The Last Watchdog

SEPTEMBER 25, 2023

If you’re a small business looking for the secret sauce to cybersecurity, the secret is out: start with a cybersecurity policy and make the commitment to security a business-wide priority. Related: SMBs too often pay ransom Small businesses, including nonprofit organizations, are not immune to cyberattacks. The average cost of a cybersecurity breach was $4.45 million in 2023, according to IBM’s Cost of a Data Breach Report, and over 700,000 small businesses were targeted in cybersecurity attacks

Cybersecurity 222

Cybersecurity Data breaches Compliance Phishing 222

KnowBe4

SEPTEMBER 28, 2023

Researchers at NSFOCUS are tracking a phishing campaign by a new threat actor called “AtlasCross” that’s impersonating the Red Cross in order to deliver malware.

Phishing 119

Phishing Security awareness Cybersecurity Security 119

Krebs on Security

SEPTEMBER 27, 2023

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The leaked data suggest that Snatch is one of several ransomware groups using paid ads on Google.com to trick people into installing malware disguised as popular free software, such as Microsoft Teams , Adobe Reader , Mozilla Thunderbird , and Discord.

Ransomware 277

Ransomware Phishing Access Passwords 277

Data Breach Today

SEPTEMBER 25, 2023

2,050 Organizations Affected After Data Stolen From Secure File-Sharing Software The count of organizations affected by the Clop ransomware group's most recent mass targeting of Progress Software's secure file transfer software doubled last week. National Student Clearinghouse warned that data tied to nearly 900 colleges and universities had been stolen from its MOVEit server.

Data breaches 316

Data breaches Ransomware Security IT 316

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

The Last Watchdog

SEPTEMBER 27, 2023

There’s a tiny bit more to Cisco’s acquisition of Splunk than just a lumbering hardware giant striving to secure a firmer foothold in the software business. Related: Why ‘observability’ is rising to the fo re Cisco CEO Chuck Robbins has laid down a $28 billion bet that he’ll be able to overcome challenges Cisco is facing as its networking equipment business slows, beset by supply chain issues and reduced demand, post Covid 19.

Cybersecurity 230

Cybersecurity Analytics Marketing Security 230

Schneier on Security

SEPTEMBER 26, 2023

Totally expected, but still good to hear : Onstage at TechCrunch Disrupt 2023, Meredith Whittaker, the president of the Signal Foundation, which maintains the nonprofit Signal messaging app, reaffirmed that Signal would leave the U.K. if the country’s recently passed Online Safety Bill forced Signal to build “backdoors” into its end-to-end encryption. “We would leave the U.K. or any jurisdiction if it came down to the choice between backdooring our encryption and betrayin

Encryption 132

Encryption Privacy IT 132

Data Breach Today

SEPTEMBER 26, 2023

Two Online Threat Actors Claim Responsibility Sony is investigating an apparent leak of internal data posted onto the dark web and a criminal hacking board by separate criminal actors. Sony is saying little other than "we are currently investigating the situation, and we have no further comment at this time.

Data breaches 306

Data breaches 306

The Last Watchdog

SEPTEMBER 27, 2023

London, UK and Austin, Tex., Sept. 27, 2023 — Organisations around the world are rushing to build API (application programming interface) marketplaces to foster greater connectivity between them and their partners and users. Global spend on API marketplaces is set to reach $50b by 2030 and helping organizations make them a success, DigitalAPICraft is today announcing their partnership with Google and the appointment of HSBC exec Marco Tedone as CTO as they scale the business.

Cloud 130

Cloud Government Communications Risk 130

Security Affairs

SEPTEMBER 29, 2023

Experts warn of a critical zero-day vulnerability, tracked as CVE-2023-42115, in all versions of Exim mail transfer agent (MTA) software. A critical zero-day vulnerability, tracked as CVE-2023-42115 (CVSS score 9.8), affects all versions of Exim mail transfer agent (MTA) software. A remote, unauthenticated attacker, can exploit the vulnerability to gain remote code execution (RCE) on Internet-exposed servers.

Authentication 143

Authentication Risk Security IT 143

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Data Matters

SEPTEMBER 28, 2023

Companies are facing more attacks on their information systems. And, as their cyber risk skyrockets, the SEC has stepped in with new regulations, telling businesses what to disclose about these incidents — and requiring detailed disclosures on cyber risk management more broadly. With the deadline for compliance fast approaching, businesses are scrambling to mitigate their legal risk and comply with regulations that some say may be an overreach.

Cybersecurity 163

Cybersecurity Compliance Risk Privacy 163

Data Breach Today

SEPTEMBER 29, 2023

'There's a 10-out-10 severity bug you need to patch right now!' Progress Software is again sending customers on a scramble to install emergency patches, this time for its secure FTP server software. The advisory comes months after hackers took advantage of a zero day in the company's MOVEit file transfer software in a hack affecting tens of millions.

Security 289

Security IT 289

The Last Watchdog

SEPTEMBER 27, 2023

New York, NY, Sept. 27, 2023 – ACM, the Association for Computing Machinery has released “ TechBrief: Generative Artificial Intelligence.” It is the latest in the quarterly ACM TechBriefs series of short technical bulletins that present scientifically grounded perspectives on the impact and policy implications of specific technological developments in computing.

Risk 100

Risk Education Artificial Intelligence Government 100

Security Affairs

SEPTEMBER 27, 2023

A Russian zero-day broker is willing to pay $20 million for zero-day exploits for iPhones and Android mobile devices. The Russian zero-day broker firm Operation Zero is increasing payouts for top-tier mobile exploits. The company is willing to pay up to $20,000,000 for zero-day exploits for iPhone and Android devices. Due to high demand on the market, we're increasing payouts for top-tier mobile exploits.

Marketing 140

Marketing Sales Government Security 140

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Data Matters

SEPTEMBER 26, 2023

The European Commission issued the Financial Data Access Act (FIDA) proposal in June this year. FIDA will create a legislative framework that aims to "bring payments and the wider financial sector into the digital age" by facilitating the sharing of and access to customer financial data (whether of businesses or consumers). The post New EU FIDA Proposal: How Does This Affect GDPR?

GDPR 156

GDPR Privacy Access 156

Data Breach Today

SEPTEMBER 25, 2023

Backdoor Is Associated With Stealth Falcon APT Group Security researchers discovered a novel backdoor targeting a governmental agency in the Middle East for espionage purposes. Deadglyph is unique because it's made up of different parts written in different programming languages: native x64 binary and a.NET assembly.

Government 289

Government Security IT 289

The Last Watchdog

SEPTEMBER 27, 2023

Los Angeles, Calif., Sept. 27, 2023 — Citing organized crime statutes, attorneys with Wisner Baum have filed the first RICO class action alleging that H&R Block, Meta, and Google jointly schemed to install spyware on the H&R Block site, scraping customers’ private tax return information for profit. The suit comes on the heels of a July 2023 congressional report which found “a shocking breach of taxpayer privacy” when tax preparation companies shared millions of customers’ personal a

Healthcare 100

Healthcare Privacy Data Privacy Marketing 100

Security Affairs

SEPTEMBER 26, 2023

Researchers discovered that Canadian Flair Airlines left credentials to sensitive databases and email addresses open for at least seven months Canadian Flair Airlines left credentials to sensitive databases and email addresses open for at least seven months, the Cybernews research team has discovered. This increases the risk of passengers’ personal information, such as emails, names, or addresses, ending up in the wrong hands.

Phishing 137

Phishing Access Security Privacy 137

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

WIRED Threat Level

SEPTEMBER 27, 2023

SoundThinking is purchasing parts of Geolitica, the company that created PredPol. Experts say the acquisition marks a new era of companies dictating how police operate.

Security 127

Security 127

Data Breach Today

SEPTEMBER 29, 2023

AWS & CrowdStrike Cybersecurity Startup Accelerator Will Incubate Early-Stage Firms CrowdStrike has joined forces with Amazon Web Services to familiarize themselves with more Israeli cyber startups earlier in their development lifecycle. The Cybersecurity Startup Accelerator will provide EMEA-based companies with mentorship, technical expertise and partnership opportunities.

Cybersecurity 288

Cybersecurity 288

The Last Watchdog

SEPTEMBER 26, 2023

Washington, DC, Sept.26, 2023 — The Internet Infrastructure Coalition (i2Coalition) launched the VPN Trust Initiative (VTI) in 2020 to establish a baseline for how virtual private network (VPN) providers should operate. The goal is to help avoid oversights, misunderstandings, or vague legislation that could invite abuses of power and short-sighted legislation of helpful technology.

Privacy 100

Privacy Risk Encryption Access 100

Security Affairs

SEPTEMBER 27, 2023

Google assigned a maximum score to a critical security flaw, tracked as CVE-2023-5129, in the libwebp image library for rendering images in the WebP format. Google assigned a new CVE identifier for a critical vulnerability, tracked as CVE-2023-5129 (CVSS score 10,0), in the libwebp image library for rendering images in the WebP format. The flaw was initially tracked as CVE-2023-4863 , because researchers believed that it was only impacting the Google Chrome browser.

Libraries 133

Libraries IT Security Information Security 133

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Schneier on Security

SEPTEMBER 27, 2023

Both Apple and Google have recently reported critical vulnerabilities in their systems—iOS and Chrome, respectively—that are ultimately the result of the same vulnerability in the libwebp library: On Thursday, researchers from security firm Rezillion published evidence that they said made it “highly likely” both indeed stemmed from the same bug, specifically in libwebp, the code library that apps, operating systems, and other code libraries incorporate to process WebP ima

Libraries 120

Libraries Security IT 120

Data Breach Today

SEPTEMBER 29, 2023

Medical device makers in their premarket submissions to the Food and Drug Administration under the agency's new refuse to accept policy for cybersecurity should pay close attention to details such as a product's software bill of materials and vulnerability management, said Jessica Wilkerson of FDA.

Cybersecurity 287

Cybersecurity 287

WIRED Threat Level

SEPTEMBER 25, 2023

Corporations are using software to monitor employees on a large scale. Some experts fear the data these tools collect could be used to automate people out of their jobs.

Artificial Intelligence 122

Artificial Intelligence Privacy Security 122

Security Affairs

SEPTEMBER 25, 2023

Experts warn of a critical vulnerability in the TeamCity CI/CD server that can be exploited to take over a vulnerable server. JetBrains TeamCity is a popular and highly extensible Continuous Integration (CI) and Continuous Delivery (CD) server developed by JetBrains, a software development company known for its developer tools. TeamCity is designed to automate various aspects of the software development process, including building, testing, and deploying applications, while providing a wide rang

Authentication 138

Authentication Cloud Security IT 138

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

Dark Reading

SEPTEMBER 26, 2023

A fast-growing cyber campaign solely takes aim at luxury hotel and resort chains, using security-disruptive tactics to spread info-stealing malware.

Security 129

Security 129

Data Breach Today

SEPTEMBER 25, 2023

Forrester's Allie Mellen on Issues Posed by Cisco's M&A Track Record, Splunk's Cost Security practitioners are skeptical of Cisco's proposed $28 billion Splunk purchase given the networking giant's track record around funding and investing in previous acquisition targets. Forrester's Allie Mellen expects some customers to try out other SIEM tools given Cisco's heritage in hardware.

Security 277

Security 277

Jamf

SEPTEMBER 25, 2023

Congratulations to the winners of the 2023 Jammies Awards, the customer appreciation awards celebrating those who exemplify Jamf values and innovative usage of Jamf solutions.

112

112