Fri.Mar 01, 2024

article thumbnail

Alert: Info Stealers Target Stored Browser Credentials

Data Breach Today

Calls Grow to Block Browser-Based Password Storage as Malware Comes Calling Saving passwords in browser-based password managers or via "remember my details" website options might make for simple and fast log-ins for employees, but they also give attackers an easy way to lift legitimate credentials, oftentimes via highly automated, information-stealing malware, experts warn.

Passwords 334
article thumbnail

Here Come the AI Worms

WIRED Threat Level

Security researchers created an AI worm in a test environment that can automatically spread between generative AI agents—potentially stealing data and sending spam emails along the way.

Security 145
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Zscaler CEO: Palo Alto Playing Defense as Firewall Sales Ebb

Data Breach Today

Jay Chaudhry Says Palo Alto Offering Free Products to New Platform Users Won't Work Zscaler CEO Jay Chaudhry said Palo Alto Networks' strategy of offering free products to new platform customers will "unravel over time" as firewalls become shelfware. Legacy vendors find themselves "in a defensive position" as the role of firewalls shrinks and demand for zero trust security grows.

Sales 293
article thumbnail

CISA adds Microsoft Streaming Service bug to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft Streaming Service vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2023-29360 (CVSS Score 8.4) Microsoft Streaming Service Untrusted pointer dereference vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.

IT 140
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

The Widespread Effect of the Change Healthcare Mega Hack

Data Breach Today

The Change Healthcare mega hack has taken nearly 120 of the company's IT products and services offline since Feb. 21, and that cyber disruption is having serious, widespread impact on the entire healthcare industry including major players, said attorney Sara Goldstein of the law firm BakerHostetler.

IT 283

More Trending

article thumbnail

ISMG Editors: OpenAI's Response to The New York Times Case

Data Breach Today

Also: Addressing Scotland's Cybercrime Surge; NOC and SOC Convergence In the latest weekly update, ISMG editors discussed the convergence of the NOC and SOC functions, Scottish Police efforts to address the escalating challenge of cybercrime in Scotland, and why OpenAI is pushing to dismiss certain aspects of The New York Times lawsuit.

282
282
article thumbnail

Crooks stole €15 Million from European retail company Pepco

Security Affairs

Crooks stole €15.5 million from the European variety retail and discount company Pepco through a phishing attack. The Hungarian business of the European discount retailer Pepco Group has been the victim of a phishing attack, crooks stole about 15 million euros ($16.3 million). The group operates three distribution lines: Poundland in the United Kingdom, Dealz in the Republic of Ireland and Spain, and Pepco in various European countries. “Pepco Group (“Pepco” or the “Group”) has been the ta

Retail 134
article thumbnail

Ivanti Disputes CISA Findings of Post-Factory Reset Hacking

Data Breach Today

Gateway Maker Says Technique Won't Succeed in Live Customer Environment Corporate VPN maker Ivanti disputed findings by the U.S. cybersecurity agency that said hackers can establish persistence on rooted appliances through a factory reset but nonetheless released an updated integrity checking tool Tuesday. Ivanti has been in emergency response mode since early January.

article thumbnail

Information Management During Mergers & Acquisitions

AIIM

In January, I served as a panelist during a three-part series on mergers and acquisitions in the association space. Hosted by the ASAE Executive Management Advisory Council, the series explored what non-profit organizations need to consider before, during, and after mergers and acquisitions. The panelists were mainly executives and legal professionals, so the fascinating conversations focused very much on strategy, governance, finances, and human capital.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Strengthening OT Defense, Zero Trust: SSH's Strategic Vision

Data Breach Today

Rami Raulas on Why SSH Plans to Invest in Zero Trust, OT Defense and Quantum Safety In his first week in his new role as interim CEO of SSH Communications Security, Rami Raulas shares insights on the company’s strategic focus on zero trust, operational technology security, and quantum-safe cryptography to address evolving cybersecurity challenges.

article thumbnail

NIST Cybersecurity Framework 2.0

Schneier on Security

NIST has released version 2.0 of the Cybersecurity Framework: The CSF 2.0, which supports implementation of the National Cybersecurity Strategy , has an expanded scope that goes beyond protecting critical infrastructure, such as hospitals and power plants, to all organizations in any sector. It also has a new focus on governance, which encompasses how organizations make and carry out informed decisions on cybersecurity strategy.

article thumbnail

Planning with Purpose: 10 Tips to Develop a Year-Long Security and Compliance Training Program

KnowBe4

Our team at KnowBe4 recently got together to talk about planning for annual security and compliance training.

article thumbnail

Five Eyes alliance warns of attacks exploiting known Ivanti Gateway flaws

Security Affairs

The Five Eyes alliance warns of threat actors exploiting known security flaws in Ivanti Connect Secure and Ivanti Policy Secure gateways. The Five Eyes intelligence alliance issued a joint cybersecurity advisory warning of threat actors exploiting known vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. The advisory provides details about the exploitation in the wild of Connect Secure and Policy Secure vulnerabilities CVE-2023-46805 , CVE-2024-21887 , and CVE-2024-2189

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Email-Based Cyber Attacks Increase 222% as Phishing Dominates as the Top Vector

KnowBe4

Analysis of the second half of 2023 shows attackers are getting more aggressive with email-based phishing attacks in both frequency and execution.

Phishing 116
article thumbnail

Libraries in 19 councils at risk of ‘fire sale’ with new Exceptional Financial Support Framework

CILIP

Libraries in 19 councils at risk of ‘fire sale’ with new Exceptional Financial Support Framework Image of birmingham library via wikimedia commons CILIP is sounding the alarm over a potential 'fire sale' of library buildings following the Government announcement of 'exceptional financial support' to 19 Councils. The Department for Levelling Up, Housing and Communities announced yesterday that 19 councils in England will benefit from an 'Exceptional Financial Support (EFS)' framework for the fisc

article thumbnail

Cybercriminals Sent 1.76 Billion Social Media Phishing Emails in 2023

KnowBe4

As social media phishing reaches new heights, new data reviewing 2023 shows a massive effort by cybercriminals to leverage impersonation of social media brands.

Phishing 100
article thumbnail

Meet the shady companies helping governments hack citizens’ phones via Fast Company

IG Guru

Check out the article here. The post Meet the shady companies helping governments hack citizens’ phones via Fast Company first appeared on IG GURU.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

UK ICO Issues Enforcement Notice and Warning to UK Home Office

Hunton Privacy

On March 1, 2024, the UK Information Commissioner’s Office (“ICO”) announced that it had issued an enforcement notice and a warning to the UK Home Office for failing to sufficiently assess the privacy risks posed by the electronic monitoring of people arriving in the UK via unauthorized means. The Home Office is the ministerial department of the UK government responsible for immigration, security, and law and order.

Privacy 61
article thumbnail

Elevate Apple device security with Jamf Security Cloud’s new feature

Jamf

Jamf Security Cloud leverages Jamf Pro API to bring together management and security, building automatic deployment of activation profiles in a single click.

article thumbnail

EDPB Launches Coordinated Enforcement Framework on Right of Access

Hunton Privacy

On February 28, 2024, the European Data Protection Board (“EDPB”) announced the launch of its latest Coordinated Enforcement Framework action on the right of access. Through the course of 2024, 31 data protection authorities across the European Economic Area, including seven German state-level authorities, will take part in this initiative on the implementation of the right of access.

Access 61
article thumbnail

Why You Should Integrate Your ERP with Document Management

Docuware

Although Enterprise Resource Planning (ERP) Systems promise to do it all, when it comes to incorporating documents into your workflows or archiving them for quick retrieval, ERPs can come up short. Many ERP systems seek to digitalize every process in an organization. This can create complexity that negatively affects the user experience and takes needless detours rather than following a direct path.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Friday Squid Blogging: New Extinct Species of Vampire Squid Discovered

Schneier on Security

Paleontologists have discovered a 183-million-year-old species of vampire squid. Prior research suggests that the vampyromorph lived in the shallows off an island that once existed in what is now the heart of the European mainland. The research team believes that the remarkable degree of preservation of this squid is due to unique conditions at the moment of the creature’s death.

Paper 104