Fri.Jun 14, 2024

article thumbnail

Microsoft, Palo Alto, CrowdStrike Lead XDR Forrester Wave

Data Breach Today

Palo Alto Networks Reaches Leaderboard While Trend Micro Falls to Strong Performer The XDR market has matured significantly, Forrester found. Leading vendors such as Microsoft, Palo Alto Networks and CrowdStrike are supporting diverse telemetry sources and developing strategies to replace traditional SIEM tools. These advancements give better detection quality and cost management.

Marketing 289
article thumbnail

CISA adds Android Pixel, Microsoft Windows, Progress Telerik Report Server bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android Pixel, Microsoft Windows, Progress Telerik Report Server bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-32896 Android Pixel Privilege Escalation Vulnerability CVE-2024-26169 Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerabi

IT 130
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Managing Chaos in Massive Healthcare Sector Cyberattacks

Data Breach Today

The chaos experienced by thousands of healthcare organizations in the wake of the massive Change Healthcare cyberattack and IT outage in February is proof that most organizations are simply unprepared for such devastating incidents, said Bryan Chnowski, deputy CISO at Nuvance Health.

IT 288
article thumbnail

DORA Compliance Strategy for Business Leaders

Security Affairs

In January 2025, European financial and insurance institutions, their business partners and providers, must comply with DORA. In January 2025, financial and insurance institutions in Europe and any organizations that do business with them must comply with the Digital Operation Resilience Act, also known as DORA. This regulation from the European Union (EU) is intended to both strengthen IT security and enhance the digital resilience of the European financial market.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

NCS Insider Prison Sentence Highlights Enterprise Risk Flaws

Data Breach Today

Enterprise Monitoring Systems Failed to Detect Ex-Worker's Unauthorized Logins A Singapore court has sentenced a former employee of NCS Group to two years and eight months in prison for accessing the company's software test environment and wiping 180 virtual servers months after his employment ended. The company detected the unauthorized access after he deleted the servers.

Risk 278

More Trending

article thumbnail

Meta Delays Data Harvesting for AI Plans in Europe

Data Breach Today

Company Says It Will Still Attempt to Use Public Posts Dating to 2007 to Train AI Social media giant Meta will delay plans to train artificial intelligence with data harvested from European Instagram and Facebook users weeks after a rights group lodged a complaint against the company with 11 European data regulators. A Meta spokesperson said the delay is temporary.

article thumbnail

The Global Reach of Cyber Threats: Why Security Awareness Training is More Important Than Ever

KnowBe4

Based on news cycles within cybersecurity, it's easy to fall into the trap of thinking that threats only come from certain parts of the world or that they only target specific industries. However, the reality is that cyber attacks know no borders, and no organisation is immune.

article thumbnail

The Dangers of Over-Relying on Too Few Critical Vendors

Data Breach Today

Many healthcare organizations have discovered major gaps in business operations preparedness - the ability to quickly rebound from major IT disruptions, such as those caused by the Change Healthcare cyberattack. Jigar Kadakia, CISO of Emory Healthcare, said it's time to come up with a Plan B.

IT 285
article thumbnail

Phishing Campaign Targets Job Seekers With WARMCOOKIE Backdoor

KnowBe4

A phishing campaign is impersonating recruiting firms to target job seekers with a new strain of malware, according to researchers at Elastic Security.

Phishing 103
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

ISMG Editors: Will AI Survive the Data Drought?

Data Breach Today

Also: ISMG's Summit in Chicago; Navigating Regulatory Change In the latest weekly update, ISMG editors discussed the upcoming North America Midwest Cybersecurity Summit, challenges and solutions regarding AI training data, and the implications of the new European Union Artificial Intelligence Act for CISOs.

article thumbnail

Demo of AES GCM Misuse Problems

Schneier on Security

This is really neat demo of the security problems arising from reusing nonces with a symmetric cipher in GCM mode.

Security 108
article thumbnail

Surge in Attacks Against Edge and Infrastructure Devices

Data Breach Today

Increase in Known Vulnerabilities and Zero-Days Is Fueling Mass Hacking Campaigns Attackers are increasingly targeting cybersecurity devices deployed on the network edge to pivot into enterprise environments, as they take advantage of a surge in zero-day and known vulnerabilities in such devices, which organizations can take months to patch.

article thumbnail

Keeper vs LastPass (2024 Comparison): Which Is Right for You?

eSecurity Planet

Keeper and LastPass are password managers best fit for small to medium organizations, providing fundamental password management and login functionality. Both solutions improve password protection; however, their focus differs. LastPass highlights user experience, whereas Keeper promotes better security. My comparison shows their key differentiators, pros, and cons to help you determine which is the better suited solution for you.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

How the Growing Demands of Healthcare Are Complicating Risk

Data Breach Today

Healthcare is increasingly complex and interconnected, and the push to exchange more digital patient information among providers adds to the threat of busy staff falling victim to phishing and other scams that can jeopardize data, said Krista Arndt, CISO of United Musculoskeletal Partners.

Risk 173
article thumbnail

Apple TV takes learning further with Jamf and TrilbyTV

Jamf

Discover how Apple TV digital signage can transform educational environments. Learn about the benefits and practical applications of digital signage in schools.

article thumbnail

Microsoft Backtracks on Recall Rollout

Data Breach Today

Tech Giant to Test AI Feature Via Windows Insider Program Microsoft dialed back even further its plans to roll out Recall, an automatic screenshot feature indexed by artificial intelligence that has garnered opposition from users and security and privacy advocates. The move is Microsoft's second retreat from Recall within a week.

article thumbnail

WWDC 2024 highlights: Key takeaways for education

Jamf

At WWDC 2024, Apple announced exciting new features across their device ecosystem. Learn how the latest operating systems and Apple Intelligence impact learning.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Pope Francis in G7 Speech Warns Against Nonhuman-Centric AI

Data Breach Today

Pontiff Calls for Ban of Autonomous Weapons and for Ethical Use of Emerging Tech Pope Francis during a speech at the G7 summit in Italy called for a ban of autonomous weapons and urged world leaders to keep humans and ethics at the forefront of the artificial intelligence revolution, making him the first pope to address the annual meeting of the world's wealthy democracies.

article thumbnail

Friday Squid Blogging: Squid Cartoon

Schneier on Security

Squid humor. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.

Security 100
article thumbnail

Security Researchers Expose Critical Flaw in Ivanti Software

Data Breach Today

Ivanti Faces Another SQL Injection Flaw in Popular Endpoint Manager Product Security researchers have discovered another major vulnerability in Ivanti's widely used endpoint management system that can allow hackers to gain remote access for multiple devices at the same time. This comes just months after the company patched a separate SQL injection flaw in the same product.

Security 162