Mon.Sep 25, 2023

article thumbnail

Data Breach Toll Tied to Clop Group's MOVEit Attacks Surges

Data Breach Today

2,050 Organizations Affected After Data Stolen From Secure File-Sharing Software The count of organizations affected by the Clop ransomware group's most recent mass targeting of Progress Software's secure file transfer software doubled last week. National Student Clearinghouse warned that data tied to nearly 900 colleges and universities had been stolen from its MOVEit server.

article thumbnail

GUEST ESSAY: A roadmap for the finance teams at small businesses to improve cybersecurity

The Last Watchdog

If you’re a small business looking for the secret sauce to cybersecurity, the secret is out: start with a cybersecurity policy and make the commitment to security a business-wide priority. Related: SMBs too often pay ransom Small businesses, including nonprofit organizations, are not immune to cyberattacks. The average cost of a cybersecurity breach was $4.45 million in 2023, according to IBM’s Cost of a Data Breach Report, and over 700,000 small businesses were targeted in cybersecurity attacks

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Deadglyph Backdoor Targeting Middle Eastern Government

Data Breach Today

Backdoor Is Associated With Stealth Falcon APT Group Security researchers discovered a novel backdoor targeting a governmental agency in the Middle East for espionage purposes. Deadglyph is unique because it's made up of different parts written in different programming languages: native x64 binary and a.NET assembly.

article thumbnail

Your Boss’s Spyware Could Train AI to Replace You

WIRED Threat Level

Corporations are using software to monitor employees on a large scale. Some experts fear the data these tools collect could be used to automate people out of their jobs.

article thumbnail

LLMs in Production: Tooling, Process, and Team Structure

Speaker: Dr. Greg Loughnane and Chris Alexiuk

Technology professionals developing generative AI applications are finding that there are big leaps from POCs and MVPs to production-ready applications. They're often developing using prompting, Retrieval Augmented Generation (RAG), and fine-tuning (up to and including Reinforcement Learning with Human Feedback (RLHF)), typically in that order. However, during development – and even more so once deployed to production – best practices for operating and improving generative AI applications are le

article thumbnail

Bermuda Struggles to Recover From Cyberattack

Data Breach Today

Bermuda Premier Attributes the Incident to 'Russia-Based' Attackers Bermuda government workers Monday remained cut off from email and normal telephone systems following a hacking incident disclosed late last week. Bermuda Premier David Burt on Thursday attributed the hack to "Russia-based actors," without elaborating.

More Trending

article thumbnail

How to Overcome Practitioner Concerns Over Cisco-Splunk Deal

Data Breach Today

Forrester's Allie Mellen on Issues Posed by Cisco's M&A Track Record, Splunk's Cost Security practitioners are skeptical of Cisco's proposed $28 billion Splunk purchase given the networking giant's track record around funding and investing in previous acquisition targets. Forrester's Allie Mellen expects some customers to try out other SIEM tools given Cisco's heritage in hardware.

Security 272
article thumbnail

MOVEit Flaw Leads to 900 University Data Breaches

Dark Reading

National Student Clearinghouse, a nonprofit serving thousands of universities with enrollment services, exposes more than 900 schools within its MOVEit environment.

article thumbnail

How Will SEC Rules Affect Reporting, Tracking of Incidents?

Data Breach Today

TrustedSec's Alex Hamerstone on New US Securities and Exchange Commission Rules Under new U.S. Securities and Exchange Commission rules, companies must disclose material cybersecurity incidents and annually report on cybersecurity risk management, strategy and governance. Alex Hamerstone, advisory solutions director at TrustedSec, discussed the challenges ahead.

article thumbnail

Congratulations to our Jammies Awards Winners

Jamf

Congratulations to the winners of the 2023 Jammies Awards, the customer appreciation awards celebrating those who exemplify Jamf values and innovative usage of Jamf solutions.

111
111
article thumbnail

Your Expert Guide to CX Orchestration & Enhancing Customer Journeys

Speaker: Keith Kmett, Principal CX Advisor at Medallia

Join Keith Kmett, Principal CX Advisor, in this new webinar that will focus on: Understanding CX Orchestration Fundamentals: Gain a solid understanding of what CX orchestration is, its significance in the customer experience landscape, and how it plays a crucial role in shaping customer journeys. This includes the key concepts, strategies, and best practices involved in CX orchestration. 🔑 Connection to Customer Journey Maps: How to effectively integrate customer journey mapping into the

article thumbnail

CommonSpirit Details Financial Fallout of $160M Cyberattack

Data Breach Today

No Word Yet on Hospital Chain's Cyber Insurance Claim, Multiple Lawsuits Pending Chicago-based CommonSpirit is still waiting to hear back on its insurance claim for an October 2022 ransomware attack, but the hospital chain said disruption of some facilities and "significantly" hampered billing and collection activities contributed to a $1.4 billion operating loss for the year.

article thumbnail

Cybercriminals Use Google Looker Studio to Host Crypto Scam to Steal Money and Credentials

KnowBe4

Security researchers at Check Point have discovered yet another attack that leverages legitimate web applications to host attacks in order to bypass security scanners.

Security 109
article thumbnail

Polish Privacy Regulator Probes OpenAI's ChatGPT

Data Breach Today

Agency Is the Latest in a String of European Regulators to Scrutinize the LLM The Polish data regulator launched a probe into OpenAI's ChatGPT for potential privacy violations of the European General Data Protection Regulation. The Polish regulator is the third European data protection agency to raise privacy concerns related to ChatGPT.

Privacy 241
article thumbnail

Tools From Cybercrime Software Vendor W3LL Found to be Behind the Compromise of 56K Microsoft 365 Accounts

KnowBe4

A new report uncovers the scope and sophistication found in just one cybercrime vendor’s business that has aided credential harvesting and impersonation attacks for the last 6 years.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

CyberArk, BeyondTrust, Delinea Dominate Gartner MQ for PAM

Data Breach Today

One Identity, Wallix, Arcon Exit Leaders Space as Privileged Access Market Matures CyberArk, BeyondTrust and Delinea maintained their spots atop Gartner's privileged access management Magic Quadrant, while One Identity, Wallix and Arcon fell from the leader ranks. Over the past half-decade, PAM has gone from being required for large companies to being an insurance prerequisite.

Insurance 256
article thumbnail

Cyber Hygiene: A First Line of Defense Against Evolving Cyberattacks

Dark Reading

Back to basics is a good start, but too often security teams don't handle their deployment correctly. Here's how to avoid the common pitfalls.

Security 111
article thumbnail

Crooks stole $200 million worth of assets from Mixin Network

Security Affairs

Crooks stole $200 million from Mixin Network, a free, lightning fast and decentralized network for transferring digital assets. Mixin Network, the Hong Kong-based crypto firm behind a free, lightning fast and decentralized network for transferring digital assets announced it has suffered a $200 million cyber heist. The company suspended deposits and withdrawals immediately after the discovery of the security breach that took place early in the morning of September 23, 2023.

article thumbnail

New Wave of Hospitality Phishing Attacks: Compromise User Credentials, Then Go Phish

KnowBe4

The hospitality sector is seeing a new wave of phishing attacks. These new attacks are more plausible because they begin with compromised credentials and move to fraudulent emails sent from within a trusted network. The compromised systems are legitimate booking sites; the victims are the guests.

article thumbnail

Use Cases for Apache Cassandra®

There’s a good reason why Apache Cassandra® is quickly becoming the NoSQL database of choice for organizations of all stripes. In this white paper, discover the key use cases that make Cassandra® such a compelling open source software – and learn the important pitfalls to avoid. From understanding its distributed architecture to unlocking its incredible power for industries like healthcare, finance, retail and more, experience how Cassandra® can transform your entire data operations.

article thumbnail

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Security Affairs

A stealthy APT group tracked as Gelsemium was observed targeting a Southeast Asian government between 2022 and 2023. Palo Alto Unit42 researchers an APT group tracked as Gelsemium targeting a Southeast Asian government. The experts tracked the cluster as CL-STA-0046, the malicious activity spanned over six months between 2022-2023. The activity was characterized by the use of a combination of rare tools and techniques to gain access to the target network and collect intelligence from sensitive I

article thumbnail

UAE-Linked 'Stealth Falcon' APT Mimics Microsoft in Homoglyph Attack

Dark Reading

The cyberattackers are using the "Deadglyph" custom spyware, whose full capabilities have not yet been uncovered.

119
119
article thumbnail

Organizations Starting to Understand the Impact of Ransomware, But Their Efforts Not Enough to Overcome Infostealer Malware

KnowBe4

Recent findings in a SpyCloud report shows companies are starting to recognize and shift their priorities to defend against ransomware attacks, but the use of infostealer malware still has a high success rate for cybercriminals.

article thumbnail

The Hot Seat: CISO Accountability in a New Era of SEC Regulation

Dark Reading

Updated cybersecurity regulations herald a new era of transparency and accountability in the face of escalating industry vulnerabilities.

article thumbnail

Reimagining CX: How to Implement Effective AI-Driven Transformations

Speaker: Steve Pappas

As businesses strive for success in an increasingly digitized world, delivering an exceptional customer experience has become paramount. To meet this demand, enterprises are embracing innovative approaches that captivate customers and fuel their loyalty. 💥 Enter conversational AI - an absolute game-changer (if done right) in redefining CX norms.

article thumbnail

Unleashing the power of Presto: The Uber case study

IBM Big Data Hub

The magic behind Uber’s data-driven success Uber, the ride-hailing giant, is a household name worldwide. We all recognize it as the platform that connects riders with drivers for hassle-free transportation. But what most people don’t realize is that behind the scenes, Uber is not just a transportation service; it’s a data and analytics powerhouse.

article thumbnail

[NEW RELEASE]: Unleash the Power of Cybersecurity Education with KnowBe4’s 'Hack-A-Cat' on Roblox

KnowBe4

What do cheese, fish and cybersecurity training have in common? Each of these comes together to help keep kids informed about cyber threats and cybersecurity best practices with KnowBe4’s first ever entry into the Roblox gaming platform: Hack-A-Cat!

article thumbnail

Weekly Vulnerability Recap – Sept. 25, 2023 – Flaws in Apple Devices, DevOps Tools and More

eSecurity Planet

This past week in cybersecurity saw a wide range of vulnerabilities, from Apple product patches to several flaws that hit DevSecOps teams. The Akira ransomware group made news too, expanding its attacks to include Linux-based systems, and Trend Micro issued a fix for a zero-day vulnerability in its Apex One endpoint security tools. Read about the following vulnerabilities and bugs to know what your business and security team should address, as these flaws and attacks can apply to startups and la

article thumbnail

A phishing campaign targets Ukrainian military entities with drone manual lures

Security Affairs

A phishing campaign targets Ukrainian military entities using drone manuals as lures to deliver the post-exploitation toolkit Merlin. Securonix researchers recently uncovered a phishing campaign using a Pilot-in-Command (PIC) Drone manual document as a lure to deliver a toolkit dubbed Merlin. The campaign, codenamed STARK#VORTEX by Securonix, targets Ukrainian military entities and CERT-UA attributed it to a threat actor tracked as UAC-0154.

article thumbnail

Lessons Learned in PostgreSQL®

In today's digital landscape, the threat of ransomware demands proactive defense. This paper, inspired by a real PostgreSQL® database incident, offers vital strategies for effective mitigation. Instaclustr expert Perry Clark outlines immediate actions to minimize risks, ensuring a swift response to ransomware threats and protecting critical data assets.

article thumbnail

A Tricky New Way to Sneak Past Repressive Internet Censorship

WIRED Threat Level

With the number of internet blackouts on the rise, cybersecurity firm eQualitie figured out how to hide censored online news in satellite TV signals.

article thumbnail

Don't Get Burned by CAPTCHAs: A Recipe for Accurate Bot Protection

Dark Reading

Traditional CAPTCHAs, such as reCAPTCHA, no longer protect online businesses adequately. Real users hate them. Bots bypass them. It's time to upgrade.

IT 95
article thumbnail

MFA Defenses Fall Victim to New Phishing-As-A-Service Offerings

KnowBe4

ZeroFox warns that phishing-as-a-service (PhaaS) offerings are increasingly including features to bypass multi-factor authentication.