Data Breach Today
JUNE 18, 2024
Push Fatigue Attacks Succeed 5% of the Time, Surge in the Morning, Researchers Find Multifactor authentication is a must-have security defense for repelling outright credential stuffing and password spraying attacks. But no defense is foolproof. Attackers have been refining their tactics for bypassing MFA, including using technology and trickery.
KnowBe4
JUNE 18, 2024
We live in a world where the term "cybersecurity" tends to make folks either shiver with anxiety or yawn with boredom. The narrative has always been about hacking, phishing , and all sorts of digital skullduggery. However, the overlooked truth is that users don't adopt best security practices because they’re designed without the slightest nod to the user experience.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
OpenText Information Management
JUNE 17, 2024
Government agencies are making strides on their cloud migration journey, but there is still progress to be made. At OpenText, we are well-situated to help public sector agencies move to the cloud. Our Cloud for Government solution has been listed on the FedRAMP marketplace as fully authorized, providing a low-risk, highly secure content management cloud option for the public sector.
Krebs on Security
JUNE 15, 2024
A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. The Spanish daily Murcia Today reports the suspect was wanted by the FBI and arrested in Palma de Mallorca as he tried to board a flight to Italy.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Data Breach Today
JUNE 17, 2024
US International Arrest Warrant Accuses Suspect of Cryptocurrency-Theft Campaigns Spanish National Police have arrested a 22-year-old British national based on an International Arrest Warrant from the U.S. that accuses him of stealing bitcoins worth $27 million. Reports suggest the suspect is a key member of the Scattered Spider cybercrime group that hacked MGM and Clorox.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
WIRED Threat Level
JUNE 21, 2024
Experts aren't unanimous about whether the AI-powered search startup's practices could expose it to legal claims ranging from infringement to defamation—but some say plaintiffs would have strong cases.
Security Affairs
JUNE 20, 2024
A researcher discovered a flaw that allows attackers to impersonate Microsoft corporate email accounts and launch phishing attacks. The security researcher Vsevolod Kokorin (@Slonser) discovered a bug that allows anyone to impersonate Microsoft corporate email accounts. An attacker can trigger the vulnerability to launch phishing attacks. I want to share my recent case: > I found a vulnerability that allows sending a message from any user@domain > We cannot reproduce it > I send a v
Data Breach Today
JUNE 18, 2024
Chinese Threat Actor 'Velvet Ant' Evaded Detection for Years in Victim Network A Chinese threat actor used state-sponsored techniques to carry out a cyberespionage campaign targeting a major organization's networks after exploiting legacy technology to gain multiple footholds across the enterprise infrastructure, researchers said in a Monday blog post.
The Last Watchdog
JUNE 21, 2024
Dubai, UAE, June 20, 2024, CyberNewsWire — 1inch , a leading DeFi aggregator that provides advanced security solutions to users across the entire space, has announced today the launch of the 1inch Shield. This solution, that is offering enhanced protection against a wide range of potential threats, was completed in partnership with Blockaid , a major provider of Web3 security tools.
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
Schneier on Security
JUNE 20, 2024
Interesting summary of various ways to derive the public key from digitally signed files. Normally, with a signature scheme, you have the public key and want to know whether a given signature is valid. But what if we instead have a message and a signature, assume the signature is valid, and want to know which public key signed it? A rather delightful property if you want to attack anonymity in some proposed “everybody just uses cryptographic signatures for everything” scheme.
Security Affairs
JUNE 15, 2024
NHS England confirmed that multiple London hospitals impacted by the ransomware attack at Synnovis were forced to cancel planned operations. NHS England confirmed that the recent ransomware attack on Synnovis had a severe impact of multiple London hospitals, forcing them to cancel more than hundreds of scheduled operations. Synnovis is a pathology partnership between Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospitals NHS Trust, and SYNLAB, Europe’s largest provider of medical
Data Breach Today
JUNE 21, 2024
Hackers Exploited Coding Error, Says Australian Communications and Media Authority Hackers behind the leak of 10 million records from Australia's second-largest telecommunications carrier Optus exploited a vulnerability the company unwittingly inserted four years earlier into a web portal access control, said the Australian Communications and Media Authority.
The Last Watchdog
JUNE 20, 2024
CISOs have been on something of a wild roller coaster ride the past few years. Related: Why breaches persist When Covid 19 hit in early 2020, the need to secure company networks in a new way led to panic spending on cybersecurity tools. Given carte blanche, many CISOs purchased a hodge podge of unproven point solutions, adding to complexity. By mid-2022, with interest rates climbing and the stock market cratering, CFOs began demanding proof of a reasonable return on investment.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Schneier on Security
JUNE 17, 2024
Interesting research: “ Teams of LLM Agents can Exploit Zero-Day Vulnerabilities.” Abstract: LLM agents have become increasingly sophisticated, especially in the realm of cybersecurity. Researchers have shown that LLM agents can exploit real-world vulnerabilities when given a description of the vulnerability and toy capture-the-flag problems.
WIRED Threat Level
JUNE 17, 2024
A ShinyHunters hacker tells WIRED that they gained access to Ticketmaster’s Snowflake cloud account—and others—by first breaching a third-party contractor.
Data Breach Today
JUNE 21, 2024
Auto Dealership Tech Firm Confirms System Shutdowns After Multiple Cyber Incidents CDK Global, a leading software and solutions providers for thousands of car dealerships across the United States and Canada, has launched investigations into consecutive cyber incidents that caused disruptions and shutdowns for several days at companies across the North Americas.
The Last Watchdog
JUNE 21, 2024
Cary, NC, June 20, 2024, CyberNewsWire — 2024 is rapidly shaping up to be a defining year in generative AI. While 2023 saw its emergence as a potent new technology, business leaders are now grappling with how to best leverage its transformative power to grow efficiency, security, and revenue. With the near-universal integration of AI into global technology, the need for AI-ready cybersecurity teams is more critical than ever.
Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL
Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.
Security Affairs
JUNE 19, 2024
Google released Chrome 126 update that addresses a high-severity vulnerability demonstrated at the TyphoonPWN 2024 hacking competition. Google has issued a Chrome 126 security update, addressing six vulnerabilities, including a flaw, tracked as CVE-2024-6100 which was demonstrated during the SSD Secure Disclosure’s TyphoonPWN 2024. TyphoonPWN is a live hacking competition held annually at TyphoonCon, an Offensive Security Conference in Seoul, South Korea.
Schneier on Security
JUNE 19, 2024
There has been a lot of toxicity in the comments section of this blog. Recently, we’re having to delete more and more comments. Not just spam and off-topic comments, but also sniping and personal attacks. It’s gotten so bad that I need to do something. My options are limited because I’m just one person, and this website is free, ad-free, and anonymous.
Data Breach Today
JUNE 21, 2024
The Company Will Start Notifying Individuals Affected by the Breach in Late July Change Healthcare says it has begun to notify customers whose data was compromised in the February ransomware attack that affected scores of healthcare providers, health insurance plans and other organizations. The company will begin to notify affected individuals in late July.
WIRED Threat Level
JUNE 19, 2024
The new book World on the Brink: How America Can Beat China in the Race for the 21st Century lays out what might actually happen if China were to invade Taiwan in 2028.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Security Affairs
JUNE 17, 2024
Chinese cyberespionage group Velvet Ant was spotted using custom malware to target F5 BIG-IP appliances to breach target networks. In late 2023, Sygnia researchers responded to an incident suffered by a large organization that they attributed to a China-linked threat actor tracked as ‘Velvet Ant.’ The cyberspies deployed custom malware on F5 BIG-IP appliances to gain persistent access to the internal network of the target organization and steal sensitive data.
eSecurity Planet
JUNE 18, 2024
The remote code execution vulnerabilities from last week’s recap continue, and Microsoft Patch Tuesday identifies plenty of issues to patch — but fortunately, most of them aren’t critical vulnerabilities. PHP’s Windows flaw is now being exploited by ransomware, almost immediately after researchers publicized the issue. Google also has an elevation of privilege vulnerability in its Pixel phones, among others; Android has published fixes for all the device issues.
Data Breach Today
JUNE 17, 2024
CISO and Acting Deputy CIO La Monte Yarborough on Building a Culture of Security The U.S. Department of Health and Human Services is actively enhancing its cybersecurity measures to protect sensitive health data. CISO and Acting Deputy CIO La Monte Yarborough outlined the measures HHS is taking to protect sensitive data and critical infrastructure amid rising threats.
WIRED Threat Level
JUNE 19, 2024
A WIRED investigation shows that the AI search startup Perplexity is surreptitiously downloading your data.
Speaker: Christophe Louvion, Chief Product & Technology Officer of NRC Health and Tony Karrer, CTO at Aggregage
Christophe Louvion, Chief Product & Technology Officer of NRC Health, is here to take us through how he guided his company's recent experience of getting from concept to launch and sales of products within 90 days. In this exclusive webinar, Christophe will cover key aspects of his journey, including: LLM Development & Quick Wins 🤖 Understand how LLMs differ from traditional software, identifying opportunities for rapid development and deployment.
Security Affairs
JUNE 18, 2024
Over the last few years, ransomware attacks have become one of the most prevalent and expensive forms of cybercrime. Initially, these attacks involved malicious software that encrypts a victim’s data, rendering it inaccessible until a ransom is paid to the attackers. Today, this tactic has evolved, where ransomware operators in nearly every case first exfiltrate sensitive data and then threaten to publicly expose it if a ransom demand is not paid.
KnowBe4
JUNE 17, 2024
Researchers at Trustwave warn that a phishing campaign is distributing malware via HTML attachments disguised as invoices. Notably, the HTML files abuse the Windows Search protocol to launch Windows Explorer and trick users into installing the malware.
Data Breach Today
JUNE 18, 2024
Company Publishes Information on Double Key Encryption Under Regulatory Pressure Following a legal intervention made by the German federal cybersecurity agency, Microsoft has disclosed additional information on encryption measures it adopted to secure its customer data. A new white paper details how the company is deploying double key encryption.
Expert insights. Personalized for you.
218 
Let's personalize your content