Sat.Apr 20, 2024 - Fri.Apr 26, 2024

article thumbnail

Multifactor Authentication Bypass Attacks: Top Defenses

Data Breach Today

Joe Toomey of Cyber Insurer Coalition Details Rise in Attacks Targeting Weak MFA Adversaries seeking easy access to enterprise networks continue to probe for weak multifactor authentication deployments, oftentimes via nontargeted attacks that lead to phishing pages designed to steal one-time codes, said Joe Toomey, head of security engineering at cyber insurer Coalition.

article thumbnail

Want to Succeed with AI? Just Keep Doing You

Weissman's World

Hey information governance and records professionals! You are core to AI success in your organization. All you have to do is keep doing you. The post Want to Succeed with AI? Just Keep Doing You appeared first on Holly Group.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Environmental Impact of Information Management

AIIM

April 22nd marks the annual Earth Day, where earthday.org, jointly with many organizations, mobilize volunteers to drive education and elevate awareness, highlight governance efforts and conduct cleanup efforts.

Cleanup 187
article thumbnail

Google fixed critical Chrome vulnerability CVE-2024-4058

Security Affairs

Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics layer engine. Google addressed four vulnerabilities in the Chrome web browser, including a critical vulnerability tracked as CVE-2024-4058. The vulnerability CVE-2024-4058 is a Type Confusion issue that resides in the ANGLE graphics layer engine.

Security 145
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Cisco Fixes Firewall 0-Days After Likely Nation-State Hack

Data Breach Today

Networking Giant Dubs Campaign Against Government Customers 'Arcane Door' Probable nation-state hackers targeted Cisco firewall appliances in a campaign dating to late 2023, the networking giant disclosed Wednesday while releasing three patches, two of them rated critical. Cisco doesn't connect the hackers with a specific country. It dubs the campaign "Arcane Door.

More Trending

article thumbnail

The Rise of Large-Language-Model Optimization

Schneier on Security

The web has become so interwoven with everyday life that it is easy to forget what an extraordinary accomplishment and treasure it is. In just a few decades, much of human knowledge has been collectively written up and made available to anyone with an internet connection. But all of this is coming to an end. The advent of AI threatens to destroy the complex online ecosystem that allows writers, artists, and other creators to reach human audiences.

article thumbnail

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler service flaw. Microsoft reported that the Russia-linked APT28 group (aka “ Forest Blizzard ”, “ Fancybear ” or “ Strontium ” used a previously unknown tool, dubbed GooseEgg, to exploit the Windows Print Spooler flaw CVE-2022-38028. Since at least June 2020, and possibly earlier, the cyberespionage group has used the tool GooseEgg to exploit the CVE-2022-38028 vulnerability.

Military 144
article thumbnail

UnitedHealth Group Previews Massive Change Healthcare Breach

Data Breach Today

Breach 'Could Cover a Substantial Proportion of People in America,' Company Warns Hackers who hit Change Healthcare stole sensitive personal and medical details that "could cover a substantial proportion of people in America," parent company UnitedHealth Group warned. The company faces mounting regulatory scrutiny and lawsuits due widespread disruptions caused by the attack.

295
295
article thumbnail

'ArcaneDoor' Cyberspies Hacked Cisco Firewalls to Access Government Networks

WIRED Threat Level

Sources suspect China is behind the targeted exploitation of two zero-day vulnerabilities in Cisco’s security appliances.

Access 144
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Level Up Your Users’ Cybersecurity Skills with 'The Inside Man: New Recruits’

KnowBe4

We’re thrilled to announce our newest addition to our ModStore’s already brimming collection of games with a new offering based on our award-winning “The Inside Man” training series !

article thumbnail

CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-38028 Microsoft Windows Print Spooler Privilege Escalation vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Cisa added the flaw to the KEV catalog after Microsoft reported that the Russia-linked APT28 group (aka “ Forest Blizzard ”, “ Fancybear ” or “ Strontium ” used a previously u

IT 143
article thumbnail

Benefits of a Unified CNAPP and XDR Platform

Data Breach Today

In this episode of the "Cybersecurity Insights" podcast, Uptycs CEO Ganesh Pai discusses unifying XDR and CNAPP to improve visibility and explains the coming shift from behavioral detection to outlier or anomaly detection, which uses sophisticated ML and AI.

article thumbnail

North Koreans Secretly Animated Amazon and Max Shows, Researchers Say

WIRED Threat Level

Thousands of exposed files on a misconfigured North Korean server hint at one way the reclusive country may evade international sanctions.

Security 142
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

USPS Surges to Take Top Spot as Most Impersonated Brand in Phishing Attacks

KnowBe4

New data shows phishing attacks are deviating from the traditional focus on technology and retail sectors and are opting for alternate brands with widespread appeal.

Phishing 126
article thumbnail

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over $42 million in ransom payments. A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide.

article thumbnail

7 Tips for Complying With Healthcare Fraud Regulations

Data Breach Today

Attorney Rachel Rose on Navigating the Intensifying Scrutiny of Federal Regulators The federal government is cracking down on healthcare fraud in all forms including kickbacks, lapses in cybersecurity and privacy, lack of fairness in Medicare Advantage policies, and inflated pharmacy claims. Regulatory attorney Rachel Rose outlines seven key tips for meeting compliance mandates.

article thumbnail

AI-Controlled Fighter Jets Are Dogfighting With Human Pilots Now

WIRED Threat Level

Plus: New York’s legislature suffers a cyberattack, police disrupt a global phishing operation, and Apple removes encrypted messaging apps in China.

Phishing 135
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

4 out of 5 of Physicians Were Impacted by February’s Cyber Attack on Change Healthcare

KnowBe4

The results are in – based on a new survey of physicians about the aftermath of the attack on Change Healthcare– and devastating impact of the.

Phishing 126
article thumbnail

Kaiser Permanente data breach may have impacted 13.4 million patients

Security Affairs

Healthcare service provider Kaiser Permanente disclosed a security breach that may impact 13.4 million individuals in the United States. Kaiser Permanente is an American integrated managed care consortium, it is made up of three distinct but interdependent groups of entities: the Kaiser Foundation Health Plan, Inc. (KFHP) and its regional operating subsidiaries; Kaiser Foundation Hospitals; and the regional Permanente Medical Groups.

article thumbnail

Health Analytics Firm Reports Breach Affecting 1.1 Million

Data Breach Today

Data Stolen via Breach of Reliable Networks - BerryDunn's Managed Service Provider A Maine consulting firm with a medical data analytics business must notify more than 1 million Americans that hackers stole their information from company servers. Which clients of Berry, Dunn, McNeil & Parker - and by extension, their customers - have been affected by the breach isn't clear.

Analytics 219
article thumbnail

ShotSpotter Keeps Listening for Gunfire After Contracts Expire

WIRED Threat Level

More cities are cutting ties with ShotSpotter, the company whose microphones purport to detect gunshots. But new information shows that ShotSpotter is still sending data to local police in at least three cities, despite their contracts being canceled.

Privacy 129
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Using Legitimate GitHub URLs for Malware

Schneier on Security

Interesting social-engineering attack vector : McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the “C++ Library Manager for Windows, Linux, and MacOS,” known as vcpkg. The attacker is exploiting a property of GitHub: comments to a particular repo can contain files, and those files will be associated with the project in the URL.

Libraries 126
article thumbnail

Critical CrushFTP zero-day exploited in attacks in the wild

Security Affairs

Threat actors exploited a critical zero-day vulnerability in the CrushFTP enterprise in targeted attacks, Crowdstrike experts warn. CrushFTP is a file transfer server software that enables secure and efficient file transfer capabilities. It supports various features such as FTP, SFTP, FTPS, HTTP, HTTPS, WebDAV, and WebDAV SSL protocols, allowing users to transfer files securely over different networks.

Security 143
article thumbnail

Report: Russian Hackers Targeting Ukrainian Soldiers on Apps

Data Breach Today

Russian Hackers Using Open-Source Malware on Popular Messaging Apps, Report Says Ukraine's Computer Emergency Response Team is warning in an April report that a Russian hacking group known as UAC-0184 is using open-source malware to target Ukrainian soldiers on popular messaging apps such as Signal, as concerns grow over the Kremlin’s advanced hacking capabilities.

204
204
article thumbnail

Next Week is World Password Day!

KnowBe4

May 2nd is World Password Day. Despite the computer industry telling us for decades that our passwords will soon be gone, we now have more than ever!

Passwords 126
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Long Article on GM Spying on Its Cars’ Drivers

Schneier on Security

Kashmir Hill has a really good article on how GM tricked its drivers into letting it spy on them—and then sold that data to insurance companies.

Insurance 123
article thumbnail

Windows DOS-to-NT flaws exploited to achieve unprivileged rootkit-like capabilities

Security Affairs

Researcher demonstrated how to exploit vulnerabilities in the Windows DOS-to-NT path conversion process to achieve rootkit-like capabilities. SafeBreach researcher Or Yair devised a technique, exploiting vulnerabilities in the DOS-to-NT path conversion process, to achieve rootkit-like capabilities on Windows. When a user executes a function with a path argument in Windows, the DOS path of the file or folder is converted to an NT path.

Archiving 142
article thumbnail

Researcher Strips ROM For Binary Code

Data Breach Today

Improved Tooling Makes Such Attacks More Likely Research shows that attackers can physically extract secrets embedded into read-only memory on a shoestring budget. The equipment involves a polishing wheel, a jig and an optical microscope. The attack sounds impossible "until it’s observed for real," said Tony Moor, a IOActive researcher.

189
189