Thu.Jun 13, 2024

article thumbnail

Breach Roundup: US Federal Cyber Incidents Go Up

Data Breach Today

Also: Ukraine Arrests Alleged Ransomware Developer; Patches Galore; and Burnout This week, feds counted cyber incidents; Ukraine made arrest; BlackBasta seemed to exploit flaw; 51 flaws in Patch Tuesday; SolarWinds, JetBrains patched flaws; Alan Turning Institute debunked paper on AI; Santander wants password changes; Christie's spoke of data breach and cyber pros face burnout.

Paper 299
article thumbnail

RSAC Fireside Chat: What it will take to achieve Digital Trust in our hyper-connected future

The Last Watchdog

Confidence in the privacy and security of hyper-connected digital services is an obvious must have. Related: NIST’s quantum-resistant crypto Yet, Digital Trust today is not anywhere near the level it needs to be. At RSAC 2024 I had a wide-ranging conversation with DigiCert CEO Amit Sinha all about why Digital Trust has proven to be so elusive.

IT 163
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Learning From Others' Gaps in the Wake of Major Attacks

Data Breach Today

It's critical for CISOs to study what went wrong in major ransomware IT disruptions and breaches hitting the healthcare sector and to look closely within their own organizations for similar gaps or vulnerabilities, said Michael Prakhye, CISO of Adventist HealthCare.

article thumbnail

Multiple flaws in Fortinet FortiOS fixed

Security Affairs

Fortinet released security updates to address multiple vulnerabilities in FortiOS, including a high-severity code execution security issue. Fortinet addressed multiple vulnerabilities in FortiOS and other products, including some code execution flaws. The company states that multiple stack-based buffer overflow vulnerabilities in the command line interpreter of FortiOS [CWE-121], collectively tracked as CVE-2024-23110 (CVSS score of 7.4), can be exploited by an authenticated attacker to achieve

article thumbnail

Provide Real Value in Your Applications with Data and Analytics

The complexity of financial data, the need for real-time insight, and the demand for user-friendly visualizations can seem daunting when it comes to analytics - but there is an easier way. With Logi Symphony, we aim to turn these challenges into opportunities. Our platform empowers you to seamlessly integrate advanced data analytics, generative AI, data visualization, and pixel-perfect reporting into your applications, transforming raw data into actionable insights.

article thumbnail

China Using Hacking Competitions to Develop Domestic Talent

Data Breach Today

Government Nurtures Homegrown Talent and Hack-for-Hire Ecosystem, Research Finds China boasts many of the world's most talented zero-day vulnerability researchers as well as a strict cybersecurity law compelling individuals to assist the state, and the government doesn't appear to shy away from using both those facts to its advantage, a new research study finds.

More Trending

article thumbnail

Microsoft President Admits to Major Security Failures

Data Breach Today

Brad Smith Says the Tech Giant 'Accepts Responsibility' for Cyber Breaches Microsoft President Brad Smith testified Thursday to the House Homeland Security Committee that the tech giant "accepts responsibility" for a series of security failures identified in a federal report following multiple high-profile cyberattacks targeting government agencies and major organizations.

Security 184
article thumbnail

How to Write Good Incident Response Reports

Lenny Zeltser

Creating an informative and readable report is among the many challenges of responding to cybersecurity incidents. A good report not only answers its reader's questions but also instills confidence in the response and enables the organization to learn from the incident. This blog highlights my advice on writing such incident reports. It's based on the presentation I delivered at the RSA Conference , which offers more details and is available to you on YouTube.

article thumbnail

Cryptohack Roundup: Norway Freezes Hacked Ronin Funds

Data Breach Today

Also: Personal Data Theft From OKX; Terraform-SEC Settlement Terms This week, the Norwegian government froze funds from the Ronin hack, a hacker stole personal data of OKX users, Terraform Labs' SEC released settlement terms, "Ethereum's most secure wallet" was breached, Orbit Chain spoke about its hacked funds and scammers exploited AI hype.

article thumbnail

AI and the Indian Election

Schneier on Security

As India concluded the world’s largest election on June 5, 2024, with over 640 million votes counted, observers could assess how the various parties and factions used artificial intelligence technologies—and what lessons that holds for the rest of the world. The campaigns made extensive use of AI, including deepfake impersonations of candidates, celebrities and dead politicians.

article thumbnail

Entity Resolution: Your Guide to Deciding Whether to Build It or Buy It

Adding high-quality entity resolution capabilities to enterprise applications, services, data fabrics or data pipelines can be daunting and expensive. Organizations often invest millions of dollars and years of effort to achieve subpar results. This guide will walk you through the requirements and challenges of implementing entity resolution. By the end, you'll understand what to look for, the most common mistakes and pitfalls to avoid, and your options.

article thumbnail

NetSPI Strengthens Attack Surface Management With Hubble Buy

Data Breach Today

Acquiring Hubble Means NetSPI Can Now Manage External and Internal Attack Surfaces NetSPI acquired startup Hubble to bolster its attack surface management capabilities, promising a consolidated offering for both internal and external visibility within four months. The transaction aims to drive significant cross-selling opportunities and operational efficiencies.

IT 167
article thumbnail

Cybercriminals Use New V3B Phishing Kit to Mimic 54 Different Banks in the European Union

KnowBe4

A new phishing- as-a-service toolkit that leverages credential interception and anti-detection capabilities has put EU banks at severe risk of fraud.

Phishing 103
article thumbnail

Visual Studio Code Has a Malicious Extension Problem

Data Breach Today

Researchers Infiltrate Major Organizations Using Fake Extension Cybersecurity researchers say an experiment in developing a fake, malicious extension for Microsoft's Visual Studio Code, the world's most popular integrated development environment, succeeded beyond their wildest expectations. VSCode doesn't manage permissions or visibility, the researchers said.

article thumbnail

Google fixed an actively exploited zero-day in the Pixel Firmware

Security Affairs

Google is warning of a security vulnerability impacting its Pixel Firmware that has been actively exploited in the wild as a zero-day. Google warned of an elevation of privilege vulnerability, tracked as CVE-2024-32896, in the Pixel Firmware, which has been exploited in the wild as a zero-day. “There are indications that CVE-2024-32896 may be under limited, targeted exploitation.” reads the advisory.

article thumbnail

Deliver Mission Critical Insights in Real Time with Data & Analytics

In the fast-moving manufacturing sector, delivering mission-critical data insights to empower your end users or customers can be a challenge. Traditional BI tools can be cumbersome and difficult to integrate - but it doesn't have to be this way. Logi Symphony offers a powerful and user-friendly solution, allowing you to seamlessly embed self-service analytics, generative AI, data visualization, and pixel-perfect reporting directly into your applications.

article thumbnail

Treasury Seeks Industry, Academic Insight on AI Use, Risks

Data Breach Today

Department Is Asking for Information About How AI Is Used in Financial Products The financial services industry is no stranger to artificial intelligence - leading the sector's U.S. regulator to pose questions such as whether institutions can explain AI outcomes and the technology's role in risk management and internal operations.

article thumbnail

CILIP response to the Labour Party Manifesto

CILIP

CILIP response to the Labour Party Manifesto Image of Houses of Parliament via Flickr, by Wally Gobetz There are some positive proposals from the Labour Party manifesto. It recognises the importance of knowledge and information as key components for the nation's future economic prosperity. A National Data Library could ensure public services are built on the latest data and high-quality research, delivering world-leading innovation in a way that makes the most of public funding.

article thumbnail

Worker-Downloaded Malware Caused Ascension Ransomware Attack

Data Breach Today

All Patients, Employees Offered Credit Monitoring While Investigation Continues Ransomware attackers stole files that potentially contain patient and employee data from seven of Ascension's 25,000 servers. The hackers gained access to the organization's network when an employee inadvertently downloaded a file containing malware, said the Missouri-based healthcare system.

article thumbnail

WWDC 2024 Highlights: Key Takeaways for IT Admins and Security Professionals

Jamf

At WWDC 2024, Apple unveiled a suite of updates across its platforms. This year, Apple re-iterated its focus on privacy, user experience and seamless integration within its ecosystem. Apple also introduced Apple Intelligence, which will deliver major enhancements across all platforms.

IT 81
article thumbnail

10 Rules for Managing Apache Cassandra

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

article thumbnail

Pakistan's 'Cosmic Leopard' Is Targeting India With RATs

Data Breach Today

Threat Actor Uses Admin Panel to Track Multiple Campaigns A likely Pakistani cyberespionage operation has expanded its tool set since it first targeted Indian officials, likely in 2016. That's probable evidence the threat actor has "seen a high degree of success," say researchers from Cisco Talos. They dubbed the threat actor "Cosmic Leopard.

IT 157
article thumbnail

CILIP response to the Green Party Manifesto

CILIP

CILIP response to the Green Party Manifesto Image of Victoria Tower via UK Parliament Flickr CILIP welcomes the Green Party manifesto's focus on funding libraries and other cultural organisations with an additional £5bn. We agree that arts, culture and sports are central to people’s enjoyment of life, to their mental and physical wellbeing, and to thriving communities.

article thumbnail

T-Mobile unlocks marketing efficiency with Adobe Workfront

IBM Big Data Hub

With 109 million customers and counting, “uncarrier” T-Mobile is one of the top mobile communications providers in the U.S. The company always puts the customer first, which it achieves by delivering the right experiences and content to the right customers at the right time. But with different sub-brands and business units, T-Mobile’s marketing and content workflows were complex—and often inefficient and disconnected.

article thumbnail

GSA / NARA Webinar for SIN 518210DC Contractors 

National Archives Records Express

On May 23, 2024, GSA hosted a webinar on the new Subgroup under SIN 518210DC: NARA-Compliant Digitization Services for Federal Records. We presented an overview of the digitization regulations and GSA shared how to add this new subgroup to vendor contracts. We also had a Q&A segment to address attendee questions. We recommend vendors who meet the capabilities add this Subgroup to their contracts (if you have not already done so).

article thumbnail

Using Data & Analytics for Improving Healthcare Innovation and Outcomes

In the rapidly evolving healthcare industry, delivering data insights to end users or customers can be a significant challenge for product managers, product owners, and application team developers. The complexity of healthcare data, the need for real-time analytics, and the demand for user-friendly interfaces can often seem overwhelming. But with Logi Symphony, these challenges become opportunities.

article thumbnail

Understanding MITRE ATT&CK and Tidal Cyber Vendor Registry

OpenText Information Management

In the ever-evolving cybersecurity landscape, staying ahead of the growing number of threats is a continuous challenge. Two critical resources in this fight are the MITRE ATT&CK framework and the Tidal Cyber Vendor Registry. These platforms provide invaluable insights and tools to help organizations fortify their cyber defenses against attackers.

article thumbnail

How to scale technology in hard hat industries

Jamf

As manufacturing and hard hat industries approach the next industrial revolution, mobile technologies are poised to drive the transformation. Learn how having Jamf and Apple help this industry transition to the digital age.

article thumbnail

Microcontrollers vs. microprocessors: What’s the difference?

IBM Big Data Hub

Microcontroller units (MCUs) and microprocessor units (MPUs) are two kinds of integrated circuits that, while similar in certain ways, are very different in many others. Replacing antiquated multi-component central processing units (CPUs) with separate logic units, these single-chip processors are both extremely valuable in the continued development of computing technology.

article thumbnail

WWDC 2024 highlights: Key takeaways to get excited about for key industry workflows

Jamf

Get an overview of the exciting announcements from the 2024 Apple Worldwide Developers Conference (WWDC). Learn how these updates to iOS 18, iPadOS 18 and watchOS 11 empower deskless employees to do their best work.

40
article thumbnail

10 Rules for Managing Apache Kafka

Without proper guidance, it’s easy to miss out on Kafka’s full capabilities. While not the easiest technology to optimize, Kafka rewards those willing to explore its depths. Under the hood, it is an elegant system for stream processing, event sourcing, and data integration. Download this white paper to learn the 10 critical rules that will help you optimize your Kafka system and unlock its full potential.

article thumbnail

Angular State Management: Best Practices To Advance Your Project

Enterprise Software Blog

When we are building Angular apps with heavy data communications, we need to consider a holistic approach, addressing factors like data efficiency, network latency, scalability, resource management, testing, and UX. And one of the things that is extremely vital for avoiding data conflicts while keeping the app scalable and consistent is effective Angular State Management.