Mon.Jun 05, 2023

article thumbnail

Microsoft Attributes MOVEit Transfer Hack to Clop Affiliate

Data Breach Today

UK Payroll Provider Zellis' MOVEit Hack Affects British Airways, Boots and the BBC Microsoft says an affiliate of the Russian-speaking Clop ransomware gang is behind a rash of attacks exploiting a recently patched vulnerability in Progress Software's MOVEit application. Known victims include British payroll provider Zellis, which says eight corporate customers were affected.

article thumbnail

The Significance of Diversity, Equity, and Inclusion in Information Management

AIIM

In honor of Pride Month in June, I wanted to share some thoughts about diversity, equity, and inclusion (DEI) in the information management industry. The Value of DEI in the Workplace Extensive research has already established the value of DEI in the workplace, with Boston Consulting Group finding that companies with diverse leadership teams report higher innovation revenue.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Microsoft Pays $20M to Settle FTC COPPA Complaint

Data Breach Today

FTC Says Violations Stem From XBox Live Registration Process Microsoft will pay $20 million to settle a U.S. federal investigation into whether the computing giant violated children's privacy protections during the XBox Live registration process. The Federal Trade Commission accused the company of a slew of infractions.

Privacy 252
article thumbnail

GUEST ESSAY: Using generative AI to support — not replace — overworked cybersecurity pros

The Last Watchdog

As the threat of cybercrime grows with each passing year, cybersecurity must begin utilizing artificial intelligence tools to better combat digital threats. Related: Leveraging human sensors Although AI has become a powerful weapon, there’s concern it might be too effective compared to human cybersecurity professionals — leading to layoffs and replacements.

article thumbnail

10 Rules for Managing Apache Cassandra

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

article thumbnail

Psychiatry Practice Fined for Posting PHI Online

Data Breach Today

HHS Settlement Is Latest Involving Negative Social Media Responses Federal regulators have once again smacked a healthcare provider with a HIPAA settlement involving patient protected health information that was disclosed in response to a negative online review.

246
246

More Trending

article thumbnail

Iowa Reports Third Big Vendor Breach This Year

Data Breach Today

Latest Breach Affects 234,000 Individuals; Involves Recent MCNA Insurance Co. Hack The Iowa Department of Health and Human Services has reported to federal regulators its third major health data breach involving a vendor since April. This time, Iowa HHS/Medicaid says the data of nearly 234,000 individuals was compromised in a mega hack recently reported by MCNA Insurance Co.

Insurance 234
article thumbnail

[FBI ALERT] Skin Deep: The Scary Reality of New Deepfake-Enabled Sextortion

KnowBe4

Today, the FBI alerted warned against a new even more disgusting type of sextortion. Previously, these schemes involved coerced or stolen digital material, but now some criminals are using technology to create explicit content from innocent images or videos found online. This information comes from today's alert by the FBI's Internet Crime Complaint Center (IC3).

97
article thumbnail

Why Rubrik Is Looking to Break Cybersecurity's IPO Dry Spell

Data Breach Today

Data Protection Titan Could Raise More than $750M Through 2024 IPO, Reuters Reports Despite the beating new publicly traded security companies have taken during the economic downturn, Rubrik is looking to test its luck in the public market. Reuters reported Monday the firm is working with Goldman Sachs, Barclays and Citigroup in preparation for an IPO that could take place in 2024.

article thumbnail

Digitizing Records: File Format Requirements

National Archives Records Express

This is the sixth in a series of posts supporting the publication of 36 CFR section 1236 subpart E – Digitizing Permanent Records. All of the posts have been collected under the 36 CFR Section 1236 category. Digital PDP11 DIGITAL EQUIPMENT MODEL 704 AND 420. NAID: 17423632 This week we continue to review the new rule 36 CFR 1236 Subpart E. In this post, we discuss § 1236.48–File Format Requirements.

Paper 96
article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

article thumbnail

Why Cyber Defenders Need Partnerships, Tools and Education

Data Breach Today

In this episode of "Cybersecurity Insights," Lonnie Price of Peraton discusses the importance of partnerships between the public and private sectors to help Ukrainians with the war effort. He also shares how we can become better educated and more efficient as cyber defenders.

Education 130
article thumbnail

KeePass fixed the bug that allows the extraction of the cleartext master password

Security Affairs

KeePass addressed the CVE-2023-32784 bug that allows the extraction of the cleartext master password from the memory of the client. KeePass has addressed the CVE-2023-32784 vulnerability, which allowed the retrieval of the clear-text master password from the client’s memory. KeePass is a free and open-source software used to securely manage passwords.

article thumbnail

The Software-Defined Car

Schneier on Security

Developers are starting to talk about the software-defined car. For decades, features have accumulated like cruft in new vehicles: a box here to control the antilock brakes, a module there to run the cruise control radar, and so on. Now engineers and designers are rationalizing the way they go about building new models, taking advantage of much more powerful hardware to consolidate all those discrete functions into a small number of domain controllers.

Risk 93
article thumbnail

Microsoft blames Clop ransomware gang for ‘MOVEit Transfer’ attacks

Security Affairs

Microsoft attributes the recent campaign exploiting a zero-day in the MOVEit Transfer platform to the Clop ransomware gang. The Clop ransomware gang (aka Lace Tempest ) is credited by Microsoft for the recent campaign that exploits a zero-day vulnerability, tracked as CVE-2023-34362 , in the MOVEit Transfer platform. Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Clop extortion

article thumbnail

10 Rules for Managing Apache Kafka

Without proper guidance, it’s easy to miss out on Kafka’s full capabilities. While not the easiest technology to optimize, Kafka rewards those willing to explore its depths. Under the hood, it is an elegant system for stream processing, event sourcing, and data integration. Download this white paper to learn the 10 critical rules that will help you optimize your Kafka system and unlock its full potential.

article thumbnail

New Phishing Campaign Uses Hyperlinked Images for Fake Gift Cards and Promotions

KnowBe4

A phishing campaign is using hyperlinked images in order to trick users into visiting malicious sites, according to Jeremy Fuchs at Avanan. The emails contain images that offer gift cards or promotions for Delta or Kohls.

article thumbnail

Idaho Hospitals hit by a cyberattack that impacted their operations

Security Affairs

Last week two eastern Idaho hospitals and their clinics were hit by a cyberattack that temporarily impacted their operations. Last week the Idaho Falls Community Hospital was hit by a cyber attack that impacted its operations. Officials at the hospital confirmed that some clinics closed due to the cyber attack and some ambulances have been diverted to nearby hospitals.

article thumbnail

Gigabyte Slams Backdoor Shut With Attack-Killing BIOS Update

Dark Reading

A firmware update for hundreds of Gigabyte PC models gets rid of a backdoor capability that could be hijacked by cybercriminals, the company says.

96
article thumbnail

Spanish bank Globalcaja confirms Play ransomware attack

Security Affairs

Play ransomware group claims responsibility for a ransomware attack that hit Globalcaja, one of the major banks in Spain. Globalcaja is a financial institution in the autonomous community of Castilla-La Mancha, it has more than 300 offices across Spain and provides banking services to more than half a million clients. Globalcaja was the victim of a Play ransomware attack that impacted operations at several offices of the bank.

article thumbnail

Navigating the Future: Generative AI, Application Analytics, and Data

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

article thumbnail

Microsoft Links MOVEit Attack to Cl0p as British Airways, BBC Fall

Dark Reading

Some billion-dollar organizations have already been identified as victims of the prolific ransomware group's latest exploit, amidst ongoing attacks.

article thumbnail

Experts warn of a surge of TrueBot activity in May 2023

Security Affairs

VMware’s Carbon Black Managed Detection and Response (MDR) team observed a surge of TrueBot activity in May 2023. Researchers at VMware’s Carbon Black Managed Detection and Response (MDR) team warn of a surge of TrueBot activity in May 2023. Truebot has been active since 2017 and some researchers linked it to the Silence Group , while a recent investigation linked it to threat actor TA505 (aka Evil Corp).

article thumbnail

Moonlighter Satellite Offers In-Orbit Target for Space Hackers

Dark Reading

Moonlighter, which offers red teams a chance at operational disruption, will be up for pwning at in August, timed with DEF CON.

97
article thumbnail

British Airways, BBC and Boots were impacted the by Zellis data breach

Security Affairs

The BBC and British Airways were both impacted by the data breach suffered by the payroll provider Zellis. As a result of the cyber attack on the payroll provider Zellis, the personal data of employees at the BBC and British Airways has been compromised and exposed. “Zellis, a payroll company based in the UK, is understood to have been impacted by a cyber security attack targeting file transfer company MOVEit, with British Airways among the firms impacted” reported The Mirror. “

article thumbnail

Get Better Network Graphs & Save Analysts Time

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

article thumbnail

Apple Expands Its On-Device Nudity Detection to Combat CSAM

WIRED Threat Level

Instead of scanning iCloud for illegal content, Apple’s tech will locally flag inappropriate images for kids. And adults are getting an opt-in nudes filter too.

IT 78
article thumbnail

Magecart campaign abuses legitimate sites to host web skimmers and act as C2

Security Affairs

A new ongoing Magecart web skimmer campaign abuse legitimate websites to act as makeshift command and control (C2) servers. Akamai researchers discovered a new ongoing Magecart web skimmer campaign aimed at stealing personally identifiable information (PII) and credit card information from users in North America, Latin America, and Europe. Magecart attacks target e-commerce websites, the name “Magecart” is derived from the malicious code (JavaScript) typically injected by the attacke

CMS 72
article thumbnail

Don't Overlook Twitter's Trove of Threat Intel for Enterprise Cybersecurity

Dark Reading

Social media data can provide critical clues to help get ahead of the next cyberattack, experts say.

article thumbnail

Texas Amends State Data Breach Notification Law

Hunton Privacy

On May 27, 2023, Texas Governor Greg Abbott signed into law an amendment to Texas’s data breach notification law. The amendment shortens the time period for notifying the Texas Attorney General, requiring notification of a data breach as soon as practicable and not later than 30 days after discovery of the breach. The amendment also requires notification to the Texas Attorney General to be submitted electronically using a form accessed through the Texas Attorney General’s Internet website.

article thumbnail

How Embedded Analytics Gets You to Market Faster with a SAAS Offering

Start-ups & SMBs launching products quickly must bundle dashboards, reports, & self-service analytics into apps. Customers expect rapid value from your product (time-to-value), data security, and access to advanced capabilities. Traditional Business Intelligence (BI) tools can provide valuable data analysis capabilities, but they have a barrier to entry that can stop small and midsize businesses from capitalizing on them.

article thumbnail

After 'Inception' Attack, New Due Diligence Requirements Are Needed

Dark Reading

To stem supply chain attacks, forging a new dynamic of shared cybersecurity hygiene accountability is the right thing to do.

article thumbnail

Be a Certified Security Awareness and Culture Professional (SACP)™

KnowBe4

All, I thought it was necessary to have an independent, vendor-neutral Cert so we would have a real Certified Security Awareness and Culture Professional (SACP)™. I funded the effort after finding the great team at H Layer Credentialing. This is not something we make money on. This was meant for the community. Here is a short description and a link: Your organization's cyber threat landscape is changing lightning fast.

article thumbnail

2.5M Impacted by Enzo Biochem Data Leak After Ransomware Attack

Dark Reading

With the leak of information such as Social Security numbers, in addition to other protected information, 600,000 of the nearly 2.5 million affected are at risk for identity theft.