Data Breach Today
FEBRUARY 7, 2024
Ongoing Innovation and Sophistication Drive Unparalleled Profits Attackers wielding ransomware collectively earned over $1 billion last year - breaking previous records. Their increasingly sophisticated attacks targeted "high-profile institutions and critical infrastructure, including hospitals, schools and government," reported Chainalysis.
Security Affairs
FEBRUARY 29, 2024
A critical vulnerability in Facebook could have allowed threat actors to hijack any Facebook account, researcher warns. Meta addressed a critical Facebook vulnerability that could have allowed attackers to take control of any account. The Nepalese researcher Samip Aryal described the flaw as a rate-limiting issue in a specific endpoint of Facebook’s password reset flow.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
FEBRUARY 14, 2024
The Minnesota-based Internet provider U.S. Internet Corp. has a business unit called Securence , which specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide. But until it was notified last week, U.S. Internet was publishing more than a decade’s worth of its internal email — and that of thousands of Securence clients — in plain text out on the Internet and just a click away for anyone with a Web browser
WIRED Threat Level
FEBRUARY 22, 2024
The locations of microphones used to detect gunshots have been kept hidden from police and the public. A WIRED analysis of leaked coordinates confirms arguments critics have made against the technology.
Speaker: Frank Taliano
Document-heavy workflows slow down productivity, bury institutional knowledge, and drain resources. But with the right AI implementation, these inefficiencies become opportunities for transformation. So how do you identify where to start and how to succeed? Learn how to develop a clear, practical roadmap for leveraging AI to streamline processes, automate knowledge work, and unlock real operational gains.
The Last Watchdog
FEBRUARY 21, 2024
Achieving “ digital trust ” is not going terribly well globally. Related: How decentralized IoT boosts decarbonization Yet, more so than ever, infusing trustworthiness into modern-day digital services has become mission critical for most businesses. Now comes survey findings that could perhaps help to move things in the right direction. According to DigiCert’s 2024 State of Digital Trust Survey results, released today , companies proactively pursuing digital trust are seeing boosts in revenue, i
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Security Affairs
FEBRUARY 16, 2024
U.S. CISA revealed that threat actors breached an unnamed state government organization via an administrator account belonging to a former employee. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed that a threat actor gained access to an unnamed state government organization’s network environment via an administrator account belonging to a former employee.
Security Affairs
FEBRUARY 10, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiOS bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Fortinet FortiOS Out-of-Bound write vulnerability, tracked as CVE-2024-21762 , to its Known Exploited Vulnerabilities (KEV) catalog. This week Fortinet warned that the recently discovered critical remote code execution vulnerability in FortiOS SSL VPN, tracked as CVE-2024-21762 (CVSS score
Security Affairs
FEBRUARY 18, 2024
Cybersecurity firm ESET has addressed a high-severity elevation of privilege vulnerability in its Windows security solution. ESET addressed a high-severity vulnerability, tracked as CVE-2024-0353 (CVSS score 7.8), in its Windows products. The vulnerability is a local privilege escalation issue that was submitted to the company by the Zero Day Initiative (ZDI).
Security Affairs
FEBRUARY 12, 2024
Exploring the Risks: Unveiling 9 Potential Techniques Hackers Employ to Exploit Public Wi-Fi and Compromise Your Sensitive Data We’ve all used public Wi-Fi: it’s convenient, saves our data, and speeds up browsing. But while we enjoy its benefits, hackers do too. Here, we’ll explore how cybercriminals exploit public Wi-Fi to access your private data and possibly steal your identity.
Advertiser: ZoomInfo
AI adoption is reshaping sales and marketing. But is it delivering real results? We surveyed 1,000+ GTM professionals to find out. The data is clear: AI users report 47% higher productivity and an average of 12 hours saved per week. But leaders say mainstream AI tools still fall short on accuracy and business impact. Download the full report today to see how AI is being used — and where go-to-market professionals think there are gaps and opportunities.
Security Affairs
FEBRUARY 14, 2024
Researchers reported that attackers can exploit the ‘command-not-found’ utility to trick users into installing rogue packages on Ubuntu systems. Cybersecurity researchers from cloud security firm Aqua discovered that it is possible to abuse, the popular utility ‘called ‘command-not-found’ that can lead to deceptive recommendations of malicious packages. “Aqua Nautilus researchers have identified a security issue that arises from the interaction between Ubuntu’
Security Affairs
FEBRUARY 9, 2024
Black Basta ransomware gang claims the hack of the car maker Hyundai Motor Europe and the theft of three terabytes of their data. BleepingComputer reported that the Car maker Hyundai Motor Europe was breached by the Black Basta ransomware gang. The threat actors claim to have stolen three terabytes of data from the company. In January the company experienced IT issues, the outage was likely caused by the ransomware attack, but the company did not disclose it.
Security Affairs
FEBRUARY 6, 2024
Google released Android ’s February 2024 security patches to address 46 vulnerabilities, including a critical remote code execution issue. Google released Android February 2024 security patches to address 46 vulnerabilities, including a critical remote code execution flaw tracked as CVE-2024-0031. The vulnerability resides in the System and impacts Android Open Source Project (AOSP) versions 11, 12, 12L, 13, and 14. “Source code patches for these issues have been released to the Android Op
Security Affairs
FEBRUARY 4, 2024
Resecurity identified bad actors offering a significant number of AnyDesk customer credentials for sale on the Dark Web. Such information being available for cybercriminals could act as a catalyst for new attacks, including targeted phishing campaigns. Having additional context about a particular customer, the probability of a successful compromise could increase significantly.
Speaker: Ben Epstein, Stealth Founder & CTO | Tony Karrer, Founder & CTO, Aggregage
When tasked with building a fundamentally new product line with deeper insights than previously achievable for a high-value client, Ben Epstein and his team faced a significant challenge: how to harness LLMs to produce consistent, high-accuracy outputs at scale. In this new session, Ben will share how he and his team engineered a system (based on proven software engineering approaches) that employs reproducible test variations (via temperature 0 and fixed seeds), and enables non-LLM evaluation m
Security Affairs
FEBRUARY 8, 2024
Several media reported that three million electric toothbrushes were compromised and recruited into a DDoS botnet. Is it true? The Swiss newspaper Aargauer Zeitung first published the news of a DDoS attack, carried out on January 30, that involved three million compromised electric toothbrushes. The journalists reported that threat actors gained access to three million electric toothbrushes and installed a malware that joined them to the botnet.
Security Affairs
FEBRUARY 21, 2024
China-linked APT group Mustang Panda targeted various Asian countries with a variant of the PlugX (aka Korplug) backdoor dubbed DOPLUGS. Trend Micro researchers uncovered a cyberespionage campaign, carried out by China-linked APT group Mustang Panda , targeting Asian countries, including Taiwan, Vietnam, and Malaysia. Mustang Panda has been active since at least 2012, it targeted American and European entities such as government organizations, think tanks, NGOs , and even Catholic organiza
Security Affairs
FEBRUARY 18, 2024
SolarWinds addressed three critical vulnerabilities in its Access Rights Manager (ARM) solution, including two RCE bugs. SolarWinds has fixed several Remote Code Execution (RCE) vulnerabilities in its Access Rights Manager (ARM) solution. Access Rights Manager (ARM) is a software solution designed to assist organizations in managing and monitoring access rights and permissions within their IT infrastructure.
Security Affairs
FEBRUARY 5, 2024
Scammers stole HK$200 million (roughly $25,5 million) from a multi-national company using a deepfake conf call to trick an employee into transferring the funds. Scammers successfully stole HK$200 million (approximately $25.5 million) from a multinational company in Hong Kong by employing a deepfake video call to deceive an employee into transferring the funds.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
FEBRUARY 8, 2024
26 key cyber security stats for 2024 that every user should know, from rising cyber crime rates to the impact of AI technolog y. Cyber Crime Surge: During COVID-19 , cyber crimes shot up by 600%, showing how threats adapt to global changes. Phishing Attacks: Phishing is the top cyber attack, causing 90% of data breaches. Shockingly, 96% of these attacks come through email.
Security Affairs
FEBRUARY 19, 2024
An APT group, tracked as TAG-70, linked to Belarus and Russia exploited XSS flaws in Roundcube webmail servers to target over 80 organizations. Researchers from Recorded Future’s Insikt Group identified a cyberespionage campaign carried out by an APT group, tracked as TAG-70, linked to Belarus and Russia. The nation-state actors are known to carry out cyber-espionage against targeting government, military, and national infrastructure entities in Europe and Central Asia since at least December 20
Security Affairs
FEBRUARY 17, 2024
CISA warns that the Akira Ransomware gang is exploiting the Cisco ASA/FTD vulnerability CVE-2020-3259 (CVSS score: 7.5) in attacks in the wild. This week the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco ASA and FTD bug, tracked as CVE-2020-3259 (CVSS score: 7.5), to its Known Exploited Vulnerabilities catalog. The vulnerability CVE-2020-3259 is an information disclosure issue that resides in the web services interface of ASA and FTD.
Security Affairs
FEBRUARY 21, 2024
VMware urges customers to uninstall the deprecated Enhanced Authentication Plugin (EAP) after the disclosure of a critical flaw CVE-2024-22245. VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) after the discovery of an arbitrary authentication relay flaw CVE-2024-22245 (CVSS score: 9.6). A threat actor could trick a domain user with EAP installed in its web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
FEBRUARY 20, 2024
Researchers from Shadowserver Foundation identified roughly 28,000 internet-facing Microsoft Exchange servers vulnerable to CVE-2024-21410. The vulnerability CVE-2024-21410 is a bypass vulnerability that can be exploited by an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both.
Security Affairs
FEBRUARY 4, 2024
A cyber attack forced Lurie Children’s Hospital in Chicago to take IT systems offline with a severe impact on its operations. The Lurie Children’s Hospital in Chicago took IT systems offline after a cyberattack. The security incident severely impacted normal operations also causing the delay of medical care. Lurie Children’s Hospital is one of the top pediatric hospitals in the United States.
Security Affairs
FEBRUARY 7, 2024
Fortinet warns of two critical OS command injection vulnerabilities in FortiSIEM that could allow remote attackers to execute arbitrary code Cybersecurity vendor Fortinet warned of two critical vulnerabilities in FortiSIEM, tracked as CVE-2024-23108 and CVE-2024-23109 (CVSS score 10), which could lead to remote code execution. “Multiple improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiSIEM supervisor may allow a remote unauthenticated attacke
Security Affairs
FEBRUARY 29, 2024
North Korea-linked Lazarus APT exploited a zero-day flaw in the Windows AppLocker driver (appid.sys) to gain kernel-level access to target systems. Avast researchers observed North Korea-linked Lazarus APT group using an admin-to-kernel exploit for a zero-day vulnerability in the appid.sys AppLocker driver. The zero-day, tracked as CVE-2024-21338 has been addressed by Microsoft in the February Patch Tuesday update.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
FEBRUARY 27, 2024
New threat actors have started exploiting ConnectWise ScreenConnect vulnerabilities, including the Black Basta and Bl00dy ransomware gangs. Multiple threat actors have started exploiting the recently disclosed vulnerabilities , tracked as CVE-2024-1709 (CVSS score of 10) and CVE-2024-1708 (CVSS score of 8.4), in the ConnectWise ScreenConnect software.
Security Affairs
FEBRUARY 14, 2024
Adobe Patch Tuesday security updates for February 2024 addressed more than 30 vulnerabilities in multiple products, including critical issues. Adobe Patch Tuesday security updates released by Adobe addressed over 30 vulnerabilities across various products, including critical issues. The software maker warned of critical flaws in popular products such as Adobe Acrobat and Reader, Adobe Commerce and Magento Open Source, Substance 3D Painter, and FrameMaker.
Security Affairs
FEBRUARY 5, 2024
Hewlett Packard Enterprise (HPE) is investigating a new data breach after a threat actor claimed to have stolen data on a hacking forum. Hewlett Packard Enterprise (HPE) is investigating a new data breach, following the discovery of an offer on a hacking forum where a threat actor claimed to be selling the allegedly stolen data. According to Bleeping Computer , the company has yet to find any evidence suggesting a new security breach.
Expert insights. Personalized for you.
328 
Let's personalize your content