Sat.Apr 20, 2024 - Fri.Apr 26, 2024

article thumbnail

Multifactor Authentication Bypass Attacks: Top Defenses

Data Breach Today

Joe Toomey of Cyber Insurer Coalition Details Rise in Attacks Targeting Weak MFA Adversaries seeking easy access to enterprise networks continue to probe for weak multifactor authentication deployments, oftentimes via nontargeted attacks that lead to phishing pages designed to steal one-time codes, said Joe Toomey, head of security engineering at cyber insurer Coalition.

article thumbnail

Want to Succeed with AI? Just Keep Doing You

Weissman's World

Hey information governance and records professionals! You are core to AI success in your organization. All you have to do is keep doing you. The post Want to Succeed with AI? Just Keep Doing You appeared first on Holly Group.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Environmental Impact of Information Management

AIIM

April 22nd marks the annual Earth Day, where earthday.org, jointly with many organizations, mobilize volunteers to drive education and elevate awareness, highlight governance efforts and conduct cleanup efforts.

Cleanup 181
article thumbnail

The Rise of Large-Language-Model Optimization

Schneier on Security

The web has become so interwoven with everyday life that it is easy to forget what an extraordinary accomplishment and treasure it is. In just a few decades, much of human knowledge has been collectively written up and made available to anyone with an internet connection. But all of this is coming to an end. The advent of AI threatens to destroy the complex online ecosystem that allows writers, artists, and other creators to reach human audiences.

article thumbnail

10 Rules for Managing Apache Cassandra

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

article thumbnail

Cisco Fixes Firewall 0-Days After Likely Nation-State Hack

Data Breach Today

Networking Giant Dubs Campaign Against Government Customers 'Arcane Door' Probable nation-state hackers targeted Cisco firewall appliances in a campaign dating to late 2023, the networking giant disclosed Wednesday while releasing three patches, two of them rated critical. Cisco doesn't connect the hackers with a specific country. It dubs the campaign "Arcane Door.

More Trending

article thumbnail

Level Up Your Users’ Cybersecurity Skills with 'The Inside Man: New Recruits’

KnowBe4

We’re thrilled to announce our newest addition to our ModStore’s already brimming collection of games with a new offering based on our award-winning “The Inside Man” training series !

article thumbnail

Change Healthcare Finally Admits It Paid Ransomware Hackers—and Still Faces a Patient Data Leak

WIRED Threat Level

The company belatedly conceded both that it had paid the cybercriminals extorting it and that patient data nonetheless ended up on the dark web.

IT 125
article thumbnail

UnitedHealth Group Previews Massive Change Healthcare Breach

Data Breach Today

Breach 'Could Cover a Substantial Proportion of People in America,' Company Warns Hackers who hit Change Healthcare stole sensitive personal and medical details that "could cover a substantial proportion of people in America," parent company UnitedHealth Group warned. The company faces mounting regulatory scrutiny and lawsuits due widespread disruptions caused by the attack.

291
291
article thumbnail

Google fixed critical Chrome vulnerability CVE-2024-4058

Security Affairs

Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics layer engine. Google addressed four vulnerabilities in the Chrome web browser, including a critical vulnerability tracked as CVE-2024-4058. The vulnerability CVE-2024-4058 is a Type Confusion issue that resides in the ANGLE graphics layer engine.

Security 122
article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

article thumbnail

Environmental Sustainable Training: KnowBe4's Commitment to a Greener Earth

KnowBe4

KnowBe4 is committed to sustainability and helping protect the environment, as evidenced by our initiatives such as our public commitment to sustainability , our planting trees and supporting local bee hives, and even our CEO Stu Sjouwerman’s donation of $2.5M to the Florida Wildlife Corridor.

article thumbnail

Stronger Together: Join Thales & Imperva at RSA Conference 2024 Where the World Talks Security

Thales Cloud Protection & Licensing

Stronger Together: Join Thales & Imperva at RSA Conference 2024 Where the World Talks Security madhav Thu, 04/25/2024 - 05:17 In today’s increasingly connected and digital world, the cybersecurity industry stands as a bastion against a relentless tide of threats. Businesses in every sector are trying to digitally transform their operations using the cloud but are finding themselves in an increasingly tangled web of challenges.

Security 104
article thumbnail

Benefits of a Unified CNAPP and XDR Platform

Data Breach Today

In this episode of the "Cybersecurity Insights" podcast, Uptycs CEO Ganesh Pai discusses unifying XDR and CNAPP to improve visibility and explains the coming shift from behavioral detection to outlier or anomaly detection, which uses sophisticated ML and AI.

article thumbnail

Kaiser Permanente data breach may have impacted 13.4 million patients

Security Affairs

Healthcare service provider Kaiser Permanente disclosed a security breach that may impact 13.4 million individuals in the United States. Kaiser Permanente is an American integrated managed care consortium, it is made up of three distinct but interdependent groups of entities: the Kaiser Foundation Health Plan, Inc. (KFHP) and its regional operating subsidiaries; Kaiser Foundation Hospitals; and the regional Permanente Medical Groups.

article thumbnail

Navigating the Future: Generative AI, Application Analytics, and Data

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

article thumbnail

Using Legitimate GitHub URLs for Malware

Schneier on Security

Interesting social-engineering attack vector : McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the “C++ Library Manager for Windows, Linux, and MacOS,” known as vcpkg. The attacker is exploiting a property of GitHub: comments to a particular repo can contain files, and those files will be associated with the project in the URL.

Libraries 110
article thumbnail

USPS Surges to Take Top Spot as Most Impersonated Brand in Phishing Attacks

KnowBe4

New data shows phishing attacks are deviating from the traditional focus on technology and retail sectors and are opting for alternate brands with widespread appeal.

Phishing 112
article thumbnail

7 Tips for Complying With Healthcare Fraud Regulations

Data Breach Today

Attorney Rachel Rose on Navigating the Intensifying Scrutiny of Federal Regulators The federal government is cracking down on healthcare fraud in all forms including kickbacks, lapses in cybersecurity and privacy, lack of fairness in Medicare Advantage policies, and inflated pharmacy claims. Regulatory attorney Rachel Rose outlines seven key tips for meeting compliance mandates.

article thumbnail

Windows DOS-to-NT flaws exploited to achieve unprivileged rootkit-like capabilities

Security Affairs

Researcher demonstrated how to exploit vulnerabilities in the Windows DOS-to-NT path conversion process to achieve rootkit-like capabilities. SafeBreach researcher Or Yair devised a technique, exploiting vulnerabilities in the DOS-to-NT path conversion process, to achieve rootkit-like capabilities on Windows. When a user executes a function with a path argument in Windows, the DOS path of the file or folder is converted to an NT path.

Archiving 120
article thumbnail

Get Better Network Graphs & Save Analysts Time

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

article thumbnail

'ArcaneDoor' Cyberspies Hacked Cisco Firewalls to Access Government Networks

WIRED Threat Level

Sources suspect China is behind the targeted exploitation of two zero-day vulnerabilities in Cisco’s security appliances.

Access 126
article thumbnail

Global Optics Provider Hit with Ransomware Attack and a $10M Ransom

KnowBe4

Global optics manufacturer Hoya had business operations at its headquarters and several business divisions impacted and is now facing a “No Negotiation / No Discount Policy” $10 million ransom decision to make.

article thumbnail

Health Analytics Firm Reports Breach Affecting 1.1 Million

Data Breach Today

Data Stolen via Breach of Reliable Networks - BerryDunn's Managed Service Provider A Maine consulting firm with a medical data analytics business must notify more than 1 million Americans that hackers stole their information from company servers. Which clients of Berry, Dunn, McNeil & Parker - and by extension, their customers - have been affected by the breach isn't clear.

Analytics 218
article thumbnail

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

Security Affairs

A financially motivated group named GhostR claims the theft of a sensitive database from World-Check and threatens to publish it. World-Check is a global database utilized by various organizations, including financial institutions, regulatory bodies, and law enforcement agencies, for assessing potential risks associated with individuals and entities.

Risk 119
article thumbnail

10 Rules for Managing Apache Kafka

Without proper guidance, it’s easy to miss out on Kafka’s full capabilities. While not the easiest technology to optimize, Kafka rewards those willing to explore its depths. Under the hood, it is an elegant system for stream processing, event sourcing, and data integration. Download this white paper to learn the 10 critical rules that will help you optimize your Kafka system and unlock its full potential.

article thumbnail

Top 10 Questions on the EU AI Act

Data Matters

The EU AI Act will be the first standalone piece of legislation worldwide regulating the use and provision of AI in the EU, and will form a key consideration in AI governance programs. The AI Act will have a significant impact on many organizations inside and outside the EU, with failure to comply potentially leading to fines of up to 7% of annual worldwide turnover.

Privacy 88
article thumbnail

Defense-in-depth: Understanding and adapting security for the modern threat landscape

Jamf

Understand the modern threat landscape and how DiD strategies supercharge your security plan to comprehensively protect all devices across your infrastructure.

Security 105
article thumbnail

Report: Russian Hackers Targeting Ukrainian Soldiers on Apps

Data Breach Today

Russian Hackers Using Open-Source Malware on Popular Messaging Apps, Report Says Ukraine's Computer Emergency Response Team is warning in an April report that a Russian hacking group known as UAC-0184 is using open-source malware to target Ukrainian soldiers on popular messaging apps such as Signal, as concerns grow over the Kremlin’s advanced hacking capabilities.

201
201
article thumbnail

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler service flaw. Microsoft reported that the Russia-linked APT28 group (aka “ Forest Blizzard ”, “ Fancybear ” or “ Strontium ” used a previously unknown tool, dubbed GooseEgg, to exploit the Windows Print Spooler flaw CVE-2022-38028. Since at least June 2020, and possibly earlier, the cyberespionage group has used the tool GooseEgg to exploit the CVE-2022-38028 vulnerability.

Military 118
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Microsoft and Security Incentives

Schneier on Security

Former senior White House cyber policy director A. J. Grotto talks about the economic incentives for companies to improve their security—in particular, Microsoft: Grotto told us Microsoft had to be “dragged kicking and screaming” to provide logging capabilities to the government by default, and given the fact the mega-corp banked around $20 billion in revenue from security services last year, the concession was minimal at best. […] “The government needs to focus on

Security 101
article thumbnail

4 out of 5 of Physicians Were Impacted by February’s Cyber Attack on Change Healthcare

KnowBe4

The results are in – based on a new survey of physicians about the aftermath of the attack on Change Healthcare– and devastating impact of the.

Phishing 111
article thumbnail

Researcher Strips ROM For Binary Code

Data Breach Today

Improved Tooling Makes Such Attacks More Likely Research shows that attackers can physically extract secrets embedded into read-only memory on a shoestring budget. The equipment involves a polishing wheel, a jig and an optical microscope. The attack sounds impossible "until it’s observed for real," said Tony Moor, a IOActive researcher.

184
184