Thu.Jul 11, 2024

article thumbnail

Experts: Federal Privacy Law Needed to Curb AI Data Misuse

Data Breach Today

New Bill Would Create Data Minimization Measures, Express Permission Requirements Experts warned in congressional testimony to the Senate Commerce Committee on Thursday that the absence of a comprehensive privacy bill in the United States is hindering economic competition for technology companies and jeopardizing the privacy of the American public.

Privacy 303
article thumbnail

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

Security Affairs

Multiple threat actors exploit a recently disclosed security PHP flaw CVE-2024-4577 to deliver multiple malware families. The Akamai Security Intelligence Response Team (SIRT) warns that multiple threat actors are exploiting the PHP vulnerability C VE-2024-4577 to deliver multiple malware families, including Gh0st RAT , RedTail cryptominers, and XMRig. “Threat actors continued the speedy-time-from-disclosure-to-exploitation trend and were quick to leverage this new vulnerability — we obser

Honeypots 142
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Multifactor Authentication Shouldn't Be Optional

Data Breach Today

Cloud Customers Should Demand More Security From Providers The theft of terabytes of Snowflake customers' data through credential stuffing hacks highlights how multifactor authentication shouldn't be optional for safeguarding accounts. Experts are calling on providers to build in more robust identity and authentication security features, at no extra cost.

article thumbnail

AI-Powered Russia’s bot farm operates on X, US and its allies warn

Security Affairs

The US and its allies disrupted an AI-powered Russia-linked bot farm on the social media platform X relying on the Meliorator AI software. The U.S. FBI and Cyber National Mission Force, along with Dutch and Canadian intelligence and security agencies, warned social media companies about Russian state-sponsored actors using covert AI software, Meliorator, in disinformation campaigns.

IT 142
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Multiple Threat Actors Moving Quickly to Exploit PHP Flaw

Data Breach Today

Easily Exploited Vulnerability Becomes Major Target for Malware Campaigns, Botnets Multiple threat actors began exploiting a critical vulnerability in PHP within a day of its public disclosure last month and are moving quickly to infect systems with malware, according to a report by the Akamai Security Intelligence Response Team. Administrators are advised to patch immediately.

Security 195

More Trending

article thumbnail

Breach Roundup: Microsoft Patches Zero-Day Active Since 2023

Data Breach Today

Also: Europol Decries Mobile Encryption; FBCS Breach Victim Count Grows This week, Microsoft and Adobe released patches, Europol pushed back against mobile encryption, Japan warned of Kimsuky attacks, the FBCS breach victim count grew, and a fraud campaign offered fake tickets to the Summer Olympics in Paris.

article thumbnail

CrystalRay operations have scaled 10x to over 1,500 victims

Security Affairs

A threat actor known as CrystalRay targeted 1,500 victims since February using tools like SSH-Snake and various open-source utilities. The Sysdig Threat Research Team (TRT) first spotted the threat actor CrystalRay on February 2024 and observed it using the SSH-Snake open-source software penetration testing tool. The experts collected new evidence that revealed that the threat actor expanded its operations.

Marketing 133
article thumbnail

Major Health Data Breaches: How Are Trends Shifting in 2024?

Data Breach Today

Midyear Analysis of HHS OCR 'Wall of Shame' Shows Hacks, Vendor Breaches Top List Hacks and vendor incidents continue to dominate major health data breach trends in 2024, but a handful of large incidents involving "unauthorized access or disclosure" also top the list of major health data breaches reported to federal regulators so far this year. How are trends shifting?

article thumbnail

Smishing Triad Is Targeting India To Steal Personal and Payment Data at Scale

Security Affairs

Resecurity has identified a new campaign by the Smishing Triad that is targeting India to steal personal and payment data at scale Resecurity (USA) identified a new campaign targeting India Post (Department of Posts, India) by the Smishing Triad, which reportedly started amplifying around July 8, 2024, based on multiple victim reports and the detection of new infrastructure set up in the days preceding.

Phishing 132
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Getting From Midlevel to Specialty Niche in Cybersecurity

Data Breach Today

How to Make a Plan, Continue to Learn and Leverage Your Experience The cybersecurity field offers numerous opportunities to specialize and deepen your expertise in niche areas. Here are some sophisticated niches that offer advanced career paths for midlevel professionals and some avenues you can pursue to gain experience while building your portfolio and skills.

article thumbnail

Ransomware Attacks on Healthcare Is Costing Lives

KnowBe4

Ransomware is more prolific and expensive than ever. Depending on the source you read, the average or median ransomware payment was at least several hundred thousand dollars to well over several million in 2023. Marsh, a leader in cybersecurity insurance, wrote that its customers paid an average of $6.5 million in ransom in 2023 (after just paying an average of $1.4 million in 2023).

article thumbnail

Cryptohack Roundup: Huione Guarantee

Data Breach Today

Also: FTX and Mt. Gox Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, Elliptic alleged that Huione Guarantee is laundering money, the sentencing dates of former FTX executives were revealed, a Paxful co-founder pleaded guilty, and Mt. Gox started to repay its debts.

article thumbnail

GUEST ESSAY: How cybercriminals are using ‘infostealers’ to sidestep passwordless authentication

The Last Watchdog

Passwords have been the cornerstone of basic cybersecurity hygiene for decades. Related: Passwordless workpace long way off However, as users engage with more applications across multiple devices, the digital security landscape is shifting from passwords and password managers towards including passwordless authentication, such as multi-factor authentication (MFA), biometrics, and, as of late, passkeys.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Notorious Hacker Kingpin ‘Tank’ Is Finally Going to Prison

WIRED Threat Level

The cybercrime boss, who helped lead the prolific Zeus malware gang and was on the FBI’s “most wanted” list for years, has been sentenced to 18 years and ordered to pay more than $73 million.

Security 123
article thumbnail

Apple Is Alerting iPhone Users of Spyware Attacks

Schneier on Security

Not a lot of details : Apple has issued a new round of threat notifications to iPhone users across 98 countries, warning them of potential mercenary spyware attacks. It’s the second such alert campaign from the company this year, following a similar notification sent to users in 92 nations in April.

IT 120
article thumbnail

Pressure Grows in Congress to Treat Crypto Investigator Tigran Gambaryan, Jailed in Nigeria, as a Hostage

WIRED Threat Level

A new resolution echoes what 16 members of Congress have already said to the White House: It must do more to free one of the most storied crypto-focused federal agents in history.

IT 123
article thumbnail

Phishing Attacks Against State and Local Governments Are Surging

KnowBe4

Researchers at Abnormal Security have observed a 360% increase in phishing attacks against state and local government entities over the past year.

Phishing 114
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Weekly Update 408

Troy Hunt

I get the frustration and anger those working at organisations that have been breached feel, and I've seen it firsthand in my communications with them on so many prior occasions. They're the victim of a criminal act and they're rightly outraged. However. thinking back to similar examples to The Heritage Foundation situation this week, I can't think of a single case where losing your mind and becoming abusive has ever worked out well.

article thumbnail

How to clear the cache on your TV (and why you should do it)

Collaboration 2.0

Clearing the cache on your TV can be a great way to improve its performance, fix bugs, and ensure you get the best viewing experience. But what exactly is a cache, and why is it important to clear it?

IT 98
article thumbnail

The Good, the Bad and the Improvable of PCI DSS v4

IT Governance

Version 4.0 of the PCI DSS (Payment Card Industry Data Security Standard) went into effect on 1 April 2024, surpassing v3.2.1. As a QSA (Qualified Security Assessor), I’ve completed a few PCI DSS v4 analyses and assessments. In this blog, I’ll share the good, the bad and the improvable aspects of this new standard. I’ll also highlight a potentially problematic change introduced by PCI DSS v4.0.1 , a recently published ‘limited revision’.

article thumbnail

Apple sends new warning about mercenary spyware attacks to iPhone users. Should you worry now?

Collaboration 2.0

Though mercenary spyware attacks are rare and typically sent only to targeted individuals, Apple has alerted iPhone users about them for the second time this year.

98
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Data Authentication in eDiscovery: Ensuring Integrity and Trust

eDiscovery Daily

The Role of Experts in Data Collection In many eDiscovery cases, teams of experts handle the collection of traditional and modern data following a proven, standard process. These experts ensure the data is authenticated, which is crucial for maintaining the integrity of the evidence. However, there are instances where evidence such as text messages, social media posts, or chat applications involves just a few exchanges that are critical to the case.

article thumbnail

Every product Samsung unveiled at Unpacked July 2024: Galaxy Z Fold 6, Watch Ultra, Ring, more

Collaboration 2.0

At Unpacked yesterday, Samsung unveiled several new products, including two foldable phones, smartwatches, earbuds, and a smart ring that competes with Oura.

98
article thumbnail

Jamf Migrate

Jamf

Learn how Jamf Migrate and our Professional Services Team work together with your organization to migrate from your existing MDM provider to Jamf Pro effortlessly and without interrupting business continuity or user productivity.

MDM 40
article thumbnail

3 ways to interact with Gemini from the MacOS desktop

Collaboration 2.0

If Gemini is your go-to AI and MacOS is your operating system of choice, you'll be glad to know there are ways to interact with Google's AI from Apple's desktop.

97
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

The best cheap tablets of 2024: Expert tested and reviewed

Collaboration 2.0

We went hands-on with the top cheap tablets under $400 that offer high-end features at lower prices from Apple, Amazon, and more.

76
article thumbnail

How to write better ChatGPT prompts in 5 steps

Collaboration 2.0

There's an art to making the most of AI. Here's how to level up your prompt-writing game.

76
article thumbnail

Do you need antivirus on Linux?

Collaboration 2.0

If you've been a Windows user for years, then you are well aware of the need for antivirus software. It's a given. But does the same hold true for the open-source operating system?

IT 76