Thu.Jul 18, 2024

article thumbnail

Cyber Fail: Attack of the Zombie APIs!

Data Breach Today

Also: Election Security Dysfunction; the Legacy of Government-Backed Spyware Welcome to "Cyber Fail," where our experts uncover fails so we can all strengthen our defenses. Today, we take on the looming menace of zombie APIs, the terrors of election dysfunction and the scary legacy of government-backed spyware and its impact on privacy rights.

article thumbnail

SAPwned flaws in SAP AI core could expose customers’ data

Security Affairs

Researchers discovered security flaws in SAP AI Core cloud-based platform that could expose customers’ data. Cybersecurity researchers at Wiz uncovered five security flaws, collectively tracked as SAPwned, in the SAP AI Core cloud-based platform. An attacker can exploit the flaws to obtain access tokens and customer data. SAP AI Core, developed by SAP, is a cloud-based platform providing the essential infrastructure and tools for constructing, managing, and deploying predictive AI workfl

Cloud 144
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Operation Spincaster Targets Crypto Pig-Butchering Scams

Data Breach Today

Public-Private Effort Based on Intelligence Tied to $162 Million in Crypto Losses A public-private effort with the codename Operation Spincaster is using intelligence related to 7,000 compromised cryptocurrency wallets and $162 million in losses to warn victims, recover funds and disrupt groups involved in crypto-powered approval phishing or pig-butchering scams.

Phishing 275
article thumbnail

Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums

Security Affairs

The cybercrime group FIN7 is advertising a security evasion tool in multiple underground forums, cybersecurity company SentinelOne warns. SentinelOne researchers warn that the financially motivated group FIN7 is using multiple pseudonyms to advertise a security evasion tool in several criminal underground forums. FIN7 developed a tool called AvNeutralizer (also known as AuKill) that can bypass security solutions.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

From Email to Human Behavior: Abnormal Security's Evolution

Data Breach Today

Co-Founder, CEO Evan Reiser Discusses New SaaS and Account Takeover Protections Abnormal Security co-founder and CEO Evan Reiser explains the company's evolution from email security to comprehensive human behavior security. He highlights new capabilities to protect against account takeovers and the use of AI to monitor SaaS applications such as Salesforce and Slack.

Security 265

More Trending

article thumbnail

Why AI and Human Behavior Drive New Urgency for Zero Trust

Data Breach Today

How CISOs Can Leverage Zero Trust and AI to Protect Against the Human Element We can't overlook the human factor. The adoption of Zero Trust is a response to the vulnerabilities that human actions can introduce, and AI is expected to bring greater automation to help organizations achieve their cybersecurity objectives faster.

article thumbnail

Change Healthcare Ransomware Attack May Cost Nearly $2.5 Billion

KnowBe4

The ransomware attack against UnitedHealth Group’s Change Healthcare platform is expected to cost the company up to $2.45 billion, more than a billion dollars more than was previously estimated, Cybersecurity Dive reports. The incident has already cost the firm nearly $2 billion.

article thumbnail

Top 'Privacy by Design' Considerations for Medical Devices

Data Breach Today

The interconnectedness of medical devices, which generate data that can be distributed to multiple systems that are often managed by different policies, presents privacy concerns that device manufacturers must address, said Adam Hesse, CEO of Full Spectrum.

Privacy 173
article thumbnail

Chile Leads Latin America With New Cybersecurity Governance

KnowBe4

Chile took a major step toward a more resilient cyber landscape for its citizens and the Latin American region on Tuesday, March 26, 2024, when Chile’s president of the Republic, Gabriel Boric, signed and enacted the new Cybersecurity and Critical Information Infrastructure Framework Law. The new framework and regulations it creates allow Chile to strengthen its digital security.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

DOD Testing Generative AI Tools to Enhance Contracting

Data Breach Today

Pentagon Testing Generative AI to Streamline, Enhance Contracting Operations An official from the U.S. Department of Defense Chief Digital and Artificial Intelligence Office said Thursday the department is testing generative AI tools to help streamline its contracting and management operations and free up time for federal employees.

article thumbnail

Cyber Threats Targeting the 2024 Paris Olympics

KnowBe4

Our friends at the CyberWire reported: "ZeroFox and Fortinet have both published reports on threats facing the 2024 Olympics in Paris. ZeroFox says the primary cybersecurity threat will be cyberattacks from Russia, which are "likely to take the form of DDoS attacks, data compromises, and scams carried out by Russian threat actor groups.

article thumbnail

Breach Roundup: North Korean Hackers Target macOS Users

Data Breach Today

Interpol Arrests 300, Seizes $3 Million From West African Financial Crime Gang This week, North Korean hackers targeted macOS users, Bassett Furniture suffered a ransomware attack, Interpol arrested 300 and seized $3 million, new details emerged about Designed Receivable Solutions, Repligen reported a cyber incident, and MarineMax reported a data breach.

article thumbnail

7 in 10 Organizations Experienced a Business Email Compromise Attack in the Last 12 Months

KnowBe4

Despite ransomware getting the lion’s share of the tech pub headlines, business email compromise (BEC) attacks are alive and well… and having a material impact.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Judge Dismisses Most SEC Fraud Claims Against SolarWinds

Data Breach Today

Feds Can Proceed With Claims About Falsehoods in SolarWinds Security Statement A judge Thursday dismissed most of the claims federal regulators made against SolarWinds related to allegedly misleading investors about the company's cybersecurity practices and risks. The SEC can proceed only with claims related to the security statement issued by SolarWinds before the 2020 hack.

article thumbnail

Criminal Gang Physically Assaulting People for Their Cryptocurrency

Schneier on Security

This is pretty horrific : …a group of men behind a violent crime spree designed to compel victims to hand over access to their cryptocurrency savings. That announcement and the criminal complaint laying out charges against St. Felix focused largely on a single theft of cryptocurrency from an elderly North Carolina couple, whose home St. Felix and one of his accomplices broke into before physically assaulting the two victims—­both in their seventies—­and forcing them to transfer

Access 115
article thumbnail

Cryptohack Roundup: $230M WazirX Exploit in India

Data Breach Today

Also: Craig Wright, Be Seated. Will the Real Satoshi Nakamoto Please Stand Up? This week, WazirX, LI.FI, Dough Finance and CoinStats were breached; Satoshi Nakamoto impersonator's was charged; FTX and CFTC reached a settlement; a man was convicted of fraud; new details emerged in the Tornado Cash and SEC cases; and Taiwan set new AML rules.

162
162
article thumbnail

Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums

Security Affairs

The cybercrime group FIN7 is advertising a security evasion tool in multiple underground forums, cybersecurity company SentinelOne warns. SentinelOne researchers warn that the financially motivated group FIN7 is using multiple pseudonyms to advertise a security evasion tool in several criminal underground forums. FIN7 developed a tool called AvNeutralizer (also known as AuKill) that can bypass security solutions.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Gen AI Spending Slows as Businesses Exercise Caution

Data Breach Today

High Implementation Costs and Hallucination Risks Curb AI Investments in 2024 Generative AI has advanced rapidly over the past year, and organizations are recognizing its potential across business functions. But businesses have now taken a cautious stance regarding gen AI adoption due to steep implementation costs and concerns regarding hallucinations.

Risk 162
article thumbnail

Amazon Fire TV Omni Series QLED is worth it for Alexa fans

Collaboration 2.0

The Amazon Fire TV Omni QLED offers excellent picture and audio quality for both streaming and console gaming.

IT 98
article thumbnail

SAPwned flaws in SAP AI core could expose customers’ data

Security Affairs

Researchers discovered security flaws in SAP AI Core cloud-based platform that could expose customers’ data. Cybersecurity researchers at Wiz uncovered five security flaws, collectively tracked as SAPwned, in the SAP AI Core cloud-based platform. An attacker can exploit the flaws to obtain access tokens and customer data. SAP AI Core, developed by SAP, is a cloud-based platform providing the essential infrastructure and tools for constructing, managing, and deploying predictive AI workfl

Cloud 98
article thumbnail

The Ninja Creami Ice Cream Maker is still $30 off after Prime Day

Collaboration 2.0

Craving a summer treat? The Ninja Creami can make all your frozen desserts and smoothies, comes with two pint-sized containers, and is still $30 off even though Prime Day is over.

98
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Meta pulls plug on release of advanced AI model in EU

The Guardian Data Protection

‘Unpredictable’ privacy regulations prompt Facebook owner to scrap regional plans for multimodal Llama Business live – latest updates Mark Zuckerberg’s Meta will not release an advanced version of its artificial intelligence model in the EU, blaming the decision on the “unpredictable” behaviour of regulators. The owner of Facebook, Instagram and WhatsApp is preparing to issue its Llama model in multimodal form, meaning it is able to work across text, video, images and audio instead of just one f

article thumbnail

Will the Galaxy S25 get satellite texting? Samsung is working on the feature again

Collaboration 2.0

Samsung has been working on satellite connectivity for at least a year. Will it finally catch up to Apple in the space race?

IT 98
article thumbnail

Navigating retail Apple deployments with Mobile Device Management

Jamf

How to effectively deploy and integrate Apple retail solutions using Mobile Device Management and Apple Business Manager for a seamless retail technology experience

Retail 81
article thumbnail

The Jackery Explorer 1000 is one of the best portable power stations, and now get a whopping 52% off!

Collaboration 2.0

This Jackery portable power station is a fantastic model for camping and RV trips, or for emergencies and power outages -- and it's now got 52% off for in this Amazon Prime Day deal that's still live.

IT 98
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Thales Prioritizes Trust: Named Overall Leader in 2024 KuppingerCole CIAM Leadership Compass

Thales Cloud Protection & Licensing

Thales Prioritizes Trust: Named Overall Leader in 2024 KuppingerCole CIAM Leadership Compass josh.pearson@t… Thu, 07/18/2024 - 07:00 Learn why Thales' OneWelcome Identity Platform has been named the Overall Leader in the 2024 KuppingerCole CIAM Leadership Compass, highlighting its strengths in security, usability, and regulatory compliance. Identity & Access Management Access Control Ammar Faheem | Product Marketing Manager More About This Author > At a time when digital interactions are ubiquit

B2B 62
article thumbnail

Better than Ring? This video doorbell has no subscription fees and is $130 after Prime Day

Collaboration 2.0

The Lorex 2K video doorbell is the company's flagship front-door security system, and it's 28% off with an Amazon Prime Day deal that is still available.

article thumbnail

EDPB opines on the use of facial recognition in airports

Data Protection Report

Co-written by Swaathi Balajawahar, Trainee Solicitor Introduction On 23 May 2024, the European Data Protection Board (EDPB) issued Opinion 11/2024 on the use of facial recognition to streamline airport passengers’ flow (the Opinion). The Opinion considered the use of facial recognition technology (FRT) by airport operators and airline companies for the purpose of streamlining passenger flow at the airport (security checkpoints, baggage drop-off, boarding, and access to passenger lounges) where p

GDPR 61