Thu.Jul 25, 2024

article thumbnail

LW ROUNDTABLE: CrowdStrike outage reveals long road ahead to achieve digital resiliency

The Last Watchdog

Last week, CrowdStrike, one of the cybersecurity industry’s most reputable solution providers, inadvertently caused more disruption across the Internet than all the threat actors active online at the time. Related: Microsoft blames outage on EU A flawed update to CrowdStrike’s Falcon security software caused millions of computers running Microsoft Windows to display the infamous blue screen of death.

article thumbnail

CrowdStrike Outage Losses Will Hit Healthcare, Banking Hard

Data Breach Today

$5.4 Billion in Losses Estimated for 500 Largest Public US Firms - Except Microsoft Expect the healthcare and banking sectors to record the greatest direct losses in the U.S. as a result of the global disruptions caused by a faulty CrowdStrike software update crashing Windows systems, an underwriting agency reported, forecasting Fortune 500 direct losses of $5.4 billion.

307
307
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Critical bug in Docker Engine allowed attackers to bypass authorization plugins

Security Affairs

A critical flaw in some versions of Docker Engine can be exploited to bypass authorization plugins (AuthZ) under specific circumstances. A vulnerability, tracked as CVE-2024-41110 (CVSS score of 10.0), in certain versions of Docker Engine can allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. “An attacker could exploit a bypass using an API request with Content-Length set to 0, causing the Docker daemon to forward the request without the body to the Aut

Access 144
article thumbnail

Breach Roundup: ICANN Warns.top Domain About Phishing

Data Breach Today

Also: Russian DDoS Hacktivists; Verizon Settles With US FTC and Windows 10 This week, ICANN warned of phishing, BreachForums data was leaked, police arrested alleged pro-Russian hackers, the U.K shut down a DDoS booter site, the EU gave Meta a deadline, Russia decried U.S. sanctions, Verizon settled on breaches, and Windows 10 security support will end in October 2025.

Phishing 303
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Hackers exploit Microsoft Defender SmartScreen bug CVE-2024-21412 to deliver ACR, Lumma, and Meduza Stealers

Security Affairs

The CVE-2024-21412 flaw in the Microsoft Defender SmartScreen has been exploited to deliver information stealers such as ACR Stealer, Lumma, and Meduza. Fortinet FortiGuard Labs researchers observed a malware campaign exploiting the vulnerability CVE-2024-21412 (CVSS score: 8.1) to spread information stealer, such as ACR Stealer, Lumma , and Meduza.

Education 143

More Trending

article thumbnail

Terrorist Activity is Accelerating in Cyberspace – Risk Precursor to Summer Olympics and Elections

Security Affairs

Terrorist groups are increasingly using cyberspace and digital communication channels to plan and execute attacks. Yesterday Federal Bureau of Investigation (FBI) Director Christopher Wray expressed growing concerns over the potential for a coordinated foreign terrorist attack in the United States. During his testimony to the House Oversight Committee, Mr.

Risk 143
article thumbnail

US Indicts Alleged North Korean Ransomware Attacker

Data Breach Today

United States Charges North Korean Hacker for Attacks on Hospitals and Healthcare The U.S. is offering a $10 million reward for information leading to the arrest of suspected North Korean hacker Rim Jong Hyok after authorities indicted him for involvement in the regime's Andariel hacking group. Hyok is charged with conspiracy to commit computer hacking and money laundering.

article thumbnail

At The 2024 Summer Olympics, AI Is Watching You

WIRED Threat Level

A controversial new surveillance system in Paris foreshadows a future where there are too many CCTV cameras for humans to physically watch.

Security 140
article thumbnail

UK Blood Stocks Drop After Ransomware Hack

Data Breach Today

NHS Blood and Transplant Urges Hospitals to Restrict the Use of O-Negative Blood The U.K. National Health Service is urging hospitals across the country to limit the use of rare O-negative type blood after a ransomware attack on a British laboratory service provider crippled blood donations across the country. National blood stocks are at "unprecedentedly low levels.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Progress Software fixed critical RCE CVE-2024-6327 in the Telerik Report Server

Security Affairs

Progress Software addressed a critical remote code execution vulnerability, tracked as CVE-2024-6327, in the Telerik Report Server. Telerik Report Server is a web-based application designed for creating, managing, and delivering reports in various formats. It provides tools for report design, scheduling, and secure delivery, allowing organizations to centralize their reporting processes.

article thumbnail

Cryptohack Roundup: Tornado Cash Sees Uptick in Use

Data Breach Today

Also: WazirX Updates; Fractal ID Breach Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, Tornado Cash saw an uptick in use, updates on the WazirX exploit were released, Fractal ID and LI.FI published breach postmortems, and the U.S. moved to recover pig-butchering losses.

article thumbnail

The CrowdStrike Outage and Market-Driven Brittleness

Schneier on Security

Friday’s massive internet outage, caused by a mid-sized tech company called CrowdStrike, disrupted major airlines, hospitals, and banks. Nearly 7,000 flights were canceled. It took down 911 systems and factories, courthouses, and television stations. Tallying the total cost will take time. The outage affected more than 8.5 million Windows computers, and the cost will surely be in the billions of dollars ­easily matching the most costly previous cyberattacks, such as NotPetya.

Marketing 129
article thumbnail

Senator: Top Banks Only Reimburse 38% of Unauthorized Claims

Data Breach Today

Bank Execs at Senate Hearing Defend Zelle Reimbursements, Payment Fraud Programs During a hearing Tuesday, U.S. Sen. Richard Blumenthal, D-Conn., revealed that Bank of America, JPMorgan Chase and Wells Fargo only reimbursed 38% of unauthorized Zelle transactions - leaving consumers on the hook for $100 million in fraud losses. The banks disputed the committee's findings.

281
281
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Data Wallets Using the Solid Protocol

Schneier on Security

I am the Chief of Security Architecture at Inrupt, Inc. , the company that is commercializing Tim Berners-Lee’s Solid open W3C standard for distributed data ownership. This week, we announced a digital wallet based on the Solid architecture. Details are here , but basically a digital wallet is a repository for personal data and documents. Right now, there are hundreds of different wallets, but no standard.

article thumbnail

Mandiant: North Korean Hackers Targeting Healthcare, Energy

Data Breach Today

State-Sponsored Hacking Group Andariel Tied to Active and Sophisticated Campaigns A North Korean hacking group notorious for carrying out large-scale cyberattacks against government institutions and critical infrastructure, and developing ransomware, is expanding operations to target the healthcare, energy and financial sectors, warn threat intelligence researchers at Mandiant.

article thumbnail

North Korean Fake IT Worker FAQ

KnowBe4

Frequently Asked Questions About KnowBe4's Fake IT Worker Blog July 23, 2024, I wrote a blog post about how KnowBe4 inadvertently hired a skillful North Korean IT worker who used the stolen identity of a US citizen. He participated in several rounds of video interviews and circumvented background check processes commonly used. The intent was to share an organizational learning moment, so you can make sure this does not happen to you.

IT 116
article thumbnail

How to secure data and integrate applications in a hybrid cloud environment

Data Breach Today

Simplifying your transition to a hybrid cloud environment while ensuring data security and app integration When you move to a hybrid cloud environment consideration must be given to how data is secured and synchronized during and after the transfer.

Cloud 275
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Your KnowBe4 Compliance Plus Fresh Content Updates from July 2024

KnowBe4

Check out the July updates in Compliance Plus so you can stay on top of featured compliance training content.

article thumbnail

Chainguard Raises $140M to Drive AI Support, Global Growth

Data Breach Today

Company Seeks to Expand Globally and Grow Its US Public Sector Presence A supply chain security firm led by an ex-Google Cloud engineer closed a Series C round to assist AI workloads and expand its open-source software catalog. Chainguard raised $140 million just eight months after completing a $61 million Series B funding round, tripling its valuation to $1.12 billion.

Cloud 272
article thumbnail

How to turn on Private DNS Mode on Android - and what it can do for you

Collaboration 2.0

Enabling Private DNS Mode on Android means your searches and other DNS queries are encrypted and safe from prying eyes. Here's everything else you need to know.

article thumbnail

Proof of Concept: How Can We Outpace Deepfake Threats?

Data Breach Today

Sam Curry and Heather West on Authentication, AI Labelling and Adaptive Security As deepfakes evolve, they pose significant cybersecurity risks and require adaptable security measures. In this episode of "Proof of Concept," Sam Curry of Zscaler and Heather West of Venable discuss strategies for using advanced security tactics to outpace deepfake threats.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

5 Echo Show settings to change to make your smart display less annoying

Collaboration 2.0

I love my Amazon Echo Show, but I find some of its behaviors distracting, triggering, presumptuous, and just plain pushy. Fortunately, there are easy fixes.

IT 98
article thumbnail

Software Maker MCG Health Settles Data Breach Suit for $8.8M

Data Breach Today

Litigation Alleges Vendor Took 2 Years to Discover Data Theft After Hack Software vendor MCG Health has agreed to pay $8.8 million to settle a consolidated proposed federal class action lawsuit involving a 2020 hacking incident. The suit claims the company took two years to identify and report a data theft that affected about 1.1 million people.

article thumbnail

This $45 mini screwdriver kit has a useful LED screen - and I highly recommend it

Collaboration 2.0

The Arrowmax SES ultra mini power screwdriver kit combines high-quality hardware with customizable settings, and its one of the first I've seen with its own display.

IT 98
article thumbnail

How to Easily Meet the PCI DSS Awareness Training Requirements

IT Governance

All organisations that transmit, process or store payment card data, or affect its security, must meet the requirements of the PCI DSS (Payment Card Industry Data Security Standard). The currently applicable version of the PCI DSS is v4.0.1 , a limited revision to PCI DSS v4.0. The PCI DSS consists of a standardised, industry-wide set of requirements and processes for: Policies; Procedures; Software design; Security management; Network architecture; and Critical protective measures.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Google's DeepMind AI takes home silver medal in complex math competition

Collaboration 2.0

The achievement is noteworthy because AI systems don't usually fare well with complex math challenges.

76
article thumbnail

How to install Windows 11 the way you want (and sneak by Microsoft's restrictions)

Collaboration 2.0

With the free Rufus utility, you can upgrade your existing Windows 10 PC or install Windows 11 on a clean computer - and do it your way.

IT 76
article thumbnail

OpenAI launches SearchGPT - here's what it can do and how to access it

Collaboration 2.0

Google, it looks like you've got some competition.

IT 76