Data Breach Today

JANUARY 1, 2024

Expert Panelists Debate Impact of AI, Geopolitics and New Tactics in the Year Ahead In conjunction with a new report from CyberEd.io, Information Security Media Group asked some of the industry's leading cybersecurity and privacy experts about 10 top trends to watch in 2024.

Cybersecurity 320

Cybersecurity Ransomware Privacy Information Security 320

Data Breach Today

MAY 6, 2024

Ransomware, AI Technology and the Art of the Possible Are Hot Topics This Year ISMG editors are live at RSA Conference 2024 in San Francisco with an overview of opening-day speakers and hot topics including the dismal ransomware landscape, the unbridled growth of AI, security product innovation and deals, and regulatory trends.

Ransomware 286

Ransomware Security 286

Data Breach Today

JULY 11, 2024

Midyear Analysis of HHS OCR 'Wall of Shame' Shows Hacks, Vendor Breaches Top List Hacks and vendor incidents continue to dominate major health data breach trends in 2024, but a handful of large incidents involving "unauthorized access or disclosure" also top the list of major health data breaches reported to federal regulators so far this year.

Data breaches 182

Data breaches Access 182

Data Breach Today

DECEMBER 15, 2023

CISO Liability, AI, Ransomware and Shadow IT Attorney Jonathan Armstrong examines four cybersecurity legal trends that will shape 2024: heightened personal liability for security leaders, the impact of ransomware, legal and ethical concerns about AI, and the influence of shadow IT, especially regarding messaging apps.

Ransomware 269

Ransomware Cybersecurity Security IT 269

Data Breach Today

JANUARY 18, 2024

No 'Magic Solution' to Prevent Malicious Use of AI in Elections, OSTP Chief Says Arati Prabhakar, director of the White House's Office of Science and Technology Policy, said during an event at the 2024 World Economic Forum that generative artificial intelligence has the potential to "dramatically accelerate and amplify the erosion of information integrity." (..)

Artificial Intelligence 311

Artificial Intelligence Risk 311

Data Breach Today

FEBRUARY 9, 2024

Joe Sullivan Also Discusses Identity Management, AI, State of Information Sharing In the latest weekly update, Joe Sullivan, CEO of Ukraine Friends, joins three editors at ISMG to discuss the challenges of being a CISO in 2024, growing threats from disinformation, vulnerabilities in MFA, AI's role in cybersecurity, and the obstacles to public-private (..)

Cybersecurity 270

Cybersecurity 270

Data Breach Today

DECEMBER 20, 2023

US Cyber Agency to Begin 2-Year Major Overhaul of Its Legacy AIS Program The Cybersecurity and Infrastructure Security Agency announced plans to launch a two-year effort beginning in 2024 to modernize its legacy Automated Indicator Sharing program as part of an effort to enhance collaboration with the private sector and provide more actionable data (..)

Cybersecurity 296

Cybersecurity Security IT 296

AIIM

FEBRUARY 9, 2024

Artificial Intelligence is a key focus of AIIM's new strategy , which the AIIM Board of Directors debuted in January 2024. So it's only fitting that AI take the lead at the AIIM Conference 2024 in San Antonio, Texas, April 3-5.

Artificial Intelligence 183

Artificial Intelligence IT 183

Data Breach Today

APRIL 8, 2024

Linda Gray Martin and Britta Glade on What to Expect and What's New This Year "The Art of Possible" is the theme of RSA Conference 2024, and event organizers Linda Gray Martin and Britta Glade say they may have put together the best agenda yet - featuring sessions and speakers on red-hot topics such as identity security, cloud, gen AI and operational (..)

Cloud 182

Cloud Security 182

Security Affairs

APRIL 25, 2024

Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics layer engine. Google addressed four vulnerabilities in the Chrome web browser, including a critical vulnerability tracked as CVE-2024-4058. The IT giant also fixed a high-severity flaw tracked as CVE-2024-4059.

Security 117

Security IT Information Security 117

The Last Watchdog

DECEMBER 14, 2023

What should I be most concerned about – and focus on – in 2024? In 2024, security teams will need to focus on developing automated tooling to shrink the range of issues that they need to address. Doug Dooley , COO, Data Theorem Dooley 2024 will be the year of full-stack visualization.

Cybersecurity 235

Cybersecurity Encryption Marketing Risk 235

Security Affairs

JULY 17, 2024

Void Banshee APT group exploited the Windows zero-day CVE-2024-38112 to execute code via the disabled Internet Explorer. An APT group tracked as Void Banshee was spotted exploiting the Windows zero-day CVE-2024-38112 (CVSS score of 7.5) to execute code through the disabled Internet Explorer.

Archiving 98

Archiving Ransomware Libraries Passwords 98

Security Affairs

JULY 25, 2024

The CVE-2024-21412 flaw in the Microsoft Defender SmartScreen has been exploited to deliver information stealers such as ACR Stealer, Lumma, and Meduza. Fortinet FortiGuard Labs researchers observed a malware campaign exploiting the vulnerability CVE-2024-21412 (CVSS score: 8.1) with booby-trapped files.

Education 110

Education Security Information Security Cybersecurity 110

KnowBe4

JULY 18, 2024

Our friends at the CyberWire reported: "ZeroFox and Fortinet have both published reports on threats facing the 2024 Olympics in Paris. ZeroFox says the primary cybersecurity threat will be cyberattacks from Russia, which are "likely to take the form of DDoS attacks, data compromises, and scams carried out by Russian threat actor groups."

Cybersecurity 89

Cybersecurity Phishing 89

Security Affairs

FEBRUARY 14, 2024

Zoom addressed seven vulnerabilities in its desktop and mobile applications, including a critical flaw (CVE-2024-24691) affecting the Windows software. The vulnerability CVE-2024-24691 is an improper input validation bug that could be exploited by an attacker with network access to escalate privileges. ” reads the advisory.

Authentication 123

Authentication Access IT Security 123

Security Affairs

MAY 14, 2024

VMware fixed four flaws in its Workstation and Fusion desktop hypervisors, including three zero-days exploited at the Pwn2Own Vancouver 2024 VMware addressed four vulnerabilities in its Workstation and Fusion desktop hypervisors, including three zero-day flaws demonstrated at the Pwn2Own Vancouver 2024. ” reads the advisory. .

Access 103

Access IT Security Information Security 103

Security Affairs

JULY 25, 2024

Progress Software addressed a critical remote code execution vulnerability, tracked as CVE-2024-6327, in the Telerik Report Server. Progress Software addressed a critical remote code execution flaw, tracked as CVE-2024-6327 (CVSS score of 9.9), in the Telerik Report Server that can be exploited to compromise vulnerable devices.

Authentication 70

Authentication Access Security IT 70

Security Affairs

JULY 10, 2024

Microsoft Patch Tuesday security updates for July 2024 addressed 139 flaws, including two actively exploited zero-days. The two flaws actively exploited in the wild are: CVE-2024-38080 Windows Hyper-V Elevation of Privilege Vulnerability Important 7.8 Yes No Info CVE-2024-35264.NET

IoT 93

IoT Security Information Security IT 93

Security Affairs

MARCH 9, 2024

Researchers warn that the critical vulnerability CVE-2024-21762 in Fortinet FortiOS could potentially impact 150,000 exposed devices. In February, Fortinet warned that the critical remote code execution vulnerability CVE-2024-21762 (CVSS score 9.6) in FortiOS SSL VPN was actively exploited in attacks in the wild.

Cybersecurity 137

Cybersecurity Security IT Information Security 137

Security Affairs

MARCH 27, 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during the Pwn2Own Vancouver 2024. The high-severity vulnerability CVE-2024-2886 is a use after free issue that resides in the WebCodecs. The flaw was demonstrated by Seunghyun Lee ( @0x10n ) of KAIST Hacking Lab during the Pwn2Own 2024.

IT 104

IT Information Security Security 104

Security Affairs

MARCH 22, 2024

Pwn2Own Vancouver 2024 hacking competition has ended, and participants earned $1,132,500 for demonstrating 29 unique zero-days. Trend Micro’s Zero Day Initiative (ZDI) announced that participants earned $1,132,500 on the Pwn2Own Vancouver 2024 hacking competition for demonstrating 29 unique zero-days.

Information Security 128

Information Security IT Security 128

Security Affairs

JANUARY 28, 2024

Multiple proof-of-concept (PoC) exploits for recently disclosed critical Jenkins vulnerability CVE-2024-23897 have been released. Researchers warn that several proof-of-concept (PoC) exploits targeting the recently disclosed critical Jenkins vulnerability, CVE-2024-23897 , have been made public. Exploits are already available.

Libraries 126

Libraries Authentication IT Access 126

Thales Cloud Protection & Licensing

MARCH 24, 2024

Data Security Trends: 2024 Report Analysis madhav Mon, 03/25/2024 - 05:08 Amid ongoing economic uncertainty and a progressively complex threat landscape, businesses are trying to navigate increasingly stringent regulatory requirements while bolstering their security posture. Download the full Thales 2024 Thales Data Threat Report now.

Security 139

Security Artificial Intelligence IoT Compliance 139

Data Breach Today

MAY 9, 2024

How Attacks Have Changed; New Insights Into How an Attack Affects the Business The fifth annual Sophos State of Ransomware Report combines year-on-year insights with brand-new areas of study. It includes a deep dive into ransom demands and ransom payments and shines new light on the role of law enforcement in ransomware remediation.

Ransomware 287

Ransomware IT 287

Collaboration 2.0

JULY 24, 2024

We tested the best TVs that offer a great balance between cost and premium features and have high refresh rates and crisp picture quality for catching the action of the 2024 Summer Olympics in Paris.

76

76

The Last Watchdog

JUNE 24, 2024

Just after RSAC 2024 , I had the chance to visit with Ken Rutsky , CMO at Aryaka , which is supplying yet another flavor: Unified SASE as a Service.” The post RSAC 2024: The many flavors of ‘SASE’ now includes Aryaka’s ‘Unified SASE as a Service.” LW provides consulting services to the vendors we cover.)

Cloud 130

Cloud Cybersecurity Marketing Access 130

Security Affairs

JANUARY 26, 2024

Researchers hacked the Tesla infotainment system and found 24 zero-days on day 2 of Pwn2Own Automotive 2024 hacking competition. White hat hackers from the Synacktiv Team ( @Synacktiv ) compromised the Tesla infotainment system on the second day of the Pwn2Own Automotive 2024 hacking competition. The team earned $35,000 for this hack.

Information Security 111

Information Security IT Security 111

Security Affairs

JULY 11, 2024

Multiple threat actors exploit a recently disclosed security PHP flaw CVE-2024-4577 to deliver multiple malware families. The flaw CVE-2024-4577 (CVSS score: 9.8) Greynoise researchers also reported malicious attempts of exploitation of the CVE-2024-4577. “As ” reported Akamai. . ” reported Akamai.

Honeypots 103

Honeypots File names Mining IoT 103

Security Affairs

FEBRUARY 20, 2024

Researchers from Shadowserver Foundation identified roughly 28,000 internet-facing Microsoft Exchange servers vulnerable to CVE-2024-21410. The IT giant addressed the issue with the release of Patch Tuesday security updates for February 2024. Out of 97,000 servers, 28,500 have been verified to be vulnerable to CVE-2024-21410.

Authentication 122

Authentication Ransomware Cybersecurity Security 122

The Last Watchdog

DECEMBER 13, 2023

We drilled down on a few significant developments expected to play out in 2024 and beyond. DigiCert recently released the DigiCert PQC Playground —a part of DigiCert Labs designed to let security code writers and tech enthusiasts experiment with the NIST-endorsed PQC algorithms which are slated to go into effect in 2024.

Encryption 312

Encryption IoT Authentication Security 312

Security Affairs

APRIL 6, 2024

Shadowserver researchers reported that roughly 16,500 Ivanti Connect Secure and Poly Secure gateways are vulnerable to the recently reported RCE flaw CVE-2024-21894. The flaw CVE-2024-21894 (CVSS score 8.2) is a heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x,

Security 113

Security Information Security IT 113

Security Affairs

FEBRUARY 14, 2024

Microsoft Patch Tuesday security updates for February 2024 addressed 72 flaws, two of which are actively exploited in the wild. Microsoft Patch Tuesday security updates for February 2024 resolved a total of 72 vulnerabilities, including two actively exploited zero-days.

Information Security 116

Information Security Ransomware Security IT 116