Wed.Jun 05, 2024

article thumbnail

RSAC Fireside Chat: Seclore advances ‘EDRM’ by aligning granular controls onto sensitive data

The Last Watchdog

Digital rights management ( DRM ) has come a long way since Hollywood first recognized in the 1990s that it needed to rigorously protect digital music and movies. By the mid-2000s a branch called enterprise digital rights management ( EDRM ) cropped up to similarly protect sensitive business information. Today, businesses amass vast amounts of business-critical data – at a pace that’s quickening as GenAI takes hold.

article thumbnail

Are Password Managers Safe to Use? (Benefits, Risks & Best Practices)

Tech Republic Security

Are password managers safe to use? Find out if they are really secure and discover the benefits and risks of using password managers.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

FBI recovers 7,000 LockBit keys, urges ransomware victims to reach out

Bleeping Computer

The FBI urges past victims of LockBit ransomware attacks to come forward after revealing that it has obtained over 7,000 LockBit decryption keys that they can use to recover encrypted data for free. [.

article thumbnail

Cisco Live 2024: New Unified Observability Experience Packages Cisco & Splunk Insight Tools

Tech Republic Security

The observability suite is the first major overhaul for Splunk products since the Cisco acquisition. Plus, Mistral AI makes a deal with Cisco’s incubator.

Big data 141
article thumbnail

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

article thumbnail

Leveraging Virtual Reality to Enhance Diversity and Inclusion training at Google

Elie

This case-study explores the effectiveness of virtual reality (VR) for diversity, equity, and inclusion (DEI) training through the lens of a custom VR application developped to train Google employees.

138
138
article thumbnail

Advance Auto Parts stolen data for sale after Snowflake attack

Bleeping Computer

Threat actors claim to be selling 3TB of data from Advance Auto Parts, a leading automotive aftermarket parts provider, stolen after breaching the company's Snowflake account. [.

More Trending

article thumbnail

Club Penguin fans breached Disney Confluence server, stole 2.5GB of data

Bleeping Computer

Club Penguin fans hacked a Disney Confluence server to steal information about their favorite game but wound up walking away with 2.5 GB of internal corporate data, BleepingComputer has learned. [.

Hacking 135
article thumbnail

The Age of the Drone Police Is Here

WIRED Threat Level

A WIRED investigation, based on more than 22 million flight coordinates, reveals the complicated truth about the first full-blown police drone program in the US—and why your city could be next.

133
133
article thumbnail

RansomHub Rides High on Knight Ransomware Source Code

Security Boulevard

RansomHub, which has become among the most prolific ransomware groups over the past few months, likely got its start with the source code from the Knight malware and a boost from a one-time BlackCat affiliate. The post RansomHub Rides High on Knight Ransomware Source Code appeared first on Security Boulevard.

article thumbnail

Check-in terminals used by thousands of hotels leak guest info

Bleeping Computer

Ariane Systems self check-in systems installed at thousands of hotels worldwide are vulnerable to a kiosk mode bypass flaw that could allow access to guests' personal information and the keys for other rooms. [.

128
128
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Cisco addressed Webex flaws used to compromise German government meetings

Security Affairs

Cisco addressed vulnerabilities that were exploited to compromise the Webex meetings of the German government. In early May, German media outlet Zeit Online revealed that threat actors exploited vulnerabilities in the German government’s implementation of the Cisco Webex software to access internal meetings. In March, the German authorities admitted the hack by Russia-linked actors of a military meeting where participants discussed giving military support to Ukraine. “In early May 2024, Ci

article thumbnail

Chinese hacking groups team up in cyber espionage campaign

Bleeping Computer

Chinese state-sponsored actors have been targeting a government agency since at least March 2023 in a cyberespionage campaign that researchers track as Crimson Palace [.

Hacking 132
article thumbnail

Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers

Trend Micro

We analyze a cryptojacking attack campaign exploiting exposed Docker remote API servers to deploy cryptocurrency miners, using Docker images from the open-source Commando project.

article thumbnail

Linux version of TargetCompany ransomware focuses on VMware ESXi

Bleeping Computer

Researchers observed a new Linux variant of the TargetCompany ransomware family that targets VMware ESXi environments using a custom shell script to deliver and execute payloads. [.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

The Imperative of Strong Cybersecurity for DIB Companies: Beyond Compliance to Genuine Protection of CUI

Security Boulevard

In an era marked by escalating cybersecurity threats, companies within the Defense Industrial Base (DIB) find themselves at a critical juncture. With approximately 80,000 entities poised for substantial IT system enhancements to adhere to DFARS 7012 and CMMC standards, the emphasis largely remains on compliance. This perspective, however, often overshadows the fundamental purpose of these […] The post The Imperative of Strong Cybersecurity for DIB Companies: Beyond Compliance to Genuine Protecti

article thumbnail

Qilin ransomware gang linked to attack on London hospitals

Bleeping Computer

A ransomware attack that hit pathology services provider Synnovis on Monday and impacted several major NHS hospitals in London has now been linked to the Qilin ransomware operation. [.

article thumbnail

MSPs Look to Streamline Cybersecurity Partnerships, Skills Shortage Persists

Security Boulevard

A rising volume of risks, shortage of qualified cybersecurity professionals and time management with vendors are among the challenges MSPs face. The post MSPs Look to Streamline Cybersecurity Partnerships, Skills Shortage Persists appeared first on Security Boulevard.

article thumbnail

RansomHub extortion gang linked to now-defunct Knight ransomware

Bleeping Computer

Security researchers analyzing the relatively new RansomHub ransomware-as-a-service believe that it has evoloved from the currently defunct Knight ransomware project. [.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

Hackers Target Python Developers with Fake "Crytic-Compilers" Package on PyPI

The Hacker News

Cybersecurity researchers have discovered a malicious Python package uploaded to the Python Package Index (PyPI) repository that's designed to deliver an information stealer called Lumma (aka LummaC2). The package in question is crytic-compilers, a typosquatted version of a legitimate library named crytic-compile.

article thumbnail

Kali Linux 2024.2 released with 18 new tools, Y2038 changes

Bleeping Computer

Kali Linux has released version 2024.2, the first version of 2024, with eighteen new tools and fixes for the Y2038 bug. [.

138
138
article thumbnail

Chinese State-Backed Cyber Espionage Targets Southeast Asian Government

The Hacker News

An unnamed high-profile government organization in Southeast Asia emerged as the target of a "complex, long-running" Chinese state-sponsored cyber espionage operation codenamed Crimson Palace.

article thumbnail

Google Chrome reduced cookie requests to improve performance

Bleeping Computer

Google shared details on a recently introduced Chrome feature that changes how cookies are requested, with early tests showing increased performance across all platforms. [.

Software 111
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Zyxel addressed three RCEs in end-of-life NAS devices

Security Affairs

Zyxel Networks released an emergency security update to address critical vulnerabilities in end-of-life NAS devices. Zyxel Networks released an emergency security update to address three critical flaws in some of its NAS devices that have reached end-of-life. An attacker can exploit the vulnerabilities to perform command injection attacks and achieve remote code execution.

Firmware 111
article thumbnail

CVE-2024-4295: Critical Vulnerability in Popular WordPress Plugin Exposes 90K+ Sites

Penetration Testing

A critical security flaw has been uncovered in the popular WordPress plugin, Email Subscribers by Icegram Express. This vulnerability, designated as CVE-2024-4295, carries a severity rating of 9.8 (CVSS), making it a prime target... The post CVE-2024-4295: Critical Vulnerability in Popular WordPress Plugin Exposes 90K+ Sites appeared first on Cybersecurity News.

article thumbnail

Zyxel Releases Patches for Firmware Vulnerabilities in EoL NAS Models

The Hacker News

Zyxel has released security updates to address critical flaws impacting two of its network-attached storage (NAS) devices that have currently reached end-of-life (EoL) status. Successful exploitation of three of the five vulnerabilities could permit an unauthenticated attacker to execute operating system (OS) commands and arbitrary code on affected installations.

Firmware 103
article thumbnail

Big name TikTok accounts hijacked after opening DM

Malwarebytes

High profile TikTok accounts, including CNN, Sony, and—er­—Paris Hilton have been targeted in a recent attack. CNN was the first account takeover that made the news, with Semafor reporting that the account was down for several days after the incident. According to Forbes, the attack happens without the account owner needing to click on or open anything—known as a zero-click attack.

article thumbnail

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

article thumbnail

Rebranded Knight Ransomware Targeting Healthcare and Businesses Worldwide

The Hacker News

An analysis of a nascent ransomware strain called RansomHub has revealed it to be an updated and rebranded version of Knight ransomware, itself an evolution of another ransomware known as Cyclops. Knight (aka Cyclops 2.0) ransomware first arrived in May 2023, employing double extortion tactics to steal and encrypt victims' data for financial gain.

article thumbnail

Financial sextortion scams on the rise

Malwarebytes

“Hey there!” messaged Savannah, someone 16-year-old Charlie had never met before, but looked cute in her profile picture. She had long blonde hair, blue eyes, and an adorable smile, so he decided to DM with her on Instagram. Soon their flirty exchanges grew heated, and Savannah was sending Charlie explicit photos. When she asked him for some in return, he thought nothing of taking a quick snap of himself naked and sending it her way.

Scams 95
article thumbnail

Unpacking 2024's SaaS Threat Predictions

The Hacker News

Early in 2024, Wing Security released its State of SaaS Security report, offering surprising insights into emerging threats and best practices in the SaaS domain. Now, halfway through the year, several SaaS threat predictions from the report have already proven accurate.

94
article thumbnail

HHS Mandates Patient Notification After Change Healthcare Data Breach

SecureWorld News

The U.S. Department of Health and Human Services (HHS) has stepped in to ensure patients are made aware if their sensitive data was compromised during February's massive cyberattack on health IT firm Change Healthcare. In a ruling issued on May 31, 2024, HHS stated that hospitals and health systems impacted by the Change Healthcare data breach must now require the insurance giant UnitedHealth Group to directly notify affected individuals about potential exposure of their personal and medical inf

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?