Data Breach Today
JUNE 12, 2024
An Interview with Gigamon's Chief Security Officer, Chaim Mazal Chief Information Security Officers (CISOs) face unprecedented challenges in their efforts to protect their organizations against a rising tide of increasingly sophisticated cyberthreats.
The Last Watchdog
JUNE 10, 2024
Could we be on the verge of Privacy Destruction 2.0, thanks to GenAI? Related: Next-level browser security That’s a question that spilled out of a thought-provoking conversation I had with Pedro Fortuna , co-founder and CTO of Jscrambler , at RSAC 2024. Jscrambler provides granular visibility and monitoring of JavaScript coding thus enabling companies to set and enforce security rules and privacy policies.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
JUNE 11, 2024
Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows users. The software giant also responded to a torrent of negative feedback on a new feature of Redmond’s flagship operating system that constantly takes screenshots of whatever users are doing on their computers, saying the feature would no longer be enabled by default.
Security Affairs
JUNE 13, 2024
Fortinet released security updates to address multiple vulnerabilities in FortiOS, including a high-severity code execution security issue. Fortinet addressed multiple vulnerabilities in FortiOS and other products, including some code execution flaws. The company states that multiple stack-based buffer overflow vulnerabilities in the command line interpreter of FortiOS [CWE-121], collectively tracked as CVE-2024-23110 (CVSS score of 7.4), can be exploited by an authenticated attacker to achieve
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Data Breach Today
JUNE 13, 2024
Also: Ukraine Arrests Alleged Ransomware Developer; Patches Galore; and Burnout This week, feds counted cyber incidents; Ukraine made arrest; BlackBasta seemed to exploit flaw; 51 flaws in Patch Tuesday; SolarWinds, JetBrains patched flaws; Alan Turning Institute debunked paper on AI; Santander wants password changes; Christie's spoke of data breach and cyber pros face burnout.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
WIRED Threat Level
JUNE 10, 2024
As the fight against ransomware slogs on, security experts warn of a potential escalation to “real-world violence.” But recent police crackdowns are successfully disrupting the cybercriminal ecosystem.
Security Affairs
JUNE 9, 2024
A new PHP for Windows remote code execution (RCE) flaw affects version 5.x and earlier versions, potentially impacting millions of servers worldwide. Researchers at cybersecurity firm DEVCORE discovered a critical remote code execution (RCE) vulnerability , tracked as CVE-2024-4577, in the PHP programming language. An unauthenticated attacker can exploit the flaw to take full control of affected servers.
Data Breach Today
JUNE 10, 2024
Concerns Remain Over Screenshot-Capture Feature and Microsoft's Security Practices How in the world has Microsoft's leadership managed to get the debut of its forthcoming Recall feature for Windows so wrong on the security and privacy fronts? In the face of serious concerns, Redmond has belatedly promised multiple enhancements, but serious questions remain unanswered.
The Last Watchdog
JUNE 10, 2024
Torrance, Calif., June 10, 2024, CyberNewsWire — AI SPERA, a leader in Cyber Threat Intelligence (CTI) solutions, announced that it has started selling its paid threat detection data from its CTI search engine ‘ Criminal IP ‘ on the Snowflake Marketplace. Criminal IP is committed to offering advanced cybersecurity solutions through Snowflake, the leading cloud-based data warehousing platform.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
KnowBe4
JUNE 11, 2024
Job seekers, beware - cybercriminals have a nasty new way to slide their malicious code on corporate networks. Researchers have uncovered a devious phishing campaign that's distributing the powerful More_eggs backdoor by disguising it as resume submissions for open roles.
Security Affairs
JUNE 10, 2024
The Japanese video-sharing platform, Niconico, was forced to suspend its services following a cybersecurity incident. The Japanese video-sharing platform, Niconico, temporarily suspended its services following a large-scale cyberattack on June 8, 2024. “Due to the effects of a large-scale cyber attack, Niconico has been unavailable since early morning on June 8th” reads the incident notice published by the company. “We sincerely apologize for the inconvenience. ” In respo
Data Breach Today
JUNE 10, 2024
Urgent Appeal Issued for O Type Blood; Attack Disrupts Patient Blood Type Matching The ransomware attack on a U.K. pathology services vendor has disrupted multiple London hospitals' ability to match patients' blood with available stocks. Lacking an IT system-level plan B, officials are resorting to a biologics backup by urging O type blood donors to come forward.
The Last Watchdog
JUNE 12, 2024
Taking stock of exposures arising from the data-handling practices of third-party suppliers was never simple. Related: Europe requires corporate sustainability In a hyper-connected, widely-distributed operating environment the challenge has become daunting. At RSAC 2024 , I visited with Paul Valente , co-founder and CEO of VISO TRUST. We had a wide-ranging discussion about the limitations of traditional third-party risk management ( TPRM ), which uses extensive questionnaires—and the honor syste
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
WIRED Threat Level
JUNE 12, 2024
Cybersecurity firm Recorded Future counted 44 health-care-related incidents in the month after Change Healthcare’s payment came to light—the most it’s ever seen in a single month.
Security Affairs
JUNE 12, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Mali GPU Kernel Driver, PHP bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2024-4610 ARM Mali GPU Kernel Driver Use-After-Free Vulnerability CVE-2024-4577 PHP-CGI OS Command Injection Vulnerability The vulnerability CVE-2024-4610 is a use-after-free issue issue that
Data Breach Today
JUNE 9, 2024
Threat Actor GhostR Says It Stole 34 GB of Data A financially motivated hacker claims to have stolen over 34 gigabytes of data belonging to Singapore-based Telecom company Absolute Telecom. The hacker dubbed GhostR claims to have access to the company's data including corporate accounting, credit cards and customer information.
The Last Watchdog
JUNE 11, 2024
Companies that need to protect assets spread across hybrid cloud infrastructure face a huge challenge trying to mix and match disparate security tools. Related: Cyber help for hire Why not seek help from a specialist? At RSAC 2024 , I visited with Geoff Haydon , CEO, and Alex Berger , Head of Product Marketing, at Ontinue , a new player in the nascent Managed Extended Detection and Response ( MXDR ) space.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Schneier on Security
JUNE 11, 2024
New research: “ Deception abilities emerged in large language models “: Abstract: Large language models (LLMs) are currently at the forefront of intertwining AI systems with human communication and everyday life. Thus, aligning them with human values is of great importance. However, given the steady increase in reasoning abilities, future LLMs are under suspicion of becoming able to deceive human operators and utilizing this ability to bypass monitoring efforts.
Security Affairs
JUNE 11, 2024
Semiconductor and software design company Arm warns of an actively exploited zero-day vulnerability in Mali GPU Kernel Driver. Arm is warning of an actively exploited zero-day vulnerability, tracked as CVE-2024-4610, in Mali GPU Kernel Driver. The vulnerability is a use-after-free issue issue that impacts Bifrost GPU Kernel Driver (all versions from r34p0 to r40p0) and Valhall GPU Kernel Driver (all versions from r34p0 to r40p0). “A local non-privileged user can make improper GPU memory pr
Data Breach Today
JUNE 13, 2024
It's critical for CISOs to study what went wrong in major ransomware IT disruptions and breaches hitting the healthcare sector and to look closely within their own organizations for similar gaps or vulnerabilities, said Michael Prakhye, CISO of Adventist HealthCare.
KnowBe4
JUNE 10, 2024
The PhishER Plus platform just got smarter with the addition of the new PhishER Plus Threat Intel feature that integrates web reputation data into the PhishER Plus console.
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
WIRED Threat Level
JUNE 8, 2024
Plus: A media executive is charged in an alleged money-laundering scheme, a ransomware attack disrupts care at London hospitals, and Google’s former CEO has a secretive drone project up his sleeve.
Security Affairs
JUNE 8, 2024
The source code and data of The New York Times leaked on the 4chan was stolen from the company’s GitHub repositories in January 2024. This week, VX-Underground first noticed that the internal data of The New York Times was leaked on 4chan by an anonymous user. The mysterious user leaked 270GB of data and claimed that the American newspaper has over 5,000 source code repositories, with less than 30 being encrypted.
Data Breach Today
JUNE 13, 2024
Government Nurtures Homegrown Talent and Hack-for-Hire Ecosystem, Research Finds China boasts many of the world's most talented zero-day vulnerability researchers as well as a strict cybersecurity law compelling individuals to assist the state, and the government doesn't appear to shy away from using both those facts to its advantage, a new research study finds.
KnowBe4
JUNE 13, 2024
A new phishing- as-a-service toolkit that leverages credential interception and anti-detection capabilities has put EU banks at severe risk of fraud.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Schneier on Security
JUNE 10, 2024
Interesting research: “ Hyperlink Hijacking: Exploiting Erroneous URL Links to Phantom Domains “: Abstract: Web users often follow hyperlinks hastily, expecting them to be correctly programmed. However, it is possible those links contain typos or other mistakes. By discovering active but erroneous hyperlinks, a malicious actor can spoof a website or service, impersonating the expected content and phishing private information.
Security Affairs
JUNE 11, 2024
A proof-of-concept (PoC) exploit code for a Veeam Backup Enterprise Manager authentication bypass flaw CVE-2024-29849 is publicly available. Researcher Sina Kheirkha analyzed the Veeam Backup Enterprise Manager authentication bypass flaw CVE-2024-29849 and a proof of concept exploit for this issue. The flaw CVE-2024-29849 is a critical vulnerability (CVSS score: 9.8) in Veeam Backup Enterprise Manager that could allow attackers to bypass authentication.
Data Breach Today
JUNE 8, 2024
Remote Code Execution Exploit Found; Patch Now Available A critical remote code execution vulnerability in PHP for Windows, affecting all releases since version 5.x, requires immediate action from server administrators. The flaw enables attackers to execute arbitrary code on remote PHP servers through an argument injection attack.
Expert insights. Personalized for you.
319 
Let's personalize your content