Thu.Aug 15, 2024

article thumbnail

NationalPublicData.com Hack Exposes a Nation’s Data

Krebs on Security

A great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named consumer data broker called NationalPublicData.com. This post examines what we know about a breach that has exposed hundreds of millions of consumer records.

article thumbnail

Revoked DigiCert Digital Certificates: 27% Not Yet Replaced

Data Breach Today

Many Customers Apparently Still Struggling to Reissue Certificates, Researchers Say Thousands of organizations appear to still be struggling to comply with a forced, mass revocation of thousands of digital certificates issued by DigiCert using a buggy verification mechanism. Researchers recently said 27% of the 83,267 revoked certificates have yet to be reissued by customers.

200
200
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Nearly All Google Pixel Phones Exposed by Unpatched Flaw in Hidden Android App

WIRED Threat Level

A fix is coming, but data analytics giant Palantir says it’s ditching Android devices altogether because Google’s response to the vulnerability has been troubling.

Analytics 145
article thumbnail

Breach Roundup: Microsoft's August Patch Contains 90 Fixes

Data Breach Today

Also: Azure Health Bot Vulnerabilities Expose Risks in Cloud-Based Chatbots This week, Microsoft released its August patch of 90 fixes, flaws were discovered in Azure Health Bot, Orion lost $60 million in a BEC scam, Schlatter Industries was hit by malware, Microsoft said it will discontinue Paint 3D in November and Russia restricted access to Signal.

Cloud 182
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

A group linked to RansomHub operation employs EDR-killing tool EDRKillShifter

Security Affairs

A cybercrime group linked to the RansomHub ransomware was spotted using a new tool designed to kill EDR software. Sophos reports that a cybercrime group, likely linked to the RansomHub ransomware operation, has been observed using a new EDR-killing utility that can terminate endpoint detection and response software on compromised systems. The researchers called the new tool EDRKillShifter.

More Trending

article thumbnail

NIST Releases First Post-Quantum Encryption Algorithms

Schneier on Security

From the Federal Register : After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes: CRYSTALS-Dilithium, FALCON, and SPHINCS+. These algorithms are part of three NIST standards that have been finalized: FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism Standard FIPS 204: Module-Lattice-Base

article thumbnail

Officials Warn of Risks as McLaren Recovers From Attack

Data Breach Today

Michigan AG and Lawmaker Want Michigan to Bolster Cyber Protections As McLaren Health Care continues to restore its IT systems in the wake of a ransomware attack last week, some Michigan government officials are warning consumers about potential cybercrimes and other concerns stemming from that and similar cyber incidents involving healthcare groups in the state.

Risk 147
article thumbnail

Latest Phishing Scam Uses Cross-Site Scripting Attack to Harvest Personal Details

KnowBe4

Cross-Site Scripting (XSS) is alive and well, and used in attacks to obfuscate malicious links in phishing emails to redirect users to threat-actor controlled websites.

Phishing 121
article thumbnail

Russian FSB Hackers Behind Espionage Campaign Targeting NGOs

Data Breach Today

Security Researchers Also Uncovered a New Suspected Russian Threat Group A Russian hacking group notorious for hack-and-leak operations is behind a recent campaign targeting Russian dissidents and rights groups across the United States and Europe. Researchers also uncovered what they say is a previously unidentified threat actor targeting similar communities.

Security 147
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

File-Sharing Phishing Attacks Increased by 350% Over the Past Year

KnowBe4

File-sharing phishing attacks have skyrocketed over the past year, according to a new report from Abnormal Security.

Phishing 121
article thumbnail

Infosecurity Europe 2024: Latest Insights on Cybersecurity

Data Breach Today

Compendium Features Dozens of In-Depth Interviews With CEOs, CISOs and Researchers Welcome to Information Security Media Group's Infosecurity Europe 2024 Compendium featuring cybersecurity insights from industry's top researchers, CEOs, CISOs, government leaders and more. Inside this 30-page guide, you'll find links to dozens of videos created by ISMG.Studio.

article thumbnail

Ransomware Payments Decline While Data Exfiltration Payments Are On The Rise

KnowBe4

The latest data from Coveware shows a slowing of attack efficacy, a decrease in ransom payments being made, and a shift in initial access tactics.

article thumbnail

Cryptohack Roundup: Judge Approves FTX-CFTC Settlement

Data Breach Today

Also: WazirX's Post-Hack Plan, Mango Markets Hacker's Plea for Dismissal This week, FTX settled with the CFTC, the Mango Markets hacker sought dismissal of charges, WazirX said it will reverse trades, Solana fixed a vulnerability, the SEC sued NovaTech and settled with Ideanomics, and researchers discovered a new way to steal crypto private keys.

Marketing 147
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Employment Scams Continue to Target Job Seekers Via Phony Employment Offers

KnowBe4

Threat actors continue to target job seekers with phony employment offers on job search platforms like Indeed, researchers at Bitdefender warn.

Security 119
article thumbnail

DigiCert to Buy Vercara to Boost DNS Security, Digital Trust

Data Breach Today

Deal to Unite DNS and SSL for Big Enterprises, Streamline Digital Trust Management The Vercara acquisition by DigiCert will combine DNS and SSL management into a single platform, driving automation and improving security for enterprises. The deal is expected to create a unified solution for certificate and domain validation while enhancing protection against cyberthreats.

Security 130
article thumbnail

Online Merchants: PCI DSS Compliance Tips When Outsourcing

IT Governance

Common challenges for SAQ A/e-commerce merchants and how to resolve them E-commerce merchants, by definition, accept card payments. So, they’re subject to the PCI DSS (Payment Card Industry Data Security Standard). This standard, currently at v4.0.1 (a limited revision to PCI DSS v4.0 ), contains 277 sub-requirements. However, you can reduce your scope to drastically lower the number of requirements you must meet, thereby significantly reducing your compliance burden.

article thumbnail

Navigating Security Threats With Return-Oriented Programming

Data Breach Today

Assistant Professor Bramwell Brizendine on Process Injection, Advanced Mitigation Return-oriented programming continues to pose significant security challenges. Assistant Professor Bramwell Brizendine discusses how ROP exploits binary vulnerabilities for process injection and the advancements in tools designed to automate ROP chain generation.

Security 130
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Modernize Identities with Microsoft Entra ID

Daymark

One of the most common cyberattack vectors is compromised credentials. Malicious actors with access to AI technologies have increased the sophistication and effectiveness of their attacks. The rise in phishing attacks and malicious actors gaining access to AI technologies to increase the success of the attacks, has resulted in sharp increases in credential theft.

Passwords 109
article thumbnail

Balancing AI's Promise and Risks in Cybersecurity

Data Breach Today

How to Responsibly Embrace AI's Potential to Strengthen Cybersecurity Defenses Verizon’s 2024 DBIR shows a gap between generative AI's perceived capabilities and its actual use in cyberattacks, citing skyrocketing gen AI "hype" and very low actual gen AI "mentions" alongside traditional attack types. But it's still essential for security leaders to focus on AI risks now.

Risk 100
article thumbnail

Tweaking BIOS settings of patched Raptor Lake motherboards could trash your CPU anyway

Collaboration 2.0

The microcode update may only protect CPUs when Intel's own default power settings are selected.

98
article thumbnail

Thales PQC Partner Ecosystem Facilitates and Accelerates Quantum-Safe Migrations

Thales Cloud Protection & Licensing

Thales PQC Partner Ecosystem Facilitates and Accelerates Quantum-Safe Migrations josh.pearson@t… Thu, 08/15/2024 - 17:28 As many organizations begin to embark on their journey toward Post-Quantum Cryptography (PQC) resilience, Thales can facilitate and perhaps accelerate these migrations with its rapidly expanding Thales PQC Partner Ecosystem. The PQC migration process will be a highly significant transformation in the public-key cryptography landscape to date, impacting billions of devices and

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

This $240 Android tablet is far more impressive than I expected

Collaboration 2.0

The Oukitel OT5 is a solid but cost-effective Android tablet that won't break the bank.

98
article thumbnail

AI Startup Launches Fully Automated Marketing System, Challenging Traditional Approaches

Information Matters

In a move that could reshape the digital marketing landscape, artificial intelligence company AISQ has unveiled what it claims is the world’s first fully automated end-to-end marketing system. The platform, Read more The post AI Startup Launches Fully Automated Marketing System, Challenging Traditional Approaches appeared first on Information Matters - AI in the UK.

article thumbnail

The mid-range headphones I recommend to audiophiles now sound even better

Collaboration 2.0

Sennheiser's Accentum Plus headphones improve on last year's model with better noise-canceling tech and software features. Even better, they just saw a price drop.

97
article thumbnail

The 2024 State of Physical Access Control

HID Global

HID and IFSEC Insider report on what organizations use to protect their digital and physical assets, what’s top of mind today and what’s driving their decisions.

Access 52
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

The best antivirus software of 2024

Collaboration 2.0

Malware is a constant threat to your safety and privacy, which means you need to protect your devices. We found the best antivirus software and apps that will help keep you safe and secure.

Privacy 76
article thumbnail

Jamf After Dark: All you need to know about JNUC 2024

Jamf

Get insight into this year's Jamf Nation User Conference, including new JNUC additions, topics and highlights, and more.

40
article thumbnail

The best cheap VPNs of 2024: Expert tested

Collaboration 2.0

VPN deals aren't always what they seem, with permanent countdown timers only displaying standard prices. So, we found the best deals online for cheap VPN services that provide speed and safety without breaking the bank.

76