Sat.Dec 23, 2023 - Fri.Dec 29, 2023

article thumbnail

Sizing Up the Worst Healthcare Hacks of 2023

Data Breach Today

Attacks Exposed Millions of Records, Severely Disrupted Care and More Hacks on healthcare sector entities reached record levels in 2023 in terms of data breaches. But the impact of hacks on hospital chains, doctors' offices and other medical providers - or their critical vendors - goes much deeper than the exposure of millions of health records.

article thumbnail

Happy 14th Birthday, KrebsOnSecurity!

Krebs on Security

KrebsOnSecurity celebrates its 14th year of existence today! I promised myself this post wouldn’t devolve into yet another Cybersecurity Year in Review. Nor do I wish to hold forth about whatever cyber horrors may await us in 2024. But I do want to thank you all for your continued readership, encouragement and support, without which I could not do what I do.

Paper 257
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Navigating the Content System Evolution: How Many Content Systems Do You Manage?

AIIM

AIIM Research shows the number of content systems in organizations is on the rise Organizations everywhere face the challenge of managing an ever-increasing volume of content. From documents and files to multimedia assets and web content, CRMs and ERPs, the pressing need for more broadly encompassing information management has become paramount. According to the AIIM 2023 State of the IIM Industry Report , it is evident that organizations are adopting an increasing number of content systems to ha

article thumbnail

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

Security Affairs

Leaksmas: On Christmas Eve, multiple threat actors released substantial data leaks, Resecurity experts reported. On Christmas Eve, Resecurity protecting Fortune 100 and government agencies globally, observed multiple actors on the Dark Web releasing substantial data leaks. Over 50 million records containing PII of consumers from around the world have been leaked.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

NASA Releases First Space Cybersecurity Best Practices Guide

Data Breach Today

Agency Set to Bolster Space Cybersecurity Efforts Across Public and Private Sectors Ground control to the space industry: Take your static cybersecurity practices and upgrade them to a dynamic model. So says NASA's first-ever security best practices guide for space communications, part of an effort to make mission security requirements more accessible.

More Trending

article thumbnail

Google Stops Collecting Location Data from Maps

Schneier on Security

Google Maps now stores location data locally on your device, meaning that Google no longer has that data to turn over to the police.

Privacy 135
article thumbnail

New Version of Meduza Stealer Released in Dark Web

Security Affairs

The Resecurity’s HUNTER unit spotted a new version of the Meduza stealer (version (2.2)) that was released in the dark web. On Christmas Eve, Resecurity’s HUNTER unit spotted the author of perspective password stealer Meduza has released a new version (2.2). One of the key significant improvements are support of more software clients (including browser-based cryptocurrency wallets), upgraded credit card (CC) grabber, and additional advanced mechanisms for password storage dump on var

Passwords 145
article thumbnail

How One University Is Beefing Up Cyber Defenses, Programs

Data Breach Today

Educational institutions are prime targets for ransomware and other cyberattacks due to their open nature and troves of sensitive data, requiring continuous investment in cyber defenses and strong security practices, said Steve Zuromski, CIO at Bridgewater State University in Massachusetts.

Education 302
article thumbnail

This Clever New Idea Could Fix AirTag Stalking While Maximizing Privacy

WIRED Threat Level

Apple updated its location-tracking system in an attempt to cut down on AirTag abuse while still preserving privacy. Researchers think they’ve found a better balance.

Privacy 141
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

SMTP Smuggling Technique Bypasses Email Authentications Establishing Legitimacy

KnowBe4

A newly-discovered technique misusing SMTP commands allows cybercriminals to pass SPF, DKIM and DMARC checks, empowering impersonated emails to reach their intended victim.

article thumbnail

APT group UAC-0099 targets Ukraine exploiting a WinRAR flaw

Security Affairs

The threat actor UAC-0099 is exploiting a flaw in the WinRAR to deliver LONEPAGE malware in attacks against Ukraine. A threat actor, tracked as UAC-0099, continues to target Ukraine. In some attacks, the APT group exploited a high-severity WinRAR flaw CVE-2023-38831 to deliver the LONEPAGE malware. UAC-0099 threat actor has targeted Ukraine since mid-2022, it was spotted targeting Ukrainian employees working for companies outside of Ukraine.

Archiving 145
article thumbnail

Microsoft Disables Abused Application Installation Protocol

Data Breach Today

Attackers Have Been Exploiting App Installer to Evade Malware Defenses in Windows Microsoft has deactivated a tool designed to simplify the installation of Windows applications after hacking groups began exploiting the functionality to distribute malware loaders, leading to infections involving backdoors and ransomware.

article thumbnail

The Worst Hacks of 2023

WIRED Threat Level

It was a year of devastating cyberattacks around the globe, from ransomware attacks on casinos to state-sponsored breaches of critical infrastructure.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Impersonation Attack Data Breaches Predicted to Increase in 2024

KnowBe4

With so much of an attack riding on a cybercriminals ability to gain access to systems, applications and data, experts predict the trend of rising impersonation is only going to get worse.

article thumbnail

Iran-linked APT33 targets Defense Industrial Base sector with FalseFont backdoor

Security Affairs

Microsoft reports that the Iran-linked APT33 group is targeting defense contractors worldwide with FalseFont backdoor. Microsoft says the APT33 (aka Peach Sandstorm , Holmium , Elfin , and Magic Hound ) Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack against organizations in the Defense Industrial Base (DIB) sector. “Microsoft has observed the Iranian nation-state actor Peach Sandstorm attempting to deliver a newly developed backdoor named

article thumbnail

OpenAI and Microsoft Face New York Times Copyright Lawsuit

Data Breach Today

Media Giant Alleges 'Billions of Dollars in Statutory and Actual Damages' The New York Times is suing OpenAI and its chief backer Microsoft for copyright infringement, alleging that OpenAI used without permission "millions" of its copyrighted articles to train the large language models used by ChatGPT and by extension Bing Chat and Copilot.

IT 302
article thumbnail

New iPhone Security Features to Protect Stolen Devices

Schneier on Security

Apple is rolling out a new “Stolen Device Protection” feature that seems well thought out: When Stolen Device Protection is turned on, Face ID or Touch ID authentication is required for additional actions, including viewing passwords or passkeys stored in iCloud Keychain, applying for a new Apple Card, turning off Lost Mode, erasing all content and settings, using payment methods saved in Safari, and more.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Ransomware Attacks Rise 85% Compared to the Previous Year

KnowBe4

With November demonstrating multiple increases when compared to various previous time periods, new data signals that we may be in for a bumpy ride in 2024.

article thumbnail

Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania

Security Affairs

Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania, a government agency reported. Albania’s National Authority for Electronic Certification and Cyber Security (AKCESK) revealed that cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania. The telecom carrier disclosed the cyber attack with a post published on Facebook, the company also added that the cyber attack did not interrupt its services. “Today, we identi

article thumbnail

Google to Settle $5B 'Incognito Mode' Privacy Issue Lawsuit

Data Breach Today

Deal Follows Court Ruling That Cleared the 4-Year-Old Class Action Claim for Trial Google reached a preliminary settlement in a class action lawsuit that alleged the tech giant had misled consumers about their privacy protections when using the private browsing Incognito mode of its Chrome web browser. The settlement came on the heels of a court ruling clearing the case for trial.

Privacy 300
article thumbnail

AI Is Scarily Good at Guessing the Location of Random Photos

Schneier on Security

Wow : To test PIGEON’s performance, I gave it five personal photos from a trip I took across America years ago, none of which have been published online. Some photos were snapped in cities, but a few were taken in places nowhere near roads or other easily recognizable landmarks. That didn’t seem to matter much. It guessed a campsite in Yellowstone to within around 35 miles of the actual location.

Privacy 120
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Cyber Scammers Beef Up the Number of Fake Delivery Websites Just in Time for Christmas

KnowBe4

Cybersecurity researchers at Group-IB have identified a single scam campaign leveraging over 1500 websites impersonating postal carriers and shippers leading up to Christmas this year.

article thumbnail

Russia-linked APT28 used new malware in a recent phishing campaign

Security Affairs

Ukraine’s CERT (CERT-UA) warned of a new phishing campaign by the APT28 group to deploy previously undocumented malware strains. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of a new cyber espionage campaign carried out by the Russia-linked group APT28 (aka “ Forest Blizzard ”, “ Fancybear ” or “ Strontium ”). The group employed previously undetected malware such as OCEANMAP, MASEPIE, and STEELHOOK to steal sensitive information from target networks.

Phishing 143
article thumbnail

Breach Roundup: Real Estate Firm Exposes Celebrity Data

Data Breach Today

Also: Yakult Australia Admits to Experiencing 'Cybersecurity Incident' This week, a breach at real estate firm Wealth Network exposed 1.5 billion records, Corewell Health patients were hit by a second breach, data of 1.3M LoanCare mortgage customers was exposed, and Yakult Australia admitted to experiencing a "cybersecurity incident" that exposed 95 gigabytes of data.

article thumbnail

How to succeed with BYOD in SMB

Jamf

Check valuable insights on how to effectively manage security risks and maintain a healthy work-life balance with BYOD in small business. Read now to learn more.

Risk 111
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

AI in 2024: The Top 10 Cutting Edge Social Engineering Threats

KnowBe4

The year 2024 is shaping up to be a pivotal moment in the evolution of artificial intelligence (AI), particularly in the realm of social engineering. As AI capabilities grow exponentially, so too do the opportunities for bad actors to harness these advancements for more sophisticated and potentially damaging social engineering attacks. Let's explore the top 10 expected AI developments of 2024 and their implications for cybersecurity. 1.

article thumbnail

Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841

Security Affairs

Security firm Barracuda addressed a new zero-day, affecting its Email Security Gateway (ESG) appliances, that is actively exploited by the China-linked UNC4841 group. On December 21, network and email cybersecurity firm Barracuda started releasing security updates to address a zero-day, tracked as CVE-2023-7102 , in Email Security Gateway (ESG) appliances.

Libraries 143
article thumbnail

Cryptohack Roundup: Thunder Terminal Repels Attack

Data Breach Today

Also: Binance Ex-CEO's Wealth Up $25B; Coinbase Refutes Senate Claims; $3M Scam This week in the cryptocurrency industry, Thunder Terminal successfully prevented a hack, Changpeng Zhao ranking 34th on a list of billionaires, Coinbase refuted a senator's allegations of subverting crypto regulations, and scammers stole $3 million in 24 hours using fake ads.

295
295