Wed.Jun 05, 2024

article thumbnail

RSAC Fireside Chat: Seclore advances ‘EDRM’ by aligning granular controls onto sensitive data

The Last Watchdog

Digital rights management ( DRM ) has come a long way since Hollywood first recognized in the 1990s that it needed to rigorously protect digital music and movies. By the mid-2000s a branch called enterprise digital rights management ( EDRM ) cropped up to similarly protect sensitive business information. Today, businesses amass vast amounts of business-critical data – at a pace that’s quickening as GenAI takes hold.

article thumbnail

Are Password Managers Safe to Use? (Benefits, Risks & Best Practices)

Tech Republic Security

Are password managers safe to use? Find out if they are really secure and discover the benefits and risks of using password managers.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Age of the Drone Police Is Here

WIRED Threat Level

A WIRED investigation, based on more than 22 million flight coordinates, reveals the complicated truth about the first full-blown police drone program in the US—and why your city could be next.

145
145
article thumbnail

Cisco Live 2024: New Unified Observability Experience Packages Cisco & Splunk Insight Tools

Tech Republic Security

The observability suite is the first major overhaul for Splunk products since the Cisco acquisition. Plus, Mistral AI makes a deal with Cisco’s incubator.

Big data 186
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Cisco addressed Webex flaws used to compromise German government meetings

Security Affairs

Cisco addressed vulnerabilities that were exploited to compromise the Webex meetings of the German government. In early May, German media outlet Zeit Online revealed that threat actors exploited vulnerabilities in the German government’s implementation of the Cisco Webex software to access internal meetings. In March, the German authorities admitted the hack by Russia-linked actors of a military meeting where participants discussed giving military support to Ukraine. “In early May 2024, Ci

article thumbnail

Cisco Talos: LilacSquid Threat Actor Targets Multiple Sectors Worldwide With PurpleInk Malware

Tech Republic Security

Find out how the cyberespionage threat actor LilacSquid operates, and then learn how to protect your business from this security risk.

Malware 175

More Trending

article thumbnail

CNN, Paris Hilton, and Sony TikTok accounts hacked via DMs

Security Affairs

A vulnerability in the popular video-sharing platform TikTok allowed threat actors to take over the accounts of celebrities. Threat actors exploited a zero-day vulnerability in the video-sharing platform TikTok to hijack high-profile accounts. The vulnerability resides in the direct messages feature implemented by the platform, reported Forbes. The malware spreads through direct messages within the app and only requires the user to open a message.

article thumbnail

Chinese State-Backed Cyber Espionage Targets Southeast Asian Government

The Hacker News

An unnamed high-profile government organization in Southeast Asia emerged as the target of a "complex, long-running" Chinese state-sponsored cyber espionage operation codenamed Crimson Palace.

article thumbnail

Leveraging Virtual Reality to Enhance Diversity and Inclusion training at Google

Elie

This case-study explores the effectiveness of virtual reality (VR) for diversity, equity, and inclusion (DEI) training through the lens of a custom VR application developped to train Google employees.

138
138
article thumbnail

Rebranded Knight Ransomware Targeting Healthcare and Businesses Worldwide

The Hacker News

An analysis of a nascent ransomware strain called RansomHub has revealed it to be an updated and rebranded version of Knight ransomware, itself an evolution of another ransomware known as Cyclops. Knight (aka Cyclops 2.0) ransomware first arrived in May 2023, employing double extortion tactics to steal and encrypt victims' data for financial gain.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

FBI recovers 7,000 LockBit keys, urges ransomware victims to reach out

Bleeping Computer

The FBI urges past victims of LockBit ransomware attacks to come forward after revealing that it has obtained over 7,000 LockBit decryption keys that they can use to recover encrypted data for free. [.

article thumbnail

Big name TikTok accounts hijacked after opening DM

Malwarebytes

High profile TikTok accounts, including CNN, Sony, and—er­—Paris Hilton have been targeted in a recent attack. CNN was the first account takeover that made the news, with Semafor reporting that the account was down for several days after the incident. According to Forbes, the attack happens without the account owner needing to click on or open anything—known as a zero-click attack.

article thumbnail

Zyxel Releases Patches for Firmware Vulnerabilities in EoL NAS Models

The Hacker News

Zyxel has released security updates to address critical flaws impacting two of its network-attached storage (NAS) devices that have currently reached end-of-life (EoL) status. Successful exploitation of three of the five vulnerabilities could permit an unauthenticated attacker to execute operating system (OS) commands and arbitrary code on affected installations.

Firmware 136
article thumbnail

Kali Linux 2024.2 released with 18 new tools, Y2038 changes

Bleeping Computer

Kali Linux has released version 2024.2, the first version of 2024, with eighteen new tools and fixes for the Y2038 bug. [.

135
135
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

RansomHub Rides High on Knight Ransomware Source Code

Security Boulevard

RansomHub, which has become among the most prolific ransomware groups over the past few months, likely got its start with the source code from the Knight malware and a boost from a one-time BlackCat affiliate. The post RansomHub Rides High on Knight Ransomware Source Code appeared first on Security Boulevard.

article thumbnail

Zyxel addressed three RCEs in end-of-life NAS devices

Security Affairs

Zyxel Networks released an emergency security update to address critical vulnerabilities in end-of-life NAS devices. Zyxel Networks released an emergency security update to address three critical flaws in some of its NAS devices that have reached end-of-life. An attacker can exploit the vulnerabilities to perform command injection attacks and achieve remote code execution.

Firmware 134
article thumbnail

Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers

Trend Micro

We analyze a cryptojacking attack campaign exploiting exposed Docker remote API servers to deploy cryptocurrency miners, using Docker images from the open-source Commando project.

article thumbnail

An American Company Enabled a North Korean Scam That Raised Money for WMDs

WIRED Threat Level

Wyoming’s secretary of state has proposed ways of “preventing fraud and abuse of corporate filings by commercial registered agents” in the aftermath of the scheme’s exposure.

Scams 130
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Unpacking 2024's SaaS Threat Predictions

The Hacker News

Early in 2024, Wing Security released its State of SaaS Security report, offering surprising insights into emerging threats and best practices in the SaaS domain. Now, halfway through the year, several SaaS threat predictions from the report have already proven accurate.

129
129
article thumbnail

Say hello to the fifth generation of Malwarebytes

Malwarebytes

Announcing the latest version of Malwarebytes, which brings a faster, responsive, and consistent user interface, integrated security and privacy, and expert guidance to keep you secure. Here’s what you can expect: 1. Unified user experience across platforms The new generation of Malwarebytes now delivers a consistent user experience across all our desktop and mobile platforms.

VPN 124
article thumbnail

The Imperative of Strong Cybersecurity for DIB Companies: Beyond Compliance to Genuine Protection of CUI

Security Boulevard

In an era marked by escalating cybersecurity threats, companies within the Defense Industrial Base (DIB) find themselves at a critical juncture. With approximately 80,000 entities poised for substantial IT system enhancements to adhere to DFARS 7012 and CMMC standards, the emphasis largely remains on compliance. This perspective, however, often overshadows the fundamental purpose of these […] The post The Imperative of Strong Cybersecurity for DIB Companies: Beyond Compliance to Genuine Protecti

article thumbnail

Club Penguin fans breached Disney Confluence server, stole 2.5GB of data

Bleeping Computer

Club Penguin fans hacked a Disney Confluence server to steal information about their favorite game but wound up walking away with 2.5 GB of internal corporate data, BleepingComputer has learned. [.

Hacking 113
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

MSPs Look to Streamline Cybersecurity Partnerships, Skills Shortage Persists

Security Boulevard

A rising volume of risks, shortage of qualified cybersecurity professionals and time management with vendors are among the challenges MSPs face. The post MSPs Look to Streamline Cybersecurity Partnerships, Skills Shortage Persists appeared first on Security Boulevard.

article thumbnail

CVE-2024-4295: Critical Vulnerability in Popular WordPress Plugin Exposes 90K+ Sites

Penetration Testing

A critical security flaw has been uncovered in the popular WordPress plugin, Email Subscribers by Icegram Express. This vulnerability, designated as CVE-2024-4295, carries a severity rating of 9.8 (CVSS), making it a prime target... The post CVE-2024-4295: Critical Vulnerability in Popular WordPress Plugin Exposes 90K+ Sites appeared first on Cybersecurity News.

article thumbnail

Linux version of TargetCompany ransomware focuses on VMware ESXi

Bleeping Computer

Researchers observed a new Linux variant of the TargetCompany ransomware family that targets VMware ESXi environments using a custom shell script to deliver and execute payloads. [.

article thumbnail

What is S/MIME and How Does it Work?

GlobalSign

In this article we explain the concept behind S/MIME, how it works, and how you can start using it.

98
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Advance Auto Parts stolen data for sale after Snowflake attack

Bleeping Computer

Threat actors claim to be selling 3TB of data from Advance Auto Parts, a leading automotive aftermarket parts provider, stolen after breaching the company's Snowflake account. [.

article thumbnail

HHS Mandates Patient Notification After Change Healthcare Data Breach

SecureWorld News

The U.S. Department of Health and Human Services (HHS) has stepped in to ensure patients are made aware if their sensitive data was compromised during February's massive cyberattack on health IT firm Change Healthcare. In a ruling issued on May 31, 2024, HHS stated that hospitals and health systems impacted by the Change Healthcare data breach must now require the insurance giant UnitedHealth Group to directly notify affected individuals about potential exposure of their personal and medical inf

article thumbnail

Check-in terminals used by thousands of hotels leak guest info

Bleeping Computer

Ariane Systems self check-in systems installed at thousands of hotels worldwide are vulnerable to a kiosk mode bypass flaw that could allow access to guests' personal information and the keys for other rooms. [.

108
108
article thumbnail

Cybersecurity Training Reduces Phishing Threats – With Numbers to Prove It

Security Boulevard

Train people. It makes a difference. In organizations without security awareness training, 34% of employees are likely to click on malicious links or comply with fraudulent requests. The post Cybersecurity Training Reduces Phishing Threats – With Numbers to Prove It appeared first on Security Boulevard.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.