Wed.Mar 15, 2023

article thumbnail

Long-Term Care Services Firm Says Breach Affects 4.2 Million

Data Breach Today

'Inaccessible Computers' Incident Initially Reported as Affecting 501 People A vendor of clinical and third-party administrative services to managed care organizations and healthcare providers serving elderly and disabled patients said a cybersecurity incident last summer has affected more than 4.2 million individuals.

article thumbnail

Microsoft Patch Tuesday, March 2023 Edition

Krebs on Security

Microsoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software. Two of those flaws are already being actively attacked, including an especially severe weakness in Microsoft Outlook that can be exploited without any user interaction. The Outlook vulnerability ( CVE-2023-23397 ) affects all versions of Microsoft Outlook from 2013 to the newest.

Passwords 223
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

MKS Instruments Ransomware Attack Results in $200M Sales Hit

Data Breach Today

Attack Removed MKS' Ability to Process Orders, Ship Products or Provide Services MKS Instruments expects a $200 million revenue hit from February's ransomware attack after the hack removed the company's ability to process orders or ship products. The Feb. 3 ransomware attack required the company to temporarily suspend operations at some MKS Instruments facilities.

article thumbnail

Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector

Dark Reading

Over the weekend, cybercriminals laid the groundwork for Silicon Valley Bank-related fraud attacks that they're now starting to cash in on. Businesses are the targets and, sometimes, the enablers.

111
111
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Rubrik Breached Via Zero-Day Attack Exploiting GoAnywhere

Data Breach Today

Company Says Data Breach Ties to Fortra Software Exploit; Nothing Sensitive Stolen Cybersecurity software giant Rubrik has joined the ranks of organizations that fell victim to attackers who have been exploiting a zero-day vulnerability in Fortra's widely used managed file transfer software, GoAnywhere MFT. The Clop ransomware gang claims to have exploited at least 130 victims.

More Trending

article thumbnail

CISA Alert: 4-Year-Old Software Bug Exploited at US Agency

Data Breach Today

Progress Telerik UI's.NET Vulnerability Could Lead to Remote Code Execution U.S. cybersecurity officials on Thursday issued an alert about a 4-year-old software vulnerability that has been exploited by hackers, including one APT group, in a federal civilian agency. Users are advised to immediately apply the software patch to the Progress Telerik UI for ASP.NET AJAX.

article thumbnail

A Spy Wants to Connect With You on LinkedIn

WIRED Threat Level

Russia, North Korea, Iran, and China have been caught using fake profiles to gather information. But the platform’s tools to weed them out only go so far.

article thumbnail

Microsoft Fixes Russia-Exploited Zero Day

Data Breach Today

Patch Tuesday Fixes Address 80 Vulnerabilities, Including 8 Critical Ones Microsoft's March dump of patches fixes two actively exploited zero-day vulnerabilities, including a critical issue in Outlook that Russian threat actor APT28 has used to target European companies. The vulnerability can be exploited before a user views the email in the Preview Pane.

147
147
article thumbnail

Russia-linked APT29 abuses EU information exchange systems in recent attacks

Security Affairs

Russia-linked APT29 group abused the legitimate information exchange systems used by European countries to target government entities. Russia-linked APT29 (aka SVR group , Cozy Bear , Nobelium , and The Dukes ) was spotted abusing the legitimate information exchange systems used by European countries in attacks aimed at governments. In early March, BlackBerry researchers uncovered a new cyber espionage campaign aimed at EU countries.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Illicit Crypto Miners Find a New Fav in Privacy Coin Dero

Data Breach Today

CrowdStrike Finds Dero Cryptojacking Operations on Kubernetes Cluster Threat actors who mine digital assets using other people's infrastructure have found a lucrative new cryptocurrency to motivate their hacking: the privacy focused currency named Dero. CrowdStrike says it discovered a first: a Dero cryptojacking operation operating on a Kubernetes cluster.

Privacy 130
article thumbnail

This Is the New Leader of Russia's Infamous Sandworm Hacking Unit

WIRED Threat Level

Evgenii Serebriakov now runs the most aggressive hacking team of Russia’s GRU military spy agency. To Western intelligence, he’s a familiar face.

article thumbnail

Key aerospace player Safran Group leaks sensitive data

Security Affairs

Top aviation company Safran Group left itself vulnerable to cyberattacks, likely for well over a year, underlining how vulnerable big aviation firms are to threat actors, according to research by Cybernews. Original post at [link] The Cybernews research team recently discovered that the French-based multinational aviation company, the eighth largest aerospace supplier worldwide, was leaking sensitive data due to a misconfiguration of its systems.

article thumbnail

The World’s Real ‘Cybercrime’ Problem

WIRED Threat Level

From US state laws to the international stage, definitions of “cybercrime” remain vague, broad, and increasingly entrenched in our legal systems.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Security Firm Rubrik breached by Clop gang through GoAnywhere Zero-Day exploitation

Security Affairs

Data security firm Rubrik discloses a data breach, attackers exploited recent GoAnywhere zero-day to steal its data. Cybersecurity firm Rubrik disclosed a data breach, a ransomware group stolen compeny data by exploiting the recently disclosed zero-day vulnerability in the Fortra GoAnywhere secure file transfer platform. The company was the victim of a large-scale campaign targeting GoAnywhere MFT devices worldwide by exploiting the zero-day vulnerability.

article thumbnail

International Data Transfers: Time to Rethink Binding Corporate Rules

Hunton Privacy

This is an excerpt from Centre for Information Policy Leadership (“CIPL”) President Bojana Bellamy’s recently published piece in the IAPP “Privacy Perspectives” blog, and are the views of the author. International data transfers continue to be a top compliance and legal issue for both European and global organizations, requiring continuous reevaluation and increasing resources.

GDPR 78
article thumbnail

Three-Quarters of Organizations Have Experienced an Increase in Email-Based Threats

KnowBe4

New data on the state of email security shows that nearly every organization has been the target of a phishing attack as attacks increase in sophistication.

article thumbnail

Why Security Practitioners Should Understand Their Business

Dark Reading

The sooner CISOs become proactive in understanding the flip side of the organizations they protect, the better they'll be at their jobs.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

AI-Generated Voice Deepfakes Aren’t Scary Good—Yet

WIRED Threat Level

The threat of scammers using voice deepfakes in their cons is real, but researchers say old-school voice-impersonation attacks are still the more pressing concern.

article thumbnail

How Do Attackers Hijack Old Domains and Subdomains?

Dark Reading

Here is a cautionary tale of what happens if side-projects or sections of the website becomes obsolete. If you don't remove them, someone might hijack your subdomain.

74
article thumbnail

University of Sydney Gives Students and Staff Advice on Avoiding Social Engineering Scams

KnowBe4

The University of Sydney has issued advice to help students and staff avoid falling for social engineering attacks.

90
article thumbnail

Hornetsecurity Launches VM Backup V9

Dark Reading

Hornetsecurity research highlights that more than 1 in 4 companies have fallen victim to ransomware attacks, with 14.1% losing data and 6.6% paying a ransom.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Webinar: Spring Seminar: An Investigation in Value via the ARMA Nebraska Chapter on April 19th, 2023 from 7:30am – 4:00 pm Central

IG Guru

Tickets $150.00 Member Ticket($25.00 Late fee) $170.00 Non-member Ticket($25.00 Late fee)Register before Wednesday, Apr 12, 2023 to avoid late fees.

article thumbnail

YoroTrooper APT group targets CIS countries and embassies

Security Affairs

A new APT group, dubbed YoroTrooper, has been targeting government and energy organizations across Europe, experts warn. Cisco Talos researchers uncovered a new cyber espionage group targeting CIS countries, embassies and EU health care agency since at least June 2022. The APT group focuses on government or energy organizations in Azerbaijan, Tajikistan, Kyrgyzstan and other Commonwealth of Independent States (CIS).

article thumbnail

Are We Doing Enough to Protect Our Unstructured Data?

Dark Reading

Organizations are coming under pressure to protect their data, but does all data need the same security? To secure it, you first need to know what and where it is.

article thumbnail

CrowdStrike discovered the first-ever Dero cryptocurrency mining campaign

Security Affairs

CrowdStrike researchers discovered the first-ever cryptocurrency mining campaign aimed at Dero mining since February 2023. CrowdStrike has discovered the first-ever Dero cryptojacking campaign aimed at Kubernetes infrastructure. Dero is a general-purpose, private, and decentralized application platform that allows developers to deploy powerful and unstoppable applications.

Mining 68
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Cyberattackers Continue Assault Against Fortinet Devices

Dark Reading

Patched earlier this month, a code-execution vulnerability is the latest FortiOS weakness to be exploited by attackers, who see the devices as well-placed targets for initial access operations.

Access 94
article thumbnail

Season 5 of ‘The Inside Man’ From KnowBe4 Is Less Than a Month Away!

KnowBe4

We’re thrilled to announce that Season 5 of the award-winning Knowbe4 Original Series - “The Inside Man” is less than a month away!

article thumbnail

Meet Data Privacy Mandates With Cybersecurity Frameworks

Dark Reading

Protection laws are always evolving. Here's how you can streamline your compliance efforts.