Thu.Jun 20, 2024

article thumbnail

Critical UEFI Flaw in Phoenix Firmware Hits Major PC Brands

Data Breach Today

Buffer Overflow Vulnerability Lets Attackers Control Devices A vulnerability in a common implementation of the firmware booting up desktop computers powered by Intel chips could allow attackers to obtain ongoing persistence, warn security researchers. The flaw is a buffer overflow vulnerability in the Phoenix Technologies SecureCore UEFI implementation.

Security 291
article thumbnail

RSAC Fireside Chat: Tightened budgets impose discipline on CISOs, resets security investments

The Last Watchdog

CISOs have been on something of a wild roller coaster ride the past few years. Related: Why breaches persist When Covid 19 hit in early 2020, the need to secure company networks in a new way led to panic spending on cybersecurity tools. Given carte blanche, many CISOs purchased a hodge podge of unproven point solutions, adding to complexity. By mid-2022, with interest rates climbing and the stock market cratering, CFOs began demanding proof of a reasonable return on investment.

Security 130
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Victims of Snowflake Data Breach Receive Ransom Demands

Data Breach Today

Attackers Demanding Up to $5 Million to Delete Stolen Data, Investigators Report Attackers who stole terabytes of data from customers of Snowflake have been not only offering the data for sale on data leak marketplaces but also extorting some of the victims, demanding a ransom of $300,000 to $5 million each, security researchers report.

article thumbnail

An unpatched bug allows anyone to impersonate Microsoft corporate email accounts

Security Affairs

A researcher discovered a flaw that allows attackers to impersonate Microsoft corporate email accounts and launch phishing attacks. The security researcher Vsevolod Kokorin (@Slonser) discovered a bug that allows anyone to impersonate Microsoft corporate email accounts. An attacker can trigger the vulnerability to launch phishing attacks. I want to share my recent case: > I found a vulnerability that allows sending a message from any user@domain > We cannot reproduce it > I send a v

Phishing 120
article thumbnail

Provide Real Value in Your Applications with Data and Analytics

The complexity of financial data, the need for real-time insight, and the demand for user-friendly visualizations can seem daunting when it comes to analytics - but there is an easier way. With Logi Symphony, we aim to turn these challenges into opportunities. Our platform empowers you to seamlessly integrate advanced data analytics, generative AI, data visualization, and pixel-perfect reporting into your applications, transforming raw data into actionable insights.

article thumbnail

Cryptohack Roundup: Kraken, CertiK Feud Over Zero-Day, $3M

Data Breach Today

Also: UwU Lend's Hacks, Terraform Labs' Dissolution, Gemini's Settlement This week, CertiK researchers allegedly stole money from Kraken, UwU Lend was hacked, Terraform Labs shut down, Gemini will pay defrauded investors, three entities claimed seized FTX assets, a Chinese bank suffered embezzlement and money laundering, and the SEC's crypto head is leaving.

271
271

More Trending

article thumbnail

European CSAM Scanning Proposal Runs Into Opposition

Data Breach Today

Council of the European Union Cancels Vote A proposal requiring online chat providers to scan images and links for child pornography failed to garner majority support Thursday from European Union trading bloc governments. The bill would require chat app users to consent to having images and URLs scanned for child sexual abuse material.

article thumbnail

Recovering Public Keys from Signatures

Schneier on Security

Interesting summary of various ways to derive the public key from digitally signed files. Normally, with a signature scheme, you have the public key and want to know whether a given signature is valid. But what if we instead have a message and a signature, assume the signature is valid, and want to know which public key signed it? A rather delightful property if you want to attack anonymity in some proposed “everybody just uses cryptographic signatures for everything” scheme.

IT 109
article thumbnail

DHS Unveils Critical Infrastructure Cybersecurity Guidance

Data Breach Today

DHS Calls for Public-Private Collaboration on Critical Infrastructure Security Critical infrastructure sectors face many potentially disruptive threats such as supply chain vulnerabilities and the growing dependency on space-based systems. But the top cyberthreats facing the U.S. are the People's Republic of China and emerging risks associated with AI and quantum computing.

article thumbnail

The Indispensable World of Red Teaming

KnowBe4

In this mad, mad world of breaches, organizations are scrambling to keep their heads above water. It's like trying to navigate a minefield while blindfolded and riding a unicycle — one wrong move, and everything goes up in flames.

IT 106
article thumbnail

Entity Resolution: Your Guide to Deciding Whether to Build It or Buy It

Adding high-quality entity resolution capabilities to enterprise applications, services, data fabrics or data pipelines can be daunting and expensive. Organizations often invest millions of dollars and years of effort to achieve subpar results. This guide will walk you through the requirements and challenges of implementing entity resolution. By the end, you'll understand what to look for, the most common mistakes and pitfalls to avoid, and your options.

article thumbnail

Atlassian fixed six high-severity bugs in Confluence Data Center and Server

Security Affairs

Australian software company Atlassian addressed multiple high-severity vulnerabilities in its Confluence, Crucible, and Jira solutions. Atlassian June 2024 Security Bulletin addressed nine high-severity vulnerabilities in Confluence, Crucible, and Jira products. The most severe issue addressed by the company is an improper authorization org.springframework.security:spring-security-core dependency in Confluence Data Center and Server.

Security 101
article thumbnail

Post Office accidentally leaks names and addresses of wrongfully convicted operators

The Guardian Data Protection

Company refers itself to data watchdog after publishing personal details of 555 people involved in Horizon IT lawsuit The Post Office has launched an “urgent” investigation and referred itself to the data watchdog after it accidentally published the names and addresses of hundreds of post office operators on its corporate website. The state-owned body published the personal details of 555 people who had been involved in suing the Post Office in a high court lawsuit in 2019.

IT 100
article thumbnail

New Rust infostealer Fickle Stealer spreads through various attack methods

Security Affairs

New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration A new Rust malware called Fickle Stealer spreads through various attack methods and steals sensitive information. Fortinet FortiGuard Labs researchers detected a new Rust-based information stealer called Fickle Stealer which spread through multiple attack vectors. The malware has an intricate code and relies on multiple strategies for its distribution, including VBA dropper, VBA downloader, link downloader, and ex

article thumbnail

Gimmal Extends Microsoft Purview Information Protection Solution for Enhanced Sensitive Data Labeling and Governance

Gimmal

Thursday, June 20, 2024 – HOUSTON, TX – Gimmal, the market’s only end-to-end information governance platform, announced today the launch of their Microsoft Purview Sensitivity Labels solution to extend and enhance sensitive data classification for unstructured data sources, such as network file shares and endpoints. Modern remote and hybrid work environments have compounded security and compliance risks for organizations and public sector agencies.

article thumbnail

Deliver Mission Critical Insights in Real Time with Data & Analytics

In the fast-moving manufacturing sector, delivering mission-critical data insights to empower your end users or customers can be a challenge. Traditional BI tools can be cumbersome and difficult to integrate - but it doesn't have to be this way. Logi Symphony offers a powerful and user-friendly solution, allowing you to seamlessly embed self-service analytics, generative AI, data visualization, and pixel-perfect reporting directly into your applications.

article thumbnail

Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale

Security Affairs

Resecurity researchers warn of a new activity of Smishing Triad , which has expanded its operations to Pakistan. Resecurity has identified a new activity of Smishing Triad , which has expanded its operations to Pakistan. The group’s latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile carriers via iMessage/SMS.

article thumbnail

Transition to a Fully Digital Government: Digital Signatures

National Archives Records Express

Still image from Video Recording of the Electronic Signatures in Global and National Commerce Act NAID 6850807 This blog post is the second in a series focusing on specific areas agencies should consider in their transition to fully digital government. Fully Digital Government and Digital Electronic Signatures Since the passage of the Government Paperwork Elimination Act (GPEA) in 1998 and the Electronic Signatures In Global And National Commerce Act in 2000, digital signatures have been the pr

article thumbnail

Defense-in-depth: Integrated security approach for enterprise

Jamf

Closing security gaps requires a holistic solution. Keeping enterprise resources compliant and safe from sophisticated threats takes an integrated, layered approach, that provides native support for device and OS types while prioritizing efficacy and efficiency to drive organization ROI.

article thumbnail

The 80th Anniversary of the G.I. Bill

Unwritten Record

This post was created in collaboration with Chris Byrd, Archives Technician in the Still Picture Branch. Original Caption: Pvt. Sidney Rosenfeld of 1001 42nd St., Des Moines, Iowa, known as one of the most ingenious and energetic men in his outfit waded ashore at Omaha Beach with the US Sixth Engineer Special Brigade and then volunteered for the paratroopers.

article thumbnail

10 Rules for Managing Apache Cassandra

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

article thumbnail

Keeper vs Bitwarden (2024): Benefits & Features Compared

eSecurity Planet

Keeper and Bitwarden are password manager products that help your business manage its application credentials across all platforms. Keeper is a strong solution for both small businesses and large enterprises. Bitwarden is great for mid-sized businesses and teams that want to self-host a password manager. I evaluated Keeper and Bitwarden’s features, business plans, and pros and cons so you can decide which solution is a better fit for your organization.

Passwords 103
article thumbnail

What the BastionZero Acquisition means for Cloudflare

Adapture

Cloudflare Inc announced its acquisition of BastionZero , a Zero Trust infrastructure access platform, on Thursday, May 30. The acquisition was announced on the day of Cloudflare’s North American Partner Summit and follows the acquisitions of Baselime and PartyKit , both of which were acquired in April. BastionZero is a leader in Zero Trust, both in cloud and on-prem environments.

Access 59
article thumbnail

China-linked spies target Asian Telcos since at least 2021

Security Affairs

A China-linked cyber espionage group has compromised telecom operators in an Asian country since at least 2021. The Symantec Threat Hunter Team reported that an alleged China-linked APT group has infiltrated several telecom operators in a single, unnamed, Asian country at least since 2021. The threat actors used tools associated with Chinese espionage groups, they planted multiple backdoors on the networks of targeted companies to steal credentials. “The attacks have been underway since a

article thumbnail

Will Upcoming HHS Cyber Regs Move Needle in Health Sector?

Data Breach Today

New Minimum Cyber Mandates Expected for Hospitals, But Is That Enough? The Biden administration will soon issue regulations to bolster cybersecurity in the healthcare sector. Hospitals are expected to be the first group required to implement new "minimum" mandates based on "cybersecurity performance goals" released in January. Will this be enough to move the needle?

article thumbnail

Using Data & Analytics for Improving Healthcare Innovation and Outcomes

In the rapidly evolving healthcare industry, delivering data insights to end users or customers can be a significant challenge for product managers, product owners, and application team developers. The complexity of healthcare data, the need for real-time analytics, and the demand for user-friendly interfaces can often seem overwhelming. But with Logi Symphony, these challenges become opportunities.

article thumbnail

US Bans Kaspersky Software

WIRED Threat Level

Using a Trump-era authority, the US Commerce Department has banned the sale of Kaspersky’s antivirus tools to new customers in the US, citing alleged threats to national security.

Sales 142
article thumbnail

Biden Administration Bans Kaspersky Antivirus Software

Data Breach Today

New Updates for Customers Will Become Unavailable on September 29 The U.S. federal government is taking broad enforcement actions against the Russian cybersecurity giant Kaspersky Labs by banning the company from selling its antivirus software products in the United States after an investigation raised national security concerns.

article thumbnail

US bans sale of Kaspersky products due to risks to national security

Security Affairs

The US government announced the ban on selling Kaspersky software due to security risks from Russia and urged citizens to replace it. The Biden administration announced it will ban the sale of Kaspersky antivirus software due to the risks posed by Russia to U.S. national security. The U.S. government is implementing a new rule leveraging powers established during the Trump administration to ban the sale of Kaspersky software, citing national security risks posed by Russia.

Sales 87
article thumbnail

KrebsOnSecurity Threatened with Defamation Lawsuit Over Fake Radaris CEO

Krebs on Security

On March 8, 2024, KrebsOnSecurity published a deep dive on the consumer data broker Radaris , showing how the original owners are two men in Massachusetts who operated multiple Russian language dating services and affiliate programs, in addition to a dizzying array of people-search websites. The subjects of that piece are threatening to sue KrebsOnSecurity for defamation unless the story is retracted.

Marketing 274
article thumbnail

10 Rules for Managing Apache Kafka

Without proper guidance, it’s easy to miss out on Kafka’s full capabilities. While not the easiest technology to optimize, Kafka rewards those willing to explore its depths. Under the hood, it is an elegant system for stream processing, event sourcing, and data integration. Download this white paper to learn the 10 critical rules that will help you optimize your Kafka system and unlock its full potential.