputer first reported that Pandabuy had previously paid a ransom to an extortion group to prevent stolen data from being published, but the same threat actor extorted the company again this week.

article thumbnail

Microsoft Tweaks Recall for Security

Data Breach Today

The Computing Giant Faced a Wave of Criticism Over 'Photographic Memory' Feature Microsoft is retreating somewhat from Recall, a planned feature it touts as "photographic memory" for personal computers. The company announced on Friday that it's shifting the default setting for Recall to "off," and express user consent will be required before Recall can be activated.

Security 182
article thumbnail

Nearly Three-Quarters of Organizations Were the Target of Attempted Business Email Compromise Attacks

KnowBe4

New data highlights just how dangerous this often malwareless cyber attack method really is, and whether organizations were ready to stop the attack.

Phishing 126
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Tenable Boosts Data, Cloud Security With Eureka Acquisition

Data Breach Today

Tenable to Natively Integrate Eureka's Data Security Posture Management Product Tenable plans to acquire Israeli startup Eureka to enhance its cloud security platform with advanced data security posture management capabilities. The transaction aims to provide customers with comprehensive risk assessment and management tools in a single, unified platform.

Cloud 173
article thumbnail

Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing

KnowBe4

I have created a comprehensive webinar, based on my recent book , “Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing”. It contains everything that KnowBe4 and I know to defeat scammers.

Phishing 124
article thumbnail

Security and Human Behavior (SHB) 2024

Schneier on Security

This week, I hosted the seventeenth Workshop on Security and Human Behavior at the Harvard Kennedy School. This is the first workshop since our co-founder, Ross Anderson, died unexpectedly. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security. The fifty or so attendees include psychologists, economists, computer security researchers, criminologists, sociologists, political scientists, designers, lawyers, philosophers, anthropologists, geo

Security 111
article thumbnail

Breach or Bluff: Cyber Criminals' Slippery Tactics

KnowBe4

When the news first broke about a potential data breach at Ticketmaster, the details were murky. The Department of Home Affairs confirmed a cyber incident affecting Ticketmaster customers, but the extent of the breach and the veracity of the claims made by the hacker group ShinyHunters were unclear.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

The Justice Department Took Down the 911 S5 Botnet

Schneier on Security

The US Justice Department has dismantled an enormous botnet: According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide. These devices were associated with more than 19 million unique IP addresses, including 613,841 IP addresses located in the United States.

article thumbnail

Minnesotans Targeted by Scammers With Phony Arrest Warrants

KnowBe4

The Minnesota Judicial Branch has issued an advisory warning that scammers are messaging Minnesotans with phony arrest warrants for missing jury duty.

Security 116
article thumbnail

Worrying Ransomware Trends, and What to Do About Them

IT Governance

Expert insight from our cyber incident responder When talking to clients or taking questions at the end of webinars, many ask us about ransomware. In fact, ransomware is often the first thing people ask about! Organisations seem really worried about it – and understandably so. Ransomware features a lot in the news. A particularly noteworthy attack was MOVEit , which was also a zero-day exploit , but we see plenty of ‘run-of-the-mill’ attacks too.

article thumbnail

Trust Libraries: 10 Pledges for libraries to a new Government

CILIP

Trust Libraries: 10 Pledges for libraries to a new Government A General Election is just round the corner and its outcome will affect us all, with a new government and potentially hundreds of new MPs taking their seats in the House of Commons. Trust Libraries: Our pledge to the public and the next government is CILIP’s call to incoming politicians to trust libraries to deliver ten key pledges, whatever political parties are represented in the Government of tomorrow.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

UAC-0020 threat actor used the SPECTR Malware to target Ukraine’s defense forces

Security Affairs

Ukraine CERT-UA warned of cyber attacks targeting defense forces with SPECTR malware as part of a cyber espionage campaign dubbed SickSync. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of cyber espionage campaign targeting defense forces in the country. The Ukrainian CERT attributes the attack to the threat actor UAC-0020 which employed a malware called SPECTR as part of the campaign tracked as SickSync.

article thumbnail

Defense-in-depth: Effective, layered security

Jamf

Modern threats are complex. If complexity is the enemy of security, then defense-in-depth is the answer to keeping your infrastructure protected by closing gaps in security and mitigating sophisticated threats.

article thumbnail

Document Scanning for Higher Education

Record Nations

Document scanning is an efficient, secure way to keep track of and store files over time. When you digitize documents it saves you physical space, provides an easy way to collaborate and share, and gives you the ability to search and edit documents. These are capabilities that benefit institutions of all kinds, including higher education. Document Scanning for Higher Education The post Document Scanning for Higher Education appeared first on Record Nations.

article thumbnail

My Story So Far and Your Own Career Journey

Lenny Zeltser

Wherever you are in your professional journey, it helps to peak into another's career story to learn from their approach, mistakes, and triumphs. In the following three videos, I reflect on my career so far to share my story, hoping that others in the industry will find it useful. Perhaps you'll glean from these short episodes the insights that will help you chart your own path in cybersecurity.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Beyond the buzzwords: Automating protection with AI-enabled solutions for modern cybersecurity

OpenText Information Management

The concept of security posture, as defined by the National Institute of Standards and Technology (NIST), refers to an organization's overall cybersecurity strength—including its defenses and adaptability to evolving threats. This blog explores the transition of cybersecurity strategies from a reactive approach to enabling actionable visibility, for proactive protection across the expanding attack surface, and reducing risk in today's digital enterprises.

article thumbnail

Artificial intelligence: standards and regulations

Jamf

Artificial intelligence is a growing technology used in many aspects of our lives. Learn how governments are regulating and developing AI frameworks to encourage responsible AI development.

article thumbnail

Friday Squid Blogging: Squid Catch Quotas in Peru

Schneier on Security

Peru has set a lower squid quota for 2024. The article says “giant squid,” but that seems wrong. We don’t eat those. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.

article thumbnail

ISMG Editors: Infosecurity Europe Conference 2024 Wrap-Up

Data Breach Today

Panelists Discuss Latest Updates on AI Tech, Cyber Resilience and Regulations Live from Infosecurity Europe Conference 2024 in London, ISMG editors and special guest CISO Ian Thornton-Trump close the event by discussing key topics including progress on AI-based cybersecurity solutions, efforts to help organizations boost resilience, and the looming specter of new regulations.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.