Tue.Apr 30, 2024

article thumbnail

Man Who Mass-Extorted Psychotherapy Patients Gets Six Years

Krebs on Security

A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients. On October 21, 2020, the Vastaamo Psychotherapy Center in Finland became the target of blackmail when a tormentor identified as “ransom_man” demanded payment of 40 bitcoins (~450,000 euros at the time) in return for a promise not to publish highly

Passwords 263
article thumbnail

Verizon Breach Report: Vulnerability Hacks Tripled in 2023

Data Breach Today

Data Breach Report Lead Author Alex Pinto Discusses Top Findings, Best Practices Verizon's 17th annual 2024 Data Breach Investigations Report highlights a troubling trend: The exploitation of vulnerabilities in the wild has tripled, primarily due to ransomware actors targeting zero-day vulnerabilities, such as the MOVEit flaw that triggered numerous data theft incidents.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Difference Between Unstructured Data and Structured Data

AIIM

If you are new to AIIM, you might be wondering what AIIM means when we say "information," which we admittedly say a lot. My favorite explanation of information is from Steve Weissman, CIP, who told me that he simply refers to information as "stuff in a box." Information represents all the data you manage within your organization. Information means both structured and unstructured data.

article thumbnail

Finnish Hacker Kivimaki Found Guilty in Vastaamo Hack

Data Breach Today

'Ransom_man' Extortionist Faces 6-Year, 3-Month Prison Term A Finnish court found Aleksanteri Tomminpoika Kivimäki guilty of hacking and leaking online the psychotherapy records of 33,000 individuals in a 2020 incident. The District Court of Länsi-Uusimaa has sentenced Kivimäki, 26, to six years and three months in prison.

248
248
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

A Business Case Tip for InfoGov

Weissman's World

Making the business case for Doing Information Right™ is often one of the biggest challenges we face, in no small part because so many of the improvements we can achieve are “soft” ones that our senior managers can readily push back on: Improving findability Boosting compliance Supporting self-service Reducing legal risk Now, we know these… Read More » A Business Case Tip for InfoGov The post A Business Case Tip for InfoGov appeared first on Holly Group.

More Trending

article thumbnail

GUEST ESSAY: Recalibrating critical infrastructure security in the wake of evolving threats

The Last Watchdog

For all the discussion around the sophisticated technology, strategies, and tactics hackers use to infiltrate networks, sometimes the simplest attack method can do the most damage. The recent Unitronics hack , in which attackers took control over a Pennsylvania water authority and other entities, is a good example. In this instance, hackers are suspected to have exploited simple cybersecurity loopholes, including the fact that the software shipped with easy-to-guess default passwords.

Security 182
article thumbnail

Patched Deserialization Flaw in Siemens Product Allows RCE

Data Breach Today

The Siemens Simatic Energy Manager Used an Unsafe BinaryFormatter Method Researchers detailed a deserialization vulnerability in Siemens software used to monitor energy consumption in industrial settings and attributed the flaw to the German conglomerate's decision to use a programming method that has known security risks.

Risk 182
article thumbnail

RSAC Fireside Chat: Secure, flexible web browsers finally available, thanks to open-source code

The Last Watchdog

At the end of 2000, I was hired by USA Today to cover Microsoft, which at the time was being prosecuted by the U.S. Department of Justice. Related: Why proxies aren’t enough Microsoft had used illegal monopolistic practices to crush Netscape Navigator thereby elevating Internet Explorer (IE) to become far and away the No. 1 web browser. IE’s reign proved to be fleeting.

Security 130
article thumbnail

How Personal Branding Can Elevate Your Tech Career

Data Breach Today

Your Personal Brand Is as Crucial as Any Skill in Your Tech Toolkit Personal branding is the practice of marketing oneself and one's career as a brand. It plays a role in how you are perceived and how you perceive yourself as a professional, and it can set you apart from other candidates. Here are tips on how to create and maintain your personal brand.

Marketing 173
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

News alert: Cybersixgill unveils ‘Third-Party Intelligence’ to deliver vendor-specific threat intel

The Last Watchdog

Tel Aviv, Israel – April 30, 2024 – Cybersixgill, the global cyber threat intelligence data provider, broke new ground today by introducing its Third-Party Intelligence module. The new module delivers vendor-specific cybersecurity and threat intelligence to organizations’ security teams, enabling them to continuously monitor and detect risks to their environment arising from third-party suppliers and take preemptive action before an attack executes.

Risk 100
article thumbnail

DHS: AI-Enhanced Nuclear and Chemical Threats Are Risk to US

Data Breach Today

New Report Says Global Threat Actors May Use AI to Enhance Physical Attacks on US The U.S. Department of Homeland Security is warning that known limitations for nuclear and chemical security regulations in the United States could lead to global threat actors taking advantage of artificial intelligence tools to launch catastrophic attacks against the country.

article thumbnail

Jamf named CVE Numbering Authority

Jamf

Jamf has been authorized by the Common Vulnerabilities and Exposures (CVE) program as a CVE Numbering Authority! Learn more about the CVE program and what this means for Jamf.

122
122
article thumbnail

Island Gets $175M Series D Funding, Doubles Valuation to $3B

Data Breach Today

Investments in Island Led by Coatue and Sequoia Support Global Expansion, R&D, M&A Island's Series D funding doubles its valuation to $3 billion and gives the enterprise browser startup more than $350 million in its war chest. The funding aims to boost Island's global expansion in Europe and APAC, support R&D to enhance functionality, and open doors to potential M&A opportunities.

IT 162
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

NCSC: New UK law bans default passwords on smart devices

Security Affairs

The UK National Cyber Security Centre (NCSC) orders smart device manufacturers to ban default passwords starting from April 29, 2024. The U.K. National Cyber Security Centre (NCSC) is urging manufacturers of smart devices to comply with new legislation that bans default passwords. The law, known as the Product Security and Telecommunications Infrastructure act (or PSTI act), will be effective on April 29, 2024. “From 29 April 2024, manufacturers of consumer ‘smart’ devices must comply wi

Passwords 136
article thumbnail

New Payment Rails to Rely on RFP for More Security

Data Breach Today

Modern Treasury's Ani Narayan on Why RFP on New Rails Won't Replace ACH Just Yet As ACH continues to dominate U.S. transactions, newer payment rails, including FedNow, are working to make their platforms more secure. One of the ways they are doing this is by implementing a request for payment or RFP. Ani Narayan at Modern Treasury discussed the implications of this move.

Security 162
article thumbnail

CISA guidelines to protect critical infrastructure against AI-based threats

Security Affairs

The US government’s cybersecurity agency CISA published a series of guidelines to protect critical infrastructure against AI-based attacks. CISA collaborated with Sector Risk Management Agencies (SRMAs) and regulatory agencies to conduct sector-specific assessments of AI risks to U.S. critical infrastructure, as mandated by Executive Order 14110 Section 4.3(a)(i).

Risk 129
article thumbnail

The Dangerous Rise of GPS Attacks

WIRED Threat Level

Thousands of planes and ships are facing GPS jamming and spoofing. Experts warn these attacks could potentially impact critical infrastructure, communication networks, and more.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Notorious Finnish Hacker sentenced to more than six years in prison

Security Affairs

Finnish hacker was sentenced to more than six years in prison for hacking into an online psychotherapy clinic and attempted extortion. A popular 26-year-old Finnish hacker Aleksanteri Kivimäki was sentenced to more than six years in prison for hacking into the online psychotherapy clinic Vastaamo Psychotherapy Center, exposing tens of thousands of patient therapy records, and trying to extort the clinic and its clients.

article thumbnail

China Has a Controversial Plan for Brain-Computer Interfaces

WIRED Threat Level

China's brain-computer interface technology is catching up to the US. But it envisions a very different use case: cognitive enhancement.

IT 120
article thumbnail

Phishing Failures: How Not to Phish Your Users

KnowBe4

This blog was co-written by Javvad Malik and Erich Kron. Let’s dive into the cautionary world of phishing simulations gone wrong. You know, those attempts to train users not to fall for phishing that somehow end up setting off more alarms than a Hawaiian missile alert system.

Phishing 111
article thumbnail

$10,000,000 civil penalty for disclosing personal data without consent

Data Protection Report

On April 15, 2024, the U.S. Department of Justice, upon referral from the Federal Trade Commission, filed a complaint and stipulated order against telehealth company Cerebral, Inc. The claims related to the company’s sharing personal data without consumer consent and making it very difficult for consumers to cancel their subscriptions to this telehealth service.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

How New College Graduates Can Avoid Increasingly Personalized Job Scams

KnowBe4

For many fresh out of college, the drive to land that first professional role is a top priority. Yet, new graduates can be exposed to sophisticated scams that can jeopardize not just their finances but also their identities.

Phishing 108
article thumbnail

WhatsApp in India

Schneier on Security

Meta has threatened to pull WhatsApp out of India if the courts try to force it to break its end-to-end encryption.

article thumbnail

FBI Warns of Verification Scams Targeting Dating Site Users

KnowBe4

The US Federal Bureau of Investigation (FBI) has issued an advisory warning of a scam campaign targeting users of online dating platforms. The scammers are attempting to trick users into signing up for fraudulent monthly subscriptions in order to be verified as a real person.

article thumbnail

How To Set Up a Firewall in 8 Easy Steps + Best Practices

eSecurity Planet

Setting up a firewall is the first step in securing your network. A successful firewall setup and deployment requires careful design, implementation, and maintenance to effectively improve your network integrity and data security. Before performing a firewall configuration, consider factors such as security requirements, network architecture, and interoperability; avoid typical firewall setup errors; and follow the best practices below.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

HHS Office for Civil Rights Creates FAQ Webpage in Response to the Change Healthcare Cyberattack

IG Guru

U.S. DEPARTMENT OF HEALTH AND HUMAN SERVICES Office for Civil Rights _ April 19, 2024 HHS Office for Civil Rights Creates FAQ Webpage in Response to the Change Healthcare Cyberattack Today, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) posted a new webpage to share answers to frequently asked questions (FAQs) […] The post HHS Office for Civil Rights Creates FAQ Webpage in Response to the Change Healthcare Cyberattack first appeared on IG GURU.

Risk 80
article thumbnail

How To Set Up DMZ on Servers: 7-Step DMZ Configuration

eSecurity Planet

A demilitarized zone (DMZ) network is a subnetwork that businesses use to protect their company’s local area network (LAN) and data from external sources. It’s important to prepare the network and firewalls in advance, then follow seven major steps to configure your DMZ’s protocols and rules. There are also some best practices for security and networking teams to remember while you configure your DMZ network.

article thumbnail

CyberheistNews Vol 14 #18 [Wake Up Call] A Fresh Nespresso Domain Hijack Brews an MFA Phishing Scheme

KnowBe4

[Wake Up Call] A Fresh Nespresso Domain Hijack Brews an MFA Phishing Scheme