Security Affairs

JUNE 14, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android Pixel, Microsoft Windows, Progress Telerik Report Server bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-32896 Android Pixel Privilege Escalation Vulnerability CVE-2024-26169 Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerabi

IT 327

IT Authentication Cybersecurity Risk 327

Data Breach Today

JUNE 14, 2024

Palo Alto Networks Reaches Leaderboard While Trend Micro Falls to Strong Performer The XDR market has matured significantly, Forrester found. Leading vendors such as Microsoft, Palo Alto Networks and CrowdStrike are supporting diverse telemetry sources and developing strategies to replace traditional SIEM tools. These advancements give better detection quality and cost management.

Marketing 289

Marketing 289

Security Affairs

JUNE 14, 2024

In January 2025, European financial and insurance institutions, their business partners and providers, must comply with DORA. In January 2025, financial and insurance institutions in Europe and any organizations that do business with them must comply with the Digital Operation Resilience Act, also known as DORA. This regulation from the European Union (EU) is intended to both strengthen IT security and enhance the digital resilience of the European financial market.

Compliance 311

Compliance Insurance Risk Cloud 311

Data Breach Today

JUNE 14, 2024

The chaos experienced by thousands of healthcare organizations in the wake of the massive Change Healthcare cyberattack and IT outage in February is proof that most organizations are simply unprepared for such devastating incidents, said Bryan Chnowski, deputy CISO at Nuvance Health.

IT 288

IT 288

Speaker: Dr. Christine Gall, DrPH, MS, BSN, RN

The promise of virtual care is no longer theoretical and is now a critical solution to many of healthcare’s most urgent challenges. Yet many healthcare leaders remain unsure how to build a business case for investment and launching the right program at the right time can be the difference between value and failure. For organizations seeking a financially sound, clinically effective entry point, Virtual Patient Observation (VPO) offers a compelling case to lead with.

Schneier on Security

JUNE 14, 2024

This is really neat demo of the security problems arising from reusing nonces with a symmetric cipher in GCM mode.

Security 126

Security Encryption 126

KnowBe4

JUNE 14, 2024

A phishing campaign is impersonating recruiting firms to target job seekers with a new strain of malware, according to researchers at Elastic Security.

Phishing 124

Phishing Security 124

Data Breach Today

JUNE 14, 2024

Many healthcare organizations have discovered major gaps in business operations preparedness - the ability to quickly rebound from major IT disruptions, such as those caused by the Change Healthcare cyberattack. Jigar Kadakia, CISO of Emory Healthcare, said it's time to come up with a Plan B.

IT 285

IT 285

Schneier on Security

JUNE 14, 2024

This is a current list of where and when I am scheduled to speak: I’m appearing on a panel on Society and Democracy at ACM Collective Intelligence in Boston, Massachusetts. The conference runs from June 26 through 29, 2024, and my panel is at 9:00 AM on Friday, June 28. I’m speaking on “Reimagining Democracy in the Age of AI” at the Bozeman Library in Bozeman, Montana, USA, July 18, 2024.

Libraries 121

Libraries 121

Data Breach Today

JUNE 14, 2024

Also: ISMG's Summit in Chicago; Navigating Regulatory Change In the latest weekly update, ISMG editors discussed the upcoming North America Midwest Cybersecurity Summit, challenges and solutions regarding AI training data, and the implications of the new European Union Artificial Intelligence Act for CISOs.

Artificial Intelligence 282

Artificial Intelligence Cybersecurity 282

Speaker: Lee Andrews, Founder at LJA New Media & Tony Karrer, Founder and CTO at Aggregage

This session will walk you through how one CEO used generative AI, workflow automation, and sales personalization to transform an entire security company—then built the Zero to Strategy framework that other mid-market leaders are now using to unlock 3.5x ROI. As a business executive, you’ll learn how to assess AI opportunities in your business, drive adoption across teams, and overcome internal resource constraints—without hiring a single data scientist.

Marketing

KnowBe4

JUNE 14, 2024

Based on news cycles within cybersecurity, it's easy to fall into the trap of thinking that threats only come from certain parts of the world or that they only target specific industries. However, the reality is that cyber attacks know no borders, and no organisation is immune.

Security awareness 117

Security awareness Cybersecurity Security IT 117

Data Breach Today

JUNE 14, 2024

Enterprise Monitoring Systems Failed to Detect Ex-Worker's Unauthorized Logins A Singapore court has sentenced a former employee of NCS Group to two years and eight months in prison for accessing the company's software test environment and wiping 180 virtual servers months after his employment ended. The company detected the unauthorized access after he deleted the servers.

Risk 278

Risk Access 278

eSecurity Planet

JUNE 14, 2024

Keeper and LastPass are password managers best fit for small to medium organizations, providing fundamental password management and login functionality. Both solutions improve password protection; however, their focus differs. LastPass highlights user experience, whereas Keeper promotes better security. My comparison shows their key differentiators, pros, and cons to help you determine which is the better suited solution for you.

Passwords 64

Passwords Authentication Access Encryption 64

Data Breach Today

JUNE 14, 2024

Increase in Known Vulnerabilities and Zero-Days Is Fueling Mass Hacking Campaigns Attackers are increasingly targeting cybersecurity devices deployed on the network edge to pivot into enterprise environments, as they take advantage of a surge in zero-day and known vulnerabilities in such devices, which organizations can take months to patch.

Cybersecurity 223

Cybersecurity 223

Speaker: Alex Salazar, CEO & Co-Founder @ Arcade | Nate Barbettini, Founding Engineer @ Arcade | Tony Karrer, Founder & CTO @ Aggregage

There’s a lot of noise surrounding the ability of AI agents to connect to your tools, systems and data. But building an AI application into a reliable, secure workflow agent isn’t as simple as plugging in an API. As an engineering leader, it can be challenging to make sense of this evolving landscape, but agent tooling provides such high value that it’s critical we figure out how to move forward.

Security

Jamf

JUNE 14, 2024

Discover how Apple TV digital signage can transform educational environments. Learn about the benefits and practical applications of digital signage in schools.

Education 49

Education 49

Data Breach Today

JUNE 14, 2024

Healthcare is increasingly complex and interconnected, and the push to exchange more digital patient information among providers adds to the threat of busy staff falling victim to phishing and other scams that can jeopardize data, said Krista Arndt, CISO of United Musculoskeletal Partners.

Risk 173

Risk Phishing 173

Jamf

JUNE 14, 2024

At WWDC 2024, Apple announced exciting new features across their device ecosystem. Learn how the latest operating systems and Apple Intelligence impact learning.

Education 40

Education 40

Data Breach Today

JUNE 14, 2024

Tech Giant to Test AI Feature Via Windows Insider Program Microsoft dialed back even further its plans to roll out Recall, an automatic screenshot feature indexed by artificial intelligence that has garnered opposition from users and security and privacy advocates. The move is Microsoft's second retreat from Recall within a week.

Artificial Intelligence 173

Artificial Intelligence Privacy Security IT 173

Speaker: Frank Taliano

Documents are the backbone of enterprise operations, but they are also a common source of inefficiency. From buried insights to manual handoffs, document-based workflows can quietly stall decision-making and drain resources. For large, complex organizations, legacy systems and siloed processes create friction that AI is uniquely positioned to resolve.

IT

Schneier on Security

JUNE 14, 2024

Squid humor. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.

Security 117

Security 117

Data Breach Today

JUNE 14, 2024

Pontiff Calls for Ban of Autonomous Weapons and for Ethical Use of Emerging Tech Pope Francis during a speech at the G7 summit in Italy called for a ban of autonomous weapons and urged world leaders to keep humans and ethics at the forefront of the artificial intelligence revolution, making him the first pope to address the annual meeting of the world's wealthy democracies.

Artificial Intelligence 173

Artificial Intelligence 173

Data Breach Today

JUNE 14, 2024

Ivanti Faces Another SQL Injection Flaw in Popular Endpoint Manager Product Security researchers have discovered another major vulnerability in Ivanti's widely used endpoint management system that can allow hackers to gain remote access for multiple devices at the same time. This comes just months after the company patched a separate SQL injection flaw in the same product.

Security 162

Security Access 162