Fri.Jul 26, 2024

article thumbnail

French Government Investigates Suspected Chinese Espionage

Data Breach Today

National Police Probe Botnet Campaign That Infected 3,000 Machines The French government has launched an investigation into a suspected Chinese espionage campaign that infected thousands of networks in France. The botnet campaign pushed out the PlugX remote access Trojan that has infected 3,000 machines in France since 2020.

article thumbnail

Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services

Krebs on Security

Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google Workspace account, and leverage that to impersonate a domain holder at third-party services that allow logins through Google’s “Sign in with Google” feature. Last week, KrebsOnSecurity heard from a reader who said they received a notice that their email address had been used to create a potentially malicious Workspace account that Google

Access 297
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

PKfail Is a Newly Discovered Pathway for Firmware Malware

Data Breach Today

UEFI Developer Leaked a Secure Boot Asymmetric Key Hundreds of laptop and server models from mainstream manufacturers are at risk of hacking that bypasses protections meant to ensure only trusted software can load during computer bootup, warn researchers from California supply chain startup Binarly.

article thumbnail

Heightened Focus in the EU for the Protection of Minors Online

Data Matters

The protection of minors online continues to be a focus for EU regulators. Following the publication last year by the European Parliament of its guidelines on online age verification methods for children, the European Commission has recently announced it will be holding a dedicated stakeholder workshop in September 2024 to discuss guidelines for age verification and protecting minors.

Privacy 178
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Ascension Files Placeholder Breach Report for May Hack

Data Breach Today

Meanwhile, Wait Continues for Change Healthcare's Breach Report in Massive Attack U.S. hospital chain Ascension has filed a placeholder breach report to federal regulators saying its May 8 ransomware attack affected at least 500 individuals. Meanwhile, the waiting game continues for Change Healthcare's official data breach report and individual notifications.

More Trending

article thumbnail

National Vulnerability Backlog Could Surge to 30,000 by 2025

Data Breach Today

New Analysis Reveals Growing Crisis for the National Vulnerability Database A growing backlog at the National Institute of Standards and Technology National Vulnerability Database could surge to above 30,000 unanalyzed security flaws by the end of the year if the agency fails to significantly ramp up its processing rates, according to a new analysis released Friday.

Security 295
article thumbnail

A bug in Chrome Password Manager caused user credentials to disappear

Security Affairs

Google addressed a Chrome’s Password Manager bug that caused user credentials to disappear temporarily for more than 18 hours. Google has addressed a bug in Chrome’s Password Manager that caused user credentials to disappear temporarily. An 18-hour outage impacted Google Chrome’s Password Manager on Wednesday, impacting users who rely on the tool to store and autofill their passwords.

Passwords 143
article thumbnail

Tackling Fraud in AI Deepfakes With Layered Controls

Data Breach Today

Anthony Hope of NAB on the Latest Approaches to Handling AML and Financial Crimes Banks need to make changes to fraud programs to tackle mule accounts in the age of AI. Organizations need to move away from having one control to handle all suspicious accounts, said Anthony Hope, group head of AML, counter-terrorist financing, and fraud risk at NAB.

Risk 282
article thumbnail

Phishing Campaigns Continue To Exploit CrowdStrike Outage

KnowBe4

As expected, threat actors are taking advantage of the global IT outage caused by a faulty CrowdStrike update last Friday, SC Media reports.

Phishing 130
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

CrowdStrike Outage: 97% of Disrupted Endpoints Restored

Data Breach Today

250,000 of the 8.5 Million Affected Windows Hosts Still Need to Be Recovered CrowdStrike said nearly all of the Windows hosts disrupted by its faulty July 19 update are now fixed. The company said the flaw involved a relatively new threat detection feature that uses configuration data that "maps to specific behaviors for the sensor to observe, detect or prevent.

IT 275
article thumbnail

Compromising the Secure Boot Process

Schneier on Security

This isn’t good : On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what’s known as a platform key, the cryptogra

Security 128
article thumbnail

ISMG Editors: The CrowdStrike Outage - One Week Later

Data Breach Today

The Recovery Progress, Impact on Commercial and Public Sectors, and Lessons Learned In the latest weekly update, ISMG editors discussed the massive CrowdStrike IT outage that crashed 8.5 million Windows systems and severely affected the healthcare, finance and transportation sectors. Here's what you need to know one week later about the recovery, impact and lessons learned.

IT 273
article thumbnail

Europe Is Pumping Billions Into New Military Tech

WIRED Threat Level

The European Commission is allocating €7.3 billion for defense research over the next seven years. From drones and tanks of the future to battleships and space intelligence, here's what it funds.

Military 122
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

New Phishing Scam Leverages Chat To Add Credibility And Ensure Success

KnowBe4

An expository look at one phishing scam intent on stealing credit card details shows how scammers are leveraging trusted aspects of ecommerce to make.

Phishing 122
article thumbnail

A North Korean Hacker Tricked a US Security Vendor Into Hiring Him—and Immediately Tried to Hack Them

WIRED Threat Level

KnowBe4 detailed the incident in a recent blog post as a warning for other potential targets.

Security 121
article thumbnail

Your KnowBe4 Fresh Content Updates from July 2024

KnowBe4

Check out the 26 new pieces of training content added in July, alongside the always fresh content update highlights, events and new features.

article thumbnail

Enhance your data strategy with Collibra and SAP Datasphere

Collibra

Today’s problem: Ensuring high-quality data governance In the current data and AI-driven environment, the main emphasis is on ensuring high-quality, well-documented and reliable data. This task is challenging due to data being frequently dispersed across multiple systems, resulting in data silos containing inconsistent and unreliable data, as well as issues with data quality and duplication.

Analytics 104
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Russian Super-Threat Group Fin7 Comes Back from the Dead

KnowBe4

Declared “dead” by the U.S. Attorney’s Office in 2023, this threat group now has massive cybercrime infrastructure in use and is impersonating some.

article thumbnail

What to expect from Made by Google 2024: Pixel 9 Pro Fold, Watch, Android 15, AI, and more

Collaboration 2.0

Google's next big product launch takes place on August 13. Here's everything you can expect from the event.

98
article thumbnail

Elon Musk’s X under pressure from regulators over data harvesting for Grok AI

The Guardian Data Protection

Social media platform uses pre-ticked boxes of consent, a practice that violates UK and EU GDPR rules Elon Musk’s X platform is under pressure from data regulators after it emerged that users are consenting to their posts being used to build artificial intelligence systems via a default setting on the app. The UK and Irish data watchdogs said they have contacted X over the apparent attempt to gain user consent for data harvesting without them knowing about it.

article thumbnail

Malaysia introduces watershed amendments to Personal Data Protection Act 2010

Data Protection Report

On 16 July 2024, the Malaysian Dewan Rakyat (House of Representatives of the Malaysian Parliament) passed the Personal Data Protection (Amendment) Bill 2024 (the PDP Bill ). The PDP Bill, which had been under review by the Malaysian Government for some years, introduces significant changes to Malaysia’s Personal Data Protection Act 2010 (the Malaysian PDPA ), aimed at aligning the Malaysian approach more closely with international data protection regimes.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Microsoft's July update may put your PC in BitLocker recovery - here's how to fix this

Collaboration 2.0

A patch is coming, but for now you'll need to enter your BitLocker recovery key to successfully boot into Windows.

76
article thumbnail

AI for Good: Matching great potential with great responsibility

CGI

We have real opportunities that can unite us toward a common goal of making AI a positive force for people's lives and work. AI is here to stay, and it is up to us to intentionally envision and shape a positive future. Let us start by understanding AI, asking the right questions, having a human-centric vision for using the technology, and collaborating with an ecosystem of players.

IT 75
article thumbnail

I've tried a zillion desktop distros - it doesn't get any better than Linux Mint 22

Collaboration 2.0

Linux Mint's latest release continues its tradition of excellence. It's easy to learn and use, faster than Windows, and runs on a thrift-store PC. What more can you ask for?

IT 76
article thumbnail

Is your Contact Center as a Service PCI-DSS compliant?

OpenText Information Management

Navigating the world of data security can sometimes feel overwhelming, however, understanding the Payment Card Industry (PCI) Data Security Standard it is crucial for anyone involved in choosing, deploying and managing a Contact Center as a Service (CCaaS) ecosystem. Recently, I have had the privilege to engage deeply into PCI compliance requirements with our customers so let me share some insights with you to help ensure that your Contact Center is secure and 100% compliant.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

How to calibrate your TV for the best picture quality - 2 easy and simple methods

Collaboration 2.0

You might not be aware of it, but your TV may not be performing at its potential. A proper calibration could be just what you need.

IT 75
article thumbnail

Request for Feedback on the ERM Federal Integrated Business Framework

National Archives Records Express

As part of our ongoing Federal Electronic Records Modernization Initiative (FERMI) work, we have completed an annual review to update the Electronic Records Management (ERM) Federal Integrated Business Framework as required by the Business Standards Council where we serve as the standards lead for electronic records management. We consulted with our interagency Requirements Working Group to identify changes for the Framework.

article thumbnail

Elon Musk's X now trains Grok on your data by default - here's how to opt out

Collaboration 2.0

Your posts and interactions on X are being used to train Grok, but you can put a stop to it.

IT 75