Thu.Jul 04, 2024

article thumbnail

Brazil data protection authority bans Meta from training AI models with data originating in the country

Security Affairs

Brazil’s data protection authority temporarily banned Meta from using data originating in the country to train its artificial intelligence. Brazil’s data protection authority, Autoridade Nacional de Proteção de Dados (ANPD), has imposed a temporary ban on Meta from processing users’ personal data for training its artificial intelligence (AI) models. “The National Data Protection Authority (ANPD) issued today a Preventive Measure determining the immediate suspension, in Brazil,

article thumbnail

Rethinking Cybersecurity in the Age of AI

Security Boulevard

IT managers and CSOs need to rethink their approach to cybersecurity and protect their organizations from this new breed of AI-powered attacks. The post Rethinking Cybersecurity in the Age of AI appeared first on Security Boulevard.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Splunk fixed tens of flaws in Splunk Enterprise and Cloud Platform

Security Affairs

Technology company Splunk released security updates to address 16 vulnerabilities in Splunk Enterprise and Cloud Platform. Technology company Splunk addressed 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including four high-severity flaws. The vulnerability CVE-2024-36985 is a Remote Code Execution (RCE) through an external lookup due to “copybuckets.py“ script in the “splunk_archiver“ application in Splunk Enterprise. “In Splunk Enterprise versions below 9.0.10, 9.1.5, and

article thumbnail

Smashing Silos With a Vulnerability Operations Center (VOC)

Security Boulevard

VOC enables teams to address the vulnerabilities that present the greatest risk to their specific attack surface before they can be exploited. The post Smashing Silos With a Vulnerability Operations Center (VOC) appeared first on Security Boulevard.

Risk 128
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Hackers obtained user data from Twilio-owned 2FA authentication app Authy

Security Affairs

Twilio states that threat actors have identified the phone numbers of users of its two-factor authentication app, Authy, TechCrunch reported. Last week, the notorious hacker ShinyHunters claimed to have stolen 33 million phone numbers from Twilio. This week the messaging firm told TechCrunch that “threat actors” identified data of Authy users, a two-factor authentication app owned by Twilio, including their phone numbers.

article thumbnail

Compliance, Security and the Role of Identity

Security Boulevard

While compliance frameworks establish baseline requirements for data protection, they may not always align with the rapidly evolving threat landscape. The post Compliance, Security and the Role of Identity appeared first on Security Boulevard.

More Trending

article thumbnail

Quick Heal’s New Update With Enahnced Ransomware Protection

Quick Heal Antivirus

In today’s technological landscape, ransomware is a well-known yet potent threat, posing significant challenges to individuals and businesses. The post Quick Heal’s New Update With Enahnced Ransomware Protection appeared first on Quick Heal Blog.

article thumbnail

Healthcare fintech firm HealthEquity disclosed a data breach

Security Affairs

Healthcare firm HealthEquity disclosed a data breach caused by a partner’s compromised account that exposed protected health information. Healthcare fintech firm HealthEquity disclosed a data breach after a partner’s compromised account was used to access its systems. The intruders have stolen protected health information from the company systems.

article thumbnail

Volcano Demon ransomware group rings its victims to extort money

Graham Cluley

Security researchers have warned that a new ransomware group has taken an unusual twist on the traditional method of extorting money from its corporate victims. Read more in my article on the Tripwire State of Security blog.

article thumbnail

Polyfill[.]io Attack Impacts Over 380,000 Hosts, Including Major Companies

The Hacker News

The supply chain attack targeting widely-used Polyfill[.]io JavaScript library is wider in scope than previously thought, with new findings from Censys showing that over 380,000 hosts are embedding a polyfill script linking to the malicious domain as of July 2, 2024.

114
114
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

How Apple Intelligence’s Privacy Stacks Up Against Android’s ‘Hybrid AI’

WIRED Threat Level

Generative AI is seeping into the core of your phone, but what does that mean for privacy? Here’s how Apple’s unique AI architecture compares to the “hybrid” approach adopted by Samsung and Google.

article thumbnail

Cyber Insurance Premiums Are Declining Worldwide as Businesses Improve Security, Howden Insurance Broker Report Finds

Tech Republic Security

Rates have declined by 15% since the market peak in 2022, according to Howden Insurance Brokers.

Insurance 137
article thumbnail

Microsoft Uncovers Critical Flaws in Rockwell Automation PanelView Plus

The Hacker News

Microsoft has revealed two security flaws in Rockwell Automation PanelView Plus that could be weaponized by remote, unauthenticated attackers to execute arbitrary code and trigger a denial-of-service (DoS) condition.

112
112
article thumbnail

Authy phone numbers accessed by cybercriminals, warns Twilio

Malwarebytes

Twilio has warned users of the Authy multi-factor authentication (MFA) app about an incident in which cybercriminals may have obtained their phone numbers. Twilio said the cybercriminals abused an unsecured Application Programming Interface (API) endpoint to verify the phone numbers of millions of Authy multi-factor authentication users. Authy is an app that you install on your device which then produces a MFA code for you when logging into services.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

New Golang-Based Zergeca Botnet Capable of Powerful DDoS Attacks

The Hacker News

Cybersecurity researchers have uncovered a new botnet called Zergeca that's capable of conducting distributed denial-of-service (DDoS) attacks. Written in Golang, the botnet is so named for its reference to a string named "ootheca" present in the command-and-control (C2) servers ("ootheca[.]pw" and "ootheca[.]top").

DDOS 111
article thumbnail

Ethereum mailing list breach exposes 35,000 to crypto draining attack

Bleeping Computer

A threat actor compromised Ethereum's mailing list provider and sent to over 35,000 addresses a phishing email with a link to a malicious site running a crypto drainer. [.

Phishing 104
article thumbnail

Turning Jenkins Into a Cryptomining Machine From an Attacker's Perspective

Trend Micro

In this blog entry, we will discuss how the Jenkins Script Console can be weaponized by attackers for cryptomining activity if not configured properly.

article thumbnail

Cyber Criminals Don't Take Holidays, You Need a Solution That Doesn't Either

GlobalSign

During the holiday period, cyber threats are larger than ever – find out how to protect your business while having peace of mind through automated security solutions.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

CVE-2024-38513 (CVSS 9.8): Critical Security Flaw in Popular Go Web Framework, Fiber

Penetration Testing

A high-severity vulnerability (CVE-2024-38513) has been discovered in Fiber, a widely-used web framework for the Go programming language. This flaw allows attackers to hijack user sessions, potentially leading to unauthorized access and data breaches.... The post CVE-2024-38513 (CVSS 9.8): Critical Security Flaw in Popular Go Web Framework, Fiber appeared first on Cybersecurity News.

article thumbnail

Hackers attack HFS servers to drop malware and Monero miners

Bleeping Computer

Hackers are targeting older versions of the HTTP File Server (HFS) from Rejetto to drop malware and cryptocurrency mining software. [.

Malware 104
article thumbnail

IT Security Responsibilities for Online Start-Ups 

IT Security Guru

In this digital world we live in, online start-ups are emerging rapidly, harnessing the power of the internet to reach global audiences and deliver innovative solutions. However, with the increased digital presence comes an elevated risk of cyber threats. For new online businesses, implementing robust cybersecurity strategies is not just an option, but a necessity.

Backups 75
article thumbnail

The Runtime Secrets’ Security Gap

Security Boulevard

The last mile in secrets security is securing secrets in workloads. Discover a new way to securely deliver encrypted secrets in your infrastructure with innovative open-source tools, and say goodbye to plaintext secrets. The post The Runtime Secrets’ Security Gap appeared first on Security Boulevard.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Your PCI-DSS v4.0 Roadmap: Charting a Course of Education, Analysis & System Enhancements

Thales Cloud Protection & Licensing

Your PCI-DSS v4.0 Roadmap: Charting a Course of Education, Analysis & System Enhancements josh.pearson@t… Thu, 07/04/2024 - 07:00 The Payment Card Industry Data Security Standard (PCI-DSS) v4.0 is about protecting cardholder data and maintaining the secure reputation of the industry as a whole. Cyber threats are continuing to grow and evolve in frequency, vector and complexity requiring stronger protection, particularly for payments data.

article thumbnail

Widespread Supply Chain Attack on NPM: Trojanized jQuery Discovered

Penetration Testing

A sophisticated and persistent supply chain attack targeting the popular JavaScript library jQuery has been uncovered by cybersecurity researchers at Phylum. The attack, which has been active since late May, involves the distribution of... The post Widespread Supply Chain Attack on NPM: Trojanized jQuery Discovered appeared first on Cybersecurity News.

article thumbnail

NTT DATA Romania Probes Security Incident as RansomHub Threatens Data Leak

Heimadal Security

The Romanian branch of NTT DATA has reportedly been targeted in a significant cyber attack, with the RansomHub ransomware group claiming responsibility. The hackers allege that they have exfiltrated 230 GB of sensitive data. The attack was first detected on June 14, 2024, and the cybercriminals have set a ransom deadline of July 5, 2024, […] The post NTT DATA Romania Probes Security Incident as RansomHub Threatens Data Leak appeared first on Heimdal Security Blog.

article thumbnail

Apache HTTP Server Update Patches Critical Source Code Disclosure Flaw (CVE-2024-39884)

Penetration Testing

Recently, the Apache Software Foundation has rushed to release Apache HTTP Server version 2.4.61, a crucial update that addresses a severe source code disclosure vulnerability (CVE-2024-39884). This flaw, rated as “Important” by the Apache... The post Apache HTTP Server Update Patches Critical Source Code Disclosure Flaw (CVE-2024-39884) appeared first on Cybersecurity News.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Privacy-Enhanced Data Sharing: How to Drive Business Growth by Protecting Your Data

Security Boulevard

If data is the new oil, then organizations will get little benefit from hoarding it. They need to share it between individuals, departments, organizations and/or systems to improve decision making and drive growth. But there are risks. To avoid major financial, reputational and legal repercussions, these same enterprises need to build “secure pipelines” down which that data can travel.

Risk 64
article thumbnail

Logsign Unified SecOps Platform Urgent Update Addresses Critical RCE Vulnerabilities

Penetration Testing

Two critical vulnerabilities have been identified in the Logsign Unified SecOps Platform, a comprehensive software solution for security operations. These vulnerabilities, CVE-2024-5716 and CVE-2024-5717, when combined, can enable remote, unauthenticated code execution on the... The post Logsign Unified SecOps Platform Urgent Update Addresses Critical RCE Vulnerabilities appeared first on Cybersecurity News.

article thumbnail

Upskill, Reskill, or Hire? For GenAI, You Need All Three

Security Boulevard

The buzz around AI is palpable! The need for new skills and the rush to create AI-powered teams grows stronger – the whispers of Gen. Read More The post Upskill, Reskill, or Hire? For GenAI, You Need All Three appeared first on ISHIR | Software Development India. The post Upskill, Reskill, or Hire? For GenAI, You Need All Three appeared first on Security Boulevard.

article thumbnail

Social media and teen mental health – Week in security with Tony Anscombe

We Live Security

Social media sites are designed to make their users come back for more. Do laws restricting children's exposure to addictive social media feeds have teeth or are they a political gimmick?

Media 82
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.