Sat.Nov 11, 2023 - Fri.Nov 17, 2023

article thumbnail

Medical Transcriber's Hack Breach Affects at Least 9 Million

Data Breach Today

Northwell Health Among Perry Johnson & Associates' Healthcare Clients Affected The number of healthcare organizations and patients affected by a recent data theft at medical transcription firm Perry Johnson & Associates is expanding: The company now says the breach affected the sensitive information of about 9 million people.

284
284
article thumbnail

New SSH Vulnerability

Schneier on Security

This is interesting : For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the connection is being established. […] The vulnerability occurs when there are errors during the signature generation that takes place when a client and server are establishing a connection.

Paper 139
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Info Stealers Thrive in Hot Market for Stolen Data

Data Breach Today

Browser Data, Crypto Wallets and Chat Apps Are Also Top Targets, Researchers Report Info-stealer malware built for stealing lucrative, sensitive data - including cryptocurrency wallet and remote access credentials - continues to remain popular for criminally inclined individuals. Researchers reports that RedLine, LokiBot, Mars and Aurora remain attackers' top info-stealer choices.

Marketing 309
article thumbnail

MY TAKE: New tech standards, like ‘Matter’ and ‘BIMI,’ point the way to secure interoperability

The Last Watchdog

The IQ of our smart homes is about to level-up. Hundreds of different types of smart devices designed to automate tasks and route control to our smart phones and wearable devices have arrived on store shelves, just in time for the holiday shopping season. Related: Extending digital trust globally Some of these latest, greatest digital wonders will function well together, thanks to the new Matter smart home devices standard, which was introduced one year ago.

Security 276
article thumbnail

10 Rules for Managing Apache Cassandra

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

article thumbnail

Microsoft Patch Tuesday, November 2023 Edition

Krebs on Security

Microsoft today released updates to fix more than five dozen security holes in its Windows operating systems and related software, including three “zero day” vulnerabilities that Microsoft warns are already being exploited in active attacks. The zero-day threats targeting Microsoft this month include CVE-2023-36025 , a weakness that allows malicious content to bypass the Windows SmartScreen Security feature.

Phishing 250

More Trending

article thumbnail

Security Firm COO Hacked Hospitals to Drum Up Business

Data Breach Today

Atlanta Man Pleads Guilty, Is Ordered to Pay $818,000 Restitution, May Avoid Prison The chief operating officer of an Atlanta-based cybersecurity firm has pleaded guilty and agreed to pay restitution of more than $818,000 in a federal criminal case in which he admitted hacking a Georgia medical center in 2018 in an effort to drum up business for his company.

Security 328
article thumbnail

GUEST ESSAY: An assessment of how ‘Gen-AI’ has begun to transform DevSecOps

The Last Watchdog

Combining DevSecOps with Generative Artificial Intelligence (Gen-AI) holds the potential to transform both software development and cybersecurity protocols. Related: The primacy of DevSecOps Through harnessing the power of Generative AI, enterprises can usher in a new era of DevSecOps, elevating development velocity, security, and robustness to unprecedented levels.

article thumbnail

Alleged Extortioner of Psychotherapy Patients Faces Trial

Krebs on Security

Prosecutors in Finland this week commenced their criminal trial against Julius Kivimäki , a 26-year-old Finnish man charged with extorting a once popular and now-bankrupt online psychotherapy practice and thousands of its patients. In a 2,200-page report, Finnish authorities laid out how they connected the extortion spree to Kivimäki, a notorious hacker who was convicted in 2015 of perpetrating tens of thousands of cybercrimes, including data breaches, payment fraud, operating a botnet and calli

article thumbnail

An Overview of NARA's Newest Guidance on Digitizing Permanent Federal Records

AIIM

The National Archives and Records Administration (NARA) is the nation's record keeper. We identify, protect, preserve, and make publicly available the historically valuable records of all three branches of the federal government. NARA is also the nation’s records manager. That is to say, NARA’s Office of the Chief Records Officer for the U.S. Government leads records management throughout the federal government and assesses the effectiveness of federal records management policies and programs.

article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

article thumbnail

Denmark Hit With Largest Cyberattack on Record

Data Breach Today

Report Reveals How Hackers Targeted Danish Energy Infrastructure in Sweeping Attack Critical infrastructure operators across Denmark experienced the most extensive cybersecurity incident in Danish history earlier this year when hackers exploited zero-day vulnerabilities in firewalls meant to protect their networks from attacks, according to a new report published by SektorCERT.

article thumbnail

MY TAKE: Sophos X-Ops advances internal, external threat intelligence sharing to the next level

The Last Watchdog

Threat intelligence sharing has come a long way since Valentine’s Day 2015. Related: How ‘Internet Access Brokers’ fuel ransomware I happened to be in the audience at Stanford University when President Obama took to the stage to issue an executive order challenging the corporate sector and federal government to start collaborating as true allies.

article thumbnail

Thank you and farewell

Data Protector

After a period of silence it's now time to close this blog. I've lost the motivation I once had to put my head above the data protection parapet. I'm no longer deeply engaged in issues that filled my working life and these days am much more interested in providing a decent home for my puppy. Others can engage in endless battles with people whose views are so very different to my own.

IT 120
article thumbnail

The Mirai Confessions: Three Young Hackers Who Built a Web-Killing Monster Finally Tell Their Story

WIRED Threat Level

Netflix, Spotify, Twitter, PayPal, Slack. All down for millions of people. How a group of teen friends plunged into an underworld of cybercrime and broke the internet—then went to work for the FBI.

Security 137
article thumbnail

Navigating the Future: Generative AI, Application Analytics, and Data

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

article thumbnail

Ukraine Tracks a Record Number of Cyber Incidents During War

Data Breach Today

Hackers Steal CCTV Footage to Study Efficacy of Missile Strikes and Drone Attacks Ukraine's national computer emergency response team, CERT-UA, says it sees an increase in cyber incidents as Russia's invasion continues. While wiper attacks are ongoing, a rising Russian hacker tactic involves stealing private CCTV footage to study the efficacy of missile strikes and drone attacks.

IT 310
article thumbnail

Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice

Dark Reading

While China is already among the world's most formidable threat actors, a focus on exploiting public-facing appliances makes its state-sponsored APTs more dangerous than ever.

IT 130
article thumbnail

Australian Privacy Regulator Sues in Data Breach Case

Hunton Privacy

Patrick Gunning from King & Wood Mallesons reports that, on November 2, 2023, the Australian Information Commissioner filed proceedings in the Federal Court of Australia against Australian Clinical Labs Limited seeking a civil penalty ( i.e. , a fine) in connection with the company’s response to a data breach that occurred in February 2022. The case is significant because: (1) it is only the second time that the Australian regulator has brought court proceedings of this kind despite having t

article thumbnail

Samsung suffered a new data breach

Security Affairs

Samsung Electronics disclosed a data breach that exposed customer personal information to an unauthorized individual. Samsung Electronics suffered a data breach that exposed the personal information of some of its customers to an unauthorized individual. The security breach was discovered on November 13, 2023, and impacted customers who made purchases from the Samsung UK online store between July 1, 2019, and June 30, 2020.

article thumbnail

Get Better Network Graphs & Save Analysts Time

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

article thumbnail

Australian Ports Recover From Cyber Incident

Data Breach Today

Citrix Bleed May Have Struck Again Operations resumed Monday at four major Australian ports incapacitated by a cybersecurity incident. Dubai-based DP World took systems offline Friday, provoking what government officials called a significant outage frustrating the movement of goods in and out of the country.

article thumbnail

SEC Suit Ushers in New Era of Cyber Enforcement

Dark Reading

A federal push to enforce cybersecurity requirements is holding public companies and government contractors accountable as a matter of law and for national security.

article thumbnail

News alert: 1touch.io names former Bugcrowd chief Ashish Gupta as CEO and President

The Last Watchdog

New York, New York, Nov. 14, 2023 — 1touch.io , a pioneer in sensitive data intelligence, today announced Ashish Gupta as its new Chief Executive Officer and President. Gupta will also join the 1touch.io Board of Directors. Previously, he served as the CEO and President of Bugcrowd, where he successfully led the company’s rapid scaling by transforming it into a multi-product, industry-leading platform.

article thumbnail

The Lorenz ransomware group hit Texas-based Cogdell Memorial Hospital

Security Affairs

The Lorenz extortion group leaked the data stolen from the Texas-based Cogdell Memorial Hospital. In early November, the Cogdell Memorial Hospital (Scurry County Hospital District) announced it was experiencing a computer network incident that prevented the hospital from accessing some of its systems and severely limiting the operability of its phone system.

article thumbnail

10 Rules for Managing Apache Kafka

Without proper guidance, it’s easy to miss out on Kafka’s full capabilities. While not the easiest technology to optimize, Kafka rewards those willing to explore its depths. Under the hood, it is an elegant system for stream processing, event sourcing, and data integration. Download this white paper to learn the 10 critical rules that will help you optimize your Kafka system and unlock its full potential.

article thumbnail

Major Australian Ports Affected By Cyber Incident

Data Breach Today

'Nationally Significant Cyber Incident' Impacts Imports and Exports A cybersecurity incident at an operator of major Australian maritime ports caused what a government official on Saturday called a "nationally significant" outage frustrating the movement of goods in and out of the country. The incident affects the ports of Sydney, Melbourne, Brisbane and Fremantle.

article thumbnail

Acuity Who? Attempts and Failures to Attribute 437GB of Breached Data

Troy Hunt

Allegedly, Acuity had a data breach. That's the context that accompanied a massive trove of data that was sent to me 2 years ago now. I looked into it, tried to attribute and verify it then put it in the "too hard basket" and moved onto more pressing issues. It was only this week as I desperately tried to make some space to process yet more data that I realised why I was short on space in the first place: Ah, yeah - Acuity - that big blue 437GB blob.

Insurance 122
article thumbnail

Ten Ways AI Will Change Democracy

Schneier on Security

Artificial intelligence will change so many aspects of society, largely in ways that we cannot conceive of yet. Democracy, and the systems of governance that surround it, will be no exception. In this short essay, I want to move beyond the “AI-generated disinformation” trope and speculate on some of the ways AI will change how democracy functions—in both large and small ways.

article thumbnail

Medusa ransomware gang claims the hack of Toyota Financial Services

Security Affairs

Toyota Financial Services discloses unauthorized activity on systems after the Medusa ransomware gang claimed to have hacked the company. Toyota Financial Services confirmed the discovery of unauthorized activity on systems in a limited number of its locations. “Toyota Financial Services Europe & Africa recently identified unauthorised activity on systems in a limited number of its locations.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

AT&T Forms Joint Venture for Managed Cybersecurity Business

Data Breach Today

WillJam Ventures Standing Up Joint Venture With AT&T for Managed Cybersecurity Unit AT&T will split its managed cybersecurity services practice from its core connectivity business by standing up a joint venture with Chicago-area investor WillJam Ventures. AT&T will move its security software, managed security operations and cyber consulting into an entity owned by WillJam and AT&T.

article thumbnail

Artificial Intelligence in education

Jamf

We use artificial intelligence in our every day lives — so why not take advantage of it in schools? In this blog, we discuss the benefits, drawbacks and the future of artificial intelligence in education.

article thumbnail

European Parliament Adopts Final Version of the Data Act

Hunton Privacy

On November 9, 2023, the European Parliament adopted, by a majority of 481 votes in favor, 31 votes against and 71 abstentions, the final text of the Data Act. As explained in our previous blog , the Data Act aims to “ensure fairness in the digital environment, stimulate a competitive data market, open opportunities for data-driven innovation and make data more accessible for all” and was initially proposed by the European Commission on February 23, 2022.

IoT 118