Data Breach Today
JULY 24, 2024
Cybersecurity Vendor's Preliminary Review Details Problems, Promises Improvements CrowdStrike, in a preliminary report, has blamed internal testing problems for failing to prevent the faulty "rapid content update" that caused worldwide disruption on Friday. The cybersecurity vendor has promised to refine its testing and deployment processes to avoid any repeats.
The Last Watchdog
JULY 25, 2024
Last week, CrowdStrike, one of the cybersecurity industry’s most reputable solution providers, inadvertently caused more disruption across the Internet than all the threat actors active online at the time. Related: Microsoft blames outage on EU A flawed update to CrowdStrike’s Falcon security software caused millions of computers running Microsoft Windows to display the infamous blue screen of death.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
JULY 26, 2024
Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google Workspace account, and leverage that to impersonate a domain holder at third-party services that allow logins through Google’s “Sign in with Google” feature. Last week, KrebsOnSecurity heard from a reader who said they received a notice that their email address had been used to create a potentially malicious Workspace account that Google
AIIM
JULY 24, 2024
Copyright is intended to incentivize creativity to serve the purpose of enriching the public by providing access to creative work. Generative AI engines use content (aka information or unstructured data) to develop large language models. This content can and often does include copyrighted works.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Data Breach Today
JULY 23, 2024
Claroty CEO Vardi on Compensating Controls, Segmentation and Secure Remote Access The recent CrowdStrike outage highlights the need to shift from reactive risk management to proactive measures in cyber-physical security. Claroty CEO Yaniv Vardi emphasizes the importance of compensating controls, network segmentation and secure remote access in preventing similar incidents.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Krebs on Security
JULY 23, 2024
The Chinese company in charge of handing out domain names ending in “ top ” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. The warning comes amid the release of new findings that.top was the most common suffix in phishing websites over the past year, second only to domains ending in “ com.” Image: Shutterstock.
AIIM
JULY 23, 2024
I want to share my thoughts on the ongoing debate within the information management industry about how to effectively sell the value of investing in information management. Some argue that the focus should be on business outcomes and solving the problems that keep decision-makers up at night, while others emphasize the importance of compliance and risk mitigation.
Data Breach Today
JULY 26, 2024
National Police Probe Botnet Campaign That Infected 3,000 Machines The French government has launched an investigation into a suspected Chinese espionage campaign that infected thousands of networks in France. The botnet campaign pushed out the PlugX remote access Trojan that has infected 3,000 machines in France since 2020.
KnowBe4
JULY 23, 2024
Incident Report Summary: Insider Threat TLDR: KnowBe4 was in need of a software engineer for our internal IT AI team. Posted the job, got resumes, did the interviews, did the background check, checked the references and hired the person. We sent the Mac and the moment it was received it immediately started to load malware. The EDR software saw it and started to throw alerts to our InfoSec SOC team.
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
Security Affairs
JULY 26, 2024
The Internet Systems Consortium (ISC) released BIND security updates that fixed several remotely exploitable DoS bugs in the DNS software suite. The Internet Systems Consortium (ISC) released security updates for BIND that address DoS vulnerabilities that could be remotely exploited. An attacker can exploit these vulnerabilities to disrupt DNS services.
WIRED Threat Level
JULY 24, 2024
A former Google engineer has built a search engine, WebXray, that aims to find illicit online data collection and tracking—with the goal of becoming “the Henry Ford of tech lawsuits.
Data Breach Today
JULY 26, 2024
Meanwhile, Wait Continues for Change Healthcare's Breach Report in Massive Attack U.S. hospital chain Ascension has filed a placeholder breach report to federal regulators saying its May 8 ransomware attack affected at least 500 individuals. Meanwhile, the waiting game continues for Change Healthcare's official data breach report and individual notifications.
Schneier on Security
JULY 25, 2024
Friday’s massive internet outage, caused by a mid-sized tech company called CrowdStrike, disrupted major airlines, hospitals, and banks. Nearly 7,000 flights were canceled. It took down 911 systems and factories, courthouses, and television stations. Tallying the total cost will take time. The outage affected more than 8.5 million Windows computers, and the cost will surely be in the billions of dollars easily matching the most costly previous cyberattacks, such as NotPetya.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
JULY 25, 2024
A critical flaw in some versions of Docker Engine can be exploited to bypass authorization plugins (AuthZ) under specific circumstances. A vulnerability, tracked as CVE-2024-41110 (CVSS score of 10.0), in certain versions of Docker Engine can allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. “An attacker could exploit a bypass using an API request with Content-Length set to 0, causing the Docker daemon to forward the request without the body to the Aut
eSecurity Planet
JULY 22, 2024
The failed CrowdStrike sensor update that affected Windows systems may have put those computers at risk, but this is just one potential vulnerability during an interesting week. SolarWinds recently patched 13 vulnerabilities, and Ivanti has fixed yet another flaw in its Endpoint Manager product. The CISA requires federal agencies to patch their instances of GeoServer by August 5, and Wiz recently reported on a major AI model training vulnerability.
Data Breach Today
JULY 26, 2024
UEFI Developer Leaked a Secure Boot Asymmetric Key Hundreds of laptop and server models from mainstream manufacturers are at risk of hacking that bypasses protections meant to ensure only trusted software can load during computer bootup, warn researchers from California supply chain startup Binarly.
Schneier on Security
JULY 26, 2024
This isn’t good : On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what’s known as a platform key, the cryptogra
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
Security Affairs
JULY 21, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-34102 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability CVE-2024-28995 SolarW
WIRED Threat Level
JULY 23, 2024
The code, the first of its kind, was used to sabotage a heating utility in Lviv at the coldest point in the year—what appears to be yet another innovation in Russia’s torment of Ukrainian civilians.
Data Breach Today
JULY 24, 2024
Static Scanning Limitations Usher Malware Onto Corporate Network Phishing hackers have developed a new technique for smuggling malware past secure email gateway defenses, said researchers at Cofense who uncovered a recent info stealer campaign. "I honestly think that it was someone testing the water to see if it would work - and it did work," a researcher said.
Schneier on Security
JULY 24, 2024
Supposedly the DHS has these : The robot, called “NEO,” is a modified version of the “Quadruped Unmanned Ground Vehicle” (Q-UGV) sold to law enforcement by a company called Ghost Robotics. Benjamine Huffman, the director of DHS’s Federal Law Enforcement Training Centers (FLETC), told police at the 2024 Border Security Expo in Texas that DHS is increasingly worried about criminals setting “booby traps” with internet of things and smart home devices, and t
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
JULY 25, 2024
The CVE-2024-21412 flaw in the Microsoft Defender SmartScreen has been exploited to deliver information stealers such as ACR Stealer, Lumma, and Meduza. Fortinet FortiGuard Labs researchers observed a malware campaign exploiting the vulnerability CVE-2024-21412 (CVSS score: 8.1) to spread information stealer, such as ACR Stealer, Lumma , and Meduza.
WIRED Threat Level
JULY 22, 2024
The DOD wants to refurbish ICBM silos that give it the ability to end civilization. But these missiles are useless as weapons, and their other main purpose—attracting an enemy’s nuclear strikes—serves no end.
Data Breach Today
JULY 22, 2024
Microsoft's Tool Requires Physical Access, a 'Time-Consuming and Laborious Task' Microsoft's statement that a faulty CrowdStrike update affected less than 1% of active Windows systems doesn't tell the full story, since large organizations in critical sectors make up a disproportionate part of the user base, as the outages in healthcare, transportation and banking demonstrate.
Schneier on Security
JULY 25, 2024
I am the Chief of Security Architecture at Inrupt, Inc. , the company that is commercializing Tim Berners-Lee’s Solid open W3C standard for distributed data ownership. This week, we announced a digital wallet based on the Solid architecture. Details are here , but basically a digital wallet is a repository for personal data and documents. Right now, there are hundreds of different wallets, but no standard.
Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL
Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.
Security Affairs
JULY 25, 2024
Terrorist groups are increasingly using cyberspace and digital communication channels to plan and execute attacks. Yesterday Federal Bureau of Investigation (FBI) Director Christopher Wray expressed growing concerns over the potential for a coordinated foreign terrorist attack in the United States. During his testimony to the House Oversight Committee, Mr.
KnowBe4
JULY 26, 2024
As expected, threat actors are taking advantage of the global IT outage caused by a faulty CrowdStrike update last Friday, SC Media reports.
Data Breach Today
JULY 24, 2024
Open-Source Company Issues Patches After Being Alerted by Palo Alto A widely used generative artificial intelligence framework is vulnerable to a prompt injunction flaw that could enable sensitive data to leak. Security researchers at Palo Alto Networks uncovered two arbitrary code flaws in open-source library LangChain.
Expert insights. Personalized for you.
317 
Let's personalize your content