Fri.May 24, 2024

article thumbnail

ShrinkLocker Ransomware Exploits Microsoft's BitLocker

Data Breach Today

Malicious Script Targets Users in Mexico, Indonesia, Jordan Why bother building a crypto-locker when Microsoft has perfectly acceptable encryption software preloaded on desktops? Many ransomware hackers agree with that statement - and they're learning to make such attacks even harder to recover from.

article thumbnail

Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors

Security Affairs

The use of Dynamic DNS (DDNS) services embedded in appliances can potentially expose data and devices to attacks. The use of Dynamic DNS (DDNS) services embedded in appliances, such as those provided by vendors like Fortinet or QNAP, carries cybersecurity implications. It increases the discoverability of customer devices by attackers. Advisory on security impacts related to the use of TLS in proprietary vendor Dynamic DNS (DDNS) services.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

A Strategic Approach to Stopping SIM Swap Fraud

Data Breach Today

The UAE No Longer Has Cases of SIM Swap Fraud - Here's Why SIM swap fraud continues to cause substantial financial losses for both consumers and financial institutions, undermining the integrity of the financial ecosystem. In the UAE, the banking industry has incurred considerable losses from SIM swap fraud. But a strategic approach has stopped it.

IT 290
article thumbnail

An XSS flaw in GitLab allows attackers to take over accounts

Security Affairs

GitLab addressed a high-severity cross-site scripting (XSS) vulnerability that allows unauthenticated attackers to take over user accounts. GitLab fixed a high-severity XSS vulnerability, tracked as CVE-2024-4835 , that allows attackers to take over user accounts. An attacker can exploit this issue by using a specially crafted page to exfiltrate sensitive user information.

Passwords 112
article thumbnail

10 Rules for Managing Apache Cassandra

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

article thumbnail

Courtroom Recording Software Hit by Supply Chain Attack

Data Breach Today

Backdoored Installer Facilitates Full, Remote Takeover, Justice AV Solutions Warns Attackers backdoored versions of widely used audiovisual recording software being distributed by Justice AV Solutions via its official download site. Experts say users should "immediately" update to patched versions, review their IT environments for signs of compromise and wipe affected endpoints.

IT 282

More Trending

article thumbnail

Australian Telecom Watchdog Sues Optus Over 2022 Data Breach

Data Breach Today

Telecom Company Also Faces OAIC Investigation and Potentially Millions in Fines The Australian Communications and Media Authority says it has filed proceedings against Optus in a federal court as the company failed to protect sensitive customer data during a data breach in September 2022. The Office of the Australian Information Commissioner is also investigating the incident.

article thumbnail

CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

CISA adds Apache Flink improper access control vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a NextGen Healthcare Mirth Connect vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The issue, tracked as CVE-2020-17519 , is an improper access control vulnerability in Apache Flink.

IT 100
article thumbnail

LockBit Publishes Data Stolen in London Drugs Attack

Data Breach Today

Canadian Retail Pharmacy Chain Says It's Reviewing Exposed Data on Gang's Leak Site LockBit has begun to leak on its dark web site files of data the Russian-speaking cybercriminal gang claims to have stolen in an April attack on London Drugs. The group had threatened to publish the exfiltrated data if the Canadian retail pharmacy chain does not pay a $25 million ransom demand.

Retail 265
article thumbnail

On the Zero-Day Market

Schneier on Security

New paper: “ Zero Progress on Zero Days: How the Last Ten Years Created the Modern Spyware Market “: Abstract: Spyware makes surveillance simple. The last ten years have seen a global market emerge for ready-made software that lets governments surveil their citizens and foreign adversaries alike and to do so more easily than when such work required tradecraft.

Marketing 100
article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

article thumbnail

How Microsoft secures Generative AI

Data Breach Today

Enabling Safety in the Age of Generative AI Discover how Generative AI can be used securely and responsibly, transforming possibilities into safe realities.

Security 271
article thumbnail

Google fixes eighth actively exploited Chrome zero-day this year, the third in a month

Security Affairs

Google rolled out a new emergency security update to fix another actively exploited zero-day vulnerability in the Chrome browser. Google has released a new emergency security update to address a new vulnerability, tracked as CVE-2024-5274, in the Chrome browser, it is the eighth zero-day exploited in attacks disclosed this year. The vulnerability is a high-severity ‘type confusion’ in the V8 JavaScript engine, the Google researcher Clément Lecigne and Brendon Tiszka discovered it.

article thumbnail

ISMG Editors: UnitedHealth Group's HIPAA Breach Fallout

Data Breach Today

Also: The End of an Era at Mandiant and Privacy and Ethics Concerns Related to LLMs In the latest weekly update, ISMG editors discussed the implications of Kevin Mandia stepping down as Mandiant CEO; UnitedHealth Group's responsibility for a massive HIPAA breach at its subsidiary, Change Healthcare; and privacy concerns over large language models.

Privacy 161
article thumbnail

Enhancing triparty repo transactions with IBM MQ for efficiency, security and scalability

IBM Big Data Hub

The exchange of securities between parties is a critical aspect of the financial industry that demands high levels of security and efficiency. Triparty repo dealing systems, central to these exchanges, require seamless and secure communication across different platforms. The Clearing Corporation of India Limited (CCIL) recently recommended (link resides outside ibm.com) IBM® MQ as the messaging software requirement for all its members to manage the triparty repo dealing system.

article thumbnail

10 Rules for Managing Apache Kafka

Without proper guidance, it’s easy to miss out on Kafka’s full capabilities. While not the easiest technology to optimize, Kafka rewards those willing to explore its depths. Under the hood, it is an elegant system for stream processing, event sourcing, and data integration. Download this white paper to learn the 10 critical rules that will help you optimize your Kafka system and unlock its full potential.

article thumbnail

EU Commission and Microsoft Appeal EDPS Office 365 Decision

Data Breach Today

March Decision Mandated Commission to Stem Data Flows From Its Office 365 Use The European Commission is appealing a March decision by a continental data regulator that found the commission's use of Microsoft Office apps violated Regulation (EU) 2018/1725. A commission spokesperson said the EDPS decision would undermine its "mobile and integrated IT services.

IT 161
article thumbnail

CISA Releases Cybersecurity Resources for High-Risk Communities

KnowBe4

Working to ensure all communities within the United States are educated and prepared, the Cybersecurity and Infrastructure Security Agency (CISA) has released a set of tools, services and assistance to level the playing field.

article thumbnail

AI-as-a-Service Platform Patches Critical RCE Vulnerability

Data Breach Today

Hackers Could Exploit Bug on Replicate to Steal Data, Manipulate AI Models Attackers could have exploited a now-mitigated critical vulnerability in the Replicate artificial intelligence platform to access private AI models and sensitive data, including proprietary knowledge and personal identifiable information.

article thumbnail

As Many as 1 in 7 Emails Make it Past Your Email Filters

KnowBe4

Fluctuations in consecutive quarterly reports demonstrates that organizations should be worried that their cyber defenses may not be strong enough to stop phishing attacks.

article thumbnail

Navigating the Future: Generative AI, Application Analytics, and Data

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

article thumbnail

How Major Acquisitions Are Transforming Security Operations

Data Breach Today

Forrester's Allie Mellen on How Palo-QRadar and LogRhythm-Exabeam Will Reshape SIEM With LogRhythm and Exabeam merging and Palo Alto Networks purchasing IBM's QRadar SaaS assets, the security operations market is undergoing rapid transformation. Forrester Principal Analyst Allie Mellen discusses the implications of these massive moves for the future of the SIEM market.

Security 152
article thumbnail

MIT students stole $25M in seconds by exploiting ETH blockchain bug, DOJ says via Ars Technica

IG Guru

Check out the article here. The post MIT students stole $25M in seconds by exploiting ETH blockchain bug, DOJ says via Ars Technica first appeared on IG GURU.

article thumbnail

Adapture President Brian Kirsch to Speak at Cloudflare Partner Summit

Adapture

Atlanta IT Consultancy to Join Industry Leaders at the Cloudflare Partner Summit in New York City ATLANTA, May 24, 2024 – Adapture president, Brian Kirsch, is set to speak at the Cloudflare Partner Summit at 3 p.m. on Wednesday, May 29. He will be participating in a panel on Harnessing Collective Expertise: Lessons from the Field. Other speakers on the panel include Mark Thornberry, SVP of Vendor Management at GuidePoint Security; Matther Mammam, Founder of Serviops; Shane Baxter, Senior Directo

Cloud 52
article thumbnail

UK regulators’ strategic approaches to AI: a guide to key regulatory priorities for AI governance professionals

Data Protection Report

Background – white paper response on the UK’s approach to AI regulation In February 2024, the UK Department for Science, Innovation, and Technology (DSIT) set out the government’s proposed approach to AI regulation. It published a response to its consultation on its 2023 white paper, ‘A pro innovation approach to AI regulation ’ (the White Paper). DSIT confirmed that, for the time being, the UK will follow its proposed approach of setting cross-sectoral principles to be enforced by existing regu

article thumbnail

Get Better Network Graphs & Save Analysts Time

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

article thumbnail

Cloud Security Fundamentals: Understanding the Basics

eSecurity Planet

Cloud security fundamentals are the core requirements that ensure data protection, regulatory compliance, and access management in a cloud environment. These standards assist businesses in establishing trust with their consumers, avoiding financial losses due to breaches, and ensuring business continuity. Understanding cloud security challenges and knowing the cloud security tools available in the market significantly contribute to enhanced cloud security.

Cloud 119
article thumbnail

A Practical Guide to Cyber Incident Response

IT Governance

Expert insight from our cyber incident responder Cyber attacks and data breaches are a matter of when, not if. No single measure is 100% foolproof. A determined attacker will always be able to find their way around your defences, given enough time and resources. Furthermore, as Vanessa Horton, our cyber incident responder, pointed out in an interview about anti-forensics : The cyber world is changing all the time, which means we’re playing a bit of a cat-and-mouse game.

Risk 118
article thumbnail

Friday Squid Blogging: Dana Squid Attacking Camera

Schneier on Security

Fantastic footage of a Dana squid attacking a camera at a depth of about a kilometer. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.