Tue.May 14, 2024

article thumbnail

Microsoft Patches Zero-Day Exploited by QakBot

Data Breach Today

Kaspersky Says It Spotted QakBot Operators Exploiting the Flaw in April Microsoft issued a patch Tuesday for a Windows zero-day vulnerability that security researchers say operators of the QakBot botnet and other hackers actively exploited. The elevation of privilege vulnerability flaw is rated "important" on the CVSS scale.

Security 286
article thumbnail

Patch Tuesday, May 2024 Edition

Krebs on Security

Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two “zero-day” vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day flaw.

Libraries 212
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

UK, US Officials Warn About Chinese Cyberthreat

Data Breach Today

UK GCHQ Director Calls Chinese Hacking a 'Top Priority' Chinese-backed espionage and cyber disruption pose a major threat to global critical infrastructure as Beijing races for global edge, British and U.S. cyber officials warned Tuesday. Responding to the scale and complexity of Chinese hacking is a top British priority.

190
190
article thumbnail

Google fixes sixth actively exploited Chrome zero-day this year

Security Affairs

Google released emergency security updates to address an actively exploited Chrome zero-day vulnerability. Google has released emergency security updates to address a high-severity zero-day vulnerability vulnerability, tracked as CVE-2024-4761, in the Chrome browser. The vulnerability is an out-of-bounds write issue that resides in the V8 JavaScript engine of the Google web browser.

Libraries 119
article thumbnail

10 Rules for Managing Apache Cassandra

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

article thumbnail

Cyber Insurers Pledge to Help Reduce Ransom Payments

Data Breach Today

Firms Back New Guidance for Victims From UK's National Cyber Security Centre A coalition of cyber insurance associations has pledged to back fresh government cybersecurity guidance designed to help victims avoid ever paying a ransom, as part of an ongoing push to reduce ransomware's profitability for criminals in part by improving organizations' resilience and recovery.

Insurance 184

More Trending

article thumbnail

Impact of Ascension's Cyberattack IT Outage Varies by Region

Data Breach Today

In Some Regions, ER Patients Still Diverted, Pharmacies Can't Fill Prescriptions U.S. hospital chain Ascension is making progress recovering from last week's ransomware attack, but it will take time to restore all its affected IT services, including electronic health records and systems supporting its pharmacy operations.

IT 176
article thumbnail

Another Chrome Vulnerability

Schneier on Security

Google has patched another Chrome zero-day: On Thursday, Google said an anonymous source notified it of the vulnerability. The vulnerability carries a severity rating of 8.8 out of 10. In response, Google said, it would be releasing versions 124.0.6367.201/.202 for macOS and Windows and 124.0.6367.201 for Linux in subsequent days. “Google is aware that an exploit for CVE-2024-4671 exists in the wild,” the company said.

IT 107
article thumbnail

AI Is An Expert Liar

Data Breach Today

AI Systems Lied to Win Games, Trick Humans into Solving Captcha Artificial intelligence lies like humans lie - without compunction and with premeditation. That's bad news for the people who want to rely on it, warn researchers who spotted patterns of deception in AI models trained to excel at besting the competition.

article thumbnail

VMware fixed zero-day flaws demonstrated at Pwn2Own Vancouver 2024

Security Affairs

VMware fixed four flaws in its Workstation and Fusion desktop hypervisors, including three zero-days exploited at the Pwn2Own Vancouver 2024 VMware addressed four vulnerabilities in its Workstation and Fusion desktop hypervisors, including three zero-day flaws demonstrated at the Pwn2Own Vancouver 2024. Below are descriptions of the flaws addressed by the virtualization giant CVE-2024-22267 (CVSS score: 9.3) – A use-after-free vulnerability in the Bluetooth device.

Access 106
article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

article thumbnail

Tornado Cash Developer Sentenced to 5 Years in Prison

Data Breach Today

Pertsev Turned A Blind Eye to Illicit Activity on the Mixer, Dutch Court Says A Dutch court Tuesday handed Tornado Cash developer Alexey Pertsev a sentence of five years and four months for money laundering. The 31-year-old Russian national developed and maintained cryptocurrency anonymization software used to launder digital cash worth more than $2 billion.

176
176
article thumbnail

Alert: Nova Scotians Hit by Surge of Sophisticated Spear Phishing Scams

KnowBe4

The Royal Canadian Mounted Police (RCMP) in Nova Scotia is warning of spear phishing attacks that impersonate company managers. The scammers text company employees requesting a payment to cover an urgent business need.

article thumbnail

Secrecy Concerns Mount Over Spy Powers Targeting US Data Centers

WIRED Threat Level

A coalition of digital rights groups is demanding the US declassify records that would clarify just how expansive a major surveillance program really is.

Privacy 108
article thumbnail

MITRE released EMB3D Threat Model for embedded devices

Security Affairs

The non-profit technology organization MITRE released the EMB3D threat model for embedded devices used in critical infrastructure. MITRE announced the public release of its EMB3D threat model for embedded devices used in various industries (i.e. Automotive, healthcare, and manufacturing), including critical infrastructure. The threat model provides a knowledge base of cyber threats to embedded devices.

article thumbnail

10 Rules for Managing Apache Kafka

Without proper guidance, it’s easy to miss out on Kafka’s full capabilities. While not the easiest technology to optimize, Kafka rewards those willing to explore its depths. Under the hood, it is an elegant system for stream processing, event sourcing, and data integration. Download this white paper to learn the 10 critical rules that will help you optimize your Kafka system and unlock its full potential.

article thumbnail

Bridging educational technology with Wonde, Think3 and Jamf

Jamf

Discover how Jamf, Wonde, and Think3 are revolutionizing educational technology. This collaboration aims to streamline operations, enhance security and empower educators.

article thumbnail

Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days

Security Affairs

Microsoft Patch Tuesday security updates for May 2024 fixed 59 flaws across various products including an actively exploited zero-day. Microsoft Patch Tuesday security updates for May 2024 addressed 59 vulnerabilities in Windows and Windows Components; Office and Office Components; NET Framework and Visual Studio; Microsoft Dynamics 365; Power BI; DHCP Server; Microsoft Edge (Chromium-based); and Windows Mobile Broadband.

Security 102
article thumbnail

Attackers Leveraging XSS To Make Phishing Emails Increasingly Evasive

KnowBe4

Attackers are exploiting Reflected Cross-Site Scripting (XSS) flaws to bypass security filters, according to a new report from Vipre. This technique allows attackers to send benign links in phishing emails that will redirect users to malicious sites.

article thumbnail

Ransomware attack on Singing River Health System impacted 895,000 people

Security Affairs

The Singing River Health System revealed that the ransomware attack that hit the organization in August 2023 impacted 895,204 people. At the end of August 2023, the systems at three hospitals and other medical facilities operated by Singing River Health System (SRHS) were hit by a Rhysida ransomware attack. The Singing River Health System runs 3 hospitals and 10 clinics and is the second largest employer on the Mississippi Gulf Coast.

article thumbnail

Navigating the Future: Generative AI, Application Analytics, and Data

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m giving a webinar via Zoom on Wednesday, May 22, at 11:00 AM ET. The topic is “ Should the USG Establish a Publicly Funded AI Option? “ The list is maintained on this page.

78
article thumbnail

The CFO’s role in the age of generative AI

IBM Big Data Hub

CFOs are the stewards of investment capital, orchestrating a movement with transformative technology and innovation to evolve businesses, accelerate revenue streams and drive meaningful outcomes. The current business environment has CFOs facing headwinds for decision-making in less-than-ideal conditions with rapidly shifting regulations, tedious reporting standards, ESG requirements and inflationary pressures; however, the need for growth and profit expansion remains, and as CEOs look for ways t

article thumbnail

Unlocking the power of data sharing: 4 highlights from Data Citizens ‘24

Collibra

At Data Citizens ‘24, industry leaders and experts converged to explore how they could do more with trusted data. For many attendees, this meant exploring the transformative potential of data sharing. Data Citizens offered multiple opportunities to gain practical insights and real-world examples this year. Attendees could learn about new product innovations.

article thumbnail

Tory party refers itself to watchdog over alleged data breach

The Guardian Data Protection

Party reportedly copied in more than 300 email addresses in appeal to supporters to sign up for conference The Conservative party has referred itself to the data protection watchdog over an alleged data breach after it revealed hundreds of email addresses in a pitch to sign up for its annual conference. The party’s registration team, urging supporters to complete their applications for conference, reportedly copied in more than 300 addresses in a way that they could be seen by all recipients.

article thumbnail

Get Better Network Graphs & Save Analysts Time

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

article thumbnail

CyberheistNews Vol 14 #20 Verizon: Nearly 80% of Data Breaches Involve Phishing and the Misuse of Credentials

KnowBe4

Verizon: Nearly 80% of Data Breaches Involve Phishing and the Misuse of Credentials

article thumbnail

Revolutionizing Airport Boarding for Seamless Travel and Enhanced Passenger Experience

HID Global

Discover how the BGR700 boarding gate ticket reader revolutionizes airport boarding processes, enhances passenger experience and promotes seamless air travel.

52
article thumbnail

ARMA Chicago Spring Seminar 2024 on May 21st, 2024 8am-3pm

IG Guru

Register Here The post ARMA Chicago Spring Seminar 2024 on May 21st, 2024 8am-3pm first appeared on IG GURU.

article thumbnail

How to Ensure the Cybersecurity of Your Access Control Systems

HID Global

Cybersecurity of your access control systems protects sensitive data from credentials to readers, controllers, servers, software clients and more.

Access 52
article thumbnail

How Embedded Analytics Gets You to Market Faster with a SAAS Offering

Start-ups & SMBs launching products quickly must bundle dashboards, reports, & self-service analytics into apps. Customers expect rapid value from your product (time-to-value), data security, and access to advanced capabilities. Traditional Business Intelligence (BI) tools can provide valuable data analysis capabilities, but they have a barrier to entry that can stop small and midsize businesses from capitalizing on them.

article thumbnail

Following Maps from Manuscript to Print in the Bureau of Indian Affairs Irrigation Division

Unwritten Record

Recently I posted announcing the digitization of cartographic records from the Irrigation Division of the Bureau of Indian Affairs. While scanning those records, I came across some interesting maps that demonstrate the various stages a map went though before being published by the U.S. government. Before the use of aerial photographs and the development of photogrammetry (the science of making measurements from photographs), maps began as a compilation of notes and sketches created by hand in th

article thumbnail

Capitalising on opportunities in a year of change

CILIP

Looking for opportunities NEW Chief Executive Louis Coiffait-Gunn says he is looking forward to leading CILIP as the profession stakes its claim as being an integral part of economic growth. With a general election to take place by January, Louis is keen to position CILIP’s members as part of the wider solution to transforming the current low-growth economy.

article thumbnail

How AI is fueling the growing market for cloud-based data unification

Reltio

Some recent rumored mergers and acquisitions have thrust the data unification and management industry under the microscope of both media and investors. Growing demand for cloud-based data unification solutions, essential for leveraging AI and unleashing digital transformation, has raised the stakes for companies in nearly every industry. The data unification industry is experiencing several durable secular trends that are driving recent attention.