Security Affairs

JUNE 20, 2024

A researcher discovered a flaw that allows attackers to impersonate Microsoft corporate email accounts and launch phishing attacks. The security researcher Vsevolod Kokorin (@Slonser) discovered a bug that allows anyone to impersonate Microsoft corporate email accounts. An attacker can trigger the vulnerability to launch phishing attacks. I want to share my recent case: > I found a vulnerability that allows sending a message from any user@domain > We cannot reproduce it > I send a v

Phishing 363

Phishing Communications IT Security 363

Data Breach Today

JUNE 20, 2024

Buffer Overflow Vulnerability Lets Attackers Control Devices A vulnerability in a common implementation of the firmware booting up desktop computers powered by Intel chips could allow attackers to obtain ongoing persistence, warn security researchers. The flaw is a buffer overflow vulnerability in the Phoenix Technologies SecureCore UEFI implementation.

Security 295

Security 295

Security Affairs

JUNE 20, 2024

A China-linked cyber espionage group has compromised telecom operators in an Asian country since at least 2021. The Symantec Threat Hunter Team reported that an alleged China-linked APT group has infiltrated several telecom operators in a single, unnamed, Asian country at least since 2021. The threat actors used tools associated with Chinese espionage groups, they planted multiple backdoors on the networks of targeted companies to steal credentials. “The attacks have been underway since a

Communications 345

Communications Encryption IT Information Security 345

Data Breach Today

JUNE 20, 2024

Attackers Demanding Up to $5 Million to Delete Stolen Data, Investigators Report Attackers who stole terabytes of data from customers of Snowflake have been not only offering the data for sale on data leak marketplaces but also extorting some of the victims, demanding a ransom of $300,000 to $5 million each, security researchers report.

Data breaches 284

Data breaches Sales Security 284

Speaker: Lee Andrews, Founder at LJA New Media & Tony Karrer, Founder and CTO at Aggregage

This session will walk you through how one CEO used generative AI, workflow automation, and sales personalization to transform an entire security company—then built the Zero to Strategy framework that other mid-market leaders are now using to unlock 3.5x ROI. As a business executive, you’ll learn how to assess AI opportunities in your business, drive adoption across teams, and overcome internal resource constraints—without hiring a single data scientist.

Marketing

Security Affairs

JUNE 20, 2024

Australian software company Atlassian addressed multiple high-severity vulnerabilities in its Confluence, Crucible, and Jira solutions. Atlassian June 2024 Security Bulletin addressed nine high-severity vulnerabilities in Confluence, Crucible, and Jira products. The most severe issue addressed by the company is an improper authorization org.springframework.security:spring-security-core dependency in Confluence Data Center and Server.

Security 341

Security IT Information Security 341

Security Affairs

JUNE 20, 2024

New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration A new Rust malware called Fickle Stealer spreads through various attack methods and steals sensitive information. Fortinet FortiGuard Labs researchers detected a new Rust-based information stealer called Fickle Stealer which spread through multiple attack vectors. The malware has an intricate code and relies on multiple strategies for its distribution, including VBA dropper, VBA downloader, link downloader, and ex

File names 339

File names IT Information Security Security 339

Data Breach Today

JUNE 20, 2024

Council of the European Union Cancels Vote A proposal requiring online chat providers to scan images and links for child pornography failed to garner majority support Thursday from European Union trading bloc governments. The bill would require chat app users to consent to having images and URLs scanned for child sexual abuse material.

Government 264

Government 264

Security Affairs

JUNE 20, 2024

Resecurity researchers warn of a new activity of Smishing Triad , which has expanded its operations to Pakistan. Resecurity has identified a new activity of Smishing Triad , which has expanded its operations to Pakistan. The group’s latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile carriers via iMessage/SMS.

Data breaches 313

Data breaches Personal data Phishing IT 313

Data Breach Today

JUNE 20, 2024

DHS Calls for Public-Private Collaboration on Critical Infrastructure Security Critical infrastructure sectors face many potentially disruptive threats such as supply chain vulnerabilities and the growing dependency on space-based systems. But the top cyberthreats facing the U.S. are the People's Republic of China and emerging risks associated with AI and quantum computing.

Cybersecurity 147

Cybersecurity Risk Security 147

Speaker: Alex Salazar, CEO & Co-Founder @ Arcade | Nate Barbettini, Founding Engineer @ Arcade | Tony Karrer, Founder & CTO @ Aggregage

There’s a lot of noise surrounding the ability of AI agents to connect to your tools, systems and data. But building an AI application into a reliable, secure workflow agent isn’t as simple as plugging in an API. As an engineering leader, it can be challenging to make sense of this evolving landscape, but agent tooling provides such high value that it’s critical we figure out how to move forward.

Security

Schneier on Security

JUNE 20, 2024

Interesting summary of various ways to derive the public key from digitally signed files. Normally, with a signature scheme, you have the public key and want to know whether a given signature is valid. But what if we instead have a message and a signature, assume the signature is valid, and want to know which public key signed it? A rather delightful property if you want to attack anonymity in some proposed “everybody just uses cryptographic signatures for everything” scheme.

IT 132

IT 132

The Last Watchdog

JUNE 20, 2024

CISOs have been on something of a wild roller coaster ride the past few years. Related: Why breaches persist When Covid 19 hit in early 2020, the need to secure company networks in a new way led to panic spending on cybersecurity tools. Given carte blanche, many CISOs purchased a hodge podge of unproven point solutions, adding to complexity. By mid-2022, with interest rates climbing and the stock market cratering, CFOs began demanding proof of a reasonable return on investment.

Security 130

Security Cybersecurity Marketing Compliance 130

KnowBe4

JUNE 20, 2024

Scammers are now impersonating legitimate services like Booking.com and Kayak to target people planning their summer vacations. One out of every 33 vacation-themed domains registered last month was malicious, researchers at Check Point warn.

Security 122

Security 122

The Guardian Data Protection

JUNE 20, 2024

Company refers itself to data watchdog after publishing personal details of 555 people involved in Horizon IT lawsuit The Post Office has launched an “urgent” investigation and referred itself to the data watchdog after it accidentally published the names and addresses of hundreds of post office operators on its corporate website. The state-owned body published the personal details of 555 people who had been involved in suing the Post Office in a high court lawsuit in 2019.

IT 108

IT 108

Speaker: Frank Taliano

Documents are the backbone of enterprise operations, but they are also a common source of inefficiency. From buried insights to manual handoffs, document-based workflows can quietly stall decision-making and drain resources. For large, complex organizations, legacy systems and siloed processes create friction that AI is uniquely positioned to resolve.

IT

KnowBe4

JUNE 20, 2024

In this mad, mad world of breaches, organizations are scrambling to keep their heads above water. It's like trying to navigate a minefield while blindfolded and riding a unicycle — one wrong move, and everything goes up in flames.

IT 119

IT Phishing 119

eSecurity Planet

JUNE 20, 2024

Keeper and Bitwarden are password manager products that help your business manage its application credentials across all platforms. Keeper is a strong solution for both small businesses and large enterprises. Bitwarden is great for mid-sized businesses and teams that want to self-host a password manager. I evaluated Keeper and Bitwarden’s features, business plans, and pros and cons so you can decide which solution is a better fit for your organization.

Passwords 107

Passwords Authentication Encryption Security 107

Adapture

JUNE 20, 2024

Cloudflare Inc announced its acquisition of BastionZero , a Zero Trust infrastructure access platform, on Thursday, May 30. The acquisition was announced on the day of Cloudflare’s North American Partner Summit and follows the acquisitions of Baselime and PartyKit , both of which were acquired in April. BastionZero is a leader in Zero Trust, both in cloud and on-prem environments.

Access 59

Access Cloud Authentication Compliance 59

Gimmal

JUNE 20, 2024

Thursday, June 20, 2024 – HOUSTON, TX – Gimmal, the market’s only end-to-end information governance platform, announced today the launch of their Microsoft Purview Sensitivity Labels solution to extend and enhance sensitive data classification for unstructured data sources, such as network file shares and endpoints. Modern remote and hybrid work environments have compounded security and compliance risks for organizations and public sector agencies.

Government 52

Government Unstructured data Information governance Metadata 52

Advertiser: ZoomInfo

AI adoption is reshaping sales and marketing. But is it delivering real results? We surveyed 1,000+ GTM professionals to find out. The data is clear: AI users report 47% higher productivity and an average of 12 hours saved per week. But leaders say mainstream AI tools still fall short on accuracy and business impact. Download the full report today to see how AI is being used — and where go-to-market professionals think there are gaps and opportunities.

Sales

National Archives Records Express

JUNE 20, 2024

Still image from Video Recording of the Electronic Signatures in Global and National Commerce Act NAID 6850807 This blog post is the second in a series focusing on specific areas agencies should consider in their transition to fully digital government. Fully Digital Government and Digital Electronic Signatures Since the passage of the Government Paperwork Elimination Act (GPEA) in 1998 and the Electronic Signatures In Global And National Commerce Act in 2000, digital signatures have been the pr

Government 52

Government Computer and Electronics Paper Metadata 52

Unwritten Record

JUNE 20, 2024

This post was created in collaboration with Chris Byrd, Archives Technician in the Still Picture Branch. Original Caption: Pvt. Sidney Rosenfeld of 1001 42nd St., Des Moines, Iowa, known as one of the most ingenious and energetic men in his outfit waded ashore at Omaha Beach with the US Sixth Engineer Special Brigade and then volunteered for the paratroopers.

Archiving 48

Archiving Education Libraries Risk 48

Jamf

JUNE 20, 2024

Closing security gaps requires a holistic solution. Keeping enterprise resources compliant and safe from sophisticated threats takes an integrated, layered approach, that provides native support for device and OS types while prioritizing efficacy and efficiency to drive organization ROI.

Security 40

Security 40

Data Breach Today

JUNE 20, 2024

New Minimum Cyber Mandates Expected for Hospitals, But Is That Enough? The Biden administration will soon issue regulations to bolster cybersecurity in the healthcare sector. Hospitals are expected to be the first group required to implement new "minimum" mandates based on "cybersecurity performance goals" released in January. Will this be enough to move the needle?

Cybersecurity 147

Cybersecurity 147

Speaker: Ben Epstein, Stealth Founder & CTO | Tony Karrer, Founder & CTO, Aggregage

When tasked with building a fundamentally new product line with deeper insights than previously achievable for a high-value client, Ben Epstein and his team faced a significant challenge: how to harness LLMs to produce consistent, high-accuracy outputs at scale. In this new session, Ben will share how he and his team engineered a system (based on proven software engineering approaches) that employs reproducible test variations (via temperature 0 and fixed seeds), and enables non-LLM evaluation m

Krebs on Security

JUNE 20, 2024

On March 8, 2024, KrebsOnSecurity published a deep dive on the consumer data broker Radaris , showing how the original owners are two men in Massachusetts who operated multiple Russian language dating services and affiliate programs, in addition to a dizzying array of people-search websites. The subjects of that piece are threatening to sue KrebsOnSecurity for defamation unless the story is retracted.

Marketing 338

Marketing Data Privacy Communications IT 338

Data Breach Today

JUNE 20, 2024

New Updates for Customers Will Become Unavailable on September 29 The U.S. federal government is taking broad enforcement actions against the Russian cybersecurity giant Kaspersky Labs by banning the company from selling its antivirus software products in the United States after an investigation raised national security concerns.

Cybersecurity 278

Cybersecurity Government Security IT 278

WIRED Threat Level

JUNE 20, 2024

Using a Trump-era authority, the US Commerce Department has banned the sale of Kaspersky’s antivirus tools to new customers in the US, citing alleged threats to national security.

Sales 363

Sales Security 363

Security Affairs

JUNE 20, 2024

The US government announced the ban on selling Kaspersky software due to security risks from Russia and urged citizens to replace it. The Biden administration announced it will ban the sale of Kaspersky antivirus software due to the risks posed by Russia to U.S. national security. The U.S. government is implementing a new rule leveraging powers established during the Trump administration to ban the sale of Kaspersky software, citing national security risks posed by Russia.

Sales 329

Sales Risk Security Manufacturing 329

Advertiser: ZoomInfo

ZoomInfo customers aren’t just selling — they’re winning. Revenue teams using our Go-To-Market Intelligence platform grew pipeline by 32%, increased deal sizes by 40%, and booked 55% more meetings. Download this report to see what 11,000+ customers say about our Go-To-Market Intelligence platform and how it impacts their bottom line. The data speaks for itself!

Marketing