Mon.Sep 25, 2023

article thumbnail

Data Breach Toll Tied to Clop Group's MOVEit Attacks Surges

Data Breach Today

2,050 Organizations Affected After Data Stolen From Secure File-Sharing Software The count of organizations affected by the Clop ransomware group's most recent mass targeting of Progress Software's secure file transfer software doubled last week. National Student Clearinghouse warned that data tied to nearly 900 colleges and universities had been stolen from its MOVEit server.

article thumbnail

GUEST ESSAY: A roadmap for the finance teams at small businesses to improve cybersecurity

The Last Watchdog

If you’re a small business looking for the secret sauce to cybersecurity, the secret is out: start with a cybersecurity policy and make the commitment to security a business-wide priority. Related: SMBs too often pay ransom Small businesses, including nonprofit organizations, are not immune to cyberattacks. The average cost of a cybersecurity breach was $4.45 million in 2023, according to IBM’s Cost of a Data Breach Report, and over 700,000 small businesses were targeted in cybersecurity attacks

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Deadglyph Backdoor Targeting Middle Eastern Government

Data Breach Today

Backdoor Is Associated With Stealth Falcon APT Group Security researchers discovered a novel backdoor targeting a governmental agency in the Middle East for espionage purposes. Deadglyph is unique because it's made up of different parts written in different programming languages: native x64 binary and a.NET assembly.

article thumbnail

Your Boss’s Spyware Could Train AI to Replace You

WIRED Threat Level

Corporations are using software to monitor employees on a large scale. Some experts fear the data these tools collect could be used to automate people out of their jobs.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Bermuda Struggles to Recover From Cyberattack

Data Breach Today

Bermuda Premier Attributes the Incident to 'Russia-Based' Attackers Bermuda government workers Monday remained cut off from email and normal telephone systems following a hacking incident disclosed late last week. Bermuda Premier David Burt on Thursday attributed the hack to "Russia-based actors," without elaborating.

More Trending

article thumbnail

How to Overcome Practitioner Concerns Over Cisco-Splunk Deal

Data Breach Today

Forrester's Allie Mellen on Issues Posed by Cisco's M&A Track Record, Splunk's Cost Security practitioners are skeptical of Cisco's proposed $28 billion Splunk purchase given the networking giant's track record around funding and investing in previous acquisition targets. Forrester's Allie Mellen expects some customers to try out other SIEM tools given Cisco's heritage in hardware.

Security 278
article thumbnail

Cybercriminals Use Google Looker Studio to Host Crypto Scam to Steal Money and Credentials

KnowBe4

Security researchers at Check Point have discovered yet another attack that leverages legitimate web applications to host attacks in order to bypass security scanners.

Security 118
article thumbnail

How Will SEC Rules Affect Reporting, Tracking of Incidents?

Data Breach Today

TrustedSec's Alex Hamerstone on New US Securities and Exchange Commission Rules Under new U.S. Securities and Exchange Commission rules, companies must disclose material cybersecurity incidents and annually report on cybersecurity risk management, strategy and governance. Alex Hamerstone, advisory solutions director at TrustedSec, discussed the challenges ahead.

article thumbnail

Tools From Cybercrime Software Vendor W3LL Found to be Behind the Compromise of 56K Microsoft 365 Accounts

KnowBe4

A new report uncovers the scope and sophistication found in just one cybercrime vendor’s business that has aided credential harvesting and impersonation attacks for the last 6 years.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

CommonSpirit Details Financial Fallout of $160M Cyberattack

Data Breach Today

No Word Yet on Hospital Chain's Cyber Insurance Claim, Multiple Lawsuits Pending Chicago-based CommonSpirit is still waiting to hear back on its insurance claim for an October 2022 ransomware attack, but the hospital chain said disruption of some facilities and "significantly" hampered billing and collection activities contributed to a $1.4 billion operating loss for the year.

Insurance 273
article thumbnail

Congratulations to our Jammies Awards Winners

Jamf

Congratulations to the winners of the 2023 Jammies Awards, the customer appreciation awards celebrating those who exemplify Jamf values and innovative usage of Jamf solutions.

111
111
article thumbnail

Polish Privacy Regulator Probes OpenAI's ChatGPT

Data Breach Today

Agency Is the Latest in a String of European Regulators to Scrutinize the LLM The Polish data regulator launched a probe into OpenAI's ChatGPT for potential privacy violations of the European General Data Protection Regulation. The Polish regulator is the third European data protection agency to raise privacy concerns related to ChatGPT.

Privacy 267
article thumbnail

MOVEit Flaw Leads to 900 University Data Breaches

Dark Reading

National Student Clearinghouse, a nonprofit serving thousands of universities with enrollment services, exposes more than 900 schools within its MOVEit environment.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

CyberArk, BeyondTrust, Delinea Dominate Gartner MQ for PAM

Data Breach Today

One Identity, Wallix, Arcon Exit Leaders Space as Privileged Access Market Matures CyberArk, BeyondTrust and Delinea maintained their spots atop Gartner's privileged access management Magic Quadrant, while One Identity, Wallix and Arcon fell from the leader ranks. Over the past half-decade, PAM has gone from being required for large companies to being an insurance prerequisite.

Insurance 263
article thumbnail

New Wave of Hospitality Phishing Attacks: Compromise User Credentials, Then Go Phish

KnowBe4

The hospitality sector is seeing a new wave of phishing attacks. These new attacks are more plausible because they begin with compromised credentials and move to fraudulent emails sent from within a trusted network. The compromised systems are legitimate booking sites; the victims are the guests.

Phishing 110
article thumbnail

Crooks stole $200 million worth of assets from Mixin Network

Security Affairs

Crooks stole $200 million from Mixin Network, a free, lightning fast and decentralized network for transferring digital assets. Mixin Network, the Hong Kong-based crypto firm behind a free, lightning fast and decentralized network for transferring digital assets announced it has suffered a $200 million cyber heist. The company suspended deposits and withdrawals immediately after the discovery of the security breach that took place early in the morning of September 23, 2023.

article thumbnail

Organizations Starting to Understand the Impact of Ransomware, But Their Efforts Not Enough to Overcome Infostealer Malware

KnowBe4

Recent findings in a SpyCloud report shows companies are starting to recognize and shift their priorities to defend against ransomware attacks, but the use of infostealer malware still has a high success rate for cybercriminals.

article thumbnail

The Big Payoff of Application Analytics

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

article thumbnail

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Security Affairs

A stealthy APT group tracked as Gelsemium was observed targeting a Southeast Asian government between 2022 and 2023. Palo Alto Unit42 researchers an APT group tracked as Gelsemium targeting a Southeast Asian government. The experts tracked the cluster as CL-STA-0046, the malicious activity spanned over six months between 2022-2023. The activity was characterized by the use of a combination of rare tools and techniques to gain access to the target network and collect intelligence from sensitive I

article thumbnail

[NEW RELEASE]: Unleash the Power of Cybersecurity Education with KnowBe4’s 'Hack-A-Cat' on Roblox

KnowBe4

What do cheese, fish and cybersecurity training have in common? Each of these comes together to help keep kids informed about cyber threats and cybersecurity best practices with KnowBe4’s first ever entry into the Roblox gaming platform: Hack-A-Cat!

article thumbnail

Cyber Hygiene: A First Line of Defense Against Evolving Cyberattacks

Dark Reading

Back to basics is a good start, but too often security teams don't handle their deployment correctly. Here's how to avoid the common pitfalls.

Security 109
article thumbnail

A phishing campaign targets Ukrainian military entities with drone manual lures

Security Affairs

A phishing campaign targets Ukrainian military entities using drone manuals as lures to deliver the post-exploitation toolkit Merlin. Securonix researchers recently uncovered a phishing campaign using a Pilot-in-Command (PIC) Drone manual document as a lure to deliver a toolkit dubbed Merlin. The campaign, codenamed STARK#VORTEX by Securonix, targets Ukrainian military entities and CERT-UA attributed it to a threat actor tracked as UAC-0154.

article thumbnail

A Tale of Two Case Studies: Using LLMs in Production

Speaker: Tony Karrer, Ryan Barker, Grant Wiles, Zach Asman, & Mark Pace

Join our exclusive webinar with top industry visionaries, where we'll explore the latest innovations in Artificial Intelligence and the incredible potential of LLMs. We'll walk through two compelling case studies that showcase how AI is reimagining industries and revolutionizing the way we interact with technology. Some takeaways include: How to test and evaluate results 📊 Why confidence scoring matters 🔐 How to assess cost and quality 🤖 Cross-platform cost vs. quality tr

article thumbnail

UAE-Linked 'Stealth Falcon' APT Mimics Microsoft in Homoglyph Attack

Dark Reading

The cyberattackers are using the "Deadglyph" custom spyware, whose full capabilities have not yet been uncovered.

117
117
article thumbnail

MFA Defenses Fall Victim to New Phishing-As-A-Service Offerings

KnowBe4

ZeroFox warns that phishing-as-a-service (PhaaS) offerings are increasingly including features to bypass multi-factor authentication.

Phishing 107
article thumbnail

The Hot Seat: CISO Accountability in a New Era of SEC Regulation

Dark Reading

Updated cybersecurity regulations herald a new era of transparency and accountability in the face of escalating industry vulnerabilities.

article thumbnail

A Tricky New Way to Sneak Past Repressive Internet Censorship

WIRED Threat Level

With the number of internet blackouts on the rise, cybersecurity firm eQualitie figured out how to hide censored online news in satellite TV signals.

article thumbnail

Monetizing Analytics Features

Think your customers will pay more for data visualizations in your application? Five years ago, they may have. But today, dashboards and visualizations have become table stakes. Turning analytics into a source of revenue means integrating advanced features in unique, hard-to-steal ways. Download this white paper to discover which features will differentiate your application and maximize the ROI of your analytics.

article thumbnail

Don't Get Burned by CAPTCHAs: A Recipe for Accurate Bot Protection

Dark Reading

Traditional CAPTCHAs, such as reCAPTCHA, no longer protect online businesses adequately. Real users hate them. Bots bypass them. It's time to upgrade.

IT 93
article thumbnail

Happy Compliance Officer Day!

Thales Cloud Protection & Licensing

Happy Compliance Officer Day! madhav Tue, 09/26/2023 - 05:57 The summer vacation seems a distant memory and my wife and I are firmly back in the routine of our kids being at school – with the added benefiting of the extra peace and quiet during business calls. One thing that changed this year is that our son asked if he could cycle to school with his friend.

article thumbnail

Xenomorph Android Malware Targets Customers of 30 US Banks

Dark Reading

The Trojan had mainly been infecting banks in Europe since it first surfaced more than one year ago.

IT 114