Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults.

Passwords 341

Passwords Encryption Blockchain Data breaches 341

Data Breach Today

SEPTEMBER 1, 2023

Bill 'Poses a serious threat' to end-to-end encryption, Apple Says U.S. tech companies are stepping up warnings to British lawmakers over a government proposal they say will fatally weaken security and privacy protections for users. The House of Lords is set to return the bill to the House of Commons after a third reading scheduled to begin Wednesday.

Encryption 350

Encryption Privacy Government Security 350

Security Affairs

SEPTEMBER 27, 2023

DarkBeam left an Elasticsearch and Kibana interface unprotected, exposing records from previously reported and non-reported data breaches. The leaked logins present cybercriminals with almost limitless attack capabilities. DarkBeam, a digital risk protection firm, left an Elasticsearch and Kibana interface unprotected, exposing records with user emails and passwords from previously reported and non-reported data breaches.

Passwords 143

Passwords Data breaches Phishing Risk 143

Dark Reading

SEPTEMBER 15, 2023

ALPHV/BlackCat ransomware operators have used their leak site to "set the record straight" about the MGM Resorts cyberattack. Meanwhile, more attacks abusing Okta could be likely.

Ransomware 140

Ransomware 140

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

Jamf

SEPTEMBER 20, 2023

Fletcher Previn, SVP and CIO at Cisco, returned to JNUC to enlighten us about Cisco’s employee choice program. Previn presents data gathered from Cisco’s workforce of 130,000 people over the 12 months of the program, diving into the impact the program had on their employees’ happiness and performance, IT department and security strength of the business.

Security 138

Security IT 138

IBM Big Data Hub

SEPTEMBER 5, 2023

This is part four in a five-part series on mainframe modernization. The secret to mainstreaming the mainframe into today’s modern, cloud-centric IT environments is to make the experience of working with the mainframe like the experience of working off the mainframe—especially the developer experience (DX). Historically, working on the mainframe was an entirely different experience from the distributed world.

Cloud 126

Cloud Digital transformation Financial Services Manufacturing 126

Data Breach Today

SEPTEMBER 13, 2023

Alphv/BlackCat Group Reportedly Hit Casino Operator via Social Engineering Attack Booking and reservation systems, as well as slot machines, hotel room door locks, ATMs and more remain offline at multiple MGM Resorts properties as the publicly traded casino hotel giant battles "a cybersecurity issue" that one group of security researchers has tied to a ransomware group attack.

Ransomware 327

Ransomware Cybersecurity Security 327

Security Affairs

SEPTEMBER 8, 2023

A zero-day vulnerability (CVE-2023-20269) in Cisco ASA and FTD is actively exploited in ransomware attacks, the company warns. Cisco warns that a zero-day vulnerability (CVE-2023-20269) in Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) is actively exploited by ransomware groups to gain initial access to corporate networks.

Ransomware 139

Ransomware Authentication Access Education 139

Dark Reading

SEPTEMBER 22, 2023

Tens of millions in losses later, the MGM and Caesars systems are back online following dual cyberattacks by the same threat actor — here's what experts say about their incident responses.

130

130

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Schneier on Security

SEPTEMBER 26, 2023

Totally expected, but still good to hear : Onstage at TechCrunch Disrupt 2023, Meredith Whittaker, the president of the Signal Foundation, which maintains the nonprofit Signal messaging app, reaffirmed that Signal would leave the U.K. if the country’s recently passed Online Safety Bill forced Signal to build “backdoors” into its end-to-end encryption. “We would leave the U.K. or any jurisdiction if it came down to the choice between backdooring our encryption and betrayin

Encryption 121

Encryption Privacy IT 121

WIRED Threat Level

SEPTEMBER 27, 2023

SoundThinking is purchasing parts of Geolitica, the company that created PredPol. Experts say the acquisition marks a new era of companies dictating how police operate.

Security 127

Security 127

IBM Big Data Hub

SEPTEMBER 8, 2023

Brands that deliver an excellent customer experience (CX) will always be more resilient than those that don’t. Giving our customers personalized support at every stage of their journey is proven to earn their longtime loyalty—and keep them from switching to a competitor. The challenge, however, is that many teams operate in siloes that inhibit them from applying their customer insights in meaningful ways.

Customer Experience 124

Customer Experience Artificial Intelligence Authentication Communications 124

Data Breach Today

SEPTEMBER 7, 2023

Repeat Shakedown Tactic: Victims Told to Pay Up or Else They'll Pay Massive Fines Ransomware groups do whatever they can to pressure a victim into paying. Enter the likes of Ransomed, following in the footsteps of Alphv/BlackСat, NoEscape and Good Day-powered Cloak, all of which threaten victims with a world of General Data Protection Regulation violation pain, unless they pay.

Ransomware 326

Ransomware GDPR 326

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Security Affairs

SEPTEMBER 6, 2023

Three critical remote code execution vulnerabilities in ASUS routers potentially allow attackers to hijack the network devices. ASUS routers RT-AX55, RT-AX56U_V2, and RT-AC86U are affected by three critical remote code execution vulnerabilities that can potentially allow threat actors to take over the devices. The three vulnerabilities were reported by the Taiwanese CERT, below are their descriptions: CVE-2023-39238 (CVSS 9.8): ASUS RT-AX55, RT-AX56U_V2 and RT-AC86U iperf-related modules set_ipe

Access 135

Access Security IT Information Security 135

Dark Reading

SEPTEMBER 18, 2023

CISOs can refine their soft skills to help get their cybersecurity best-practices message across. Steps include increasing staff incident-response training and staying current with the threat landscape.

Cybersecurity 127

Cybersecurity 127

OpenText Information Management

SEPTEMBER 7, 2023

For organizations where mainframe and COBOL are at the heart of operations, going beyond the bounds of mainframe architecture to efficiently scale and innovate at speed can seem daunting. Fortunately, there are valuable steps you can take to accelerate your digital transformation journey while staying agile in today’s fast-paced multi-cloud world. Recent OpenText research revealed … The post Customer Spotlight: Achieve Smarter Modernization Beyond Mainframe Architecture appeared first on

Digital transformation 120

Digital transformation Cloud Insurance Communications 120

Hunton Privacy

SEPTEMBER 8, 2023

On September 6, 2023, the European Commission designated six companies as gatekeepers under Article 3 of the Digital Markets Act (“DMA”). The new gatekeepers are Alphabet, Amazon, Apple, ByteDance, Meta and Microsoft. Jointly, these companies provide 22 core platform services, including social networks, internet browsers, operative systems and mobile app stores.

Marketing 119

Marketing Compliance Access 119

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

IBM Big Data Hub

SEPTEMBER 6, 2023

Generative AI is powering a new world of creative, customized communications, allowing marketing teams to deliver greater personalization at scale and meet today’s high customer expectations. The potential of this powerful new tool spans the entire end-to-end marketing process, from internal communications and productivity to customer-facing channels and product support.

Marketing 119

Marketing B2B Customer Experience Communications 119

Data Breach Today

SEPTEMBER 22, 2023

Cytrox's Predator Found on Device of Ahmed Eltantawy Apple released patches Thursday to close three actively exploited vulnerabilities that researchers say commercial spyware maker Cytrox used to infect the iPhone of Egyptian politician Ahmed Eltantawy with Predator malware. The Citizen Lab attributes the attacks to the Egyptian government.

Government 317

Government 317

Security Affairs

SEPTEMBER 21, 2023

Apple released emergency security updates to address three new actively exploited zero-day vulnerabilities. Apple released emergency security updates to address three new zero-day vulnerabilities (CVE-2023-41993, CVE-2023-41991, CVE-2023-41992) that have been exploited in attacks in the wild. The three flaws were discovered by Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group.

Security 134

Security IT Information Security 134

Dark Reading

SEPTEMBER 14, 2023

The ransomware group is a collection of young adults who also recently breached Caesars Entertainment and made a ransom score in the tens of millions.

Ransomware 136

Ransomware 136

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

Customer Experience

Schneier on Security

SEPTEMBER 11, 2023

The robot revolution began long ago, and so did the killing. One day in 1979, a robot at a Ford Motor Company casting plant malfunctioned—human workers determined that it was not going fast enough. And so twenty-five-year-old Robert Williams was asked to climb into a storage rack to help move things along. The one-ton robot continued to work silently, smashing into Williams’s head and instantly killing him.

Artificial Intelligence 118

Artificial Intelligence Risk Government IT 118

IT Governance

SEPTEMBER 7, 2023

This week, we discuss security issues at the Electoral Commission, Meta’s appeal against daily GDPR fines, and a breach affecting 10 million users of the French unemployment agency Pôle emploi. Also available on Spotify , Amazon Music , Apple Podcasts and SoundCloud. Transcript: Hello and welcome to the IT Governance podcast for Friday, 8 September 2023.

Government 115

Government IT Personal data GDPR 115

WIRED Threat Level

SEPTEMBER 25, 2023

Corporations are using software to monitor employees on a large scale. Some experts fear the data these tools collect could be used to automate people out of their jobs.

Artificial Intelligence 116

Artificial Intelligence Privacy Security 116

Data Breach Today

SEPTEMBER 25, 2023

2,050 Organizations Affected After Data Stolen From Secure File-Sharing Software The count of organizations affected by the Clop ransomware group's most recent mass targeting of Progress Software's secure file transfer software doubled last week. National Student Clearinghouse warned that data tied to nearly 900 colleges and universities had been stolen from its MOVEit server.

Data breaches 312

Data breaches Ransomware Security IT 312

Advertisement

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

Analytics

Security Affairs

SEPTEMBER 2, 2023

Identity services provider Okta warned customers of social engineering attacks carried out by threat actors to obtain elevated administrator permissions. Okta is warning customers of social engineering attacks carried out in recent weeks by threat actors to obtain elevated administrator permissions. The attacks targeted IT service desk staff to trick them into resetting all multi-factor authentication (MFA) factors enrolled by highly privileged users.

Authentication 135

Authentication Phishing Access Passwords 135

Dark Reading

SEPTEMBER 1, 2023

The sophisticated attacks, tracked as DB#JAMMER, run shell commands to impair defenses and deploy tools to establish persistence on the host.

Ransomware 140

Ransomware 140

Schneier on Security

SEPTEMBER 6, 2023

The cryptocurrency fintech startup Prime Trust lost the encryption key to its hardware wallet—and the recovery key—and therefore $38.9 million. It is now in bankruptcy. I can’t understand why anyone thinks these technologies are a good idea.

Encryption 116

Encryption IT 116