Thu.May 23, 2024

article thumbnail

Breach Roundup: Fluent Bit Flaw Is Risky for Cloud Providers

Data Breach Today

Also: Spanish Hacker Alcasec Arrested Again This week, Fluent Bit contains a flaw, Microsoft is nuking VBScript, Irish police and the SEC face fines, a man was sentenced for BEC, a flaw was found in Netflix's Genie, an Australia university said it was breached and Black Basta claimed an attack, and hacker Alcasec was arrested again.

Cloud 299
article thumbnail

Stark Industries Solutions: An Iron Hammer in the Cloud

Krebs on Security

The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. An investigation into Stark Industries reveals it is being used as a global proxy network that conceals the true source of cyberattacks and disinformation c

Cloud 273
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Rockwell Automation Says to Disconnect ICS From the Internet

Data Breach Today

Advisory Says Disconnecting ICS Reduces Exposure to Malicious Cyber Activities Rockwell Automation warned customers to disconnect industrial control systems from the internet, citing escalating cyberthreats and rising global geopolitical tensions. Disconnecting these systems is a proactive measure to reduce the attack surface.

256
256
article thumbnail

A Leak of Biometric Police Data Is a Sign of Things to Come

WIRED Threat Level

Thousands of fingerprints and facial images linked to police in India have been exposed online. Researchers say it’s a warning of what will happen as the collection of biometric data increases.

Privacy 116
article thumbnail

10 Rules for Managing Apache Cassandra

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

article thumbnail

Active Chinese Cyberespionage Campaign Rifling Email Servers

Data Breach Today

'Rare Tools' Employed in 'Operation Diplomatic Specter,' Threat Researchers Find Security researchers warn that an active Chinese global cyberespionage campaign continues to target at least nine different governments across Asia, the Middle East and Africa, and specializes in gaining and maintaining persistence to email servers to amass intelligence, sometimes daily.

More Trending

article thumbnail

Cryptohack Roundup: $206M Gala Games Exploit

Data Breach Today

Also: Pump.fun Hack, Arrests in $73M Pig-Butchering Scam This week, Gala Games and Pump.fun were hacked; alleged pig-butchering scammers, Incognito admin and illicit banking racketeers were arrested; Pink Drainer was shut down; the U.S. House approved a crypto bill; a man pleaded guilty to wire fraud; and tech companies formed a scam-fighting coalition.

161
161
article thumbnail

Chinese actor ‘Unfading Sea Haze’ remained undetected for five years

Security Affairs

A previously unknown China-linked threat actor dubbed ‘Unfading Sea Haze’ has been targeting military and government entities since 2018. Bitdefender researchers discovered a previously unknown China-linked threat actor dubbed ‘Unfading Sea Haze’ that has been targeting military and government entities since 2018. The threat group focuses on entities in countries in the South China Sea, experts noticed TTP overlap with operations attributed to APT41.

Archiving 111
article thumbnail

Bugcrowd Buys Informer to Enhance Attack Surface Management

Data Breach Today

First Purchase in Bugcrowd's History to Boost Attack Surface Management, Visibility Bugcrowd has acquired Informer to enhance its external attack surface management, giving customers better visibility and security. The integration will bring Bugcrowd's existing bug bounty and penetration testing offerings together with new capabilities such as brand impersonation detection.

Security 152
article thumbnail

Dairy Farmers of America takes a fresh approach to key business processes

OpenText Information Management

At Dairy Farmers of America , we work with more than 6,200 affiliated farms across the country. As a milk marketing cooperative, we’re owned by the farmers who produce our products—and wherever you live, you’re probably not far from one of our thousands of farmer-owners. Driving 24/7 operations Because dairy products have a relatively short shelf life, our production processes must run seven days a week, 365 days a year.

ECM 107
article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

article thumbnail

Air-Ground Ambulance Firm Tells 858,000 of Hack 1 Year Ago

Data Breach Today

It's the Latest Hack Reported in Recent Weeks by an Ambulance Services Provider An Illinois-based air-ground ambulance company is notifying more than 858,000 individuals that their sensitive information was compromised in a hacking incident that happened about a year ago. The breach is the latest hack on an ambulance company reported to regulators in recent weeks.

IT 152
article thumbnail

APT41: The threat of KeyPlug against Italian industries

Security Affairs

Tinexta Cyber’s Zlab Malware Team uncovered a backdoor known as KeyPlug employed in attacks against several Italian industries During an extensive investigation, Tinexta Cyber’s Zlab Malware Team uncovered a backdoor known as KeyPlug , which hit for months a variety of Italian industries. This backdoor is attributed to the arsenal of APT41,a group whose origin is tied to China.

article thumbnail

The Aspen Institute's Jeff Greene Is Headed to CISA

Data Breach Today

Former White House, Symantec Executive Will Rejoin Government Reports say former White House cybersecurity official and cybersecurity executive Jeff Greene will join CISA to replace outgoing official Eric Goldstein as executive assistant director for cybersecurity, although the agency has not confirmed it.

article thumbnail

From Boredom to Engagement: Gamification in Cybersecurity Awareness

KnowBe4

As someone who can barely keep up when my 10-year-old shows me around his Minecraft worlds, I was a bit apprehensive about writing a review of our gamified cybersecurity awareness module. But hey, maybe being a bit of a klutz at gaming might actually be beneficial from a test case point of view, and who doesn't like a challenge, right?

article thumbnail

10 Rules for Managing Apache Kafka

Without proper guidance, it’s easy to miss out on Kafka’s full capabilities. While not the easiest technology to optimize, Kafka rewards those willing to explore its depths. Under the hood, it is an elegant system for stream processing, event sourcing, and data integration. Download this white paper to learn the 10 critical rules that will help you optimize your Kafka system and unlock its full potential.

article thumbnail

Critical SQL Injection flaws impact Ivanti Endpoint Manager (EPM)

Security Affairs

Ivanti addressed multiple flaws in the Endpoint Manager (EPM), including remote code execution vulnerabilities. Ivanti this week rolled out security patches to address multiple critical vulnerabilities in the Endpoint Manager (EPM). A remote attacker can exploit the flaws to gain code execution under certain conditions. Below is the list of the addressed vulnerabilities: CVE Description CVSS Vector CVE-2024-29822 An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 an

article thumbnail

Secure Your Site: Learn from the Top 10 Cybersecurity Experts of 2024

KnowBe4

Companies have needed a website for the last 25 years at least. But where do you host your site? The techies at HostingAdvice decided to create an extremely thorough real-world review site to share their expertise. And clearly, your organization's website is an attack vector and so cybersecurity has become critical.

article thumbnail

Personal AI Assistants and Privacy

Schneier on Security

Microsoft is trying to create a personal digital assistant: At a Build conference event on Monday, Microsoft revealed a new AI-powered feature called “Recall” for Copilot+ PCs that will allow Windows 11 users to search and retrieve their past activities on their PC. To make it work, Recall records everything users do on their PC, including activities in apps, communications in live meetings, and websites visited for research.

Privacy 93
article thumbnail

New Research Finds Phishing Scams Targeting Popular PDF Viewer

KnowBe4

Several phishing campaigns are targeting users of the Foxit PDF Reader, according to researchers at Check Point. Foxit is a popular alternative to Adobe Acrobat Reader for viewing PDF files.

article thumbnail

Navigating the Future: Generative AI, Application Analytics, and Data

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

article thumbnail

Enhance your data security posture with a no-code approach to application-level encryption

IBM Big Data Hub

Data is the lifeblood of every organization. As your organization’s data footprint expands across the clouds and between your own business lines to drive value, it is essential to secure data at all stages of the cloud adoption and throughout the data lifecycle. While there are different mechanisms available to encrypt data throughout its lifecycle ( in transit , at rest and in use ), application-level encryption (ALE) provides an additional layer of protection by encrypting data at its so

article thumbnail

APT41: The threat of KeyPlug against Italian industries

Security Affairs

Tinexta Cyber’s Zlab Malware Team uncovered a backdoor known as KeyPlug employed in attacks against several Italian industries During an extensive investigation, Tinexta Cyber’s Zlab Malware Team uncovered a backdoor known as KeyPlug , which hit for months a variety of Italian industries. This backdoor is attributed to the arsenal of APT41,a group whose origin is tied to China.

article thumbnail

Everything You Need to Know About the Upcoming Mercury 2.1 Firmware Release

HID Global

Mercury’s latest firmware update, Version 2.1, will provide Mercury LP controllers & the new line of Mercury MP Controllers enhanced cybersecurity, integration opportunities & other benefits.

article thumbnail

5 challenges of digital workspace management and how to overcome them

Jamf

There are five notable challenges in DWM whose overarching theme boils down to just one: It’s security…but on multiple levels. Learn more about each of these challenges and how they contribute to your security posture, and what organizations can do to address them effectively.

article thumbnail

Get Better Network Graphs & Save Analysts Time

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

article thumbnail

Five attributes of people-centric, outcome-driven change management

CGI

How do organizations navigate fast-paced, complex, and ongoing change while, at the same time, mitigate risks and drive business outcomes across their enterprise? Adapting work habits, transforming processes, and improving performance through change management is key, but also a major hurdle. For example, more than half of the business and technology executives we interviewed as part of our latest CGI Voice of Our Clients research cite change management as their top constraint to achieving their

Risk 52
article thumbnail

US Congress Prepares Bill to Create a National Artificial Intelligence Research Resource

IG Guru

Check out the bill here. The post US Congress Prepares Bill to Create a National Artificial Intelligence Research Resource first appeared on IG GURU.

article thumbnail

Is your Texas data protection assessment started?

Data Protection Report

As we have previously written , the Texas comprehensive privacy law, known as the Texas Data Privacy and Security Act (TDPSA), goes into effect on Monday, July 1, 2024. As a reminder, unlike other states’ comprehensive privacy laws that are currently in effect, Texas does not include a minimum number of residents for applicability. Instead, the three criteria for applicability of the TDPSA are that the company: conducts business in this state or produces a product or service consumed by reside

article thumbnail

Archive-It Partner News, May 2024

Archive-It

by the Archiving & Data Services team Community News Join us in Chicago! Aerial photo of the Harold Washington Library Center, Chicago Public Library Archive-It partners and friends are invited to join this year’s partner meeting on Wednesday, August 14th , to coincide with the Society of American Archivists’ ARCHIVES * RECORDS 2024 meeting in Chicago.

article thumbnail

How Embedded Analytics Gets You to Market Faster with a SAAS Offering

Start-ups & SMBs launching products quickly must bundle dashboards, reports, & self-service analytics into apps. Customers expect rapid value from your product (time-to-value), data security, and access to advanced capabilities. Traditional Business Intelligence (BI) tools can provide valuable data analysis capabilities, but they have a barrier to entry that can stop small and midsize businesses from capitalizing on them.

article thumbnail

RSAC Fireside Chat: Qwiet AI leverages graph-database technology to reduce AppSec noise

The Last Watchdog

AppSec has never been more challenging. By the same token, AppSec technology is advancing apace to help companies meet this challenge. Related: AppSec market trajectory At RSAC 2024 , I sat down with Bruce Snell , cybersecurity strategist at Qwiet.ai , to hear a break down about how Qwiet has infused it’s preZero platform, with graph-database capabilities to deliver SAST, SCA, container scanning and secrets detection in a single solution.

Marketing 278