The Last Watchdog

JULY 25, 2024

Last week, CrowdStrike, one of the cybersecurity industry’s most reputable solution providers, inadvertently caused more disruption across the Internet than all the threat actors active online at the time. Related: Microsoft blames outage on EU A flawed update to CrowdStrike’s Falcon security software caused millions of computers running Microsoft Windows to display the infamous blue screen of death.

Ransomware 317

Ransomware Cybersecurity Cloud Phishing 317

Data Breach Today

JULY 25, 2024

Also: Russian DDoS Hacktivists; Verizon Settles With US FTC and Windows 10 This week, ICANN warned of phishing, BreachForums data was leaked, police arrested alleged pro-Russian hackers, the U.K shut down a DDoS booter site, the EU gave Meta a deadline, Russia decried U.S. sanctions, Verizon settled on breaches, and Windows 10 security support will end in October 2025.

Phishing 299

Phishing Security 299

Security Affairs

JULY 25, 2024

A critical flaw in some versions of Docker Engine can be exploited to bypass authorization plugins (AuthZ) under specific circumstances. A vulnerability, tracked as CVE-2024-41110 (CVSS score of 10.0), in certain versions of Docker Engine can allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. “An attacker could exploit a bypass using an API request with Content-Length set to 0, causing the Docker daemon to forward the request without the body to the Aut

Access 143

Access Risk IT Security 143

Data Breach Today

JULY 25, 2024

Also: WazirX Updates; Fractal ID Breach Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, Tornado Cash saw an uptick in use, updates on the WazirX exploit were released, Fractal ID and LI.FI published breach postmortems, and the U.S. moved to recover pig-butchering losses.

Cybersecurity 287

Cybersecurity 287

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Security Affairs

JULY 25, 2024

The CVE-2024-21412 flaw in the Microsoft Defender SmartScreen has been exploited to deliver information stealers such as ACR Stealer, Lumma, and Meduza. Fortinet FortiGuard Labs researchers observed a malware campaign exploiting the vulnerability CVE-2024-21412 (CVSS score: 8.1) to spread information stealer, such as ACR Stealer, Lumma , and Meduza.

Education 141

Education Security Information Security Cybersecurity 141

Security Affairs

JULY 25, 2024

Terrorist groups are increasingly using cyberspace and digital communication channels to plan and execute attacks. Yesterday Federal Bureau of Investigation (FBI) Director Christopher Wray expressed growing concerns over the potential for a coordinated foreign terrorist attack in the United States. During his testimony to the House Oversight Committee, Mr.

Risk 140

Risk e-Delivery Communications Financial Services 140

Data Breach Today

JULY 25, 2024

Hackers Spread Malicious Recovery Files and Certificates Friday's global computer outage caused by an update gone wrong from cybersecurity firm CrowdStrike continues to bring out hucksters seeking to capitalize on the incident. Hackers began milking it almost immediately, and self-proclaimed hacktivist group USDoD appears to be the latest.

Cybersecurity 288

Cybersecurity IT 288

Schneier on Security

JULY 25, 2024

Friday’s massive internet outage, caused by a mid-sized tech company called CrowdStrike, disrupted major airlines, hospitals, and banks. Nearly 7,000 flights were canceled. It took down 911 systems and factories, courthouses, and television stations. Tallying the total cost will take time. The outage affected more than 8.5 million Windows computers, and the cost will surely be in the billions of dollars ­easily matching the most costly previous cyberattacks, such as NotPetya.

Marketing 122

Marketing Insurance Access Risk 122

Data Breach Today

JULY 25, 2024

United States Charges North Korean Hacker for Attacks on Hospitals and Healthcare The U.S. is offering a $10 million reward for information leading to the arrest of suspected North Korean hacker Rim Jong Hyok after authorities indicted him for involvement in the regime's Andariel hacking group. Hyok is charged with conspiracy to commit computer hacking and money laundering.

Ransomware 286

Ransomware 286

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Schneier on Security

JULY 25, 2024

I am the Chief of Security Architecture at Inrupt, Inc. , the company that is commercializing Tim Berners-Lee’s Solid open W3C standard for distributed data ownership. This week, we announced a digital wallet based on the Solid architecture. Details are here , but basically a digital wallet is a repository for personal data and documents. Right now, there are hundreds of different wallets, but no standard.

Personal data 113

Personal data Security IT Data Privacy 113

Data Breach Today

JULY 25, 2024

NHS Blood and Transplant Urges Hospitals to Restrict the Use of O-Negative Blood The U.K. National Health Service is urging hospitals across the country to limit the use of rare O-negative type blood after a ransomware attack on a British laboratory service provider crippled blood donations across the country. National blood stocks are at "unprecedentedly low levels.

Ransomware 278

Ransomware 278

Security Affairs

JULY 25, 2024

Progress Software addressed a critical remote code execution vulnerability, tracked as CVE-2024-6327, in the Telerik Report Server. Telerik Report Server is a web-based application designed for creating, managing, and delivering reports in various formats. It provides tools for report design, scheduling, and secure delivery, allowing organizations to centralize their reporting processes.

Authentication 123

Authentication Access Security IT 123

Data Breach Today

JULY 25, 2024

Simplifying your transition to a hybrid cloud environment while ensuring data security and app integration When you move to a hybrid cloud environment consideration must be given to how data is secured and synchronized during and after the transfer.

Cloud 269

Cloud Security 269

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

KnowBe4

JULY 25, 2024

Frequently Asked Questions About KnowBe4's Fake IT Worker Blog July 23, 2024, I wrote a blog post about how KnowBe4 inadvertently hired a skillful North Korean IT worker who used the stolen identity of a US citizen. He participated in several rounds of video interviews and circumvented background check processes commonly used. The intent was to share an organizational learning moment, so you can make sure this does not happen to you.

IT 106

IT Access Cloud Data breaches 106

Data Breach Today

JULY 25, 2024

Bank Execs at Senate Hearing Defend Zelle Reimbursements, Payment Fraud Programs During a hearing Tuesday, U.S. Sen. Richard Blumenthal, D-Conn., revealed that Bank of America, JPMorgan Chase and Wells Fargo only reimbursed 38% of unauthorized Zelle transactions - leaving consumers on the hook for $100 million in fraud losses. The banks disputed the committee's findings.

268

268

WIRED Threat Level

JULY 25, 2024

A controversial new surveillance system in Paris foreshadows a future where there are too many CCTV cameras for humans to physically watch.

Security 109

Security 109

Data Breach Today

JULY 25, 2024

Company Seeks to Expand Globally and Grow Its US Public Sector Presence A supply chain security firm led by an ex-Google Cloud engineer closed a Series C round to assist AI workloads and expand its open-source software catalog. Chainguard raised $140 million just eight months after completing a $61 million Series B funding round, tripling its valuation to $1.12 billion.

Cloud 263

Cloud Security IT 263

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Collaboration 2.0

JULY 25, 2024

The Arrowmax SES ultra mini power screwdriver kit combines high-quality hardware with customizable settings, and its one of the first I've seen with its own display.

IT 98

IT 98

Data Breach Today

JULY 25, 2024

Sam Curry and Heather West on Authentication, AI Labelling and Adaptive Security As deepfakes evolve, they pose significant cybersecurity risks and require adaptable security measures. In this episode of "Proof of Concept," Sam Curry of Zscaler and Heather West of Venable discuss strategies for using advanced security tactics to outpace deepfake threats.

Authentication 263

Authentication Cybersecurity Risk Security 263

Collaboration 2.0

JULY 25, 2024

Enabling Private DNS Mode on Android means your searches and other DNS queries are encrypted and safe from prying eyes. Here's everything else you need to know.

Encryption 98

Encryption IT 98

Data Breach Today

JULY 25, 2024

State-Sponsored Hacking Group Andariel Tied to Active and Sophisticated Campaigns A North Korean hacking group notorious for carrying out large-scale cyberattacks against government institutions and critical infrastructure, and developing ransomware, is expanding operations to target the healthcare, energy and financial sectors, warn threat intelligence researchers at Mandiant.

Ransomware 260

Ransomware Government 260

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Cloud

Collaboration 2.0

JULY 25, 2024

I love my Amazon Echo Show, but I find some of its behaviors distracting, triggering, presumptuous, and just plain pushy. Fortunately, there are easy fixes.

IT 98

IT 98

Data Breach Today

JULY 25, 2024

Litigation Alleges Vendor Took 2 Years to Discover Data Theft After Hack Software vendor MCG Health has agreed to pay $8.8 million to settle a consolidated proposed federal class action lawsuit involving a 2020 hacking incident. The suit claims the company took two years to identify and report a data theft that affected about 1.1 million people.

Data breaches 238

Data breaches 238

IT Governance

JULY 25, 2024

All organisations that transmit, process or store payment card data, or affect its security, must meet the requirements of the PCI DSS (Payment Card Industry Data Security Standard). The currently applicable version of the PCI DSS is v4.0.1 , a limited revision to PCI DSS v4.0. The PCI DSS consists of a standardised, industry-wide set of requirements and processes for: Policies; Procedures; Software design; Security management; Network architecture; and Critical protective measures.

Security awareness 77

Security awareness Compliance Data breaches Phishing 77

KnowBe4

JULY 25, 2024

Check out the July updates in Compliance Plus so you can stay on top of featured compliance training content.

Compliance 105

Compliance Security awareness Security 105

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Collaboration 2.0

JULY 25, 2024

Professionals are rightly wary of rival firms gaining a first-mover advantage. But in some instances, talking about challenges and opportunities with potential competitors can be beneficial.

96

96

Collaboration 2.0

JULY 25, 2024

The new Apple Maps website helps you find businesses, view guides to hot spots, and get walking or driving directions, if you're using a supported browser.

IT 75

IT 75

Collaboration 2.0

JULY 25, 2024

We tested the best iPad Air cases from brands like Logitech, Apple, and more -- so you can protect your device while keeping it stylish and functional.

IT 75

IT 75