KnowBe4
SEPTEMBER 24, 2024
A phishing campaign is targeting GitHub users with phony CAPTCHA pages, according to researchers at McAfee. The phishing emails ask users to address a security vulnerability in a GitHub repository that they recently contributed to, and contain a link to find more information about the alleged vulnerability. This link leads to a fake CAPTCHA page that attempts to trick them into installing malware.
Data Breach Today
SEPTEMBER 23, 2024
Commerce Department Moves to Regulate Foreign Vehicle Tech Amid Security Fears The White House is proposing new regulations on connected vehicles that would prohibit manufacturers from importing software or hardware from the People's Republic of China and Russia, citing an ever-increasing threat landscape and heightened national security risks.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
SEPTEMBER 26, 2024
The United States today unveiled sanctions and indictments against the alleged proprietor of Joker’s Stash , a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. The government also indicted and sanctioned a top Russian cybercriminal known as Taleon , whose cryptocurrency exchange Cryptex has evolved into one of Russia’s most active money laundering networks.
The Last Watchdog
SEPTEMBER 24, 2024
Ever since the massive National Public Data (NPD) breach was disclosed a few weeks ago, news sources have reported an increased interest in online credit bureaus, and there has been an apparent upswing in onboarding of new subscribers. Related: Class-action lawsuits pile up in wake of NPD hack So what’s the connection? NPD reported the exposure of over 2.7 billion records.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
WIRED Threat Level
SEPTEMBER 26, 2024
Researchers found a flaw in a Kia web portal that let them track millions of cars, unlock doors, and start engines at will—the latest in a plague of web bugs that’s affected a dozen carmakers.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Security Affairs
SEPTEMBER 21, 2024
Cybercriminals stole more than $44 million worth of cryptocurrency from the Singaporean crypto platform BingX. Singaporean crypto platform BingX reported a cyberattack on Friday. Threat actors stole over $44 million worth of cryptocurrency. The crypto platform discovered unauthorized transfers of funds on Thursday night, shortly before BingX announced a shutdown for “wallet maintenance” on social media. [ Temporary Wallet Maintenance Notice] ■ Schedule: ~24 hours ■ When maintenance i
eSecurity Planet
SEPTEMBER 21, 2024
Understanding and adhering to cybersecurity regulations is crucial for any organization as cyber threats evolve and become more sophisticated. The landscape of cybersecurity laws and regulations today is set to undergo significant changes, impacting businesses, government entities, and individuals alike. Let’s explore what to expect from the upcoming regulations, provide insights into critical federal and state laws, and offer practical compliance and risk management strategies.
Schneier on Security
SEPTEMBER 27, 2024
NIST’s second draft of its “ SP 800-63-4 “—its digital identify guidelines—finally contains some really good rules about passwords: The following requirements apply to passwords: lVerifiers and CSPs SHALL require passwords to be a minimum of eight characters in length and SHOULD require passwords to be a minimum of 15 characters in length.
Data Breach Today
SEPTEMBER 27, 2024
Enterprise Browser: The Tool CIOs Never Knew They Were Lacking The enterprise browser is the tool CIOs never knew they were lacking - a seamless access method to the workloads, apps and data that moved to the cloud. It bakes in the needs of the enterprise. Learn why the enterprise browser is a strategic imperative to the success of your business.
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
Security Affairs
SEPTEMBER 26, 2024
Cisco’s Talos reported critical and high-severity flaws in OpenPLC that could lead to DoS condition and remote code execution. Cisco’s Talos threat intelligence unit has disclosed details of five newly patched vulnerabilities in OpenPLC, an open-source programmable logic controller. These vulnerabilities can be exploited to trigger a denial-of-service (DoS) condition or execute remote code.
Troy Hunt
SEPTEMBER 27, 2024
The conundrum I refer to in the title of this post is the one faced by a breached organisation: disclose or suppress? And let me be even more specific: should they disclose to impacted individuals, or simply never let them know? I'm writing this after many recent such discussions with breached organisations where I've found myself wishing I had this blog post to point them to, so, here it is.
eSecurity Planet
SEPTEMBER 24, 2024
Endpoint detection and response (EDR) is an advanced safety system for detecting, investigating, and resolving cyber attacks on endpoints. It examines incidents, inspects behavior, and restores systems to their pre-attack state. EDR uses artificial intelligence, machine learning, and threat intelligence to dodge recurrences, allowing IT teams to neutralize attacks through threat hunting, behavioral analytics, and containment.
Data Breach Today
SEPTEMBER 26, 2024
Also: Ransomware Surged in 2023, MoneyGram Back in Service After Cyberattack This week, advice on spotting North Korean staff; ransomware attacks rose; MoneyGram back online; FCC fined political operative; CISA warned of water system attacks; Ukraine restricted Telegram use; North Korean hackers used new malware; U.K. arrested alleged hacker; PSNI is in data leak talks.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
SEPTEMBER 25, 2024
Experts warn of Necro Trojan found in Google Play, threat actors are spreading it through fake versions of legitimate Android apps. Researchers from Kaspersky discovered a new version of the Necro Trojan in multiple apps uploaded to the Google Play store. The malware was hidden in popular applications and game mods. Kaspersky researchers first spotted the Necro Trojan in 2019, the malicious code was in the free version of the popular PDF creator application CamScanner app.
WIRED Threat Level
SEPTEMBER 27, 2024
A handful of Tesla’s electric pickup trucks are armed and ready for battle in the hands of Chechen forces fighting in Ukraine as part of Russia’s ongoing invasion. Can the EV take the heat?
OpenText Information Management
SEPTEMBER 27, 2024
In today’s evolving threat landscape, cyber defenders are constantly adapting to new adversarial tactics and emerging vulnerabilities. The latest 2024 Threat Hunter Perspective from OpenText sheds light on the most pressing threats, nation-state activities, and security recommendations enterprises must consider in the months ahead. Here are the key findings and expert insights to help you stay ahead of the curve.
Data Breach Today
SEPTEMBER 23, 2024
Lehigh Valley Health Network Will Pay 134,000 Victims of Ransomware Attack and Leak A Pennsylvania-based healthcare system that was hacked by ransomware group BlackCat in 2023 and extorted over stolen exam photos of breast cancer patients posted to a data leak site has agreed to pay $65 million under a proposed settlement of a lawsuit affecting 134,000 patients and employees.
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
Security Affairs
SEPTEMBER 26, 2024
Researchers discovered critical flaws in Kia’s dealer portal that could allow to hack Kia cars made after 2013 using just their license plate. In June 2024, a team of experts ( Neiko Rivera , Sam Curry , Justin Rhinehart , Ian Carroll ) discovered multiple vulnerabilities in Kia vehicles that allowed remote control of key functions using their license plates.
eSecurity Planet
SEPTEMBER 23, 2024
Cloud security controls are methods and protocols to protect cloud environments’ data, applications, and infrastructure. They enforce security measures to prevent threats and unauthorized access. These controls comprise physical, technical, and administrative safeguards. Understanding the various controls, their applications, benefits, and associated risks will help you gain full, secure operations during and after cloud migration.
OpenText Information Management
SEPTEMBER 26, 2024
Organizations need to develop applications in a fast and agile way. Security is essential, but lengthy manual security reviews are an unacceptable bottleneck. Application security testing solutions like Fortify address this by automating the security review process. Once the security testing is automated, a second bottleneck emerges: Humans must still review and act on the test results.
Data Breach Today
SEPTEMBER 23, 2024
Austria, Estonia, Lithuania and the Netherlands Join the Coalition Formed in March Four more European Union nations have joined a United States government-led initiative lanched in March to tackle spyware misuse globally. The move came amid growing criticisms of the European Commission's failure to curb the EU's prolific spyware market.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
SEPTEMBER 25, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Virtual Traffic Manager vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Ivanti Virtual Traffic Manager authentication bypass vulnerability CVE-2024-7593 (CVSS score of 9.8) to its Known Exploited Vulnerabilities (KEV) catalog.
Collibra
SEPTEMBER 27, 2024
A successful data governance program must align with the business’ strategic goals and have the ability to operationalize processes, people and technology to deliver outcomes. A repeatable operational process is important to help the program continuously improve with each iteration. Why keep reinventing the wheel and repeating the same mistakes when one can make the wheel better and bigger, ensuring trusted data that allows the business to innovate?
Schneier on Security
SEPTEMBER 23, 2024
I always like a good hack. And this story delivers. Basically, the New York City bikeshare program has a system to reward people who move bicycles from full stations to empty ones. By deliberately moving bikes to create artificial problems, and exploiting exactly how the system calculates rewards, some people are making a lot of money. At 10 a.m. on a Tuesday last month, seven Bike Angels descended on the docking station at Broadway and 53rd Street, across from the Ed Sullivan Theater.
Data Breach Today
SEPTEMBER 24, 2024
Training AI With Synthetic Data Can Lead to Model Collapse Using facts to train artificial intelligence models is getting tougher, as companies run out of real-world data. AI-generated synthetic data is touted as a viable replacement, but experts say this may exacerbate hallucinations, which are already a big pain point of machine learning models.
Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL
Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.
Security Affairs
SEPTEMBER 23, 2024
Suspected China-linked APT Earth Baxia targeted a government organization in Taiwan by exploiting a recently patched OSGeo GeoServer GeoTools flaw. Trend Micro researchers reported that China-linked APT group Earth Baxia has targeted a government organization in Taiwan and potentially other countries in the Asia-Pacific (APAC) region. The threat actor used spear-phishing emails and exploited the recently patched GeoServer vulnerability CVE-2024-36401.
KnowBe4
SEPTEMBER 23, 2024
Since the beginning of computers, social engineering has been the number one way that computers and networks have been compromised. Social engineering is involved in 70% to 90% of all successful data breaches.
Collaboration 2.0
SEPTEMBER 23, 2024
Ready to unlock your Amazon Echo's true potential? Here's how Alexa routines can automate your home, simplify tasks, and save you time with just a few taps in the Alexa app.
Expert insights. Personalized for you.
99 
Let's personalize your content