Thu.Aug 08, 2024

article thumbnail

McLaren Health Hit With Ransomware for Second Time in a Year

Data Breach Today

Clinicians Say Current Hack More Disruptive Than 2023 Attack Michigan-based McLaren Health Care is dealing with its second cyberattack in less than a year, disrupting IT systems and patient services at its 13 hospitals and other medical facilities. Ransomware gang INC Ransom allegedly claims to have carried out this latest attack.

article thumbnail

USPS Text Scammers Duped His Wife, So He Hacked Their Operation

WIRED Threat Level

The Smishing Triad network sends up to 100,000 scam texts per day globally. One of those messages went to Grant Smith, who infiltrated their systems and exposed them to US authorities.

Security 145
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

US Water Cybersecurity Improvement Efforts at Loggerheads

Data Breach Today

Legal and Voluntary Methods Fall Short Cyber threats against the U.S. water sector are growing but the main federal regulatory agency that oversees it may be stymied by a lack of cooperation from sector operators, concludes a Government Accountability Office report. Attacks against the water sector have mounted steadily.

article thumbnail

Microsoft’s AI Can Be Turned Into an Automated Phishing Machine

WIRED Threat Level

Attacks on Microsoft’s Copilot AI allow for answers to be manipulated, data extracted, and security protections bypassed, new research shows.

Phishing 143
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Breach Roundup: Royal Ransomware Group On An Extortion Tear

Data Breach Today

Also: French Museum Ransomware Attack, Cisco Smart Install and SharpRhino Malware This week, Royal ransomware, a French museum ransomware attack and a putative class action over a background check data breach. Singapore removed an app monitoring internet use on student devices, a warning over Cisco Smart Install, the upstart SharpRhino gang and an exposed Illinois voter database.

More Trending

article thumbnail

US Feds Arrest Man for North Korean Remote IT Worker Scam

Data Breach Today

Matthew Isaac Knoot Allegedly Hosted Laptop Farm in his Nashville Home U.S. federal prosecutors charged a Tennessee man with abetting North Korea in an ongoing effort to obtain remote IT work for its nationals as a way of generating hard currency. "North Korean IT workers are widespread in Fortune 500 companies," said a threat analyst.

IT 147
article thumbnail

FBI and CISA update a joint advisory on the BlackSuit Ransomware group

Security Affairs

FBI and CISA published a joint advisory on the BlackSuit Ransomware group, the document provides TTPs and IOCs as recently as July 2024. CISA, in collaboration with the FBI, has published a joint advisory on the BlackSuit Ransomware group. The advisory includes recent and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) related to BlackSuit operation, which rebrands legacy Royal ransomware , identified by FBI investigations as recent as July 20

article thumbnail

Feds Drop Probe Into Progress Software Over MOVEit Zero-Day

Data Breach Today

Clop Ransomware Group Exploited Flaw to Steal Data Pertaining to 95M Individuals Progress Software said the U.S. Securities and Exchange Commission has dropped its probe into the business, launched after attackers exploited a zero-day flaw in its MOVEit secure file transfer software to steal data pertaining to over 2,770 organizations and 95 million individuals.

article thumbnail

CISA adds Apache OFBiz and Android kernel bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache OFBiz and Android kernel bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Android Kernel Remote Code Execution flaw ( CVE-2024-36971 ) and an Apache OFBiz Path Traversal issue ( CVE-2024-32113 ) to its Known Exploited Vulnerabilities (KEV) catalog.

IT 135
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Cryptohack Roundup: White Hats Hack Ronin Bridge

Data Breach Today

Also: Cryptonator, Crypto.com, Do Kwon Case Updates Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, a $12M white hat hack on Ronin Bridge, Cryptonator indictment, potential prison sentence in Crypto.com case, a $212K Convergence hack, Do Kwon's extradition, and the FBI published a scam warning.

article thumbnail

0.0.0.0 Day flaw allows malicious websites to bypass security in major browsers

Security Affairs

An 18-year-old bug, dubbed “0.0.0.0 Day,” allows malicious websites to bypass security in Chrome, Firefox, and Safari to breach local networks. Oligo Security’s research team warns of an 18-year-old bug, dubbed “0.0.0.0 Day,” that allows malicious websites to bypass security in Chrome, Firefox, and Safari to breach local networks.

Security 131
article thumbnail

Fighting Scammers with Flexible Instant Payment Choices

Data Breach Today

Fraud Experts Eva Velasquez and Ken Palla on the Value of Adding Some Friction Giving customers more flexibility in instant payment systems could give users more control over their transactions and help fight scammers. An option to delay payments could introduce the needed friction to stop fraudulent payments, said fraud experts Eva Velasquez and Ken Palla.

130
130
article thumbnail

SEC Report Provides Insight into Key Tronic Ransomware Costs Totaling Over $17 Million

KnowBe4

The financial repercussions of the May 2024 ransomware attack on the electronics manufacturing services firm Key Tronic underscores just how costly these attacks are.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Computer Crash Reports Are an Untapped Hacker Gold Mine

WIRED Threat Level

One hacker solved the CrowdStrike outage mystery with simple crash reports, illustrating the wealth of detail about potential bugs and vulnerabilities those key documents hold.

Mining 122
article thumbnail

New Phishing Campaign Targets Israeli Organizations To Deliver Malware

KnowBe4

A new phishing campaign is targeting Israeli organizations to deliver the RHADAMANTHYS information-stealing malware, Cyber Security News reports.

Phishing 122
article thumbnail

Tricky Web Timing Attacks Are Getting Easier to Use—and Abuse

WIRED Threat Level

New research shows how known techniques for finding weaknesses in websites are actually practical in uncovering vulnerabilities, for better or worse.

Security 108
article thumbnail

2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk

KnowBe4

Your secret weapon to combat cyber threats might be just under your nose! Cybercriminals continue to exploit vulnerabilities while upping their game with new and more sinister attack methods. The human firewall is your cybersecurity ace in the hole.

Phishing 115
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Cyber Supply Chain Security and Third-Party Risk Management

Data Breach Today

Sujit Christy on Why Their Intersection Requires a Paradigm Shift The intersection of cyber supply chain security and third/fourth-party risk management presents significant challenges for CISOs. Here's how to take a proactive, comprehensive approach to cyber supply chain risk management to protect critical assets and enhance resilience against evolving threats.

Risk 100
article thumbnail

New Mac Mini: M4 powered yet small as an Apple TV?

Collaboration 2.0

The new version of the Mac Mini is said to be the smallest computer Apple's ever made, but one of the most powerful with the new M4 chip.

98
article thumbnail

CrowdStrike Class Action Lawsuit for Massive Software Outage

eSecurity Planet

CrowdStrike, a cybersecurity behemoth renowned for its cloud-based endpoint protection platform, was in the eye of a storm on July 19, 2024. A catastrophic software update unleashed a domino effect of disruptions, paralyzing millions of computers across the globe. The impact was far-reaching and unprecedented, from bustling airports to critical healthcare facilities.

article thumbnail

This affordable Android tablet has a big screen and lasted me days

Collaboration 2.0

This Blackview Tab 18, with an octa-core processor, 12GB of RAM, and a huge battery, is just the thing for me.

98
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

What is Privilege Escalation?

Jamf

Privilege Escalation enables unauthorized access to sensitive systems, placing confidential data at risk. Learn why organizations must mitigate this critical vulnerability and what strategies are effective in keeping endpoints protected.

Risk 81
article thumbnail

One year later: The Flipper Zero is still cool. Here are 7 useful things you can do

Collaboration 2.0

This weird little device blew up on TikTok, but there are quite a few impressive things you can do with it. Here are some of the most useful.

IT 98
article thumbnail

How many gold medals would your company win at the integration Olympics?

OpenText Information Management

The Paris 2024 Olympics saw over 10,500 athletes competing in over 329 medal events. This event is where sporting legends are created. Every four years these GOAT (Greatest of All Time) athletes gather in one place to compete for the gold. The varied sporting disciplines of the games got me thinking. How would companies fare if they competed in the Integration Olympics, an event designed to assess how well companies are using B2B integration technologies to address specific business and supply c

B2B 69
article thumbnail

The best Android VPN services of 2024: Expert tested and reviewed

Collaboration 2.0

We tested the best Android VPNs that provide high levels of security and high speeds without slowing down your phone.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

How to Perform a Cloud Security Assessment: Checklist & Guide

eSecurity Planet

A cloud security assessment is a process of analyzing an organization’s cloud infrastructure to identify and mitigate security issues. It also includes detecting vulnerabilities, assessing network exploitation, developing preventative strategies, and establishing proper security levels and governance. To conduct a thorough security assessment, you must first understand your cloud environment, prepare properly, and adhere to key best practices.

Cloud 68
article thumbnail

The Windows 10 clock is ticking: 5 ways to save your old PC in 2025 (most are free)

Collaboration 2.0

As many as 240 million Windows 10 PCs can't be upgraded to Windows 11. But instead of trashing your device when Windows 10 support runs out, here are five viable alternatives to save you money and trouble.

76
article thumbnail

CISA adds Apache OFBiz and Android kernel bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache OFBiz and Android kernel bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Android Kernel Remote Code Execution flaw ( CVE-2024-36971 ) and an Apache OFBiz Path Traversal issue ( CVE-2024-32113 ) to its Known Exploited Vulnerabilities (KEV) catalog.

IT 61