Wed.Jul 31, 2024

article thumbnail

Don’t Let Your Domain Name Become a “Sitting Duck”

Krebs on Security

More than a million domain names — including many registered by Fortune 100 firms and brand protection companies — are vulnerable to takeover by cybercriminals thanks to authentication weaknesses at a number of large web hosting providers and domain registrars, new research finds. Image: Shutterstock. Your Web browser knows how to find a site like example.com thanks to the global Domain Name System (DNS), which serves as a kind of phone book for the Internet by translating human-frie

Phishing 272
article thumbnail

UK ICO Reprimands Electoral Commission for 2021 Hack Attack

Data Breach Today

Hackers Exploited ProxyShell Vulnerability to Compromise Commission Systems The British data regulator reprimanded the U.K.'s Electoral Commission for its failure to prevent a 2021 hack attack that resulted in the exposure of millions of voter records. Hackers breached the Electoral Commission's networks after exploiting the ProxyShell vulnerability.

IT 196
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Artificial Intelligence Tops Agenda for Global Competition Authorities: EU, UK, and U.S. Issue Joint Statement

Data Matters

On July 23, 2024, the competition authorities of the EU, the UK, and the U.S. issued a joint statement on competition in generative artificial intelligence (AI) foundation models and AI products (Joint Statement). Since the emergence of generative AI, each of the authorities has been individually ramping up its work in order to understand better the potential risks to competition that AI may pose.

article thumbnail

Western Sydney University Reveals Major Data Breach

Data Breach Today

Hackers Accessed the University’s Storage Platform for Over 9 Months Australia's Western Sydney University said hackers exploited its Microsoft Office 365 environment to steal up to 580 terabytes of data. Breached data includes names, birthdates, health information, government identification documents, bank account information and superannuation details.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Black Hat Fireside Chat: How ‘enterprise browsers’ help to shrink exposures, boost efficiencies

The Last Watchdog

Web browser security certainly hasn’t been lacking over the past 25 years. Related: Island valued at $3.5 billion Advancements have included everything from sandboxing and web applications firewalls (WAFs,) early on, to secure web gateways (SWGs) and Virtual Desktop Infrastructure (VDIs,) more recently. Yet profound browser exposures persist — and this has led to the arrival of enterprise browsers , which will be in the spotlight as Black Hat USA 2024 gets underway next week in Las Vegas.

More Trending

article thumbnail

Apple fixed dozens of vulnerabilities in iOS and macOS

Security Affairs

Apple has issued security updates to address multiple vulnerabilities across iOS, macOS, tvOS, visionOS, watchOS, and Safari. Apple released security updates to address multiple vulnerabilities in iOS, macOS, tvOS, visionOS, watchOS, and Safari. The IT giant released iOS 17.6 and iPadOS 17.6 to address dozens of security vulnerabilities, including authentication and policy bypasses, information disclosure and denial-of-service (DoS) issues, and bugs that can lead to memory leaks and unexpected a

article thumbnail

Ransomware Hit on Florida Blood Center Affects Supplies

Data Breach Today

OneBlood Is Urging Hundreds of Hospitals to Activate Shortage Protocols A Florida-based blood donation center is urging hundreds of hospitals in the southeastern U.S. to activate critical blood shortage protocols as the nonprofit organization deals with a ransomware attack that's disrupting its blood collection, inventory and related processes.

article thumbnail

Begging for Bounties and More Info Stealer Logs

Troy Hunt

TL;DR — Tens of millions of credentials obtained from info stealer logs populated by malware were posted to Telegram channels last month and used to shake down companies for bug bounties under the misrepresentation the data originated from their service. How many attempted scams do you get each day? I woke up to yet another "redeem your points" SMS this morning, I'll probably receive a phone call from "my bank" today (edit: I was close, it was "Amazon Prime" &

Passwords 129
article thumbnail

Microsoft Azure Cloud Service Fails to Withstand DDoS Attack

Data Breach Today

Tech Giant Blames DDoS Defense Implementation Error for Failing to Mitigate Attack Microsoft blamed a widespread Azure cloud computing platform service outage, including Microsoft 365 problems, on its failure to stop a distributed denial-of-service attack after "an error in the implementation of our defenses amplified the impact of the attack rather than mitigating it.

Cloud 147
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

BingoMod Android RAT steals money from victims’ bank accounts and wipes data

Security Affairs

BingoMod is a new Android malware that can wipe devices after stealing money from the victims’ bank accounts. Researchers at Cleafy discovered a new Android malware, called ‘BingoMod,’ that can wipe devices after successfully stealing money from the victims’ bank accounts. The Cleafy TIR team discovered the previously undetected malware at the end of May 2024.

article thumbnail

New Securonix CEO Calls for Product Expansion, Global Growth

Data Breach Today

Kash Shaikh Seeks International Expansion, Opportunistic M&A Amid Tectonic Shifts Securonix tapped the ex-leader of Virtana as its next chief executive to capitalize on upheaval in the SIEM market with international expansion and opportunistic M&A. The company tasked Kash Shaikh with expanding in Europe and Asia-Pacific by prioritizing countries or regions where demand is high.

Marketing 130
article thumbnail

A ransomware attack disrupted operations at OneBlood blood bank

Security Affairs

OneBlood, a non-profit blood bank serving over 300 U.S. hospitals, suffered a ransomware attack that disrupted its medical operations. OneBlood is a non-profit organization that provides blood and blood products to over 300 hospitals and medical facilities across the U.S. Southeast. The organization collects, tests, and distributes blood to ensure a steady supply for needy patients.

article thumbnail

Bad Certificate Revocation: DigiCert Offers Temporary Pause

Data Breach Today

Citing 'Critical Infrastructure' Problems, Certificate Authority Offers 3-Day Delay DigiCert said it will temporarily pause - on request - for up to three days the forced revocation of some digital certificates it issued that failed to comply with strict validation rules. The CA/Browser Forum requires any certificate with validation problems to be revoked within 24 hours.

IT 130
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Phishing campaigns target SMBs in Poland, Romania, and Italy with multiple malware families

Security Affairs

Phishing campaigns target small and medium-sized businesses (SMBs) in Poland to deliver malware families such as Agent Tesla, Formbook, and Remcos RAT. ESET researchers observed multiple phishing campaigns targeting SMBs in Poland in May 2024, distributing various malware families like Agent Tesla , Formbook , and Remcos RAT. ESET researchers detected nine notable phishing campaigns during May 2024 in Poland, Romania, and Italy.

Phishing 134
article thumbnail

CISA: AI Tools Give Feds 'Negligible' Security Improvements

Data Breach Today

Federal AI Security Tools Require Substantial Training, Offer Minimal Improvements The U.S. Cybersecurity and Infrastructure Security Agency found in a new pilot that federally available artificial intelligence cybersecurity tools require substantial training and resources but are only providing government agencies with "negligible" improvements in risk detection.

article thumbnail

EDR vs EPP vs Antivirus: Comparing Endpoint Protection Solutions

eSecurity Planet

Endpoint protection solutions safeguard network endpoints against cyberthreats using a selection of management tools, including endpoint detection and response (EDR), endpoint protection platform (EPP), and antivirus (AV). AV software blocks malware, EPP passively prevents threats, and EDR actively mitigates network attacks. When threats circumvent EPP’s preventative procedures, EDR is frequently paired with EPP to control the damage.

article thumbnail

CrowdStrike Outage: A Warning for Critical Infrastructure

Data Breach Today

GigaOm COO Howard Holton on How Operational Failures Can Cripple Businesses Howard Holton, COO of GigaOm, explores the nuances of the recent Windows outages due to a faulty CrowdStrike update and its implications for critical infrastructure and corporate trust. He discusses the importance of conducting accurate classification and proper incident management.

IT 130
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Nearly 7% of Internet Traffic Is Malicious

Schneier on Security

Cloudflare reports on the state of applications security. It claims that 6.8% of Internet traffic is malicious. And that CVEs are exploited as quickly as 22 minutes after proof-of-concepts are published. News articles.

Security 115
article thumbnail

Contributing to Your Cybersecurity Team as an Informal Leader

Data Breach Today

How to Guide, Inspire and Support Your Team Without Having a Formal Leadership Role While formal leadership is crucial, the influence of informal leaders within a team can also be effective. There are multiple ways you can step up to informally inspire team collaboration. It's a good way to contribute to your own career growth and to the overall success of the organization.

article thumbnail

The First Half of 2024 Results in More Than 1 Billion Data Breach Victims

KnowBe4

New data shows targeted attacks are resulting in surges in breach victim counts that already amount to more than double the victim count from attacks.

article thumbnail

How to get a free Windows (or Linux) recovery image for your Dell, HP, Lenovo, or Microsoft Surface PC

Collaboration 2.0

What's better than a clean install? How about a clean installation that includes all required drivers and utility programs? Here's how to locate a recovery image that will help you reinstall Windows 10, Windows 11, or even Linux on your Dell, HP, Lenovo, or Microsoft Surface PC.

98
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

KnowBe4 Named a Leader in the Summer 2024 G2 Grid Report for Security Awareness Training

KnowBe4

We are thrilled to announce that KnowBe4 has been named a leader in the latest G2 Grid Report that compares security awareness training (SAT) vendors based on user reviews, customer satisfaction, popularity and market presence.

article thumbnail

Opportunity for Comment: Draft NARA Bulletin on Metadata Guidance for Transfer of Classified Electronic Records

National Archives Records Express

We are requesting comments on a draft NARA Bulletin: Metadata Guidance for the Transfer of Classified Electronic Records Please send comments or questions to rmstandards@nara.gov by August 16, 2024. This bulletin provides guidance on security classification metadata that must accompany transfers of permanent classified electronic records to the U.S.

article thumbnail

Can ChatGPT-4o Be Trusted With Your Private Data?

WIRED Threat Level

OpenAI’s newest model is “a data hoover on steroids,” says one expert—but there are still ways to use it while minimizing risk to your private data.

Risk 93
article thumbnail

This turntable is designed for beginners, but even experts will love its features

Collaboration 2.0

Audio-Technica's new AT-LP70X series of turntables is aimed at those new to vinyl, but without sacrificing audio quality.

IT 98
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Stay Safe Online: 5 Essential Tips for World Wide Web Day

Thales Cloud Protection & Licensing

Stay Safe Online: 5 Essential Tips for World Wide Web Day josh.pearson@t… Thu, 08/01/2024 - 07:00 World Wide Web Day is celebrated each year on the first of August, marking the day the Internet was first made available to the public in 1991. The day provides an opportunity to reflect on the web's impact on our lives and to celebrate the creativity and genius of Sir Tim Berners-Lee and the many others who have contributed to its development.

article thumbnail

Better than Ring? This video doorbell features all the benefits and no subscription fees

Collaboration 2.0

The Lorex 2K video doorbell is the company's flagship security system. I tested it to see if it was worth the money.

article thumbnail

Half of Travel-Themed Spam Emails Are Scams

KnowBe4

Researchers at Bitdefender have found that half of all travel-themed spam emails contain scams.