Sat.Jan 11, 2025 - Fri.Jan 17, 2025

article thumbnail

Turning Information Into Outcomes: What Governance Really is About

Weissman's World

For years, youve heard me exhort you to implement information governance because you collected all that information for a reason, right? and infogov is how you get value from it. And while thats true, Im not sure I ever completely brought that sentiment to ground. So let me now close that gap. Over the next… Read More » Turning Information Into Outcomes: What Governance Really is About The post Turning Information Into Outcomes: What Governance Really is About appeared first on Holly

article thumbnail

Microsoft: Happy 2025. Here’s 161 Security Updates

Krebs on Security

Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack. Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017. Rapid7 ‘s Adam Barnett says January marks the fourth consecutive month where Microsoft has published zero-day vulnerabilities on Patch Tuesday without evaluating any of them

Security 252
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

What Enterprises Need to Know About Agentic AI Risks

Data Breach Today

Mitigating Cybersecurity, Privacy Risks for New Class of Autonomous Agents Many organizations are looking to artificial intelligence agents to autonomously perform tasks that surpass traditional automation. Tech firms are rolling out agentic AI tools that can handle customer-facing interactions, IT operations and a variety of other processes without human intervention, but experts are cautioning security teams to watch for cyber and privacy risks.

Risk 230
article thumbnail

I spent hours testing ChatGPT Tasks - and its refusal to follow directions was mildly terrifying

Collaboration 2.0

ChatGPT tasks offers AI prompt scheduling and automation, but what happens when things go wrong?

IT 142
article thumbnail

5 Ways You Can Win Faster with Gen AI in Sales

Incorporating generative AI (gen AI) into your sales process can speed up your wins through improved efficiency, personalized customer interactions, and better informed decision- making. Gen AI is a game changer for busy salespeople and can reduce time-consuming tasks, such as customer research, note-taking, and writing emails, and provide insightful data analysis and recommendations.

article thumbnail

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Security Affairs

A previously unknown threat actor released config files and VPN passwords for Fortinet FortiGate devices on a popular cybercrime forum. A previously unknown threat actor named Belsen Group published configuration files and VPN passwords for over 15,000 Fortinet FortiGate appliances. “2025 will be a fortunate year for the world. At the beginning of the year, and as a positive start for us, and in order to solidify the name of our group in your memory, we are proud to announce our first offi

Passwords 127

More Trending

article thumbnail

Microsoft Sues Harmful Fake AI Image Crime Ring

Data Breach Today

Guardrails Bypassed on Azure OpenAI to Generate 'Thousands of Harmful Images' Microsoft filed a lawsuit targeting a cybercrime service used to generate "thousands of harmful images" by subverting the guardrails built into its Azure generative artificial intelligence tools. The company said attackers built a tool that reverse-engineered the guardrails in its AI platform.

article thumbnail

The five biggest mistakes people make when prompting an AI

Collaboration 2.0

Ready to transform how you use AI tools?

article thumbnail

MikroTik botnet relies on DNS misconfiguration to spread malware

Security Affairs

Researchers discovered a 13,000-device MikroTik botnet exploiting DNS flaws to spoof 20,000 domains and deliver malware. Infoblox researchers discovered a botnet of 13,000 MikroTik devices that exploits DNS misconfigurations to bypass email protections, spoof approximately 20,000 domains, and deliver malware. In late November, the experts spotted a malspam campaign impersonating DHL which used emails about freight invoices, attaching zip files named “Invoice###.zip” or “Trackin

article thumbnail

Ransomware Gangs Claimed More Than 5,000 Attacks in 2024

KnowBe4

Ransomware groups claimed responsibility for 5,461 attacks in 2024, with 1,204 of these attacks being publicly confirmed by victim organizations, according to Comparitechs latest Ransomware Roundup report.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

US Identifies Hacking Firm Behind Salt Typhoon Telecom Hacks

Data Breach Today

Department of Treasury Imposes Sanctions The U.S. federal government said Friday it's traced the source of Chinese hacker intrusions into telecom networks to a government contractor located in hacking hotbed Sichuan. The Department of Treasury imposed sanctions on the firm, Sichuan Juxinhe Network Technology.

article thumbnail

CES 2025: The 25 best products that impressed us the most

Collaboration 2.0

ZDNET editors scoured the show floor for a week and identified all of this year's best products - including those that will make the biggest impact on the future.

142
142
article thumbnail

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

Security Affairs

The ransomware group Codefinger is using compromised AWS keys to encrypt S3 bucket data using SSE-C, Halcyon researchers warn. The ransomware group Codefinger has been spotted using compromised AWS keys to encrypt data in S3 buckets. The threat actor used AWSs Server-Side Encryption with Customer Provided Keys (SSE-C) for encryption, then demanded the payment of a ransom to the victim to recover the data using the attackers’ symmetric AES-256 keys required to decrypt data.

article thumbnail

Hackers Likely Stole FBI Call Logs From AT&T That Could Compromise Informants

WIRED Threat Level

A breach of AT&T that exposed nearly all of the company's customers may have included records related to confidential FBI sources, potentially explaining the Bureau's new embrace of end-to-end encryption.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Breach Roundup: Microsoft Makes Security Staff Cuts

Data Breach Today

Also: Intensified Russian Hacking in Ukraine, Spain's Telefnica Confirms Breach This week, Microsoft laid off security staff and released Patch Tuesday, Russian hackers intensified attacks on Ukraine in 2024, Telefnica confirmed a breach, a Tennessee mortgage leader reported a breach and the Texas AG sued Allstate over driver data collection.

Security 173
article thumbnail

10 Linux apps I install on every new machine (and why you should, too)

Collaboration 2.0

If you're wondering which apps take priority on your new Linux machine, these 10 will help you get the most out of the OS.

135
135
article thumbnail

Brad Pitt Romance Scams Pushed By AI-Enabled Deepfakes

KnowBe4

I have helped people detect romance scams for decades. It is still very common for romance scammers to leverage both pictures of celebrities and pictures of innocent, everyday people as part of these scams.

IT 117
article thumbnail

FBI deleted China-linked PlugX malware from over 4,200 US computers

Security Affairs

The FBI has removed Chinese PlugX malware from over 4,200 computers in networks across the United States, the U.S. Department of Justice reported. The Justice Department and FBI, along with international partners, announced they deleted PlugX malware from thousands of infected computers worldwide as part of a multi-month law enforcement operation. The malware was operated by a China-linked threat actor, known as Mustang Panda (aka Twill Typhoon, to steal sensitive information from victim compute

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Ransomware Campaign Targets Amazon S3 Buckets

Data Breach Today

Threat Actor 'Codefinger' Targets Cloud Environments A ransomware group is targeting Amazon S3 buckets, exploiting the data stored there using AWSs server-side encryption with customer keys and demanding a ransom in exchange for the encryption key needed to unlock the data. The group uses compromised or publicly exposed AWS account credentials.

article thumbnail

Microsoft to force new Outlook app in Windows 10 with no way to block it

Collaboration 2.0

Designed to replace the current Mail and Calendar apps, the new Outlook can only be removed after it's been installed.

IT 138
article thumbnail

News alert: Aembit announces speakers for NHIcon event, highlighting non-human identity security

The Last Watchdog

Silver Spring, MD, Jan. 15, 2025, CyberNewswire — Aembit , the non-human identity and access management (IAM) company, unveiled the full agenda for NHIcon 2025, a virtual event dedicated to advancing non-human identity security, streaming live on Jan. 28 and headlined by industry luminary Kevin Mandia. NHIcon 2025 is co-presented by Aembit and Veza , alongside industry partners Identity Defined Security Alliance and Cloud Security Alliance.

Security 130
article thumbnail

Your KnowBe4 Fresh Content Updates from December 2024

KnowBe4

Check out the 52 new pieces of training content added in December, alongside the always fresh content update highlights, new features and events.

article thumbnail

10 Ways to Leverage Buyer Signals and Drive Revenue

In today’s ultra-competitive markets, it’s no longer enough to wait for buyers to show obvious signs of interest. Instead, sales teams must be proactive, identifying and acting on nuanced buyer behaviors — often before prospects are fully ready to make a purchase. In this eBook from ZoomInfo & Sell Better, learn 10 actionable ways to use these buyer signals to transform your sales strategy and close deals faster.

article thumbnail

ISMG Editors: UK Ransomware Reporting Mandate Sparks Debate

Data Breach Today

Also: Bringing AML and Fraud Programs Together; the Global AI Arms Race In this week's update, ISMG editors discussed a U.K. proposal to mandate ransomware payment reporting, tackling financial crime by bringing together fraud and AML teams, and the global AI arms race as countries compete to lead innovation while balancing regulation and ethics.

article thumbnail

This hidden Pixel camera feature makes your photos more vibrant - how to enable it

Collaboration 2.0

Pixel phones are well known for their superior cameras. This feature makes them even better.

IT 133
article thumbnail

CVE-2024-44243 macOS flaw allows persistent malware installation

Security Affairs

Microsoft disclosed details of a vulnerability in Apple macOS that could have allowed an attacker to bypass the OS’s System Integrity Protection ( SIP ). Microsoft disclosed details of a now-patched macOS flaw, tracked as CVE-2024-44243 (CVSS score: 5.5), that allows attackers with “root” access to bypass System Integrity Protection ( SIP ).

Libraries 109
article thumbnail

Effective Security Awareness Training Really Does Reduce Data Breaches

KnowBe4

Social engineering and phishing are involved in 70% - 90% of data breaches. No other root cause of malicious hacking (e.g., unpatched software and firmware, eavesdropping, cryptography attacks, physical theft, etc.) comes close.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Law Office Wolf Haldenstein Says Hack Affected 3.4 Million

Data Breach Today

Legal Firm Joins Other Class Action Litigators Targeted by Hackers Wolf Haldenstein Adler Freeman & Herz LLP, a law firm that represents consumers in data breach lawsuits, has reported to regulators its own 2023 hack affecting more than 3.4 million individuals. The incident isn't the first time a law firm that handles data breach litigation reported a major hack.

article thumbnail

How to create system restore points on Linux with Timeshift - and why you should

Collaboration 2.0

Concerned about something going wrong with your Linux system? If so, Timeshift can help return things to a working state should something go awry.

132
132
article thumbnail

U.S. CISA adds Fortinet FortiOS to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiOS vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Fortinet FortiOS authorization bypass vulnerability, tracked as CVE-2024-55591 (CVSS score: 9.6) to its Known Exploited Vulnerabilities (KEV) catalog.

IT 102