Security Affairs

APRIL 16, 2024

Cisco Talos warns of large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services. Cisco Talos researchers warn of large-scale credential brute-force attacks targeting multiple targets, including Virtual Private Network (VPN) services, web application authentication interfaces and SSH services since at least March 18, 2024.

Authentication 356

Authentication Access Security Information Security 356

WIRED Threat Level

APRIL 16, 2024

A controversial bill reauthorizing the Section 702 spy program may force whole new categories of businesses to eavesdrop on the US government’s behalf, including on fellow Americans.

Privacy 310

Privacy Security 310

Security Affairs

APRIL 16, 2024

The PuTTY Secure Shell (SSH) and Telnet client are impacted by a critical vulnerability that could be exploited to recover private keys. PuTTY tools from 0.68 to 0.80 inclusive are affected by a critical vulnerability, tracked as CVE-2024-31497 , that resides in the code that generates signatures from ECDSA private keys which use the NIST P521 curve.

Authentication 355

Authentication Access Security Information Security 355

Krebs on Security

APRIL 16, 2024

For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state’s revenue department in 2012 and stealing tax and bank account information for 3.6 million people. The answer may no longer be a mystery: KrebsOnSecurity found compelling clues suggesting the intrusion was carried out by the same Russian hacking crew that stole of millions of payment card records from big box retailers like

Sales 302

Sales Retail Insurance IT 302

Speaker: Lee Andrews, Founder at LJA New Media & Tony Karrer, Founder and CTO at Aggregage

This session will walk you through how one CEO used generative AI, workflow automation, and sales personalization to transform an entire security company—then built the Zero to Strategy framework that other mid-market leaders are now using to unlock 3.5x ROI. As a business executive, you’ll learn how to assess AI opportunities in your business, drive adoption across teams, and overcome internal resource constraints—without hiring a single data scientist.

Marketing

Security Affairs

APRIL 16, 2024

The Dark Angels (Dunghill) ransomware group claims the hack of the chipmaker Nexperia and the theft of 1 TB of data from the company. The Dark Angels (Dunghill) ransomware group claims responsibility for hacking chipmaker Nexperia and stealing 1 TB of the company’s data. Nexperia is a semiconductor manufacturer headquartered in Nijmegen, the Netherlands.

Ransomware 355

Ransomware Manufacturing Insurance Cybersecurity 355

Security Affairs

APRIL 16, 2024

Researchers released an exploit code for the actively exploited vulnerability CVE-2024-3400 in Palo Alto Networks’ PAN-OS. Researchers at watchTowr Labs have released a technical analysis of the vulnerability CVE-2024-3400 in Palo Alto Networks’ PAN-OS and a proof-of-concept exploit that can be used to execute shell commands on vulnerable firewalls.

Access 354

Access Cybersecurity IT Information Security 354

AIIM

APRIL 16, 2024

Think about your organization for a moment. Is there any employee who doesn't collect, store, transform, analyze, and delete information? We all need information to be successful and help our organizations achieve better business outcomes.

222

222

Security Affairs

APRIL 16, 2024

Amidst rising tensions with China in the SCS, Resecurity observed a spike in malicious cyber activity targeting the Philippines in Q1 2024. Amidst rising tensions with China in the South China Sea, Resecurity has observed a significant spike in malicious cyber activity targeting the Philippines in Q1 2024 , increasing nearly 325% compared to the same period last year.

Government 347

Government Security Information Security IT 347

Data Breach Today

APRIL 16, 2024

Financially Motivated Threat Group Embeds Malicious Code in Images Financially motivated hackers are using the oldie-but-goodie technique of hiding malicious code in digital images to target businesses in Latin America, say security researchers. One image containing a PowerShell script results in Agent Tesla being loaded on the victim computer.

Security 195

Security 195

Speaker: Alex Salazar, CEO & Co-Founder @ Arcade | Nate Barbettini, Founding Engineer @ Arcade | Tony Karrer, Founder & CTO @ Aggregage

There’s a lot of noise surrounding the ability of AI agents to connect to your tools, systems and data. But building an AI application into a reliable, secure workflow agent isn’t as simple as plugging in an API. As an engineering leader, it can be challenging to make sense of this evolving landscape, but agent tooling provides such high value that it’s critical we figure out how to move forward.

Security

Security Affairs

APRIL 16, 2024

Researchers warn of a renewed cyber espionage campaign targeting users in South Asia with the Apple iOS spyware LightSpy Blackberry researchers discovered a renewed cyber espionage campaign targeting South Asia with an Apple iOS spyware called LightSpy. The sophisticated mobile spyware has resurfaced after several months of inactivity, the new version of LightSpy, dubbed “F_Warehouse”, supports a modular framework with extensive spying capabilities.

Encryption 339

Encryption Communications Access Passwords 339

Data Breach Today

APRIL 16, 2024

Fresh Social Engineering Attacks Resemble Tactics Used Against XZ Utils Maintainer Major open-source software projects are warning that more pieces of code than XZ Utils may have been backdoored by attackers, based on ongoing supply-chain attack attempts that have targeted "popular JavaScript projects," apparently seeking to trick them into sharing code maintainer rights.

182

182

Schneier on Security

APRIL 16, 2024

Brian Krebs reported that X (formerly known as Twitter) started automatically changing twitter.com links to x.com links. The problem is: (1) it changed any domain name that ended with “twitter.com,” and (2) it only changed the link’s appearance (anchortext), not the underlying URL. So if you were a clever phisher and registered fedetwitter.com, people would see the link as fedex.com, but it would send people to fedetwitter.com.

IT 134

IT Phishing 134

Data Breach Today

APRIL 16, 2024

OpenSSF Partners With DHS and CISA to Launch Global Software Supply Chain Project OpenSSF launched a new tool Tuesday in partnership with the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency to help simplify for federal agencies and private organizations the process of reading and generating software bills of materials.

Cybersecurity 173

Cybersecurity Security 173

Speaker: Frank Taliano

Documents are the backbone of enterprise operations, but they are also a common source of inefficiency. From buried insights to manual handoffs, document-based workflows can quietly stall decision-making and drain resources. For large, complex organizations, legacy systems and siloed processes create friction that AI is uniquely positioned to resolve.

IT

KnowBe4

APRIL 16, 2024

Microsoft and Google were the most frequently impersonated brands in phishing attacks during the first quarter of 2024, according to a report from Check Point.

Phishing 122

Phishing Security 122

Data Breach Today

APRIL 16, 2024

Parent Company UHG Is a No-Show at Hearing & Faces Data Leak, Attack Costs of $1.6B The aftershocks of the Change Healthcare cyberattack are still reverberating through the healthcare sector nearly 60 days into the recovery process. But on Tuesday, members of Congress and industry experts grappled with how to avoid a future replay - minus a key witness: UnitedHealth Group.

173

173

KnowBe4

APRIL 16, 2024

In a new report, the tech giant highlights the cyber readiness maturity levels of organizations lacks despite experiencing cyberattacks and expecting.

Security awareness 122

Security awareness Security 122

Data Breach Today

APRIL 16, 2024

Only 8.35% of Windows Users Had Migrated to Windows 11 by May 2023 Microsoft announced in December that support for Windows 10 will end when the OS reaches end of life in October 2025, yet enterprise adoption of Windows 11 is moving slowly. Enterprise leaders believe migrating to the new OS will lead to compatibility issues and increase costs to upgrade devices.

Risk 162

Risk Security 162

Advertiser: ZoomInfo

AI adoption is reshaping sales and marketing. But is it delivering real results? We surveyed 1,000+ GTM professionals to find out. The data is clear: AI users report 47% higher productivity and an average of 12 hours saved per week. But leaders say mainstream AI tools still fall short on accuracy and business impact. Download the full report today to see how AI is being used — and where go-to-market professionals think there are gaps and opportunities.

Sales

KnowBe4

APRIL 16, 2024

We are thrilled to announce that KnowBe4 has been named a leader in the latest G2 Grid Report that compares security awareness training (SAT) vendors based on user reviews, customer satisfaction, popularity and market presence.

Security awareness 119

Security awareness Security Marketing 119

Data Breach Today

APRIL 16, 2024

New Program Pairs Universities and Students With Small, Resource-Poor Organizations A new initiative in the U.S. is pairing college students with university researchers to strengthen cybersecurity defenses for resource-poor organizations and small businesses. The program serves as both an educational platform and a way for students to gain practical field experience.

Cybersecurity 162

Cybersecurity Education 162

eSecurity Planet

APRIL 16, 2024

ShadowRay is an exposure of the Ray artificial intelligence (AI) framework infrastructure. This exposure is under active attack, yet Ray disputes that the exposure is a vulnerability and doesn’t intend to fix it. The dispute between Ray’s developers and security researchers highlights hidden assumptions and teaches lessons for AI security, internet-exposed assets, and vulnerability scanning through an understanding of ShadowRay.

Cybersecurity 113

Cybersecurity Cloud Encryption Access 113

CGI

APRIL 16, 2024

This CGI blog post shares insights on creating a symbiotic relationship between AI and human intelligence to drive business outcomes.

Artificial Intelligence 98

Artificial Intelligence 98

Speaker: Ben Epstein, Stealth Founder & CTO | Tony Karrer, Founder & CTO, Aggregage

When tasked with building a fundamentally new product line with deeper insights than previously achievable for a high-value client, Ben Epstein and his team faced a significant challenge: how to harness LLMs to produce consistent, high-accuracy outputs at scale. In this new session, Ben will share how he and his team engineered a system (based on proven software engineering approaches) that employs reproducible test variations (via temperature 0 and fixed seeds), and enables non-LLM evaluation m

KnowBe4

APRIL 16, 2024

Critical Improvements to the 7 Most Common Pieces of Cybersecurity Advice

Cybersecurity 89

Cybersecurity 89

Data Matters

APRIL 16, 2024

On 12 March 2024, the European Parliament approved the EU Cyber Resilience Act (“ CRA ”) with a large majority of 517-12 votes in favor of the legislation (with 78 abstentions). The CRA aims to ensure that “products with digital elements” (“ PDE ”) i.e., connected products such as smart devices, and remote data processing solutions, are resilient against cyber threats and provide key information in relation to their security properties.

Privacy 88

Privacy Security IoT 88

CILIP

APRIL 16, 2024

Libraries Change Lives 2024 – Putting libraries in the spotlight CILIP is launching ‘Libraries Change Lives Week’ to raise the profile of public libraries to government – and we need your help As libraries continue to face budget and service cuts across the country, it is more important than ever for the sector to show politicians the huge difference libraries make in our communities.

Libraries 80

Libraries Government IT 80

IBM Big Data Hub

APRIL 16, 2024

As technology expands, at TechD , we know that the quality of generative AI (gen AI) depends on accurate data sourcing. A reliable and trustworthy data source is essential for sharing information across departments. Through the implementation of generative AI we are able to expand our knowledge to many individuals easily, quickly and efficiently becoming a resource.

Security 78

Security Unstructured data Retail Analytics 78

Advertiser: ZoomInfo

ZoomInfo customers aren’t just selling — they’re winning. Revenue teams using our Go-To-Market Intelligence platform grew pipeline by 32%, increased deal sizes by 40%, and booked 55% more meetings. Download this report to see what 11,000+ customers say about our Go-To-Market Intelligence platform and how it impacts their bottom line. The data speaks for itself!

Marketing

Thales Cloud Protection & Licensing

APRIL 16, 2024

Stop Ransomware in its Tracks With CipherTrust Transparent Encryption Ransomware Protection madhav Wed, 04/17/2024 - 05:22 Our last blog Ransomware Attacks: The Constant and Evolving Cybersecurity Threat described the ever dangerous and evolving cybersecurity threat of ransomware. It’s no longer a matter of IF you get attacked, it’s a matter of WHEN you get attacked.

Encryption 62

Encryption Ransomware IT Cybersecurity 62

IBM Big Data Hub

APRIL 16, 2024

Domain name system (DNS) resolution is an iterative process where a recursive resolver attempts to look up a domain name using a hierarchical resolution chain. First, the recursive resolver queries the root (.), which provides the nameservers for the top-level domain(TLD), e.g.com. Next, it queries the TLD nameservers, which provide the domain’s authoritative nameservers.

IT 64

IT 64

Data Protection Report

APRIL 16, 2024

Apple recently announced that beginning in spring 2024, developers of certain SDKs and apps that use those SDKs will be required to include a “Privacy Manifest,” which lists all tracking domains used in the relevant SDK or app. To determine whether this is relevant to your company, a list of SDKs that require a Privacy Manifest can be found here. Privacy Manifests are required in order to either: Submit a new app to the App Store that includes a listed SDK or Submit an app update to the App Stor

Privacy 56

Privacy 56