Fri.Jun 07, 2024

article thumbnail

Qilin RaaS Group Believed to Be Behind Synnovis, NHS Attack

Data Breach Today

Patient Care, Including Transplants, Still Disrupted at London Hospitals, Clinics A ransomware attack on a pathology services firm earlier this week continues to disrupt patient care, including transplants, blood testing and other services, at multiple NHS hospitals and primary care facilities in London. Russian-speaking cybercrime group Qilin is believed to be behind the attack.

article thumbnail

Microsoft Will Switch Off Recall by Default After Security Backlash

WIRED Threat Level

After weeks of withering criticism and exposed security flaws, Microsoft has vastly scaled back its ambitions for Recall, its AI-enabled silent recording feature, and added new privacy features.

Security 141
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

CISA Planning JCDC Overhaul as Experts Criticize Slow Start

Data Breach Today

Top US Cyber Defense Agency Aims to Revamp Its Key Public-Private Collaborative The Joint Cyber Defense Collaborative may get a much-needed facelift in the coming months after experts and a cybersecurity advisory committee urged the U.S. Cybersecurity and Infrastructure Security Agency to improve its operational components and clarify its membership criteria.

article thumbnail

SolarWinds fixed multiple flaws in Serv-U and SolarWinds Platform

Security Affairs

SolarWinds addressed multiple vulnerabilities in Serv-U and the SolarWinds Platform, including a bug reported by a pentester working with NATO. SolarWinds announced security patches to address multiple high-severity vulnerabilities in Serv-U and the SolarWinds Platform. The vulnerabilities affect Platform 2024.1 SR 1 and previous versions. One of the vulnerabilities addressed by the company, tracked as CVE-2024-28996, was reported by a penetration tester working with NATO.

article thumbnail

10 Rules for Managing Apache Cassandra

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

article thumbnail

Hypr Secures $30M to Expand Identity Protection Platform

Data Breach Today

Silver Lake Waterman Investment in Hypr Fuels Product Development, Market Expansion Hypr raised $30 million from Silver Lake Waterman to boost its identity security offerings, aiming for market expansion and a potential initial public offering. The investment supports the New York-based company's multi-product strategy in a rapidly evolving threat landscape.

Security 169

More Trending

article thumbnail

Collaborative Security: The Team Sport Approach

Data Breach Today

By decentralizing the ownership of cybersecurity and increasing security consciousness among everyone in the organization, businesses can improve their security posture, said Dom Lombardi, the vice president of security and trust at Kandji. He discussed the concept of collaborative security.

Security 169
article thumbnail

Pandabuy was extorted twice by the same threat actor

Security Affairs

Chinese shopping platform Pandabuy previously paid a ransom demand to an extortion group that extorted the company again this week. The story of the attack against the Chinese shopping platform Pandabuy demonstrates that paying a ransom to an extortion group is risky to the victims. BleepingComputer first reported that Pandabuy had previously paid a ransom to an extortion group to prevent stolen data from being published, but the same threat actor extorted the company again this week.

article thumbnail

Microsoft Tweaks Recall for Security

Data Breach Today

The Computing Giant Faced a Wave of Criticism Over 'Photographic Memory' Feature Microsoft is retreating somewhat from Recall, a planned feature it touts as "photographic memory" for personal computers. The company announced on Friday that it's shifting the default setting for Recall to "off," and express user consent will be required before Recall can be activated.

Security 169
article thumbnail

Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing

KnowBe4

I have created a comprehensive webinar, based on my recent book , “Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing”. It contains everything that KnowBe4 and I know to defeat scammers.

Phishing 103
article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

article thumbnail

Chinese threat actor exploits old ThinkPHP flaws since October 2023

Security Affairs

Akamai observed a Chinese-speaking group exploiting two flaws, tracked as CVE-2018-20062 and CVE-2019-9082, in ThinkPHP applications. Akamai researchers observed a Chinese threat actor exploiting two old remote code execution vulnerabilities, tracked as CVE-2018-20062 and CVE-2019-9082 , in ThinkPHP. The campaign seems to have been active since at least October 2023, it initially targeted a limited number of customers/organizations but recently became widespread.

article thumbnail

Breach or Bluff: Cyber Criminals' Slippery Tactics

KnowBe4

When the news first broke about a potential data breach at Ticketmaster, the details were murky. The Department of Home Affairs confirmed a cyber incident affecting Ticketmaster customers, but the extent of the breach and the veracity of the claims made by the hacker group ShinyHunters were unclear.

article thumbnail

Security and Human Behavior (SHB) 2024

Schneier on Security

This week, I hosted the seventeenth Workshop on Security and Human Behavior at the Harvard Kennedy School. This is the first workshop since our co-founder, Ross Anderson, died unexpectedly. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security. The fifty or so attendees include psychologists, economists, computer security researchers, criminologists, sociologists, political scientists, designers, lawyers, philosophers, anthropologists, geo

article thumbnail

Trust Libraries: 10 Pledges for libraries to a new Government

CILIP

Trust Libraries: 10 Pledges for libraries to a new Government A General Election is just round the corner and its outcome will affect us all, with a new government and potentially hundreds of new MPs taking their seats in the House of Commons. Trust Libraries: Our pledge to the public and the next government is CILIP’s call to incoming politicians to trust libraries to deliver ten key pledges, whatever political parties are represented in the Government of tomorrow.

article thumbnail

10 Rules for Managing Apache Kafka

Without proper guidance, it’s easy to miss out on Kafka’s full capabilities. While not the easiest technology to optimize, Kafka rewards those willing to explore its depths. Under the hood, it is an elegant system for stream processing, event sourcing, and data integration. Download this white paper to learn the 10 critical rules that will help you optimize your Kafka system and unlock its full potential.

article thumbnail

Nearly Three-Quarters of Organizations Were the Target of Attempted Business Email Compromise Attacks

KnowBe4

New data highlights just how dangerous this often malwareless cyber attack method really is, and whether organizations were ready to stop the attack.

article thumbnail

The Justice Department Took Down the 911 S5 Botnet

Schneier on Security

The US Justice Department has dismantled an enormous botnet: According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide. These devices were associated with more than 19 million unique IP addresses, including 613,841 IP addresses located in the United States.

article thumbnail

Defense-in-depth: Effective, layered security

Jamf

Modern threats are complex. If complexity is the enemy of security, then defense-in-depth is the answer to keeping your infrastructure protected by closing gaps in security and mitigating sophisticated threats.

article thumbnail

Document Scanning for Higher Education

Record Nations

Document scanning is an efficient, secure way to keep track of and store files over time. When you digitize documents it saves you physical space, provides an easy way to collaborate and share, and gives you the ability to search and edit documents. These are capabilities that benefit institutions of all kinds, including higher education. Document Scanning for Higher Education The post Document Scanning for Higher Education appeared first on Record Nations.

article thumbnail

Navigating the Future: Generative AI, Application Analytics, and Data

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

article thumbnail

Minnesotans Targeted by Scammers With Phony Arrest Warrants

KnowBe4

The Minnesota Judicial Branch has issued an advisory warning that scammers are messaging Minnesotans with phony arrest warrants for missing jury duty.

article thumbnail

UAC-0020 threat actor used the SPECTR Malware to target Ukraine’s defense forces

Security Affairs

Ukraine CERT-UA warned of cyber attacks targeting defense forces with SPECTR malware as part of a cyber espionage campaign dubbed SickSync. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of cyber espionage campaign targeting defense forces in the country. The Ukrainian CERT attributes the attack to the threat actor UAC-0020 which employed a malware called SPECTR as part of the campaign tracked as SickSync.

article thumbnail

My Story So Far and Your Own Career Journey

Lenny Zeltser

Wherever you are in your professional journey, it helps to peak into another's career story to learn from their approach, mistakes, and triumphs. In the following three videos, I reflect on my career so far to share my story, hoping that others in the industry will find it useful. Perhaps you'll glean from these short episodes the insights that will help you chart your own path in cybersecurity.

article thumbnail

Beyond the buzzwords: Automating protection with AI-enabled solutions for modern cybersecurity

OpenText Information Management

The concept of security posture, as defined by the National Institute of Standards and Technology (NIST), refers to an organization's overall cybersecurity strength—including its defenses and adaptability to evolving threats. This blog explores the transition of cybersecurity strategies from a reactive approach to enabling actionable visibility, for proactive protection across the expanding attack surface, and reducing risk in today's digital enterprises.

article thumbnail

Get Better Network Graphs & Save Analysts Time

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

article thumbnail

Artificial intelligence: standards and regulations

Jamf

Artificial intelligence is a growing technology used in many aspects of our lives. Learn how governments are regulating and developing AI frameworks to encourage responsible AI development.

article thumbnail

Tenable Boosts Data, Cloud Security With Eureka Acquisition

Data Breach Today

Tenable to Natively Integrate Eureka's Data Security Posture Management Product Tenable plans to acquire Israeli startup Eureka to enhance its cloud security platform with advanced data security posture management capabilities. The transaction aims to provide customers with comprehensive risk assessment and management tools in a single, unified platform.

Cloud 161
article thumbnail

Friday Squid Blogging: Squid Catch Quotas in Peru

Schneier on Security

Peru has set a lower squid quota for 2024. The article says “giant squid,” but that seems wrong. We don’t eat those. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.

article thumbnail

ISMG Editors: Infosecurity Europe Conference 2024 Wrap-Up

Data Breach Today

Panelists Discuss Latest Updates on AI Tech, Cyber Resilience and Regulations Live from Infosecurity Europe Conference 2024 in London, ISMG editors and special guest CISO Ian Thornton-Trump close the event by discussing key topics including progress on AI-based cybersecurity solutions, efforts to help organizations boost resilience, and the looming specter of new regulations.

article thumbnail

How Embedded Analytics Gets You to Market Faster with a SAAS Offering

Start-ups & SMBs launching products quickly must bundle dashboards, reports, & self-service analytics into apps. Customers expect rapid value from your product (time-to-value), data security, and access to advanced capabilities. Traditional Business Intelligence (BI) tools can provide valuable data analysis capabilities, but they have a barrier to entry that can stop small and midsize businesses from capitalizing on them.