Tue.May 14, 2024

article thumbnail

Microsoft Patches Zero-Day Exploited by QakBot

Data Breach Today

Kaspersky Says It Spotted QakBot Operators Exploiting the Flaw in April Microsoft issued a patch Tuesday for a Windows zero-day vulnerability that security researchers say operators of the QakBot botnet and other hackers actively exploited. The elevation of privilege vulnerability flaw is rated "important" on the CVSS scale.

Security 254
article thumbnail

Patch Tuesday, May 2024 Edition

Krebs on Security

Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two “zero-day” vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day flaw.

Libraries 246
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

UK, US Officials Warn About Chinese Cyberthreat

Data Breach Today

UK GCHQ Director Calls Chinese Hacking a 'Top Priority' Chinese-backed espionage and cyber disruption pose a major threat to global critical infrastructure as Beijing races for global edge, British and U.S. cyber officials warned Tuesday. Responding to the scale and complexity of Chinese hacking is a top British priority.

195
195
article thumbnail

Google fixes sixth actively exploited Chrome zero-day this year

Security Affairs

Google released emergency security updates to address an actively exploited Chrome zero-day vulnerability. Google has released emergency security updates to address a high-severity zero-day vulnerability vulnerability, tracked as CVE-2024-4761, in the Chrome browser. The vulnerability is an out-of-bounds write issue that resides in the V8 JavaScript engine of the Google web browser.

Libraries 132
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Cyber Insurers Pledge to Help Reduce Ransom Payments

Data Breach Today

Firms Back New Guidance for Victims From UK's National Cyber Security Centre A coalition of cyber insurance associations has pledged to back fresh government cybersecurity guidance designed to help victims avoid ever paying a ransom, as part of an ongoing push to reduce ransomware's profitability for criminals in part by improving organizations' resilience and recovery.

Insurance 189

More Trending

article thumbnail

Impact of Ascension's Cyberattack IT Outage Varies by Region

Data Breach Today

In Some Regions, ER Patients Still Diverted, Pharmacies Can't Fill Prescriptions U.S. hospital chain Ascension is making progress recovering from last week's ransomware attack, but it will take time to restore all its affected IT services, including electronic health records and systems supporting its pharmacy operations.

IT 182
article thumbnail

Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days

Security Affairs

Microsoft Patch Tuesday security updates for May 2024 fixed 59 flaws across various products including an actively exploited zero-day. Microsoft Patch Tuesday security updates for May 2024 addressed 59 vulnerabilities in Windows and Windows Components; Office and Office Components; NET Framework and Visual Studio; Microsoft Dynamics 365; Power BI; DHCP Server; Microsoft Edge (Chromium-based); and Windows Mobile Broadband.

Security 122
article thumbnail

AI Is An Expert Liar

Data Breach Today

AI Systems Lied to Win Games, Trick Humans into Solving Captcha Artificial intelligence lies like humans lie - without compunction and with premeditation. That's bad news for the people who want to rely on it, warn researchers who spotted patterns of deception in AI models trained to excel at besting the competition.

article thumbnail

Ransomware attack on Singing River Health System impacted 895,000 people

Security Affairs

The Singing River Health System revealed that the ransomware attack that hit the organization in August 2023 impacted 895,204 people. At the end of August 2023, the systems at three hospitals and other medical facilities operated by Singing River Health System (SRHS) were hit by a Rhysida ransomware attack. The Singing River Health System runs 3 hospitals and 10 clinics and is the second largest employer on the Mississippi Gulf Coast.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Tornado Cash Developer Sentenced to 5 Years in Prison

Data Breach Today

Pertsev Turned A Blind Eye to Illicit Activity on the Mixer, Dutch Court Says A Dutch court Tuesday handed Tornado Cash developer Alexey Pertsev a sentence of five years and four months for money laundering. The 31-year-old Russian national developed and maintained cryptocurrency anonymization software used to launder digital cash worth more than $2 billion.

182
182
article thumbnail

VMware fixed zero-day flaws demonstrated at Pwn2Own Vancouver 2024

Security Affairs

VMware fixed four flaws in its Workstation and Fusion desktop hypervisors, including three zero-days exploited at the Pwn2Own Vancouver 2024 VMware addressed four vulnerabilities in its Workstation and Fusion desktop hypervisors, including three zero-day flaws demonstrated at the Pwn2Own Vancouver 2024. Below are descriptions of the flaws addressed by the virtualization giant CVE-2024-22267 (CVSS score: 9.3) – A use-after-free vulnerability in the Bluetooth device.

Access 121
article thumbnail

Another Chrome Vulnerability

Schneier on Security

Google has patched another Chrome zero-day: On Thursday, Google said an anonymous source notified it of the vulnerability. The vulnerability carries a severity rating of 8.8 out of 10. In response, Google said, it would be releasing versions 124.0.6367.201/.202 for macOS and Windows and 124.0.6367.201 for Linux in subsequent days. “Google is aware that an exploit for CVE-2024-4671 exists in the wild,” the company said.

IT 112
article thumbnail

MITRE released EMB3D Threat Model for embedded devices

Security Affairs

The non-profit technology organization MITRE released the EMB3D threat model for embedded devices used in critical infrastructure. MITRE announced the public release of its EMB3D threat model for embedded devices used in various industries (i.e. Automotive, healthcare, and manufacturing), including critical infrastructure. The threat model provides a knowledge base of cyber threats to embedded devices.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

“Unknown” Initial Attack Vectors Continue to Grow and Plague Ransomware Attacks

KnowBe4

Trend analysis of ransomware attacks in the first quarter of this year reveals a continual increase in the number of "unknown" initial attack vectors, and I think I might understand why.

article thumbnail

Unlocking the power of data sharing: 4 highlights from Data Citizens ‘24

Collibra

At Data Citizens ‘24, industry leaders and experts converged to explore how they could do more with trusted data. For many attendees, this meant exploring the transformative potential of data sharing. Data Citizens offered multiple opportunities to gain practical insights and real-world examples this year. Attendees could learn about new product innovations.

Metadata 105
article thumbnail

Alert: Nova Scotians Hit by Surge of Sophisticated Spear Phishing Scams

KnowBe4

The Royal Canadian Mounted Police (RCMP) in Nova Scotia is warning of spear phishing attacks that impersonate company managers. The scammers text company employees requesting a payment to cover an urgent business need.

Phishing 104
article thumbnail

Bridging educational technology with Wonde, Think3 and Jamf

Jamf

Discover how Jamf, Wonde, and Think3 are revolutionizing educational technology. This collaboration aims to streamline operations, enhance security and empower educators.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

New Research: Number of Successful Ransomware Attacks Rise 29% in a Just One Year

KnowBe4

New analysis of Q1’s ransomware attacks uncovers a single group responsible for the lion’s share and even discusses what makes the them so successful.

article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m giving a webinar via Zoom on Wednesday, May 22, at 11:00 AM ET. The topic is “ Should the USG Establish a Publicly Funded AI Option? “ The list is maintained on this page.

84
article thumbnail

Attackers Leveraging XSS To Make Phishing Emails Increasingly Evasive

KnowBe4

Attackers are exploiting Reflected Cross-Site Scripting (XSS) flaws to bypass security filters, according to a new report from Vipre. This technique allows attackers to send benign links in phishing emails that will redirect users to malicious sites.

Phishing 100
article thumbnail

Capitalising on opportunities in a year of change

CILIP

Looking for opportunities NEW Chief Executive Louis Coiffait-Gunn says he is looking forward to leading CILIP as the profession stakes its claim as being an integral part of economic growth. With a general election to take place by January, Louis is keen to position CILIP’s members as part of the wider solution to transforming the current low-growth economy.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

CyberheistNews Vol 14 #20 Verizon: Nearly 80% of Data Breaches Involve Phishing and the Misuse of Credentials

KnowBe4

Verizon: Nearly 80% of Data Breaches Involve Phishing and the Misuse of Credentials

article thumbnail

The CFO’s role in the age of generative AI

IBM Big Data Hub

CFOs are the stewards of investment capital, orchestrating a movement with transformative technology and innovation to evolve businesses, accelerate revenue streams and drive meaningful outcomes. The current business environment has CFOs facing headwinds for decision-making in less-than-ideal conditions with rapidly shifting regulations, tedious reporting standards, ESG requirements and inflationary pressures; however, the need for growth and profit expansion remains, and as CEOs look for ways t

article thumbnail

Tory party refers itself to watchdog over alleged data breach

The Guardian Data Protection

Party reportedly copied in more than 300 email addresses in appeal to supporters to sign up for conference The Conservative party has referred itself to the data protection watchdog over an alleged data breach after it revealed hundreds of email addresses in a pitch to sign up for its annual conference. The party’s registration team, urging supporters to complete their applications for conference, reportedly copied in more than 300 addresses in a way that they could be seen by all recipients.

article thumbnail

ARMA Chicago Spring Seminar 2024 on May 21st, 2024 8am-3pm

IG Guru

Register Here The post ARMA Chicago Spring Seminar 2024 on May 21st, 2024 8am-3pm first appeared on IG GURU.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

How AI is fueling the growing market for cloud-based data unification

Reltio

Some recent rumored mergers and acquisitions have thrust the data unification and management industry under the microscope of both media and investors. Growing demand for cloud-based data unification solutions, essential for leveraging AI and unleashing digital transformation, has raised the stakes for companies in nearly every industry. The data unification industry is experiencing several durable secular trends that are driving recent attention.

article thumbnail

Revolutionizing Airport Boarding for Seamless Travel and Enhanced Passenger Experience

HID Global

Discover how the BGR700 boarding gate ticket reader revolutionizes airport boarding processes, enhances passenger experience and promotes seamless air travel.

52
article thumbnail

Following Maps from Manuscript to Print in the Bureau of Indian Affairs Irrigation Division

Unwritten Record

Recently I posted announcing the digitization of cartographic records from the Irrigation Division of the Bureau of Indian Affairs. While scanning those records, I came across some interesting maps that demonstrate the various stages a map went though before being published by the U.S. government. Before the use of aerial photographs and the development of photogrammetry (the science of making measurements from photographs), maps began as a compilation of notes and sketches created by hand in th