June, 2024

article thumbnail

On the Future of Cybersecurity in Hybrid Cloud Environments

Data Breach Today

An Interview with Gigamon's Chief Security Officer, Chaim Mazal Chief Information Security Officers (CISOs) face unprecedented challenges in their efforts to protect their organizations against a rising tide of increasingly sophisticated cyberthreats.

Cloud 316
article thumbnail

RSAC Fireside Chat: Seclore advances ‘EDRM’ by aligning granular controls onto sensitive data

The Last Watchdog

Digital rights management ( DRM ) has come a long way since Hollywood first recognized in the 1990s that it needed to rigorously protect digital music and movies. By the mid-2000s a branch called enterprise digital rights management ( EDRM ) cropped up to similarly protect sensitive business information. Today, businesses amass vast amounts of business-critical data – at a pace that’s quickening as GenAI takes hold.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. The Spanish daily Murcia Today reports the suspect was wanted by the FBI and arrested in Palma de Mallorca as he tried to board a flight to Italy.

Phishing 278
article thumbnail

LockBit claims the hack of the US Federal Reserve

Security Affairs

The Lockbit ransomware group announced that it had breached the US Federal Reserve and exfiltrated 33 TB of sensitive data. The Lockbit ransomware group announced that it had breached the systems of Federal Reserve of the United States and exfiltrated 33 TB of sensitive data, including “Americans’ banking secrets.” The Lockbit ransomware group added the Federal Reserve to the list of victims on its Tor data leak site and threatened to leak the stolen data on 25 June, 2024 20:27

article thumbnail

Provide Real Value in Your Applications with Data and Analytics

The complexity of financial data, the need for real-time insight, and the demand for user-friendly visualizations can seem daunting when it comes to analytics - but there is an easier way. With Logi Symphony, we aim to turn these challenges into opportunities. Our platform empowers you to seamlessly integrate advanced data analytics, generative AI, data visualization, and pixel-perfect reporting into your applications, transforming raw data into actionable insights.

article thumbnail

This Hacker Tool Extracts All the Data Collected by Windows’ New Recall AI

WIRED Threat Level

Windows Recall takes a screenshot every five seconds. Cybersecurity researchers say the system is simple to abuse—and one ethical hacker has already built a tool to show how easy it really is.

More Trending

article thumbnail

Spanish Police Bust Alleged Leader of Scattered Spider

Data Breach Today

US International Arrest Warrant Accuses Suspect of Cryptocurrency-Theft Campaigns Spanish National Police have arrested a 22-year-old British national based on an International Arrest Warrant from the U.S. that accuses him of stealing bitcoins worth $27 million. Reports suggest the suspect is a key member of the Scattered Spider cybercrime group that hacked MGM and Clorox.

306
306
article thumbnail

RSAC Fireside Chat: Jscrambler levels-up JavaScript security, slows GenAI-fueled privacy loss

The Last Watchdog

Could we be on the verge of Privacy Destruction 2.0, thanks to GenAI? Related: Next-level browser security That’s a question that spilled out of a thought-provoking conversation I had with Pedro Fortuna , co-founder and CTO of Jscrambler , at RSAC 2024. Jscrambler provides granular visibility and monitoring of JavaScript coding thus enabling companies to set and enforce security rules and privacy policies.

Privacy 261
article thumbnail

Bouncing Back: How to Investigate and Recover After a Ransomware Attack

Thales Cloud Protection & Licensing

Bouncing Back: How to Investigate and Recover After a Ransomware Attack madhav Thu, 06/13/2024 - 05:49 You've likely seen the headlines about ransomware attacks and the monumental challenges they pose for organizations. But what should you do when an attack occurs, even if you have a ransomware protection solution in place? In this post, we will delve into the forensics of a ransomware attack, showing you how to classify the attack and recover from it if a ransomware protection solution is in pl

article thumbnail

An unpatched bug allows anyone to impersonate Microsoft corporate email accounts

Security Affairs

A researcher discovered a flaw that allows attackers to impersonate Microsoft corporate email accounts and launch phishing attacks. The security researcher Vsevolod Kokorin (@Slonser) discovered a bug that allows anyone to impersonate Microsoft corporate email accounts. An attacker can trigger the vulnerability to launch phishing attacks. I want to share my recent case: > I found a vulnerability that allows sending a message from any user@domain > We cannot reproduce it > I send a v

Phishing 120
article thumbnail

Entity Resolution: Your Guide to Deciding Whether to Build It or Buy It

Adding high-quality entity resolution capabilities to enterprise applications, services, data fabrics or data pipelines can be daunting and expensive. Organizations often invest millions of dollars and years of effort to achieve subpar results. This guide will walk you through the requirements and challenges of implementing entity resolution. By the end, you'll understand what to look for, the most common mistakes and pitfalls to avoid, and your options.

article thumbnail

Microsoft's Recall Feature Is Even More Hackable Than You Thought

WIRED Threat Level

A new discovery that the AI-enabled feature's historical data can be accessed even by hackers without administrator privileges only contributes to the growing sense that the feature is a “dumpster fire.

Access 144
article thumbnail

Phishing Campaign Abuses Windows Search to Distribute Malware

KnowBe4

Researchers at Trustwave warn that a phishing campaign is distributing malware via HTML attachments disguised as invoices. Notably, the HTML files abuse the Windows Search protocol to launch Windows Explorer and trick users into installing the malware.

Phishing 112
article thumbnail

Hacker Sells Apparent Santander Bank Customer Data

Data Breach Today

ShinyHunters Advertises Data Set of '30 Million Customers' for $2 Million A hacker is selling the purported data of 30 million customers of Spanish multinational bank Santander for $2 million on a criminal online forum the FBI recently attempted to shut down. Sample data posted online suggests the data set is genuine.

310
310
article thumbnail

5 WordPress Plugins Compromised; Millions of Websites at Risk

eSecurity Planet

Millions of WordPress websites are under threat after a critical security breach involving several popular plugins. Security researchers discovered malicious code injected into these plugins, granting hackers the ability to create unauthorized administrator accounts. This compromise can lead to severe consequences for website owners, including data breaches and total website takeovers.

Risk 113
article thumbnail

10 Rules for Managing Apache Cassandra

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

article thumbnail

AI Will Increase the Quantity—and Quality—of Phishing Scams

Schneier on Security

A piece I coauthored with Fredrik Heiding and Arun Vishwanath in the Harvard Business Review : Summary. Gen AI tools are rapidly making these emails more advanced, harder to spot, and significantly more dangerous. Recent research showed that 60% of participants fell victim to artificial intelligence (AI)-automated phishing, which is comparable to the success rates of non-AI-phishing messages created by human experts.

Phishing 117
article thumbnail

London hospitals canceled over 800 operations in the week after Synnovis ransomware attack

Security Affairs

NHS England confirmed that multiple London hospitals impacted by the ransomware attack at Synnovis were forced to cancel planned operations. NHS England confirmed that the recent ransomware attack on Synnovis had a severe impact of multiple London hospitals, forcing them to cancel more than hundreds of scheduled operations. Synnovis is a pathology partnership between Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospitals NHS Trust, and SYNLAB, Europe’s largest provider of medical

article thumbnail

Microsoft Will Switch Off Recall by Default After Security Backlash

WIRED Threat Level

After weeks of withering criticism and exposed security flaws, Microsoft has vastly scaled back its ambitions for Recall, its AI-enabled silent recording feature, and added new privacy features.

Security 142
article thumbnail

Sinister "More_eggs" Malware Cracks Into Companies by Targeting Hiring Managers

KnowBe4

Job seekers, beware - cybercriminals have a nasty new way to slide their malicious code on corporate networks. Researchers have uncovered a devious phishing campaign that's distributing the powerful More_eggs backdoor by disguising it as resume submissions for open roles.

Phishing 113
article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

article thumbnail

German BSI Forces Microsoft to Disclose Security Measures

Data Breach Today

Company Publishes Information on Double Key Encryption Under Regulatory Pressure Following a legal intervention made by the German federal cybersecurity agency, Microsoft has disclosed additional information on encryption measures it adopted to secure its customer data. A new white paper details how the company is deploying double key encryption.

article thumbnail

Vulnerability Recap 6/18/24 – Patch Tuesday, Plus More Ivanti Issues

eSecurity Planet

The remote code execution vulnerabilities from last week’s recap continue, and Microsoft Patch Tuesday identifies plenty of issues to patch — but fortunately, most of them aren’t critical vulnerabilities. PHP’s Windows flaw is now being exploited by ransomware, almost immediately after researchers publicized the issue. Google also has an elevation of privilege vulnerability in its Pixel phones, among others; Android has published fixes for all the device issues.

article thumbnail

Breaking a Password Manager

Schneier on Security

Interesting story of breaking the security of the RoboForm password manager in order to recover a cryptocurrency wallet password. Grand and Bruno spent months reverse engineering the version of the RoboForm program that they thought Michael had used in 2013 and found that the pseudo-random number generator used to generate passwords in that version­and subsequent versions until 2015­did indeed have a significant flaw that made the random number generator not so random.

Passwords 116
article thumbnail

Google Chrome 126 update addresses multiple high-severity flaws

Security Affairs

Google released Chrome 126 update that addresses a high-severity vulnerability demonstrated at the TyphoonPWN 2024 hacking competition. Google has issued a Chrome 126 security update, addressing six vulnerabilities, including a flaw, tracked as CVE-2024-6100 which was demonstrated during the SSD Secure Disclosure’s TyphoonPWN 2024. TyphoonPWN is a live hacking competition held annually at TyphoonCon, an Offensive Security Conference in Seoul, South Korea.

Security 114
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

The Age of the Drone Police Is Here

WIRED Threat Level

A WIRED investigation, based on more than 22 million flight coordinates, reveals the complicated truth about the first full-blown police drone program in the US—and why your city could be next.

Privacy 143
article thumbnail

No Politician Too Small: School Board Candidates Targeted By Phishing and BEC Scams

KnowBe4

Cybercriminals are broadening their targets to include even local political candidates, as an escalating series of phishing attacks was recently directed at school board candidates in Colorado.

Phishing 106
article thumbnail

Microsoft Now Promises Extra Security for AI-Driven Recall

Data Breach Today

Concerns Remain Over Screenshot-Capture Feature and Microsoft's Security Practices How in the world has Microsoft's leadership managed to get the debut of its forthcoming Recall feature for Windows so wrong on the security and privacy fronts? In the face of serious concerns, Redmond has belatedly promised multiple enhancements, but serious questions remain unanswered.

Security 301
article thumbnail

U.S. Imposes Ban on Russia’s Kaspersky; Sanctions 12 Executives

eSecurity Planet

Kaspersky Lab is a widely known name in the world of cybersecurity. Founded in 1997, the Russian firm has grown into a global leader, boasting millions of users for its antivirus software and other security solutions. With a presence in over 200 countries and territories, Kaspersky Lab protects individuals, businesses, and critical infrastructure from a wide range of cyber threats.

article thumbnail

Deliver Mission Critical Insights in Real Time with Data & Analytics

In the fast-moving manufacturing sector, delivering mission-critical data insights to empower your end users or customers can be a challenge. Traditional BI tools can be cumbersome and difficult to integrate - but it doesn't have to be this way. Logi Symphony offers a powerful and user-friendly solution, allowing you to seamlessly embed self-service analytics, generative AI, data visualization, and pixel-perfect reporting directly into your applications.

article thumbnail

LLMs Acting Deceptively

Schneier on Security

New research: “ Deception abilities emerged in large language models “: Abstract: Large language models (LLMs) are currently at the forefront of intertwining AI systems with human communication and everyday life. Thus, aligning them with human values is of great importance. However, given the steady increase in reasoning abilities, future LLMs are under suspicion of becoming able to deceive human operators and utilizing this ability to bypass monitoring efforts.

article thumbnail

Experts found information of European politicians on the dark web

Security Affairs

Personal information of hundreds of British and EU politicians is available on dark web marketplaces. According to research conducted by Proton and Constella Intelligence, the email addresses and other sensitive information of 918 British MPs, European Parliament members, and French deputies and senators are available in the dark web marketplaces. 40% of 2,280 official government email addresses from the British, European, and French Parliaments were exposed, including passwords, birth dates, an

Passwords 115
article thumbnail

The Ticketmaster Data Breach May Be Just the Beginning

WIRED Threat Level

Data breaches at Ticketmaster and financial services company Santander have been linked to attacks against cloud provider Snowflake. Researchers fear more breaches will soon be uncovered.