Sat.Feb 24, 2024 - Fri.Mar 01, 2024

article thumbnail

Groups Warn Health Sector of Change Healthcare Cyber Fallout

Data Breach Today

Some Researchers Confident ConnectWise ScreenConnect Flaw Was Exploited in Attack Healthcare industry groups are urging their members to take certain precautionary actions in the wake of the attack last week on Change Healthcare, a unit of Optum. The advisories come as some researchers say the incident appears to involve exploitation of flaws in ConnectWise's ScreenConnect tool.

271
271
article thumbnail

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s calendar at Calendly , a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call. But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems.

Phishing 223
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Let’s Give Information Its Own Office

AIIM

In my role as The Info Gov Guy™, I consult with clients from up and down their organizational charts: in records, IT, legal, HR, marketing, etc. What this tells me is that their employers don’t consider their information to be a core business asset – which is odd because they do acknowledge their success depends completely on their ability to quickly find and retrieve current, accurate, and properly safeguarded information.

IT 160
article thumbnail

News alert: ThreatHunter.ai stops hundreds of ransomware attacks, nation-state threats in 48 hours

The Last Watchdog

Brea, Calif. Feb. 27, 2024 — The current large surge in cyber threats has left many organizations grappling for security so ThreatHunter.ai is taking decisive action. Recognizing the critical juncture at which the digital world stands, ThreatHunter.ai is now offering their cutting-edge cybersecurity services free of charge to all organizations for 30 days, irrespective of their current cybersecurity measures.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

NIST Unveils Second Iteration of Cybersecurity Framework

Data Breach Today

New CSF Adds 'Governance' to Core Functions Cybersecurity guidance for the private sector published by the U.S. National Institute of Standards and Technology in 2014 has received its first major update. The revised Cybersecurity Framework focuses on governance and says cybersecurity threats are a major source of enterprise risk.

More Trending

article thumbnail

Black Basta and Bl00dy ransomware gangs exploit recent ConnectWise ScreenConnect bugs

Security Affairs

New threat actors have started exploiting ConnectWise ScreenConnect vulnerabilities, including the Black Basta and Bl00dy ransomware gangs. Multiple threat actors have started exploiting the recently disclosed vulnerabilities , tracked as CVE-2024-1709 (CVSS score of 10) and CVE-2024-1708 (CVSS score of 8.4), in the ConnectWise ScreenConnect software.

article thumbnail

Apple Announces Post-Quantum Encryption Algorithms for iMessage

Schneier on Security

Apple announced PQ3 , its post-quantum encryption standard based on the Kyber secure key-encapsulation protocol, one of the post-quantum algorithms selected by NIST in 2022. There’s a lot of detail in the Apple blog post , and more in Douglas Stabila’s security analysis. I am of two minds about this. On the one hand, it’s probably premature to switch to any particular post-quantum algorithms.

article thumbnail

HSCC Issues Cyber 'Call to Action' Plan for Health Sector

Data Breach Today

5-Year Plan Details How to Raise the Bar on Health Ecosystem's Approach to Cyber The Health Sector Coordinating Council has issued a five-year strategic plan - "a call to action" - for healthcare and public health organizations to implement cybersecurity programs that do a better job of protecting their patients against the ever-rising tide of threats.

article thumbnail

Change Healthcare Ransomware Attack: BlackCat Hackers Quickly Returned After FBI Bust

WIRED Threat Level

Two months ago, the FBI “disrupted” the BlackCat ransomware group. They're already back—and their latest attack is causing delays at pharmacies across the US.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

IntelBroker claimed the hack of the Los Angeles International Airport

Security Affairs

The popular hacker IntelBroker announced that it had hacked the Los Angeles International Airport by exploiting a flaw in one of its CRM systems. The website Hackread first reported that the popular hacker IntelBroker had breached one of the CRM systems used by the Los Angeles International Airport. IntelBroker announced it had exploited a vulnerability in the target system, the attack took place this month. “IntelBroker informed Hackread.com that they successfully executed the data breach

article thumbnail

How Meta’s Llama 3 will impact the future of AI

IBM Big Data Hub

In January of 2024, Meta CEO Mark Zuckerberg announced in an Instagram video that Meta AI had recently begun training Llama 3. This latest generation of the LLaMa family of large language models (LLMs) follows the Llama 1 models (originally stylized as “LLaMA”) released in February 2023 and Llama 2 models released in July. Though specific details (like model sizes or multimodal capabilities) have not yet been announced, Zuckerberg indicated Meta’s intent to continue to open sou

article thumbnail

Is Microsegmentation for Zero Trust Defenses Worth It?

Data Breach Today

Forrester's David Holmes on Why CISOs Must Evaluate Microsegmentation in Cloud Microsegmentation is a fundamental concept in zero trust security, but CISOs should assess its feasibility before diving in. This is particularly true in a public cloud environment where there is no real network policy, said David Holmes, principal research analyst at Forrester.

IT 247
article thumbnail

How a Right-Wing Controversy Could Sabotage US Election Security

WIRED Threat Level

Republicans who run elections are split over whether to keep working with the Cybersecurity and Infrastructure Security Agency to fight hackers, online falsehoods, and polling-place threats.

Security 113
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

A cyber attack hit the Royal Canadian Mounted Police

Security Affairs

A cyber attack hit the Royal Canadian Mounted Police (RCMP), the federal and national law enforcement agency of Canada. The Royal Canadian Mounted Police (RCMP), the federal and national law enforcement agency of Canada, confirmed that it was the target of a cyber attack. RCMP also notified the Office of the Privacy Commissioner (OPC). The police have launched an investigation into the cyber attack and urged its staff to stay vigilant. “The situation is evolving quickly but at this time, t

article thumbnail

What is managed DNS, anyway?

IBM Big Data Hub

Managed DNS is where a third-party hosts and optimizes your DNS resolution architecture to provide the fastest, most secure, most reliable experience. Perhaps the easiest way to explain it is by looking at the opposite scenario: what if you don’t have a managed DNS service in place? Every query in the Domain Name System (DNS) follows the same logic to resolve IP addresses.

article thumbnail

North Korean Group Seen Snooping on Russian Foreign Ministry

Data Breach Today

Espionage Groups Deploy Info Stealer to Monitor Russia's Diplomatic Moves North Korean espionage group TA406, aka the Konni Group, deployed information-stealing malware on a Russian government-owned software to spy on the country's foreign ministry officials. This is the latest attack in a North Korean campaign that targets Russian diplomatic activities.

article thumbnail

Dictators Used Sandvine Tech to Censor the Internet. The US Finally Did Something About It

WIRED Threat Level

Canada-based Sandvine has long sold its web-monitoring tech to authoritarian regimes. This week, the US sanctioned the company, severely limiting its ability to do business with American firms.

IT 93
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Unmasking 2024’s Email Security Landscape

Security Affairs

Analyzing the Email Security Landscape and exploring Emerging Threats and Trends. In the ever-shifting digital arena, staying ahead of evolving threat trends is paramount for organizations aiming to safeguard their assets. Amidst this dynamic landscape, email stands as a primary battleground for cyber defense. VIPRE Security Group’s latest report, “Email Security in 2024: An Expert Insight into Email Threats,” delves into the cutting-edge tactics and technologies embraced by cy

Security 105
article thumbnail

How the “Frontier” Became the Slogan of Uncontrolled AI

Schneier on Security

Artificial intelligence (AI) has been billed as the next frontier of humanity: the newly available expanse whose exploration will drive the next era of growth, wealth, and human flourishing. It’s a scary metaphor. Throughout American history, the drive for expansion and the very concept of terrain up for grabs—land grabs, gold rushes, new frontiers—have provided a permission structure for imperialism and exploitation.

article thumbnail

Privacy Watchdog Cracks Down on Biometric Employee Tracking

Data Breach Today

Leisure Center Operators Ordered to Stop Using Facial and Fingerprint Recognition Britain's privacy watchdog ordered Serco Leisure, which operates nearly 40 leisure facilities, to cease using facial recognition and fingerprint scanning for clocking employees in and out, saying the company failed to demonstrate such technology was "necessary or proportionate.

Privacy 243
article thumbnail

The UK Is GPS-Tagging Thousands of Migrants

WIRED Threat Level

Ankle tags that constantly log a person’s coordinates are part of a growing cadre of experimental surveillance tools that countries around the world are trying out on new arrivals.

Privacy 94
article thumbnail

The Big Payoff of Application Analytics

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

article thumbnail

Russia-linked APT29 switched to targeting cloud services

Security Affairs

Russia-linked APT29 threat actors have switched to targeting cloud services, according to a joint alert issued by the Five Eyes cybersecurity agencies. A joint advisory issued by cybersecurity agencies of Five Eyes (US, UK, Australia, Canada and New Zealand) warns that Russia-linked APT29 threat actors (aka SVR group , Cozy Bear , Nobelium , BlueBravo , Midnight Blizzard , and The Dukes ) have switched to targeting cloud services.

Cloud 109
article thumbnail

4 smart technologies modernizing sourcing strategy

IBM Big Data Hub

Sourcing is getting smarter. To start, many organizations have already pivoted from a tactical to a strategic sourcing mindset—which can make all the difference when it comes to gaining and retaining a competitive advantage. Why? Because organizations with strategic sourcing mindsets look beyond price and cost savings-centered supplier selection initiatives.

article thumbnail

SSH Exec Rami Raulas Named Interim CEO in Finnish Shakeup

Data Breach Today

Teemu Tunkelo Left SSH Abruptly After License Sales Slump and Stock Price Nosedive SSH Communications Security CEO Teemu Tunkelo left the Finnish cybersecurity vendor abruptly Monday after low license sales in late 2023 slowed the company's growth. No reason was given for Tunkelo's departure, which stems from an agreement between the CEO and SSH and will take effect immediately.

Sales 233
article thumbnail

VulnRecap 2/26/24 – VMWare, Apple, ScreenConnect Face Risks

eSecurity Planet

Critical vulnerabilities have been discovered across multiple systems, including Microsoft Exchange Servers, the Bricks Builder Theme for WordPress, VMware, ScreenConnect, Joomla, and Apple Shortcuts. Urgent patching and prompt updates can protect systems from unauthorized access, data breaches, and potential exploitation by threat actors. Organizations must prioritize implementing effective security measures and conducting frequent audits.

Risk 96
article thumbnail

A Tale of Two Case Studies: Using LLMs in Production

Speaker: Tony Karrer, Ryan Barker, Grant Wiles, Zach Asman, & Mark Pace

Join our exclusive webinar with top industry visionaries, where we'll explore the latest innovations in Artificial Intelligence and the incredible potential of LLMs. We'll walk through two compelling case studies that showcase how AI is reimagining industries and revolutionizing the way we interact with technology. Some takeaways include: How to test and evaluate results 📊 Why confidence scoring matters 🔐 How to assess cost and quality 🤖 Cross-platform cost vs. quality tr

article thumbnail

Apple created post-quantum cryptographic protocol PQ3 for iMessage

Security Affairs

Apple announced the implementation of a post-quantum cryptographic protocol called PQ3 will be integrated into iMessage. Apple announced a new post-quantum cryptographic protocol called PQ3 that will be integrated into the company messaging application iMessage to secure communications against highly sophisticated quantum attacks. Apple said that PQ3 is the first messaging protocol to reach what they call Level 3 security, which is the most secure protocol for messaging apps today.

article thumbnail

A Mysterious Leak Exposed Chinese Hacking Secrets

WIRED Threat Level

Plus: Scammers try to dupe Apple with 5,000 fake iPhones, Avast gets fined for selling browsing data, and researchers figure out how to clone fingerprints from your phone screen.

Privacy 100
article thumbnail

Proof of Concept: Securing Elections in the Age of AI

Data Breach Today

CISOs Discuss AI Scams, Cyberthreats and Election Security Defenses In the latest "Proof of Concept," Jeff Brown, CISO for the state of Connecticut, and Lester Godsey, CISO for Maricopa County, Arizona, join ISMG editors to discuss AI-related threats to election security, safeguarding against cyber and physical threats and coordinating efforts for complete security.

Security 231