Sat.Feb 24, 2024 - Fri.Mar 01, 2024

article thumbnail

Let’s Give Information Its Own Office

AIIM

In my role as The Info Gov Guy™, I consult with clients from up and down their organizational charts: in records, IT, legal, HR, marketing, etc. What this tells me is that their employers don’t consider their information to be a core business asset – which is odd because they do acknowledge their success depends completely on their ability to quickly find and retrieve current, accurate, and properly safeguarded information.

IT 165
article thumbnail

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s calendar at Calendly , a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call. But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems.

Phishing 308
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Information Management During Mergers & Acquisitions

AIIM

In January, I served as a panelist during a three-part series on mergers and acquisitions in the association space. Hosted by the ASAE Executive Management Advisory Council, the series explored what non-profit organizations need to consider before, during, and after mergers and acquisitions. The panelists were mainly executives and legal professionals, so the fascinating conversations focused very much on strategy, governance, finances, and human capital.

article thumbnail

Alert: Info Stealers Target Stored Browser Credentials

Data Breach Today

Calls Grow to Block Browser-Based Password Storage as Malware Comes Calling Saving passwords in browser-based password managers or via "remember my details" website options might make for simple and fast log-ins for employees, but they also give attackers an easy way to lift legitimate credentials, oftentimes via highly automated, information-stealing malware, experts warn.

Passwords 334
article thumbnail

5 Ways You Can Win Faster with Gen AI in Sales

Incorporating generative AI (gen AI) into your sales process can speed up your wins through improved efficiency, personalized customer interactions, and better informed decision- making. Gen AI is a game changer for busy salespeople and can reduce time-consuming tasks, such as customer research, note-taking, and writing emails, and provide insightful data analysis and recommendations.

article thumbnail

Researchers found a zero-click Facebook account takeover

Security Affairs

A critical vulnerability in Facebook could have allowed threat actors to hijack any Facebook account, researcher warns. Meta addressed a critical Facebook vulnerability that could have allowed attackers to take control of any account. The Nepalese researcher Samip Aryal described the flaw as a rate-limiting issue in a specific endpoint of Facebook’s password reset flow.

Passwords 145

More Trending

article thumbnail

Here Come the AI Worms

WIRED Threat Level

Security researchers created an AI worm in a test environment that can automatically spread between generative AI agents—potentially stealing data and sending spam emails along the way.

Security 144
article thumbnail

FBI Is Focused on Election Integrity, Misinformation Threats

Data Breach Today

Agent Robert K. Tripp on FBI's Approach to Deepfakes, Nation-State Election Threats The U.S. presidential election is still eight months away, but the FBI is already seeing its share of cyberattacks, nation-state threats and AI-generated deepfakes. According to FBI Agent Robert K. Tripp, "We're no longer considering threats as a what-if situation; it's happening now.

IT 321
article thumbnail

Lazarus APT exploited zero-day in Windows driver to gain kernel privileges

Security Affairs

North Korea-linked Lazarus APT exploited a zero-day flaw in the Windows AppLocker driver (appid.sys) to gain kernel-level access to target systems. Avast researchers observed North Korea-linked Lazarus APT group using an admin-to-kernel exploit for a zero-day vulnerability in the appid.sys AppLocker driver. The zero-day, tracked as CVE-2024-21338 has been addressed by Microsoft in the February Patch Tuesday update.

article thumbnail

Apple Announces Post-Quantum Encryption Algorithms for iMessage

Schneier on Security

Apple announced PQ3 , its post-quantum encryption standard based on the Kyber secure key-encapsulation protocol, one of the post-quantum algorithms selected by NIST in 2022. There’s a lot of detail in the Apple blog post , and more in Douglas Stabila’s security analysis. I am of two minds about this. On the one hand, it’s probably premature to switch to any particular post-quantum algorithms.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

How the Pentagon Learned to Use Targeted Ads to Find its Targets—and Vladimir Putin

WIRED Threat Level

Meet the guy who taught US intelligence agencies how to make the most of the ad tech ecosystem, "the largest information-gathering enterprise ever conceived by man.

IT 145
article thumbnail

Chinese Group Runs Highly Persistent Ivanti 0-Day Exploits

Data Breach Today

UNC5325 Can Remain in Hacked Devices Despite Factory Reset and Patches Chinese threat actors are continuing to persist after exploiting the recent Ivanti Connect Secure VPN vulnerability even after factory resets, system upgrades and patches. The threat actor, UNC5325, is adept at "living off the land" techniques, warned threat intelligence firm Mandiant.

Security 301
article thumbnail

Black Basta and Bl00dy ransomware gangs exploit recent ConnectWise ScreenConnect bugs

Security Affairs

New threat actors have started exploiting ConnectWise ScreenConnect vulnerabilities, including the Black Basta and Bl00dy ransomware gangs. Multiple threat actors have started exploiting the recently disclosed vulnerabilities , tracked as CVE-2024-1709 (CVSS score of 10) and CVE-2024-1708 (CVSS score of 8.4), in the ConnectWise ScreenConnect software.

article thumbnail

News alert: ThreatHunter.ai stops hundreds of ransomware attacks, nation-state threats in 48 hours

The Last Watchdog

Brea, Calif. Feb. 27, 2024 — The current large surge in cyber threats has left many organizations grappling for security so ThreatHunter.ai is taking decisive action. Recognizing the critical juncture at which the digital world stands, ThreatHunter.ai is now offering their cutting-edge cybersecurity services free of charge to all organizations for 30 days, irrespective of their current cybersecurity measures.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

The White House Warns Cars Made in China Could Unleash Chaos on US Highways

WIRED Threat Level

As Chinese automakers prepare to launch in the US, the White House is investigating whether cars made in China could pose a national security threat.

Security 126
article thumbnail

Cryptohack Roundup: FTX Updates

Data Breach Today

Also: Bitcoin Fog Case Testimony; Axie Infinity Co-Founder Hack This week, progress was made in the FTX case, a hacker testified in the Bitcoin Fog case, an Axie Infinity co-founder and a MicroStrategy account were hacked, the KyberSwap hacker moved funds, the EU has a new AMLA office, and Aleo was breached.

297
297
article thumbnail

CISA adds Microsoft Streaming Service bug to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft Streaming Service vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2023-29360 (CVSS Score 8.4) Microsoft Streaming Service Untrusted pointer dereference vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.

IT 139
article thumbnail

NIST Cybersecurity Framework 2.0

Schneier on Security

NIST has released version 2.0 of the Cybersecurity Framework: The CSF 2.0, which supports implementation of the National Cybersecurity Strategy , has an expanded scope that goes beyond protecting critical infrastructure, such as hospitals and power plants, to all organizations in any sector. It also has a new focus on governance, which encompasses how organizations make and carry out informed decisions on cybersecurity strategy.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

A Vending Machine Error Revealed Secret Face Recognition Tech

WIRED Threat Level

A student investigation at the University of Waterloo uncovered a system that scanned countless undergrads without consent.

Privacy 125
article thumbnail

NIST Unveils Second Iteration of Cybersecurity Framework

Data Breach Today

New CSF Adds 'Governance' to Core Functions Cybersecurity guidance for the private sector published by the U.S. National Institute of Standards and Technology in 2014 has received its first major update. The revised Cybersecurity Framework focuses on governance and says cybersecurity threats are a major source of enterprise risk.

article thumbnail

Police seized Crimemarket, the largest German-speaking cybercrime marketplace

Security Affairs

German police seized the largest German-speaking cybercrime marketplace Crimemarket and arrested one of its operators. The Düsseldorf Police announced that a large-scale international law enforcement operation led to the seizure of the largest German-speaking cybercrime marketplace. “Under the direction of the North Rhine-Westphalia Cybercrime Central and Contact Office (ZAC NRW), an investigative commission at the Düsseldorf Police Headquarters has been collecting evidence for years about

Access 139
article thumbnail

Planning with Purpose: 10 Tips to Develop a Year-Long Security and Compliance Training Program

KnowBe4

Our team at KnowBe4 recently got together to talk about planning for annual security and compliance training.

article thumbnail

10 Ways to Leverage Buyer Signals and Drive Revenue

In today’s ultra-competitive markets, it’s no longer enough to wait for buyers to show obvious signs of interest. Instead, sales teams must be proactive, identifying and acting on nuanced buyer behaviors — often before prospects are fully ready to make a purchase. In this eBook from ZoomInfo & Sell Better, learn 10 actionable ways to use these buyer signals to transform your sales strategy and close deals faster.

article thumbnail

Change Healthcare Ransomware Attack: BlackCat Hackers Quickly Returned After FBI Bust

WIRED Threat Level

Two months ago, the FBI “disrupted” the BlackCat ransomware group. They're already back—and their latest attack is causing delays at pharmacies across the US.

article thumbnail

Zscaler CEO: Palo Alto Playing Defense as Firewall Sales Ebb

Data Breach Today

Jay Chaudhry Says Palo Alto Offering Free Products to New Platform Users Won't Work Zscaler CEO Jay Chaudhry said Palo Alto Networks' strategy of offering free products to new platform customers will "unravel over time" as firewalls become shelfware. Legacy vendors find themselves "in a defensive position" as the role of firewalls shrinks and demand for zero trust security grows.

Sales 293
article thumbnail

Unmasking 2024’s Email Security Landscape

Security Affairs

Analyzing the Email Security Landscape and exploring Emerging Threats and Trends. In the ever-shifting digital arena, staying ahead of evolving threat trends is paramount for organizations aiming to safeguard their assets. Amidst this dynamic landscape, email stands as a primary battleground for cyber defense. VIPRE Security Group’s latest report, “Email Security in 2024: An Expert Insight into Email Threats,” delves into the cutting-edge tactics and technologies embraced by cy

Security 138
article thumbnail

China Surveillance Company Hacked

Schneier on Security

Last week, someone posted something like 570 files, images and chat logs from a Chinese company called I-Soon. I-Soon sells hacking and espionage services to Chinese national and local government. Lots of details in the news articles. These aren’t details about the tools or techniques, more the inner workings of the company. And they seem to primarily be hacking regionally.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

HHS Targets Small Behavioral Health Clinic for HIPAA Violations Following Ransomware Investigation

Hunton Privacy

On February 21, 2024, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) entered into a resolution agreement and corrective action plan with Green Ridge Behavioral Health LLC (“GRBH”) stemming from the organization’s failure to comply with the Privacy and Security Rules of the Health Insurance Portability and Accountability Act (“HIPAA”) and subsequent failure to protect against a 2019 ransomware attack that impacted the personal health information (“PHI”) of more

article thumbnail

Stages of LockBit Grief: Anger, Denial, Faking Resurrection?

Data Breach Today

Is LockBit a Kremlin Sock Puppet? Is Moscow using the Russian-speaking LockBit ransomware group as a tool to disrupt critical infrastructure and democracy in the West? While no publicly available evidence reveals direct ties, what are the chances that the prolific, trash-talking group has escaped authorities' attention - or demands?

article thumbnail

Apple created post-quantum cryptographic protocol PQ3 for iMessage

Security Affairs

Apple announced the implementation of a post-quantum cryptographic protocol called PQ3 will be integrated into iMessage. Apple announced a new post-quantum cryptographic protocol called PQ3 that will be integrated into the company messaging application iMessage to secure communications against highly sophisticated quantum attacks. Apple said that PQ3 is the first messaging protocol to reach what they call Level 3 security, which is the most secure protocol for messaging apps today.