Krebs on Security

APRIL 30, 2024

A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients. On October 21, 2020, the Vastaamo Psychotherapy Center in Finland became the target of blackmail when a tormentor identified as “ransom_man” demanded payment of 40 bitcoins (~450,000 euros at the time) in return for a promise not to publish highly

Passwords 263

Passwords Access Security IT 263

Data Breach Today

APRIL 30, 2024

Data Breach Report Lead Author Alex Pinto Discusses Top Findings, Best Practices Verizon's 17th annual 2024 Data Breach Investigations Report highlights a troubling trend: The exploitation of vulnerabilities in the wild has tripled, primarily due to ransomware actors targeting zero-day vulnerabilities, such as the MOVEit flaw that triggered numerous data theft incidents.

Data breaches 287

Data breaches Ransomware 287

AIIM

APRIL 30, 2024

If you are new to AIIM, you might be wondering what AIIM means when we say "information," which we admittedly say a lot. My favorite explanation of information is from Steve Weissman, CIP, who told me that he simply refers to information as "stuff in a box." Information represents all the data you manage within your organization. Information means both structured and unstructured data.

Unstructured data 203

Unstructured data Artificial Intelligence Big data 203

Data Breach Today

APRIL 30, 2024

'Ransom_man' Extortionist Faces 6-Year, 3-Month Prison Term A Finnish court found Aleksanteri Tomminpoika Kivimäki guilty of hacking and leaking online the psychotherapy records of 33,000 individuals in a 2020 incident. The District Court of Länsi-Uusimaa has sentenced Kivimäki, 26, to six years and three months in prison.

264

264

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Weissman's World

APRIL 30, 2024

Making the business case for Doing Information Right™ is often one of the biggest challenges we face, in no small part because so many of the improvements we can achieve are “soft” ones that our senior managers can readily push back on: Improving findability Boosting compliance Supporting self-service Reducing legal risk Now, we know these… Read More » A Business Case Tip for InfoGov The post A Business Case Tip for InfoGov appeared first on Holly Group.

Compliance 177

Compliance Risk Information governance Government 177

The Last Watchdog

APRIL 30, 2024

For all the discussion around the sophisticated technology, strategies, and tactics hackers use to infiltrate networks, sometimes the simplest attack method can do the most damage. The recent Unitronics hack , in which attackers took control over a Pennsylvania water authority and other entities, is a good example. In this instance, hackers are suspected to have exploited simple cybersecurity loopholes, including the fact that the software shipped with easy-to-guess default passwords.

Security 182

Security Cybersecurity Unstructured data Cloud 182

Data Breach Today

APRIL 30, 2024

The Siemens Simatic Energy Manager Used an Unsafe BinaryFormatter Method Researchers detailed a deserialization vulnerability in Siemens software used to monitor energy consumption in industrial settings and attributed the flaw to the German conglomerate's decision to use a programming method that has known security risks.

Risk 182

Risk Security 182

The Last Watchdog

APRIL 30, 2024

At the end of 2000, I was hired by USA Today to cover Microsoft, which at the time was being prosecuted by the U.S. Department of Justice. Related: Why proxies aren’t enough Microsoft had used illegal monopolistic practices to crush Netscape Navigator thereby elevating Internet Explorer (IE) to become far and away the No. 1 web browser. IE’s reign proved to be fleeting.

Security 130

Security Authentication Compliance IT 130

Data Breach Today

APRIL 30, 2024

Your Personal Brand Is as Crucial as Any Skill in Your Tech Toolkit Personal branding is the practice of marketing oneself and one's career as a brand. It plays a role in how you are perceived and how you perceive yourself as a professional, and it can set you apart from other candidates. Here are tips on how to create and maintain your personal brand.

Marketing 173

Marketing IT 173

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

The Last Watchdog

APRIL 30, 2024

Tel Aviv, Israel – April 30, 2024 – Cybersixgill, the global cyber threat intelligence data provider, broke new ground today by introducing its Third-Party Intelligence module. The new module delivers vendor-specific cybersecurity and threat intelligence to organizations’ security teams, enabling them to continuously monitor and detect risks to their environment arising from third-party suppliers and take preemptive action before an attack executes.

Risk 100

Risk Cybersecurity Marketing Security 100

Data Breach Today

APRIL 30, 2024

New Report Says Global Threat Actors May Use AI to Enhance Physical Attacks on US The U.S. Department of Homeland Security is warning that known limitations for nuclear and chemical security regulations in the United States could lead to global threat actors taking advantage of artificial intelligence tools to launch catastrophic attacks against the country.

Artificial Intelligence 162

Artificial Intelligence Risk Security 162

Jamf

APRIL 30, 2024

Jamf has been authorized by the Common Vulnerabilities and Exposures (CVE) program as a CVE Numbering Authority! Learn more about the CVE program and what this means for Jamf.

122

122

Data Breach Today

APRIL 30, 2024

Investments in Island Led by Coatue and Sequoia Support Global Expansion, R&D, M&A Island's Series D funding doubles its valuation to $3 billion and gives the enterprise browser startup more than $350 million in its war chest. The funding aims to boost Island's global expansion in Europe and APAC, support R&D to enhance functionality, and open doors to potential M&A opportunities.

IT 162

IT 162

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Security Affairs

APRIL 30, 2024

The UK National Cyber Security Centre (NCSC) orders smart device manufacturers to ban default passwords starting from April 29, 2024. The U.K. National Cyber Security Centre (NCSC) is urging manufacturers of smart devices to comply with new legislation that bans default passwords. The law, known as the Product Security and Telecommunications Infrastructure act (or PSTI act), will be effective on April 29, 2024. “From 29 April 2024, manufacturers of consumer ‘smart’ devices must comply wi

Passwords 135

Passwords Manufacturing IoT Retail 135

Data Breach Today

APRIL 30, 2024

Modern Treasury's Ani Narayan on Why RFP on New Rails Won't Replace ACH Just Yet As ACH continues to dominate U.S. transactions, newer payment rails, including FedNow, are working to make their platforms more secure. One of the ways they are doing this is by implementing a request for payment or RFP. Ani Narayan at Modern Treasury discussed the implications of this move.

Security 162

Security 162

Security Affairs

APRIL 30, 2024

The US government’s cybersecurity agency CISA published a series of guidelines to protect critical infrastructure against AI-based attacks. CISA collaborated with Sector Risk Management Agencies (SRMAs) and regulatory agencies to conduct sector-specific assessments of AI risks to U.S. critical infrastructure, as mandated by Executive Order 14110 Section 4.3(a)(i).

Risk 128

Risk Government Cybersecurity Security 128

WIRED Threat Level

APRIL 30, 2024

Thousands of planes and ships are facing GPS jamming and spoofing. Experts warn these attacks could potentially impact critical infrastructure, communication networks, and more.

Communications 116

Communications Security 116

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Security Affairs

APRIL 30, 2024

Finnish hacker was sentenced to more than six years in prison for hacking into an online psychotherapy clinic and attempted extortion. A popular 26-year-old Finnish hacker Aleksanteri Kivimäki was sentenced to more than six years in prison for hacking into the online psychotherapy clinic Vastaamo Psychotherapy Center, exposing tens of thousands of patient therapy records, and trying to extort the clinic and its clients.

Data breaches 128

Data breaches IT Information Security Security 128

WIRED Threat Level

APRIL 30, 2024

China's brain-computer interface technology is catching up to the US. But it envisions a very different use case: cognitive enhancement.

IT 121

IT Security 121

KnowBe4

APRIL 30, 2024

This blog was co-written by Javvad Malik and Erich Kron. Let’s dive into the cautionary world of phishing simulations gone wrong. You know, those attempts to train users not to fall for phishing that somehow end up setting off more alarms than a Hawaiian missile alert system.

Phishing 111

Phishing 111

Data Protection Report

APRIL 30, 2024

On April 15, 2024, the U.S. Department of Justice, upon referral from the Federal Trade Commission, filed a complaint and stipulated order against telehealth company Cerebral, Inc. The claims related to the company’s sharing personal data without consumer consent and making it very difficult for consumers to cancel their subscriptions to this telehealth service.

Personal data 85

Personal data Privacy Information governance Compliance 85

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Cloud

KnowBe4

APRIL 30, 2024

For many fresh out of college, the drive to land that first professional role is a top priority. Yet, new graduates can be exposed to sophisticated scams that can jeopardize not just their finances but also their identities.

Phishing 108

Phishing 108

Schneier on Security

APRIL 30, 2024

Meta has threatened to pull WhatsApp out of India if the courts try to force it to break its end-to-end encryption.

Encryption 99

Encryption IT Privacy 99

KnowBe4

APRIL 30, 2024

The US Federal Bureau of Investigation (FBI) has issued an advisory warning of a scam campaign targeting users of online dating platforms. The scammers are attempting to trick users into signing up for fraudulent monthly subscriptions in order to be verified as a real person.

Security 90

Security 90

eSecurity Planet

APRIL 30, 2024

Setting up a firewall is the first step in securing your network. A successful firewall setup and deployment requires careful design, implementation, and maintenance to effectively improve your network integrity and data security. Before performing a firewall configuration, consider factors such as security requirements, network architecture, and interoperability; avoid typical firewall setup errors; and follow the best practices below.

Compliance 62

Compliance Risk Access Security 62

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

IG Guru

APRIL 30, 2024

U.S. DEPARTMENT OF HEALTH AND HUMAN SERVICES Office for Civil Rights _ April 19, 2024 HHS Office for Civil Rights Creates FAQ Webpage in Response to the Change Healthcare Cyberattack Today, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) posted a new webpage to share answers to frequently asked questions (FAQs) […] The post HHS Office for Civil Rights Creates FAQ Webpage in Response to the Change Healthcare Cyberattack first appeared on IG GURU.

Risk 80

Risk Information Security Security 80

eSecurity Planet

APRIL 30, 2024

A demilitarized zone (DMZ) network is a subnetwork that businesses use to protect their company’s local area network (LAN) and data from external sources. It’s important to prepare the network and firewalls in advance, then follow seven major steps to configure your DMZ’s protocols and rules. There are also some best practices for security and networking teams to remember while you configure your DMZ network.

Security 62

Security Cybersecurity Access IT 62

KnowBe4

APRIL 30, 2024

[Wake Up Call] A Fresh Nespresso Domain Hijack Brews an MFA Phishing Scheme

Phishing 94

Phishing 94