Data Breach Today

SEPTEMBER 12, 2023

Hackers Likely Exploited ProxyLogon to Gain Access, Says Eset Hackers aligned with the Iranian state are targeting vulnerable Microsoft Exchange Servers to deploy a new malware backdoor that has already victimized over two dozen Israeli organizations as part of an ongoing espionage campaign. Hackers' initial access point into systems likely was ProxyLogon.

Access 295

Access 295

Krebs on Security

SEPTEMBER 12, 2023

Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Also, Adobe , Google Chrome and Apple iOS users may have their own zero-day patching to do. On Sept. 7, researchers at Citizen Lab warned they were seeing active exploitation of a “zero-click,” zero-day flaw to install spyware on iOS devices without any interaction from the victim. 

Authentication 225

Authentication Passwords Access Privacy 225

Data Breach Today

SEPTEMBER 12, 2023

'Long-Standing HIPAA Deficiencies' Found in 2 Breaches Affecting Only 2,250 People Federal regulators have smacked a large California health plan with a $1.3 million fine to settle potential HIPAA violations for two relatively small breaches that affected about 2,250 individuals. But officials indicate "long-standing HIPAA deficiencies" were a "systemic" problem at the insurer.

Insurance 292

Insurance 292

AIIM

SEPTEMBER 12, 2023

Navy Petty Officer1st Class Rholanda Tucker, assigned to the "Blacklions" of Strike Fighter Squadron 213, conducts routine maintenance on a 20mm gun from an F/A-18F Super Hornet in the hangar bay of the aircraft carrier USS Gerald R. Ford in the Adriatic Sea, July 16, 2023. The Gerald R. Ford Carrier Strike Group is on a scheduled deployment in the U.S.

Information governance 156

Information governance Government 156

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

Data Breach Today

SEPTEMBER 12, 2023

Chrome Bug Caused by Heap Buffer Overflow Issue in the WebP Image Format Google released a fix on Monday for a Chrome zero-day that allows an attacker to remotely target a vulnerable version of the browser. The bug is tracked as a heap buffer overflow in the WebP image format, which is specifically designed to optimize web images.

290

290

Data Breach Today

SEPTEMBER 12, 2023

Legislative 'Blueprint' Provides Regulatory Road Map for AI As tech companies have jumped to incorporate AI in products, artificial intelligence with no human supervision runs the risk of catastrophe, warned two tech executives before a panel of U.S. senators who intend to introduce regulatory legislation later this year.

Artificial Intelligence 283

Artificial Intelligence Risk 283

Security Affairs

SEPTEMBER 12, 2023

Microsoft September 2023 Patch Tuesday addressed 59 new flaws, including two vulnerabilities under active attack. Microsoft September 2023 Patch Tuesday security updates addressed 59 vulnerabilities, including two actively exploited zero-day. The flaws addressed by the company impact Microsoft Windows and Windows Components; Exchange Server; Office and Office Components; NET and Visual Studio; Azure; Microsoft Dynamics; and Windows Defender.

Security 124

Security IT Information Security 124

Data Breach Today

SEPTEMBER 12, 2023

The Ups and Downs of EDR and XDR Deployments In this webinar recording, learn how VMRay reduces false positives in EDR and XDR, saving resources and addressing analyst burnout while calculating the annual cost of false positives for your organization.

282

282

Security Affairs

SEPTEMBER 12, 2023

A critical vulnerability in GitHub could have exposed more than 4,000 code packages to Repojacking attack. Checkmarx researchers discovered a new vulnerability in GitHub could have exposed over 4,000 packages to repojacking attacks. In the RepoJacking attack, attackers claim the old username of a repository after the legitimate creator changed the username, then publish a rogue repository with the same name to trick users into downloading its content Checkmarx discovered than an attacker can exp

Risk 124

Risk Security IT Information Security 124

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Data Breach Today

SEPTEMBER 12, 2023

White House Secures 8 Additional Commitments to AI Pledge Adobe, IBM, Nvidia, and five additional tech giants on Tuesday signed onto a White House-driven initiative for developing secure and trustworthy generative artificial intelligence models. The commitments, at least for now, are the closet approximation of targeted AI regulation in the United States.

Artificial Intelligence 278

Artificial Intelligence Security 278

Security Affairs

SEPTEMBER 12, 2023

Anonymous Sudan launched a DDoS attack against Telegram after the company suspended the account of the group. The hacker collective Anonymous Sudan (aka Storm-1359) has launched a distributed denial-of-service (DDoS) attack against Telegram in retaliation for the suspension of their primary account. “In a recent update, a well-known and notorious threat actor declared their targeting of Telegram.

Cloud 119

Cloud Sales Passwords Access 119

Data Breach Today

SEPTEMBER 12, 2023

In this episode of CyberEd.io's podcast series "Cybersecurity Insights," Censys CEO Brad Brooks discusses the stresses a CISO experiences in trying to prevent cyberattacks and in dealing with those that do occur. Topics include breach disclosure and cybersecurity marketing to CISOs.

Security 269

Security Cybersecurity Marketing 269

Security Affairs

SEPTEMBER 12, 2023

Software giant Adobe is warning of a critical security vulnerability in the PDF Acrobat and Reader that is actively exploited in the wild. Adobe Patch Tuesday security updates (APSB23-34) addressed a critical zero-day vulnerability actively exploited in the wild in attacks on Adobe Acrobat and Reader products. The vulnerability, tracked as CVE-2023-26369 , is an out-of-bounds write memory safety issue that can be exploited to execute arbitrary code on vulnerable installs. “Adobe has releas

Security 118

Security Information Security IT 118

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

KnowBe4

SEPTEMBER 12, 2023

Phishing attacks have always been detected through broken English, but now generative artificial intelligence (AI) tools are eliminating all those red flags. OpenAI ChatGPT, for instance, can fix spelling mistakes, odd grammar, and other errors that are common in phishing emails.

Artificial Intelligence 114

Artificial Intelligence Phishing 114

Security Affairs

SEPTEMBER 12, 2023

The international non-governmental organization (NGO) Save the Children International was recently hit with a cyberattack. The charity organization Save the Children International revealed that it was hit by a cyber attack. The company disclosed the security incident after the ransomware gang BianLian listed the organization on its Tor leak site. The BianLian extortion group claims to have stolen 6,8 TB of documents, including International HR data, international personal data.

IT 117

IT Ransomware Education Data breaches 117

Dark Reading

SEPTEMBER 12, 2023

The "MrTonyScam" has a surprisingly high success rate, spreading a Python-based stealer to some 100,000 business accounts per week.

129

129

KnowBe4

SEPTEMBER 12, 2023

In the movie, "Willy Wonka and the Chocolate Factory," kids unwrap chocolate bars in hopes of winning a golden ticket, giving the holder an inside tour of the sugar factory. The W3LL store is selling advanced phishing kits – a golden ticket for hacking Microsoft 365 accounts -- that can bypass multi-factor authentication (MFA) no less.

Phishing 112

Phishing Sales Authentication 112

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Schneier on Security

SEPTEMBER 12, 2023

A new Mozilla Foundation report concludes that cars, all of them, have terrible data privacy. All 25 car brands we researched earned our *Privacy Not Included warning label—making cars the official worst category of products for privacy that we have ever reviewed. There’s a lot of details in the report. They’re all bad. BoingBoing post.

Data Privacy 111

Data Privacy Privacy 111

KnowBe4

SEPTEMBER 12, 2023

The Associated Press (AP) has disclosed a data breach affecting the legacy AP Stylebook website that led to phishing attacks against impacted customers, BleepingComputer reports.

Data breaches 105

Data breaches Phishing Cybersecurity 105

Dark Reading

SEPTEMBER 12, 2023

By code or by command, cybercriminals are circumventing ethical and safety restrictions to use generative AI chatbots in the way that they want.

118

118

Collibra

SEPTEMBER 12, 2023

$12.9 million dollars. That’s what Gartner estimates an organization loses every year due to poor data quality. These financial losses can stem from poor decision making, customer churn, operational inefficiencies and more, all due to poor data quality. To help improve data quality across your organization, the 2023.08 release of Collibra Data Quality & Observability has new features and enhancements to ensure your organization is armed with the highest quality data possible.

Compliance 102

Compliance Cloud Security IT 102

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Dark Reading

SEPTEMBER 12, 2023

Attacks against critical infrastructure are becoming more commonplace and, if a recent PRC-sponsored attack is anything to go by, easier to pull off.

112

112

Security Affairs

SEPTEMBER 12, 2023

Hospitality and entertainment company MGM Resorts was hit by a cyber attack that shut down its systems at MGM Hotels and Casinos. Hospitality and entertainment company MGM Resorts was the victim of a cyber attack, the IT infrastructure across the United States was shut down. The incident was discovered on Sunday and affected hotel reservation systems in the United States and other IT systems that run the casino floors.

Cybersecurity 99

Cybersecurity Ransomware Access IT 99

Dark Reading

SEPTEMBER 12, 2023

Five critical bugs, zero-days exploited in the wild, Exchange Server, and more headline Microsoft's September 2023 Patch Tuesday release. Here's what to patch now.

105

105

IBM Big Data Hub

SEPTEMBER 12, 2023

The UK government’s Ecosystem of Trust is a potential future border model for frictionless trade, which the UK government committed to pilot testing from October 2022 to March 2023. The pilots made supply chain data directly accessible to the government, used new technologies to preserve goods’ physical integrity and considered how trusted relationships could enable certain controls to be performed by industry rather than the government.

Government 90

Government Data collection Analytics Risk 90

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Dark Reading

SEPTEMBER 12, 2023

Hospitality behemoth struggles to recover following a Sunday cyber incident that looks a lot like a ransomware attack.

Ransomware 125

Ransomware 125

The Guardian Data Protection

SEPTEMBER 12, 2023

Doctors and pharmacists concerned that Wesfarmers’ acquisition of InstantScripts could end the notion that ‘health data is sacrosanct’ Follow our Australia news live blog for latest updates Get our morning and afternoon news emails , free app or daily news podcast The integration of a controversial online doctor service alongside Bunnings, Kmart and hundreds of pharmacies in the Wesfarmers portfolio has raised concerns among medical practitioners about potential risks to patient data security.

Risk 75

Risk Security 75

Dark Reading

SEPTEMBER 12, 2023

State-sponsored attacks are alarming and difficult to prevent, but they suffer from a fundamental weakness that can be leveraged by defenders.

109

109