Sat.Oct 22, 2022 - Fri.Oct 28, 2022

article thumbnail

Security Alert: Daixin Ransomware Targets Healthcare

Data Breach Today

Cybercrime Gang Wields Phishing Emails and Proficiency for VMware Environments Beware ransomware and data extortion shakedowns that trace to a cybercrime gang called Daixin Team, which is especially targeting the healthcare sector, as well as wielding phishing emails and a proficiency with VMware server environments, warns a new U.S. government cybersecurity advisory.

article thumbnail

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

The Last Watchdog

Employee security awareness is the most important defense against data breaches. Related: Leveraging security standards to protect your company. It involves regularly changing passwords and inventorying sensitive data. Cybercriminals view employees as a path of least resistance. As such, you should limit the amount of information that employees have access to.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Stress Is Driving Cybersecurity Professionals to Rethink Roles

Dark Reading

Burnout has led one-third of cybersecurity staffers to consider changing jobs over the next two years, potentially further deepening the talent shortage, research shows.

article thumbnail

The Anticipant Organization

OpenText Information Management

Imagine if the world went dark and there were no internet. Even for a day. For a week. Consider the massive fallout for organizations everywhere. Digitalization has morphed from a useful function to a bedrock of society. It is at the center of all future growth. But as our technology advances beyond human limits, carrying … The post The Anticipant Organization appeared first on OpenText Blogs.

IT 104
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Major UK Outsourcer Hit With Multi-Million Dollar Fine Due to a Phishing Attack

KnowBe4

Britain's data watchdog has fined major construction group Interserve with a £4.4m fine. This was due to a cyber attack stole personal and financial details for over 113,000 employees and the company failed to stop the attack.

Phishing 115

More Trending

article thumbnail

AIIM Names Tori Miller Liu Chief Executive Officer

AIIM

The Association for Intelligent Information Management (AIIM), the world’s leading association dedicated to the information management industry and its practice, announced today that it has appointed Tori Miller Liu as its next Chief Executive Officer, effective December 1, 2022. She replaces Peggy Winton who, earlier this year, announced her decision to step down after serving in this position for seven years.

article thumbnail

FIRESIDE CHAT: Timely employee training, targeted testing needed to quell non-stop phishing

The Last Watchdog

Humans are rather easily duped. And this is the fundamental reason phishing persists as a predominant cybercriminal activity. Related: How MSSPs help secure business networks. Tricking someone into clicking to a faked landing page and typing in their personal information has become an ingrained pitfall of digital commerce. The deleterious impact on large enterprises and small businesses alike has been – and continues to be — profound.

Phishing 234
article thumbnail

Multiple vulnerabilities affect the Juniper Junos OS

Security Affairs

Juniper Networks devices are affected by multiple high-severity issues, including code execution vulnerabilities. Multiple high-severity security vulnerabilities have been discovered in Juniper Networks devices. “Multiple vulnerabilities have been found in the J-Web component of Juniper Networks Junos OS. One or more of these issues could lead to unauthorized local file access, cross-site scripting attacks, path injection and traversal, or local file inclusion.” reads the advisory pu

Metadata 145
article thumbnail

Cyber Events Disrupt Polish, Slovakian Parliament IT Systems

Data Breach Today

Poland Senate Alleges Russian Connection to DDoS Attack Parliament IT systems in two East European capitals were disrupted Thursday. The Poland Senate said a distributed denial-of-service attack partially originated from inside Russia. In Slovakia, a Parliament speaker postponed voting after telling lawmakers that vote-counting systems were not working.

IT 242
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

KnowBe4 Top-Clicked Phishing Email Subjects for Q3 2022 [INFOGRAPHIC]

KnowBe4

KnowBe4's latest quarterly report on top-clicked phishing email subjects is here. We analyze 'in the wild' attacks reported via our Phish Alert Button , top subjects globally clicked on in phishing tests , and top attack vector types.

Phishing 142
article thumbnail

The Future of Human Intelligence: A Conversation with Ray Kurzweil

OpenText Information Management

Information is at the core of being human, the universe and evolution itself. Information creation is accelerating, and its use is transformative in nature. Machines generate more information than humans today. Machines share their knowledge instantly and understand the nuances of language. One day, machines will directly enhance the human mind, and allow each human … The post The Future of Human Intelligence: A Conversation with Ray Kurzweil appeared first on OpenText Blogs.

IT 140
article thumbnail

Google fixes a new actively exploited Chrome zero-day, it is the seventh one this year

Security Affairs

Google Thursday released an emergency patch for Chrome 107 to address the actively exploited zero-day vulnerability CVE-2022-3723. Google released an emergency update for the Chrome 107 to address an actively exploited zero-day vulnerability tracked as CVE-2022-3723. The CVE-2022-3723 flaw is a type confusion issue that resides in the Chrome V8 Javascript engine.

Libraries 143
article thumbnail

Medlab Pathology Breach Affects 223,000 Australians

Data Breach Today

Medical Records and Credit Card Details of Patients Compromised One of Australia's largest private testing laboratories announced a data breach affecting 223,000 Australians. Ransomware-as-a-service group Quantum took credit for the incident, posting an 86-gigabyte file in June. "There is no evidence of misuse of any of the information," says Medlab Pathology.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Cybercriminals Use Fake Public PoCs to Spread Malware and Steal Data

eSecurity Planet

GitHub proofs of concept (PoCs) for known vulnerabilities could themselves contain malware as often as 10% of the time, security researchers have found. Researchers at the Leiden Institute of Advanced Computer Science have alerted security professionals about risks associated with GitHub and other platforms like pastebin that host public PoCs of exploits for known vulnerabilities.

article thumbnail

Over Two-Thirds of Organizations Have No Ransomware-Specific Incident Response Playbook

KnowBe4

A newly released report on ransomware preparedness shows organizations are improving their security stance in comparison to last year, but overall still aren’t doing enough.

article thumbnail

Apple backports fixes for CVE-2022-42827 zero-day to older iPhones, iPads

Security Affairs

Apple released updates to backport the recently released security patches for CVE-2022-42827 zero-day to older iPhones and iPads. Apple has released new security updates to backport security patches released this week to address actively exploited CVE-2022-42827 in older iPhones and iPads, addressing an actively exploited zero-day bug. Early this week, Apple addressed the ninth zero-day vulnerability exploited in attacks in the wild since the start of the year.

Security 140
article thumbnail

UK Firm Fined for Poor Security Prior to Ransomware Attack

Data Breach Today

Interserve Ran Obsolete Servers and Didn't Verify Malware Deletion The U.K. Information Commissioner levied a nearly $5 million fine against Interserve Group Limited for its lack of security protections in the run-up to a 2020 ransomware attack. The firm kept employee data on servers running obsolete versions of Windows and used outdated antivirus software.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Heartbleed 2.0? OpenSSL Warns of Second-Ever Critical Security Flaw

eSecurity Planet

The OpenSSL project this week announced plans to release version 3.0.7 on November 1 to patch a critical security flaw affecting versions 3.0 and later. Co-founder Mark J. Cox noted it’s only the second critical patch “since we started rating flaws back in 2014.” OpenSSL identifies critical issues as those affecting common configurations and likely to be exploitable, with examples including “significant disclosure of the contents of server memory (potentially revealing us

Security 130
article thumbnail

Critical Vulnerability in Open SSL

Schneier on Security

There are no details yet, but it’s really important that you patch Open SSL 3.x when the new version comes out on Tuesday. How bad is “Critical”? According to OpenSSL, an issue of critical severity affects common configurations and is also likely exploitable. It’s likely to be abused to disclose server memory contents, and potentially reveal user details, and could be easily exploited remotely to compromise server private keys or execute code execute remotely.

IT 122
article thumbnail

OpenSSL to fix the second critical flaw ever

Security Affairs

The OpenSSL Project announced an upcoming update to address a critical vulnerability in the open-source toolkit. The OpenSSL Project announced that it is going to release updates to address a critical vulnerability in the open-source toolkit. Experts pointed out that it is the first critical vulnerability patched in toolkit since September 2016. “The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 3.0.7.

article thumbnail

Fallout From Medibank Hack Grows

Data Breach Today

About 4M Australians Affected by Extortion Demand Made Against the Health Insurer Fallout from the hack of Australian health insurer Medibank continues to worsen as the company twice this week acknowledged a wider set of affected individuals. Hackers had access to the personal data of 4 million individuals and significant amounts of health claims data.

Insurance 239
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Vulnerability Management as a Service: Top VMaaS Providers

eSecurity Planet

There are 20,000 or more new software and hardware vulnerabilities every year, yet only a few hundred might be actively exploited. It falls to IT security teams to determine where those vulnerabilities lie in their organization and which ones they need to prioritize. That process can be overwhelming. Vulnerability management tools can help, but even then finding, patching and testing vulnerabilities can still take an extraordinary amount of time.

Cloud 124
article thumbnail

Big Changes are Afoot: Expanding and Enhancing the Have I Been Pwned API

Troy Hunt

Just over 3 years ago now, I sat down at a makeshift desk (ok, so it was a kitchen table) in an Airbnb in Olso and built the authenticated API for Have I Been Pwned (HIBP). As I explained at the time, the primary goal was to combat abuse of the service and by adding the need to supply a credit card, my theory was that the bad guys would be very reluctant to, well, be bad guys.

article thumbnail

Thomson Reuters collected and leaked at least 3TB of sensitive data

Security Affairs

The multinational media conglomerate Thomson Reuters left a database with sensitive customer and corporate data exposed online. Original post at [link]. Thomson Reuters, a multinational media conglomerate, left an open database with sensitive customer and corporate data, including third-party server passwords in plaintext format. Attackers could use the details for a supply-chain attack.

IoT 135
article thumbnail

Apple Issues Emergency iOS Fix as Kernel Zero-Day Exploited

Data Breach Today

Immediate Updating Recommended as Any App in iOS and iPad Exploitable Apple has issued a slew of security updates amidst reports that its iOS devices are being actively exploited via a zero-day vulnerability in the kernel. While Apple hasn't attributed the exploits to any specific group, experts say surveillance malware developers are a likely culprit.

Security 233
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

What Is a Distributed Denial of Service (DDoS) Attack?

eSecurity Planet

A distributed denial-of-service (DDoS) attack is a type of cyberattack in which multiple compromised systems are used to target a single system, usually with the goal of overwhelming its resources and making it unavailable to its users. DDoS attacks can be launched from anywhere in the world using any type of device that can be compromised, including laptops, desktops, routers, smartphones, and even internet-connected appliances.

Access 123
article thumbnail

[APPLY TODAY] Security Awareness Training Eligible for $185 million DHS Cybersecurity Grant Opportunity

KnowBe4

The Department of Homeland Security (DHS) is providing $185 million of grant money this year to U.S. states and territories to bolster their cybersecurity defenses, which includes security awareness training. The program will provide $1 billion over the next four years to help states and territories become more resilient to cyber threats.

article thumbnail

Cuba ransomware affiliate targets Ukraine, CERT-UA warns

Security Affairs

The Ukraine Computer Emergency Response Team (CERT-UA) warns of Cuba Ransomware attacks against critical networks in the country. The Ukraine Computer Emergency Response Team (CERT-UA) warns of potential Cuba Ransomware attacks against local critical infrastructure. On October 21, 2022, the Ukraine CERT-UA uncovered a phishing campaign impersonating the Press Service of the General Staff of the Armed Forces of Ukraine.