Wed.Jan 31, 2024

article thumbnail

Ivanti Discloses Additional Zero-Day That Is Being Exploited

Data Breach Today

Company Starts Patch Rollout for Flaws Exploited by Likely Chinese Intelligence Op Corporate VPN maker Ivanti on Wednesday began a belated patch rollout for zero-day flaws that many cybersecurity firms say paved the way for an espionage hacking operation likely conducted by China. Ivanti also disclosed two more zero-days and told customers that hackers are exploiting one of them.

article thumbnail

Data leak at fintech giant Direct Trading Technologies

Security Affairs

Sensitive data and trading activity of over 300K traders leaked online by international fintech firm Direct Trading Technologies. Direct Trading Technologies, an international fintech company, jeopardized over 300K traders by leaking their sensitive data and trading activity, thereby putting them at risk of an account takeover. On October 27th, the Cybernews research team discovered a misconfigured web server with backups and development code references allegedly belonging to the fintech company

Metadata 139
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Here’s How the FBI Stopped a Major Chinese Hacking Campaign

Data Breach Today

FBI and CISA Detail Operation to Prevent Chinese Attacks on Critical Infrastructure The FBI launched a court-authorized sting operation against a Chinese hacking group known as Volt Typhoon, partnering with the Cybersecurity and Infrastructure Security Agency and a cohort of U.S. cyber agencies to prevent a major attack on the nation’s critical infrastructure sectors.

article thumbnail

Crooks stole around $112 million worth of XRP from Ripple’s co-founder

Security Affairs

Crooks stole around $112 million worth of Ripple XRP from the crypto wallet of Ripple’s co-founder Chris Larsen. This week, crooks stole around $112 million worth of the Ripple-focused cryptocurrency XRP from a crypto wallet belonging to the Ripple’s co-founder and executive chairman Chris Larsen. Larsen pointed out that the hackers compromised his personal XRP accounts, while the @Ripple was not impacted.

Access 135
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Top Tips to Avoid Corporate Social Media Account Hijacking

Data Breach Today

Not a Good Look: Hijacked @SECgov Social Media Account Spews Bitcoin Rumors Social media accounts - especially those tied to government agencies, big-name companies and high-profile individuals - continue to be a top target for takeover by fraudsters and scammers, especially when it comes to X, formerly known as Twitter. What's the best way to keep these accounts secure?

More Trending

article thumbnail

Proofpoint Lays Off 6% of Workforce, Offshores Jobs

Data Breach Today

Private Equity-Owned Firm Lets 280 People Go, Moves Jobs to Argentina and Ireland Silicon Valley email security firm Proofpoint is laying off 280 positions two months into the tenure of Sumit Dhawan as its chief executive officer. A company spokesperson said Proofpoint anticipates moving half the eliminated positions to overseas units in Argentina and Ireland by midyear.

Security 267
article thumbnail

CISA adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Apple improper authentication bug, tracked as CVE-2022-48618 , to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability can allow an attacker with arbitrary read and write capability to bypass Pointer Authentication.

article thumbnail

Water Sector Leaders Urge Congress to Fund Cyber Mandates

Data Breach Today

The Water and Wastewater Sector Faces Growing Cybersecurity Risks, Officials Warn Leaders from the U.S. water sector testified to the House subcommittee on environment, manufacturing and critical materials that entities across the country face funding and resource disparities as the increasingly vulnerable industry faces emerging threats from domestic and foreign cyber actors.

article thumbnail

Police seized 50,000 Bitcoin from operator of the now-defunct piracy site movie2k

Security Affairs

German police seized 50,000 Bitcoin from the former operator of the now-defunct piracy website movie2k.to. The police in Saxony, Germany, have seized 50,000 Bitcoin (more than $2.1 billion at the current exchange rate) from the former operator of the now-defunct piracy site movie2k. “This is the most extensive security of Bitcoins by law enforcement authorities in the Federal Republic of Germany to date.” reads the press release published by the German police.

IT 127
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

ISACs Slam US Federal Cyber Incident Reporting Proposals

Data Breach Today

Information-Sharing Groups Call Reporting Requirements 'Too Costly, Overreaching' Multiple Information Sharing and Analysis Centers decried a proposed incident reporting measure for vendors selling to the U.S. federal government as being costly and ineffective. The proposal will affect three of every four contracts in which the government is a contracting party.

article thumbnail

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. In early January 2024, software firm Ivanti reported that threat actors were exploiting two zero-day vulnerabilities ( CVE-2023-46805, CVE-2024-21887 ) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways.

article thumbnail

Pushing the Healthcare Sector to Improve Cybersecurity

Data Breach Today

Getting the health sector to vastly improve the state of its cybersecurity will take much more than the recent issuance of federal guidance outlining cyber performance goals for entities. It will also require new government incentives and mandates, said Steve Cagle, CEO of consultancy Clearwater.

article thumbnail

News alert: Oasis Security raises $40M funding to automate the lifecycle of non-human identities

The Last Watchdog

Tel Aviv, Israel, Jan. 31, 2024 — Oasis Security , the leading provider of Non-human Identity Management (NIM) solutions, announced today that it raised a total of $40 million funding led by Sequoia Capital (Doug Leone, Bogomil Balkansky), alongside Accel (Andrei Brasoveanu), Cyberstarts (Lior Simon) and Maple Capital. Guy Podjarny, founder of Snyk and Michael Fey, Co-Founder and CEO of Island, also participated in the financing.

Security 100
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Proof of Concept: How Do We Ensure Ethical AI Systems?

Data Breach Today

Also: Safeguarding AI Vulnerabilities From Cyber Adversaries In the latest "Proof of Concept," Sam Curry of Zscaler and Heather West of Venable assess how vulnerable AI models are to potential attacks, offer practical measures to bolster the resilience of AI models and discuss how to address bias in training data and model predictions.

233
233
article thumbnail

News alert: Reken raises $10M from Greycroft to protect against generative AI-enabled fraud

The Last Watchdog

San Francisco, Calif., Jan. 31, 2024 – Reken, an AI & cybersecurity company, today announced the close of its $10M oversubscribed seed round, led by Greycroft and FPV Ventures. Other investors in the round include Firebolt Ventures, Fika Ventures, Omega Venture Partners, Homebrew, and JAZZ Venture Partners. The funding will be used for core research and development to build new AI technology and products to protect against generative AI threats, such as deepfake social engineering and autono

article thumbnail

Pushing the Healthcare Sector into Stronger Cybersecurity

Data Breach Today

Getting the health sector to vastly improve its state of cybersecurity will take much more than the recent issuance of new federal guidance outlining cyber performance goals for entities. It will also require new government incentives and mandates, said Steve Cagle, CEO of consultancy Clearwater.

article thumbnail

FBI Cyber Alert: Tech Support Scams Steal Cash or Precious Metals

KnowBe4

The US Federal Bureau of Investigation (FBI) has issued an alert warning that scammers are tricking victims into converting their savings into cash or precious metals, then sending couriers to pick up the items for safekeeping.

Security 114
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

YouTube, Discord, and ‘Lord of the Rings’ Led Police to a Teen Accused of a US Swatting Spree

WIRED Threat Level

For nearly two years, police have been tracking down the culprit behind a wave of hoax threats. A digital trail took them to the door of a 17-year-old in California.

Security 122
article thumbnail

Ransomware Payments On The Decline As Cyber Attackers Focus on The Smallest, And Largest, Organizations

KnowBe4

New data for Q4 of 2023 reveals a sizable shift in the cyber threat landscape, with serious implications regarding ransomware and social engineering attacks targeting both the largest and smallest organizations worldwide.

article thumbnail

CFPB’s Proposed Data Rules

Schneier on Security

In October, the Consumer Financial Protection Bureau (CFPB) proposed a set of rules that if implemented would transform how financial institutions handle personal data about their customers. The rules put control of that data back in the hands of ordinary Americans, while at the same time undermining the data broker economy and increasing customer choice and competition.

article thumbnail

What are the different types of sourcing?

IBM Big Data Hub

Sourcing isn’t just a concern for procurement teams. With rising consumer and stakeholder expectations around ethical and responsible supply chains, who supplies your organization’s goods and services is also a C-suite consideration. The sourcing process sits within supply chain management and is used for identifying, vetting and selecting the best suppliers.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

ESG Research Unearths Critical Insights for Future-Proofing Encryption and Key Management

Thales Cloud Protection & Licensing

ESG Research Unearths Critical Insights for Future-Proofing Encryption and Key Management madhav Thu, 02/01/2024 - 05:14 Encryption and key management are critical defenses against data breaches and cyber threats in the evolving digital landscape. A comprehensive study by ESG Research, commissioned by Thales, sheds light on emerging trends, operational challenges, and strategic advancements in this vital field.

article thumbnail

Why DDI solutions aren’t always ideal for authoritative DNS

IBM Big Data Hub

The distinction between “internal” and “external” networks has always been somewhat false. Clients are accustomed to thinking about firewalls as the barrier between network elements we expose to the internet and back-end systems that are only accessible to insiders. Yet as the delivery mechanisms for applications, websites and content become more decentralized, that barrier is becoming more permeable.

Risk 90
article thumbnail

[Live Demo] Customizing Your Compliance Training to Increase Effectiveness

KnowBe4

Linking compliance training to specific outcomes is hard. Compliance training has a reputation for being challenging for organizations to offer, difficult to do right and employees are not engaged.

article thumbnail

Apple and Google Just Patched Their First Zero-Day Flaws of the Year

WIRED Threat Level

Plus: Google fixes dozens of Android bugs, Microsoft rolls out nearly 50 patches, Mozilla squashes 15 Firefox flaws, and more.

Security 101
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Inside a Global Phone Spy Tool Monitoring Billions via 404 media

IG Guru

Check out the article here. The post Inside a Global Phone Spy Tool Monitoring Billions via 404 media first appeared on IG GURU.

Risk 81
article thumbnail

The Question Google Won’t Answer

John Battelle's Searchblog

Reading Ben Thompson’s coverage of Google’s earnings call this week, one thing jumps out, and simply can’t be ignored: Google CEO Sundar Pichai was asked a simple question, and, as Thompson points out, Pichai dodged it completely. A Merril analyst asked this question : “Just wondering if you see any changes in query volumes, positive or negative, since you’ve seen the year evolve and more Search innovative experiences.” Here’s Pichai’s answer: 

Cloud 64
article thumbnail

Manutan Group combines digital services with the human touch to delight customers

OpenText Information Management

At Manutan Group, we equip businesses and communities with the products and services they require to succeed. Headquartered in France, our group has three divisions, serving companies, local authorities, and tradespeople, employing 2,100 people across 26 subsidiaries. For more than 50 years, we’ve stayed one step ahead of market trends to shape a compelling product … The post Manutan Group combines digital services with the human touch to delight customers appeared first on OpenText Blogs.