Wed.Jul 10, 2024

article thumbnail

Australia Flags Persistent Chinese Cyberespionage Hacking

Data Breach Today

Nation-State Group APT40 Routinely Exploits Publicly Known Software Flaws The Australian cybersecurity agency is blaming a Chinese state-backed cyberespionage group, tracked as APT40, for persistent cyberattacks on Australian organizations to steal sensitive information. The group exploits known software vulnerabilities to compromise networks.

article thumbnail

The Stark Truth Behind the Resurgence of Russia’s Fin7

Krebs on Security

The Russia-based cybercrime group dubbed “ Fin7 ,” known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. authorities. But experts say Fin7 has roared back to life in 2024 — setting up thousands of websites mimicking a range of media and technology companies — with the help of Stark Industries Solutions , a sprawling hosting provider that is a persistent source of cyberat

Phishing 252
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

After Customers Get Breached, Snowflake Refines Security

Data Breach Today

Mandatory Multifactor Authentication Among New Features Given to Administrators In the wake of multiple customers of Snowflake collectively losing terabytes of data to attackers, the cloud-based data warehousing platform has rolled out a swath of cybersecurity improvements, including allowing administrators to make multifactor authentication mandatory for all users.

article thumbnail

The $11 Billion Marketplace Enabling the Crypto Scam Economy

WIRED Threat Level

Deepfake scam services. Victim data. Electrified shackles for human trafficking. Crypto tracing firm Elliptic found all were available for sale on an online marketplace linked to Cambodia’s ruling family.

Sales 136
article thumbnail

The Tumultuous IT Landscape is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Widely Used RADIUS Authentication Flaw Enables MITM Attacks

Data Breach Today

'Don't Panic,' Say Developers Security researchers identified an attack method against a commonly used network authentication protocol that dates back to the dial-up internet and relies on an obsolete hashing function. Researchers say "a well-resourced attacker" could make it practical.

More Trending

article thumbnail

Singapore to Phase Out One-Time Passwords in Banking

Data Breach Today

Monetary Authority Responds to Surge in Phishing Scams That Impersonate Banks The Monetary Authority of Singapore said banks will phase out one-time passwords for bank account logins over the next three months for customers who use digital tokens to authenticate their identity. The move follows a rise in phishing scams that impersonate banks in messages to steal credentials.

Passwords 248
article thumbnail

VMware fixed critical SQL-Injection in Aria Automation product

Security Affairs

VMware addressed a critical SQL-Injection vulnerability, tracked as CVE-2024-22280, impacting Aria Automation. Virtualization giant VMware addressed a high-severity SQL-injection vulnerability, tracked as CVE-2024-22280 (CVSSv3 base score of 8.5), in its Aria Automation solution. VMware Aria Automation (formerly vRealize Automation ) is a modern cloud automation platform that simplifies and streamlines the deployment, management, and governance of cloud infrastructure and applications.

article thumbnail

BitMEX Pleads Guilty to Violating Anti-Money Laundering Laws

Data Breach Today

Cryptocurrency Exchange Platform 'Willfully Flouted US Anti-Money Laundering Laws' The once-leading cryptocurrency exchange platform known as BitMEX pleaded guilty Wednesday to willfully violating the Bank Secrecy Act and anti-money laundering laws to effectively serve as a money laundering vehicle from 2015 to 2020, according to the U.S. Department of Justice.

183
183
article thumbnail

U.S. CISA adds Microsoft Windows and Rejetto HTTP File Server bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows and Rejetto HTTP File Server bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-23692 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability CVE-2024-38080 Microsoft Windows Hyper-V Privilege Esc

IT 122
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Researchers Discover New Malware Aimed at Mining Sector

Data Breach Today

Remote Access Trojan 'Poco RAT' Targets Mining, Manufacturing Sectors, Says Report A new report published by Cofense Intelligence identifies a malware called "Poco RAT" that is actively targeting mining and manufacturing sectors across Latin America through a simple remote access Trojan that could be capable of delivering additional malware for ransomware or data harvesting.

Mining 169
article thumbnail

Shopify Blames a Compromised Third-Party App for Data Leak

eSecurity Planet

Millions of online shoppers may be at risk after a data leak allegedly compromised customer information on Shopify, a leading e-commerce platform trusted by many businesses worldwide. Reports suggest nearly 180,000 users — 179,873 rows of users’ information — were impacted, with details like names, emails, and even purchase history potentially exposed.

Passwords 119
article thumbnail

A new flaw in OpenSSH can lead to remote code execution

Security Affairs

A vulnerability affects some versions of the OpenSSH secure networking suite, it can potentially lead to remote code execution. The vulnerability CVE-2024-6409 (CVSS score: 7.0) impacts select versions of the OpenSSH secure networking suite, it can be exploited to achieve remote code execution (RCE). The issue is a possible race condition in cleanup_exit() in openssh’s privsep child that impacts openssh versions 8.7p1 and 8.8p1.

article thumbnail

Russian Spear Phishing Campaigns Target NATO Entities

KnowBe4

Researchers at Mandiant (part of Google Cloud) warn that Russian government threat actors continue to target NATO member countries with spear phishing attacks. APT29 in particular has been targeting the technology sector in order to launch supply chain attacks.

Phishing 104
article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

article thumbnail

Citrix fixed critical and high-severity bugs in NetScaler product

Security Affairs

IT giant Citrix addressed multiple vulnerabilities, including critical and high-severity issues in its NetScaler product. Citrix released security updates to address critical and high-severity issues in its NetScaler product. The most severe issue is an improper authorization flaw, tracked as CVE-2024-6235 (CVSS score of 9.4). An attacker with access to the NetScaler Console IP can exploit the vulnerability to access sensitive information.

Access 113
article thumbnail

Google Maps will show speedometer and speed limits on iPhone and CarPlay

Collaboration 2.0

Long available for Android users, a Google Maps navigation perk is rolling out to iPhone users globally. Now, your speedometer and the current speed limit will appear in miles or kilometers depending on the region.

98
article thumbnail

Multiple cybersecurity agencies warn of China-linked APT40 ‘s capabilities

Security Affairs

Multiple cybersecurity agencies released a joint advisory warning about a China-linked group APT40 ‘s capability to rapidly exploit disclosed security flaws. Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the U.K., and the U.S. released a joint advisory warning about the China-linked group APT40 (aka TEMP.Periscope , TEMP.Jumper , Bronze Mohawk, Gingham Typhoon, ISLANDDREAMS, Kryptonite Panda, Red Ladon, TA423 , and Leviathan ) and its capability t

article thumbnail

How to clear your Google search cache on Android (and why you should)

Collaboration 2.0

If you're concerned about your privacy, you should regularly clear your Google search cache on Android. Here's how to do this manually and set up auto-delete.

Privacy 98
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Microsoft Patch Tuesday for July 2024 fixed 2 actively exploited zero-days

Security Affairs

Microsoft Patch Tuesday security updates for July 2024 addressed 139 flaws, including two actively exploited zero-days. Microsoft Patch Tuesday security updates for July 2024 addressed 139 vulnerabilities in Windows and Windows Components; Office and Office Components; NET and Visual Studio; Azure; Defender for IoT; SQL Server; Windows Hyper-V; Bitlocker and Secure(?

IoT 104
article thumbnail

From Policy to Practice in Security Culture: What Security Frameworks Recommend

KnowBe4

Recently I had to prepare for a governance, risk and compliance conference. I promptly realized that although I used to be quite immersed in this field as an ISO 27k implementation consultant and even a short stint as a Payment Card Industry (PCI QSA) auditor years ago, it has been a while since I looked into this.

article thumbnail

Samsung Galaxy Z Flip 6 vs Z Flip 5: Which phone model should you buy?

Collaboration 2.0

With the new Galaxy Z Flip 6 launching, you may wonder if the new model is worth the upgrade and how it stacks up to the previous version. We'll help you compare.

IT 97
article thumbnail

Google Is Adding Passkey Support for Its Most Vulnerable Users

WIRED Threat Level

Google is bringing the password-killing “passkey” tech to its Advanced Protection Program users more than a year after rolling them out broadly.

IT 91
article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

Samsung Galaxy Ring vs Ultrahuman Ring Air: Which subscription-free smart ring wins?

Collaboration 2.0

Samsung just unveiled its subscription-free Galaxy Ring, and the Ultrahuman Ring Air is a competitive subscription-free option. Which should you buy?

IT 97
article thumbnail

Thales Joins IBM Consulting to Accelerate PQC Readiness

Thales Cloud Protection & Licensing

Thales Joins IBM Consulting to Accelerate PQC Readiness josh.pearson@t… Thu, 07/11/2024 - 07:01 With the US National Institute of Standards and Technology (NIST) post-quantum cryptographic standard expected to be published this summer, companies need to start navigating the migration to quantum-safe cryptography. The most sustainable and effective way to make cryptosystems resilient for the quantum era is to establish cryptographic agility, or crypto-agility for short.

article thumbnail

How to buy the Samsung Galaxy Ring - and what the sizing process looks like

Collaboration 2.0

Samsung's subscription-free smart ring is here, but you'll need to get your ring sized to fit before you can use it. Here's how to preorder and get the right size.

IT 92
article thumbnail

How Facial Recognition Simplifies Patient Check-in for Healthcare

HID Global

Learn how facial recognition in healthcare simplifies patient check-ins and enhances efficiency. Explore the benefits of facial recognition in the medical field.

52
article thumbnail

Launching LLM-Based Products: From Concept to Cash in 90 Days

Speaker: Christophe Louvion, Chief Product & Technology Officer of NRC Health and Tony Karrer, CTO at Aggregage

Christophe Louvion, Chief Product & Technology Officer of NRC Health, is here to take us through how he guided his company's recent experience of getting from concept to launch and sales of products within 90 days. In this exclusive webinar, Christophe will cover key aspects of his journey, including: LLM Development & Quick Wins 🤖 Understand how LLMs differ from traditional software, identifying opportunities for rapid development and deployment.

article thumbnail

Galaxy Ring 2? New Samsung patent shows smart ring with dual screens, more features

Collaboration 2.0

Samsung's next smart ring might be more interactive and include display screens to show health information and notifications.

97
article thumbnail

CCPA compliance is not child’s play—but network traffic testing can help

Data Protection Report

On June 18, 2024, the California Attorney General and Los Angeles City Attorney filed a complaint and stipulated final judgment (including a $500,000 settlement) with Tilting Point Media LLC (“Defendant” or “Tilting Point”), resolving allegations that the video game developer and publisher violated the federal Children’s Online Privacy Protection Act (“COPPA”), the California Consumer Privacy Act (“CCPA”), and the California consumer protection law.

article thumbnail

Samsung Galaxy Z Flip 6 vs. Motorola Razr+ (2024): Which phone should you buy?

Collaboration 2.0

If you've been flipping out for a new foldable, here are the key differences between the market's two best options.