Krebs on Security

JULY 31, 2024

More than a million domain names — including many registered by Fortune 100 firms and brand protection companies — are vulnerable to takeover by cybercriminals thanks to authentication weaknesses at a number of large web hosting providers and domain registrars, new research finds. Image: Shutterstock. Your Web browser knows how to find a site like example.com thanks to the global Domain Name System (DNS), which serves as a kind of phone book for the Internet by translating human-frie

Phishing 272

Phishing Authentication IT Access 272

Data Breach Today

JULY 31, 2024

Hackers Exploited ProxyShell Vulnerability to Compromise Commission Systems The British data regulator reprimanded the U.K.'s Electoral Commission for its failure to prevent a 2021 hack attack that resulted in the exposure of millions of voter records. Hackers breached the Electoral Commission's networks after exploiting the ProxyShell vulnerability.

IT 181

IT 181

Data Matters

JULY 31, 2024

On July 23, 2024, the competition authorities of the EU, the UK, and the U.S. issued a joint statement on competition in generative artificial intelligence (AI) foundation models and AI products (Joint Statement). Since the emergence of generative AI, each of the authorities has been individually ramping up its work in order to understand better the potential risks to competition that AI may pose.

Artificial Intelligence 170

Artificial Intelligence Privacy Risk IT 170

Data Breach Today

JULY 31, 2024

Hackers Accessed the University’s Storage Platform for Over 9 Months Australia's Western Sydney University said hackers exploited its Microsoft Office 365 environment to steal up to 580 terabytes of data. Breached data includes names, birthdates, health information, government identification documents, bank account information and superannuation details.

Data breaches 174

Data breaches Information governance Government Access 174

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

The Last Watchdog

JULY 31, 2024

Web browser security certainly hasn’t been lacking over the past 25 years. Related: Island valued at $3.5 billion Advancements have included everything from sandboxing and web applications firewalls (WAFs,) early on, to secure web gateways (SWGs) and Virtual Desktop Infrastructure (VDIs,) more recently. Yet profound browser exposures persist — and this has led to the arrival of enterprise browsers , which will be in the spotlight as Black Hat USA 2024 gets underway next week in Las Vegas.

Authentication 130

Authentication Cloud Security Access 130

Security Affairs

JULY 31, 2024

Apple has issued security updates to address multiple vulnerabilities across iOS, macOS, tvOS, visionOS, watchOS, and Safari. Apple released security updates to address multiple vulnerabilities in iOS, macOS, tvOS, visionOS, watchOS, and Safari. The IT giant released iOS 17.6 and iPadOS 17.6 to address dozens of security vulnerabilities, including authentication and policy bypasses, information disclosure and denial-of-service (DoS) issues, and bugs that can lead to memory leaks and unexpected a

Authentication 139

Authentication Access Security IT 139

Data Breach Today

JULY 31, 2024

OneBlood Is Urging Hundreds of Hospitals to Activate Shortage Protocols A Florida-based blood donation center is urging hundreds of hospitals in the southeastern U.S. to activate critical blood shortage protocols as the nonprofit organization deals with a ransomware attack that's disrupting its blood collection, inventory and related processes.

Ransomware 163

Ransomware IT 163

Troy Hunt

JULY 31, 2024

TL;DR — Tens of millions of credentials obtained from info stealer logs populated by malware were posted to Telegram channels last month and used to shake down companies for bug bounties under the misrepresentation the data originated from their service. How many attempted scams do you get each day? I woke up to yet another "redeem your points" SMS this morning, I'll probably receive a phone call from "my bank" today (edit: I was close, it was "Amazon Prime" &

Passwords 130

Passwords Data breaches IT Security 130

Data Breach Today

JULY 31, 2024

Tech Giant Blames DDoS Defense Implementation Error for Failing to Mitigate Attack Microsoft blamed a widespread Azure cloud computing platform service outage, including Microsoft 365 problems, on its failure to stop a distributed denial-of-service attack after "an error in the implementation of our defenses amplified the impact of the attack rather than mitigating it.

Cloud 148

Cloud IT 148

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Security Affairs

JULY 31, 2024

BingoMod is a new Android malware that can wipe devices after stealing money from the victims’ bank accounts. Researchers at Cleafy discovered a new Android malware, called ‘BingoMod,’ that can wipe devices after successfully stealing money from the victims’ bank accounts. The Cleafy TIR team discovered the previously undetected malware at the end of May 2024.

Authentication 142

Authentication Financial Services Communications Access 142

Data Breach Today

JULY 31, 2024

Kash Shaikh Seeks International Expansion, Opportunistic M&A Amid Tectonic Shifts Securonix tapped the ex-leader of Virtana as its next chief executive to capitalize on upheaval in the SIEM market with international expansion and opportunistic M&A. The company tasked Kash Shaikh with expanding in Europe and Asia-Pacific by prioritizing countries or regions where demand is high.

Marketing 130

Marketing IT 130

Security Affairs

JULY 31, 2024

OneBlood, a non-profit blood bank serving over 300 U.S. hospitals, suffered a ransomware attack that disrupted its medical operations. OneBlood is a non-profit organization that provides blood and blood products to over 300 hospitals and medical facilities across the U.S. Southeast. The organization collects, tests, and distributes blood to ensure a steady supply for needy patients.

Ransomware 136

Ransomware Data breaches Communications Access 136

Data Breach Today

JULY 31, 2024

Citing 'Critical Infrastructure' Problems, Certificate Authority Offers 3-Day Delay DigiCert said it will temporarily pause - on request - for up to three days the forced revocation of some digital certificates it issued that failed to comply with strict validation rules. The CA/Browser Forum requires any certificate with validation problems to be revoked within 24 hours.

IT 130

IT 130

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Security Affairs

JULY 31, 2024

Phishing campaigns target small and medium-sized businesses (SMBs) in Poland to deliver malware families such as Agent Tesla, Formbook, and Remcos RAT. ESET researchers observed multiple phishing campaigns targeting SMBs in Poland in May 2024, distributing various malware families like Agent Tesla , Formbook , and Remcos RAT. ESET researchers detected nine notable phishing campaigns during May 2024 in Poland, Romania, and Italy.

Phishing 136

Phishing Archiving Information Security IT 136

Data Breach Today

JULY 31, 2024

Federal AI Security Tools Require Substantial Training, Offer Minimal Improvements The U.S. Cybersecurity and Infrastructure Security Agency found in a new pilot that federally available artificial intelligence cybersecurity tools require substantial training and resources but are only providing government agencies with "negligible" improvements in risk detection.

Artificial Intelligence 130

Artificial Intelligence Security Cybersecurity Risk 130

eSecurity Planet

JULY 31, 2024

Endpoint protection solutions safeguard network endpoints against cyberthreats using a selection of management tools, including endpoint detection and response (EDR), endpoint protection platform (EPP), and antivirus (AV). AV software blocks malware, EPP passively prevents threats, and EDR actively mitigates network attacks. When threats circumvent EPP’s preventative procedures, EDR is frequently paired with EPP to control the damage.

Data collection 117

Data collection Security Cybersecurity Cloud 117

Data Breach Today

JULY 31, 2024

GigaOm COO Howard Holton on How Operational Failures Can Cripple Businesses Howard Holton, COO of GigaOm, explores the nuances of the recent Windows outages due to a faulty CrowdStrike update and its implications for critical infrastructure and corporate trust. He discusses the importance of conducting accurate classification and proper incident management.

IT 130

IT 130

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Schneier on Security

JULY 31, 2024

Cloudflare reports on the state of applications security. It claims that 6.8% of Internet traffic is malicious. And that CVEs are exploited as quickly as 22 minutes after proof-of-concepts are published. News articles.

Security 115

Security IT 115

Data Breach Today

JULY 31, 2024

How to Guide, Inspire and Support Your Team Without Having a Formal Leadership Role While formal leadership is crucial, the influence of informal leaders within a team can also be effective. There are multiple ways you can step up to informally inspire team collaboration. It's a good way to contribute to your own career growth and to the overall success of the organization.

Cybersecurity 100

Cybersecurity IT 100

KnowBe4

JULY 31, 2024

New data shows targeted attacks are resulting in surges in breach victim counts that already amount to more than double the victim count from attacks.

Data breaches 117

Data breaches Security awareness Phishing Ransomware 117

Collaboration 2.0

JULY 31, 2024

What's better than a clean install? How about a clean installation that includes all required drivers and utility programs? Here's how to locate a recovery image that will help you reinstall Windows 10, Windows 11, or even Linux on your Dell, HP, Lenovo, or Microsoft Surface PC.

98

98

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Cloud

KnowBe4

JULY 31, 2024

We are thrilled to announce that KnowBe4 has been named a leader in the latest G2 Grid Report that compares security awareness training (SAT) vendors based on user reviews, customer satisfaction, popularity and market presence.

Security awareness 97

Security awareness Security Marketing 97

National Archives Records Express

JULY 31, 2024

We are requesting comments on a draft NARA Bulletin: Metadata Guidance for the Transfer of Classified Electronic Records Please send comments or questions to rmstandards@nara.gov by August 16, 2024. This bulletin provides guidance on security classification metadata that must accompany transfers of permanent classified electronic records to the U.S.

Metadata 90

Metadata Archiving Access Security 90

WIRED Threat Level

JULY 31, 2024

OpenAI’s newest model is “a data hoover on steroids,” says one expert—but there are still ways to use it while minimizing risk to your private data.

Risk 94

Risk IT Privacy Security 94

Collaboration 2.0

JULY 31, 2024

Audio-Technica's new AT-LP70X series of turntables is aimed at those new to vinyl, but without sacrificing audio quality.

IT 98

IT 98

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Thales Cloud Protection & Licensing

JULY 31, 2024

Stay Safe Online: 5 Essential Tips for World Wide Web Day josh.pearson@t… Thu, 08/01/2024 - 07:00 World Wide Web Day is celebrated each year on the first of August, marking the day the Internet was first made available to the public in 1991. The day provides an opportunity to reflect on the web's impact on our lives and to celebrate the creativity and genius of Sir Tim Berners-Lee and the many others who have contributed to its development.

Passwords 62

Passwords Authentication Phishing Communications 62

Collaboration 2.0

JULY 31, 2024

The Lorex 2K video doorbell is the company's flagship security system. I tested it to see if it was worth the money.

Security 98

Security IT 98

KnowBe4

JULY 31, 2024

Researchers at Bitdefender have found that half of all travel-themed spam emails contain scams.

Phishing 93

Phishing Security 93