Wed.Oct 30, 2024

article thumbnail

Change Healthcare Breach Hits 100M Americans

Krebs on Security

Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information. Image: Tamer Tuncay, Shutterstock.com. A ransomware attack at Change Healthcare in the third week of February quickly spawned disruptions across the U.S. healthcare system that reverberated for months, thanks to the company’s c

article thumbnail

News alert: Cybersecurity, AI priorities for 2025 highlighted at ATPC Cyber Forum in Atlanta

The Last Watchdog

Atlanta, GA, Oct. 30, 2024, CyberNewswire — The American Transaction Processors Coalition (ATPC) Cyber Council will convene “The Tie that Binds: A 21st Century Cybersecurity Dialogue,” on October 31, 2024, at the Bank of America Financial Center Tower’s Convention Hall in Atlanta. This event will feature leading cyber experts from the financial services sector, Federal agencies, the White House, and Congress to focus on pressing cybersecurity issues and ways the financial services sector i

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Best Antivirus Software for Small Businesses in 2024

Tech Republic Security

Bitdefender is our overall pick for the best antivirus software for small businesses, while Norton offers 24/7 support, and ESET provides scalability.

article thumbnail

ServiceNow Patches Critical Sandbox Escape Vulnerability – CVE-2024-8923 (CVSS 9.8)

Penetration Testing

ServiceNow, a leading cloud-based enterprise platform, has recently addressed two significant vulnerabilities, CVE-2024-8923 and CVE-2024-8924, which posed serious risks to organizations using its Now Platform. These vulnerabilities could enable unauthorized... The post ServiceNow Patches Critical Sandbox Escape Vulnerability – CVE-2024-8923 (CVSS 9.8) appeared first on Cybersecurity News.

Risk 131
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Operation Magnus: Joint Law Enforcement Operation Targets Major Infostealer Networks

Tech Republic Security

Read more about a joint operation between several law enforcement agencies in the U.S., Australia, Belgium, Portugal, The Netherlands, and the U.K. to tackle RedLine Stealer and META malware.

Malware 132
article thumbnail

CVE-2024-50387: Critical QNAP Flaw Exploited in Hacking Contest, Patch Now!

Penetration Testing

In a thrilling showdown at the recent Pwn2Own Ireland 2024 hacking competition, white hat hackers YingMuo (@YingMuo), in collaboration with the DEVCORE Internship Program, successfully exploited a critical zero-day vulnerability... The post CVE-2024-50387: Critical QNAP Flaw Exploited in Hacking Contest, Patch Now! appeared first on Cybersecurity News.

Hacking 115

More Trending

article thumbnail

From Gmail to Google Drive: How Evasive Panda Exploits Cloud Services with CloudScout

Penetration Testing

In a recent discovery, ESET researchers unveiled “CloudScout,” a sophisticated cyberespionage toolset employed by the advanced persistent threat (APT) group called Evasive Panda. This China-aligned group has reportedly used CloudScout... The post From Gmail to Google Drive: How Evasive Panda Exploits Cloud Services with CloudScout appeared first on Cybersecurity News.

article thumbnail

Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code

The Hacker News

Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool but harbors functionality designed to steal sensitive data and drain assets from victims' crypto wallets. The package, named "CryptoAITools," is said to have been distributed via both Python Package Index (PyPI) and bogus GitHub repositories.

article thumbnail

CHOROLOGY.ai Extends AI Reach to Classify Sensitive Data

Security Boulevard

CHOROLOGY.ai this week added an Automated Compliance Engine (ACE) to its data security posture management (DSPM) platform that makes use of multiple types of artificial intelligence (AI) to rapidly classify sensitive data at scale. The post CHOROLOGY.ai Extends AI Reach to Classify Sensitive Data appeared first on Security Boulevard.

article thumbnail

Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware

The Hacker News

Cybersecurity researchers have uncovered an ongoing malvertising campaign that abuses Meta's advertising platform and hijacked Facebook accounts to distribute information known as SYS01stealer. "The hackers behind the campaign use trusted brands to expand their reach," Bitdefender Labs said in a report shared with The Hacker News.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Proofpoint Boosting Data Security with Normalyze Acquisition

Security Boulevard

Cybersecurity firm Proofpoint, which is eyeing an IPO in the next 18 months, is buying startup Normalyze to improve its data protection capabilities and mitigate the threat humans present in an increasingly fast-paced, interconnected, and AI-focus world. The post Proofpoint Boosting Data Security with Normalyze Acquisition appeared first on Security Boulevard.

article thumbnail

Patch now! New Chrome update for two critical vulnerabilities

Malwarebytes

Google has released an update for its Chrome browser which includes patches for two critical vulnerabilities. The update brings the Stable channel to versions 130.0.6723.91/.92 for Windows and Mac and 130.0.6723.91 for Linux. The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging behind if you never close your browser or if something goes wrong—such as an extension stopping you from updating the browser.

Spyware 105
article thumbnail

Survey Surfaces Fundamental Weaknesses in API Security

Security Boulevard

Traceable AI today published a global survey of 1,548 IT and cybersecurity professionals that finds well over half (57%) work for organizations that have experienced a data breach incident involving application programming interfaces (APIs) in the last two years, with nearly three-quarters of those organizations experiencing three or more incidents.

article thumbnail

Atlassian Confluence Vulnerability CVE-2023-22527 Exploited for Cryptomining

Penetration Testing

In a recently disclosed report by Trend Micro, attackers were observed exploiting a vulnerability in Atlassian’s Confluence servers (CVE-2023-22527) to hijack victim resources and harvest rewards from the Titan Network—a... The post Atlassian Confluence Vulnerability CVE-2023-22527 Exploited for Cryptomining appeared first on Cybersecurity News.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

AI Cyberattacks Rise but Businesses Still Lack Insurance

Security Boulevard

Cybersecurity is a leading concern for risk managers as AI-related cyber risks surge, and despite growing investments, many businesses still lack comprehensive cyber insurance, according to a Nationwide survey. The post AI Cyberattacks Rise but Businesses Still Lack Insurance appeared first on Security Boulevard.

article thumbnail

Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information

The Hacker News

A now-patched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to private APIs. The attack, codenamed CrossBarking, could have made it possible to conduct actions such as capturing screenshots, modifying browser settings, and account hijacking, Guardio Labs said.

article thumbnail

This $99 Android phone is no Pixel 9 Pro, but performs better than handsets twice the price

Zero Day

Not everyone needs a $1,000 phone​. If you're on a tight budget or you're shopping for the kids, the NUU N10 is a truly impressive budget handset.

105
105
article thumbnail

QNAP Patches Critical Zero-Day Exploited at Pwn2Own Ireland 2024 – CVE-2024-50388

Penetration Testing

QNAP has swiftly addressed a critical zero-day vulnerability in its HBS 3 Hybrid Backup Sync software, following its successful exploitation at the recent Pwn2Own Ireland 2024 competition. The vulnerability, tracked... The post QNAP Patches Critical Zero-Day Exploited at Pwn2Own Ireland 2024 – CVE-2024-50388 appeared first on Cybersecurity News.

Backups 95
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

48% of people have been scammed while holiday shopping online - what to watch for

Zero Day

Almost half of Americans will do most of their holiday shopping between Black Friday and Cyber Monday. But that's also the busiest time of the year for scammers. Here's how to protect yourself.

Scams 132
article thumbnail

Embarking on a Compliance Journey? Here’s How Intruder Can Help

The Hacker News

Navigating the complexities of compliance frameworks like ISO 27001, SOC 2, or GDPR can be daunting. Luckily, Intruder simplifies the process by helping you address the key vulnerability management criteria these frameworks demand, making your compliance journey much smoother. Read on to understand how to meet the requirements of each framework to keep your customer data safe.

91
article thumbnail

Citrix Boosts Security for Remote Application Accesses With “More Security Layers”

Security Boulevard

Connections on the internet are not secure by default, and bad actors frequently take advantage of users accessing organizations’ applications and resources from remote locations, to burrow into corporate networks. Experts recommend picking a remote access management solution and adjusting the settings to the organization’s individual access control policy to establish remote connections securely.

article thumbnail

Gen AI as a software quality tool? Skepticism is fading as more organizations implement it

Zero Day

IT pros' attitudes toward using generative AI as a quality assurance and testing vehicle have shifted significantly over the past 12 months, a new survey found.

Software 130
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Cloud Security Alliance Advocates Zero Trust for Critical Infrastructure

Security Boulevard

The Cloud Security Alliance, noting the increasing cyberthreats to critical infrastructure in a highly interconnected world, released a report outlining steps organizations can take to implement zero trust policies to protect against nation-state actors and other threat groups. The post Cloud Security Alliance Advocates Zero Trust for Critical Infrastructure appeared first on Security Boulevard.

article thumbnail

North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack

The Hacker News

Threat actors in North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, underscoring their financial motivations.

article thumbnail

CVE-2024-48074: RCE Flaw Discovered in DrayTek Vigor2960 Routers, PoC Published

Penetration Testing

Security researchers have uncovered a critical remote code execution (RCE) vulnerability in DrayTek Vigor2960 routers, a popular choice for businesses requiring a robust VPN solution. The vulnerability, tracked as CVE-2024-48074... The post CVE-2024-48074: RCE Flaw Discovered in DrayTek Vigor2960 Routers, PoC Published appeared first on Cybersecurity News.

VPN 81
article thumbnail

How to make LibreOffice look more like Microsoft Office

Zero Day

If you've been using Microsoft Office for years but want to switch to LibreOffice, here's how to get a more familiar UI to make the transition seamless.

122
122
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

article thumbnail

Four Scary Cyber Creatures Haunting Your Working World

Thales Cloud Protection & Licensing

Four Scary Cyber Creatures Haunting Your Working World josh.pearson@t… Thu, 10/31/2024 - 07:01 As Cybersecurity Awareness Month draws to a close and we celebrate Halloween, it's the perfect time to face the digital phantoms that haunt our online lives. Just like the monsters in your nightmares, these cyber creatures lurk in the shadows, waiting for the perfect moment to strike.

article thumbnail

The best iPad screen protectors of 2024

Zero Day

We found the top-rated iPad screen protectors that will keep your device safe from accidents while looking great. We found the top-rated iPad screen protectors that will keep your device safe from accidents while looking great.

85
article thumbnail

The new Webroot PC Optimizer boosts computer performance

Webroot

Think back to when your brand new laptop or desktop ran the smoothest, operating at peak performance. Is it still that fast, or does even the simplest task seem to take forever? Before you ditch your current PC, there’s a way to get it running like new again. First things first, though—you have to understand why your PC is running slowly. Do computers slow down with age?

article thumbnail

How to use a PPA in Linux to install applications safely

Zero Day

Linux has many ways to install applications, including Personal Package Archives in Debian and Ubuntu-based distributions. Here's how they work.

122
122
article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.