Sat.Nov 16, 2024 - Fri.Nov 22, 2024

article thumbnail

Fintech Giant Finastra Investigating Data Breach

Krebs on Security

The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company.

article thumbnail

Zero Days Top Cybersecurity Agencies' Most-Exploited List

Data Breach Today

Cybersecurity Officials Urge to Prioritize Fixing These 15 Most-Exploited Flaws Which vulnerabilities need fixing first to best block nation-state and other hacking attempts? Enter the latest Five Eyes intelligence partnership list of the 15 flaws most targeted by attackers, of which 11 were zero-days. Many organizations have yet to patch them all.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Information Lifecycle Management is AI's Ethical Safeguard

AIIM

As organizations rush to embrace artificial intelligence (AI), many are overlooking a crucial element that could make or break their AI initiatives: effective information management. In this post, I'll explore why information lifecycle management is not just important, but essential for successful and ethical AI implementation.

article thumbnail

Increased GDPR Enforcement Highlights the Need for Data Security

Security Affairs

GDPR protects sensitive data like health and financial details, and its enforcement underscores the growing need for stronger data security measures. GDPR: The landscape of data privacy and protection has never been more critical. With regulators around the world intensifying scrutiny, companies are facing increasing pressure to comply with stringent data protection laws.

GDPR 136
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Russian Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented Hack

WIRED Threat Level

In a first, Russia's APT28 hacking group appears to have remotely breached the Wi-Fi of an espionage target by hijacking a laptop in another building across the street.

Security 145

More Trending

article thumbnail

AI+IM Forum Europe 2024: Embracing the Information Management Renaissance

AIIM

The recent AI+IM Forum Europe in Manchester brought together industry leaders and practitioners to explore the evolving landscape of information management in the age of artificial intelligence. Here are my key takeaways from this thought-provoking event.

article thumbnail

AI transformation is the new digital transformation. Here's why that change matters

Collaboration 2.0

Your boss has read about the power of generative AI and wants you to stop dithering about potential risks and start delivering results.

article thumbnail

Anyone Can Buy Data Tracking US Soldiers and Spies to Nuclear Vaults and Brothels in Germany

WIRED Threat Level

More than 3 billion phone coordinates collected by a US data broker expose the detailed movements of US military and intelligence workers in Germany—and the Pentagon is powerless to stop it.

Military 145
article thumbnail

US Cyber Force Surges Global Operations Amid Rising Threats

Data Breach Today

US Cyber Command Says National Mission Force was Deployed Over 85 Times in 2024 A secretive U.S. military unit has surged its support to partner nations across the globe in 2024 while combatting escalating threats from foreign adversaries like China and North Korea, a top official from Cyber Command told the Cyberwarcon summit on Friday.

Military 280
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

Security Affairs

Palo Alto Networks confirmed active exploitation of a zero-day in its PAN-OS firewall and released new indicators of compromise (IoCs). Last week, Palo Alto Networks warned customers to limit access to their next-gen firewall management interface due to a potential remote code execution vulnerability (CVSSv4.0 Base Score: 9.3) in PAN-OS. The cybersecurity company had no further details on the vulnerability and was not aware of the active exploitation of the flaw.

article thumbnail

AI just gave us the Star Trek farewell we always wanted - watch it here

Collaboration 2.0

William Shatner and Leonard Nimoy reunite in a powerful short film using AI and deepfake technology to give fans the emotional farewell they deserve.

IT 140
article thumbnail

Inside the Booming ‘AI Pimping’ Industry

WIRED Threat Level

AI-generated influencers based on stolen images of real-life adult content creators are flooding social media.

Privacy 142
article thumbnail

Feds Indict 5 Suspects Tied to Scattered Spider Cybercrime

Data Breach Today

FBI Ties Suspects to at Least 45 Attacks and Theft of Cryptocurrency Worth Millions The U.S. government on Wednesday unsealed criminal charges against five suspected members of the "loosely organized, financially motivated cybercriminal group" Scattered Spider. The suspects have been tied to 45 attacks, disrupting businesses and stealing cryptocurrency worth millions of dollars.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Secret Service Tracking People’s Locations without Warrant

Schneier on Security

This feels important : The Secret Service has used a technology called Locate X which uses location data harvested from ordinary apps installed on phones. Because users agreed to an opaque terms of service page, the Secret Service believes it doesn’t need a warrant.

IT 136
article thumbnail

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies. T-Mobile confirms it was hacked as part of a long-running cyber espionage campaign targeting Telco companies. Recently, the FBI and CISA announced they are continuing to investigate a large-scale cyber-espionage campaign by China-linked threat actors targeting U.S. telecoms, compromising networks to steal call records and access private communications, mainly of governme

article thumbnail

China’s Surveillance State Is Selling Citizen Data as a Side Hustle

WIRED Threat Level

Chinese black market operators are openly recruiting government agency insiders, paying them for access to surveillance data and then reselling it online—no questions asked.

Marketing 138
article thumbnail

How Advances in Cloud Security Help Future-Proof Resilience

Data Breach Today

Embracing Zero Trust and AI in Cloud Security Zero trust, artificial-intelligence-driven security and automation tools are reshaping how organizations maintain uptime, even during a cyberattack. These advances underscore how the future of enterprise resilience is increasingly tied to advancements in cloud security.

Cloud 277
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

I replaced my M1 MacBook Pro with a base model M4 - and it blew my $3,000 laptop away

Collaboration 2.0

Apple's flagship M4 laptops won't wow you with flashy features or fresh designs, but they're almost so polished that you can't complain.

IT 134
article thumbnail

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. A visual depiction of the attacks by the SMS phishing group known as Scattered Spider, and Oktapus.

Phishing 228
article thumbnail

More than 2,000 Palo Alto Networks firewalls hacked exploiting recently patched zero-days

Security Affairs

Threat actors already hacked thousands of Palo Alto Networks firewalls exploiting recently patched zero-day vulnerabilities. Thousands of Palo Alto Networks firewalls have reportedly been compromised in attacks exploiting recently patched zero-day vulnerabilities ( CVE-2024-0012 and CVE-2024-9474 ) in PAN-OS. CVE-2024-0012 is a vulnerability in Palo Alto Networks PAN-OS that allows unauthenticated attackers with network access to the management web interface to bypass authentication and gain adm

article thumbnail

CISA Red Team Finds Alarming Critical Infrastructure Risks

Data Breach Today

Red Team Finds Vulnerabilities in Critical Infrastructure Org’s Security Framework The U.S., cyber defense agency is urging critical infrastructure operators to learn from the experience of a volunteer read teaming test and not rely too heavily on host-based endpoint detection and response solutions at the expense of network layer protections.

Risk 274
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Ransomware Gangs Evolve: They're Now Recruiting Penetration Testers

KnowBe4

A new and concerning cybersecurity trend has emerged. According to the latest Q3 2024 Cato CTRL SASE Threat Report from Cato Networks, ransomware gangs are now actively recruiting penetration testers to enhance the effectiveness of their attacks.

article thumbnail

How to create a podcast with AI in seconds: Easy, step-by-step instructions

Collaboration 2.0

Using PDFs, text files, or audio files, Google's NotebookLM tool can generate a podcast episode that sounds just like two real people discussing your topic. We'll walk you through exactly how it's done.

IT 126
article thumbnail

China-linked actor’s malware DeepData exploits FortiClient VPN zero-day

Security Affairs

Chinese threat actors use custom post-exploitation toolkit ‘DeepData’ to exploit FortiClient VPN zero-day and steal credentials. Volexity researchers discovered a vulnerability in Fortinet’s Windows VPN client that China-linked threat actor BrazenBamboo abused in their DEEPDATA malware. BrazenBamboo is known to be the author of other malware families, including LIGHTSPY , DEEPDATA, and DEEPPOST.

Passwords 127
article thumbnail

Coast Guard Warns of Continued Risks in Chinese Port Cranes

Data Breach Today

Military Says Ship-to-Shore Cranes Made in China Include Dangerous Security Flaws The United States Coast Guard is continuing to warn of significant security risks embedded in ship-to-shore cranes developed by companies with ties to Beijing while issuing new sensitive requirements for ports operating Chinese-made cranes across the country.

Risk 269
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Dark Side of Deals: Emerging Scams for Black Friday, Cyber Monday and Giving Tuesday

KnowBe4

As the holiday shopping season kicks into high gear, cybercriminals are gearing up too. This year, alongside the usual suspects, we're seeing some crafty new scams, so let’s take a look at some of the ones you should be most careful of during Black Friday, Cyber Monday and Giving Tuesday.

Phishing 124
article thumbnail

Update your iPhone, iPad, and Mac now to patch these serious zero-day security flaws

Collaboration 2.0

The emergency updates resolve two zero-day flaws that may have already been exploited in the wild.

Security 124
article thumbnail

NSO Group used WhatsApp exploits even after Meta-owned company sued it

Security Affairs

Court filing revealed that NSO Group used WhatsApp exploits after the instant messaging firm sued the surveillance company. NSO Group developed malware that relied on WhatsApp exploits to infect target individuals even after the Meta-owned instant messaging company sued the surveillance firm. “As a threshold matter, NSO admits that it developed and sold the spyware described in the Complaint, and that NSO’s spyware—specifically its zero-click installation vector called “Eden,” which was pa

IT 127