Wed.May 24, 2023

article thumbnail

Capita Issued Erroneous Breach Details, Officials Report

Data Breach Today

Local Authority Finds Sensitive Data Was Exposed Despite Assurances to the Contrary Breach notifications from British outsourcing giant Capita mount amid signs the multibillion-pound company doesn't have a firm grip on how much data it exposed. For a company that trumpets its ability to "achieve better outcomes," Capita's inability to grasp the impact of its breaches is ironic.

IT 225
article thumbnail

GUEST ESSAY: A primer on NIST 207A — guidance for adding ZTNA to cloud-native platforms

The Last Watchdog

Zero trust networking architecture (ZTNA) is a way of solving security challenges in a cloud-first world. Related: The CMMC sea change NIST SP 800-207A (SP 207A), the next installment of Zero Trust guidance from the National Institute of Standards and Technology (NIST), has been released for public review. This special publication was written for security architects and infrastructure designers; it provides useful guidance when designing ZTNA for cloud-native application platforms, especially th

Cloud 217
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

State-Aligned Actors Targeting SMBs Globally

Data Breach Today

Vulnerable Small to Midsized Organizations Are Now Favored Victims of APT Actors State-aligned hackers are increasingly targeting small and medium-sized businesses worldwide, as SMBs are more likely to be under-protected against cybersecurity threats such as phishing campaigns, according to a new report by cybersecurity firm Proofpoint.

Phishing 213
article thumbnail

GUEST ESSAY: A roadmap for wisely tightening cybersecurity in the modern workplace

The Last Watchdog

Hackers can hurt your business or organization in many ways. First and foremost, cyberattacks can lead to data breaches in which sensitive information is stolen. If a cyber-criminal uses you as a way to get at your customers, suppliers, or employees, these vital business relationships can turn sour. Related: Tapping hidden pools of security talent Sometimes hackers can encrypt your systems, holding them hostage and asking you to pay money to regain access to them.

article thumbnail

Customer Experience Management: Optimizing Your Strategy for Financial Success

Speaker: Diane Magers, Founder and Chief Experience Officer at Experience Catalysts

In the world of business, connecting the dots from experience to financial impact is an essential skill. Transforming customer engagement, Voice of Customer (VoC) insights, and Journey Maps into tangible financial outcomes poses a significant challenge for most organizations. To gain buy-in from the C-Suite and key stakeholders, it’s crucial to illustrate how Experience Management translates into clear, measurable business results.

article thumbnail

Chinese State Hacker 'Volt Typhoon' Targets Guam and US

Data Breach Today

Targets Are Critical Infrastructure - Likely for Cyberespionage, Long-Term Access A Chinese state hacker has targeted critical infrastructure in Guam and the United States with the likely intent of cyberespionage and maintaining long-term access. Microsoft dubbed the threat actor "Volt Typhoon" on Wednesday in a coordinated disclosure with the U.S. government and close allies.

More Trending

article thumbnail

US Sanctions North Korean Entities for Sending Regime Funds

Data Breach Today

1 Worker Also Sanctioned for Transferring IT Earnings to North Korean Government The U.S. government sanctioned four entities and one individual involved in helping to funnel payments from malicious activities to support the Democratic People's Republic of Korea government's illicit activities such as unlawful weapons of mass destruction and ballistic missile programs.

article thumbnail

Financial Fraud Phishing Attacks Increase 72% In One Year; Financial Industry Takes the Brunt

KnowBe4

With attackers knowing financial fraud-based phishing attacks are best suited for the one industry where the money is, this massive spike in attacks should both surprise you and not surprise you at all.

article thumbnail

CyberArk CEO Touts New Browser That Secures Privileged Users

Data Breach Today

CyberArk's new Secure Browser prevents adversaries from harvesting the credentials of privileged users who are accessing sensitive web applications. CEO Matt Cohen said this solution will help thwart attackers who are hijacking sessions on consumer-grade browsers through the use of cookies.

Security 130
article thumbnail

'Volt Typhoon' China-Backed APT Infiltrates US Critical Infrastructure Orgs

Dark Reading

According to Microsoft and researchers, the state-sponsored threat actor could very well be setting up a contingency plan for disruptive attacks on the US in the wake of an armed conflict in the South China Sea.

93
article thumbnail

How to Stay Competitive in the Evolving State of Martech

Marketing technology is essential for B2B marketers to stay competitive in a rapidly changing digital landscape — and with 53% of marketers experiencing legacy technology issues and limitations, they’re researching innovations to expand and refine their technology stacks. To help practitioners keep up with the rapidly evolving martech landscape, this special report will discuss: How practitioners are integrating technologies and systems to encourage information-sharing between departments and pr

article thumbnail

GoldenJackal APT Targeting South Asian Government Agencies

Data Breach Today

Threat Actor Shares Limited Code Similarity With Turla A suspected cyberespionage group that has been active since 2020 has targeted government and diplomatic entities in the Middle East and South Asia using a malware tool set capable of controlling victims' machines and exfiltrating system data and credentials.

article thumbnail

Barracuda Email Security Gateway (ESG) hacked via zero-day bug

Security Affairs

Barracuda warned customers that some of its Email Security Gateway (ESG) appliances were breached exploiting a zero-day vulnerability. Network security solutions provider Barracuda warned customers that some of its Email Security Gateway (ESG) appliances were recently breached by threat actors exploiting a now-patched zero-day vulnerability. The vulnerability, tracked as CVE-2023-2868, resides in the module for email attachment screening, the issue was discovered on May 19 and the company fixed

article thumbnail

North Korean APT Group Kimsuky Shifting Attack Tactics

Data Breach Today

Kimsuky Focuses on Exfiltration In Latest Campaign North Korean hackers are using custom-built malware for information exfiltration campaigns against human rights organizations. The variation of the RandomQuery malware used in this campaign has the "single objective of file enumeration and information exfiltration," says SentinelOne.

130
130
article thumbnail

5 Questions to Ask When Evaluating a New Cybersecurity Technology

Dark Reading

Any new cybersecurity technology should be not just a neutral addition to a security stack but a benefit to the other technologies or people managing them.

article thumbnail

The Essential Guide to Analytic Applications

Embedding dashboards, reports and analytics in your application presents unique opportunities and poses unique challenges. We interviewed 16 experts across business intelligence, UI/UX, security and more to find out what it takes to build an application with analytics at its core. No matter where you are in your analytics journey, you will learn about emerging trends and gather best practices from product experts.

article thumbnail

CommonSpirit Ups Cost Estimate on its 2022 Ransomware Breach

Data Breach Today

Company Executive Hopes Insurance Will Help Cover Most Costs Hospital chain CommonSpirit has upped its estimate on the financial toll incurred by a ransomware incident last fall that disrupted IT systems and patient services at some of its facilities for weeks. But company officials reportedly expect many of the costs to be covered by the company's insurance.

article thumbnail

BatLoader Malware is Now Distributed in Drive-By Attacks

KnowBe4

Malign persuasion can take many forms. We tend to hear the most about phishing (malicious emails) or smishing (malicious texts). Other threats are also worth some attention, like the risk of drive-by attacks.

article thumbnail

US Sanctions N. Korean Entities for Sending Funds to Regime

Data Breach Today

One Worker Also Sanctioned for Transferring IT Earnings to North Korean Government The U.S. government sanctioned four entities and one individual involved in helping to funnel payments from malicious activities to support the Democratic People's Republic of Korea government's illicit activities such as unlawful weapons of mass destruction and ballistic missile programs.

article thumbnail

AhRat Android RAT was concealed in iRecorder app in Google Play

Security Affairs

ESET found a new remote access trojan (RAT), dubbed AhRat, on the Google Play Store that was concealed in an Android screen recording app. ESET researchers have discovered an Android app on Google Play that was hiding a new remote access trojan (RAT) dubbed AhRat. The app, named iRecorder – Screen Recorder, has more than 50,000 installs. The app was initially uploaded to the Google Play store without malicious features on September 19 th , 2021.

article thumbnail

ABM Evolution: How Top Marketers Are Using Account-Based Strategies

In times of economic uncertainty, account-based strategies are essential. According to several business analysts and practitioners, ABM is a necessity for creating more predictable revenue. Research shows that nearly three-quarters of marketers (74%) already have the resources needed to build successful ABM programs.

article thumbnail

More Than Half of all Email-Based Cyberattacks Bypass Legacy Security Filters

KnowBe4

New data shows that changes in cybercriminals’ phishing techniques are improving their game, making it easier to make their way into a potential victim user’s inbox.

article thumbnail

Google's.zip,mov Domains Give Social Engineers a Shiny New Tool

Dark Reading

Security professionals warn that Google's new top-level domains,zip and.mov, pose social engineering risks while providing little reason for their existence.

Risk 122
article thumbnail

Redefining the consumer experience: Diageo partners with SAP and IBM on global digital transformation

IBM Big Data Hub

In an era of evolving consumer preferences and economic uncertainties, the beverage industry stands as a vibrant reflection of changing trends and shifting priorities. Despite the challenges posed by inflation and the cost-of-living crisis, a dichotomy has emerged in consumer behavior, where individuals untouched by the crisis continue to indulge in their favorite beverages, while those directly affected pivot towards more affordable luxuries, such as a bottle of something special.

article thumbnail

Iran-linked Tortoiseshell APT behind watering hole attacks on shipping and logistics Israeli websites

Security Affairs

Iran-linked threat actor Tortoiseshell targeted shipping, logistics, and financial services companies in Israel with watering hole attacks. ClearSky Cyber Security uncovered a watering hole attack on at least eight Israeli websites belonging to shipping, logistics, and financial services companies and attributed them with low confidence to the Iran-linked APT group Tortoiseshell (aka TA456 or Imperial Kitten).

article thumbnail

7+ Graphics Libraries to Enhance Your Embedded Analytics

When your customers come to your app, what do they see: clunky, outdated dashboards or a sleek, modern interface? If your embedded analytics are looking stale, leverage these free graphics libraries to take your embedded analytics offerings above and beyond. This e-book details a number of graphics libraries plus a few bonus tools to modernize your embedded dashboards.

article thumbnail

OAuth Flaw in Expo Platform Affects Hundreds of Third-Party Sites, Apps

Dark Reading

A cybersecurity vulnerability found in an implementation of the social login functionality opens the door to account takeovers and more.

article thumbnail

New Apple RSR Flaw Blocks MDM Functionality on macOS Devices

eSecurity Planet

Addigy, which provides management solutions for Apple devices, today warned that Apple’s new Rapid Security Response (RSR) updates aren’t being delivered to as many as 25 percent of macOS devices in managed environments, and that the failure to do so is also impacting mobile device management (MDM) stacks on those devices. RSR updates are new – the first batch was delivered at the beginning of this month.

MDM 83
article thumbnail

Honeywell Releases Cyber Insights to Better Identify Cybersecurity Threats and Vulnerabilities

Dark Reading

The new software-led solution enables organizations to defend against cybersecurity threats in their operational technology (OT) environments.

article thumbnail

The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea

Security Affairs

The US Department of the Treasury sanctioned four entities and one individual for their role in cyber operations conducted by North Korea. The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against four entities and one individual for their role in malicious cyber operations conducted to support the government of North Korea. “The DPRK conducts malicious cyber activities and deploys information technology (IT) workers who fraudulently obtain emp

article thumbnail

ABM Success Recipe: Mastering the Crawl, Walk, Run Approach

Shifting to an account-based marketing (ABM) strategy can be both exciting and challenging. Well-implemented ABM motions build engagement with high-value accounts and drive impactful campaigns that resonate with your audience. But where do you begin, and how do you progress from crawling to running? Watch now as Demand Gen experts delve into the essentials of each stage of the ABM process.

article thumbnail

Indiana, Iowa, and Tennessee Pass Comprehensive Privacy Laws

Schneier on Security

It’s been a big month for US data privacy. Indiana, Iowa, and Tennessee all passed state privacy laws, bringing the total number of states with a privacy law up to eight. No private right of action in any of those, which means it’s up to the states to enforce the laws.

Privacy 83
article thumbnail

Top 10 Cloud Workload Protection Platforms (CWPP) in 2023

eSecurity Planet

A cloud workload protection platform (CWPP) shields cloud workloads from a range of threats like malware, ransomware, DDoS attacks, cloud misconfigurations, insider threats, and data breaches. CWPP solutions offer uniform visibility and management for physical computers, virtual machines (VMs), containers, and serverless applications, helping to protect resources optimized to run in a cloud-based application or service.

Cloud 79
article thumbnail

Enhance Your Legal Department's Performance with Strategic Planning and Technology

Hanzo Learning Center

In-House Legal Departments, like any other business function, must be efficient and effective to deliver the best possible results. They must balance their workload, comply with regulatory requirements, and provide legal counsel to their organization in a cost-effective and streamlined manner. That’s where a Legal Operations professional can help, particularly by prioritizing strategic planning, technology, and information governance to ensure the department runs efficiently and provides the bes