Thales Cloud Protection & Licensing

JANUARY 21, 2024

Data Privacy: Why It Matters To The Rest Of Us madhav Mon, 01/22/2024 - 04:47 It seems that there are no limits to the number of data breaches. Company size is not a determinant of victimization, nor is industry or sector. All are equally viable targets. Some of the events are newsworthy, while others stay below the public’s awareness or attention. Most companies must grapple with difficult questions of how to recover from a breach; however, when the typical person hears about a data breach, the

Data Privacy 144

Data Privacy Privacy IT Artificial Intelligence 144

Data Breach Today

JANUARY 26, 2024

Postmortem: Multiple Customers Also Targeted by Russian Nation-State Attackers A nation-state hacking group run by Russian intelligence gained access to a Microsoft "legacy, non-production test tenant account" and used it to authorize malicious Office 365 OAuth applications, access Outlook, and steal Microsoft and customers' emails and attachments, Microsoft said.

Access 337

Access IT 337

Krebs on Security

JANUARY 30, 2024

On Jan. 9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. technology companies during the summer of 2022.

Passwords 305

Passwords Phishing Access Encryption 305

WIRED Threat Level

JANUARY 26, 2024

A California teenager who allegedly used the handle Torswats to carry out a nationwide swatting campaign is being extradited to Florida to face felony charges, WIRED has learned.

Security 144

Security 144

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

Jamf

JANUARY 18, 2024

In this blog, Jamf Threat Labs researchers analyze malware they discovered in pirated macOS applications. These apps, appearing similar to ZuRu malware, download and execute multiple payloads to compromise machines in the background.

143

143

Security Affairs

JANUARY 1, 2024

CloudSEK researchers analyzed a zero-day exploit that can allow the generation of persistent Google cookies through token manipulation. In October 2023, a developer known as PRISMA first uncovered an exploit that allows the generation of persistent Google cookies through token manipulation. An attacker can use the exploit to access Google services, even after a user’s password reset.

Passwords 139

Passwords Encryption Access IT 139

Data Breach Today

JANUARY 20, 2024

Computing Giant Says Hackers Did Not Access Customer Data or Production Systems Russian state hackers obtained access to the inboxes of senior Microsoft executives for at least six weeks, the computing giant disclosed late Friday afternoon. "There is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems.

Access 342

Access 342

Schneier on Security

JANUARY 4, 2024

Kaspersky researchers are detailing “an attack that over four years backdoored dozens if not thousands of iPhones, many of which belonged to employees of Moscow-based security firm Kaspersky.” It’s a zero-click exploit that makes use of four iPhone zero-days. The most intriguing new detail is the targeting of the heretofore-unknown hardware feature, which proved to be pivotal to the Operation Triangulation campaign.

Libraries 131

Libraries Authentication IT Access 131

WIRED Threat Level

JANUARY 22, 2024

Leaked records reveal what appears to be the first known instance of a police department attempting to use facial recognition on a face generated from crime-scene DNA. It likely won’t be the last.

IT 144

IT Security 144

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

KnowBe4

JANUARY 22, 2024

BleepingComputer describes a phishing scam that’s been running rampant on Facebook for the past several months, in which threat actors use hacked accounts to post links to phony articles implying that someone has been killed in an accident.

Phishing 124

Phishing Security 124

Hunton Privacy

JANUARY 5, 2024

On December 21, 2023, the Court of Justice of the European Union (“CJEU”) issued its judgment in the case of Krankenversicherung Nordrhein (C-667/21) in which it clarified, among other things, the rules for processing special categories of personal data (hereafter “sensitive personal data”) under Article 9 of the EU General Data Protection Regulation (“GDPR”) and the nature of the compensation owed for damages under Article 82 of the GDPR.

GDPR 125

GDPR Personal data Insurance Access 125

Security Affairs

JANUARY 27, 2024

The Main Intelligence Directorate of Ukraine’s Ministry of Defense states that pro-Ukraine hackers wiped 2 petabytes of data from a Russian research center. The Main Directorate of Intelligence of the Ministry of Defense of Ukraine revealed that pro-Ukraine hackers group “BO Team” wiped the database of the Far Eastern Scientific Research Center of Space Hydrometeorology “Planet.” The Russian center processes data received from satellites and also provides relevant p

IT 136

IT Information Security Security 136

Data Breach Today

JANUARY 5, 2024

A Settlement Has Been Reached. So, How Might This Affect Similar Cases? A proposed settlement has been reached between Merck & Co. and several insurers that were appealing a 2023 court decision saying the insurance companies could not invoke "hostile warlike action" exclusions in refusing to pay drugmakers' claims filed after the 2017 NotPetya cyberattack.

Insurance 344

Insurance 344

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Hanzo Learning Center

JANUARY 23, 2024

In the rapidly evolving world of Artificial Intelligence (AI), it's crucial for enterprises to adopt technologies that integrate seamlessly into mission-critical workflows. Understanding the practicalities of this integration, especially in the legal domain, is key. To delve deeper into this topic, I had the opportunity to speak with Dave Ruel, VP of Product at Hanzo.

Artificial Intelligence 120

Artificial Intelligence IT 120

WIRED Threat Level

JANUARY 17, 2024

Once, drug dealers and money launderers saw cryptocurrency as perfectly untraceable. Then a grad student named Sarah Meiklejohn proved them all wrong—and set the stage for a decade-long crackdown.

Privacy 140

Privacy Security 140

IT Governance

JANUARY 5, 2024

How networks have evolved and how to secure them Adam Seamons is the information security manager of GRC International Group PLC, after more than 15 years’ experience working as a systems engineer and in technical support. Adam also holds CISSP (Certified Information Systems Security Professional) and SSCP (Systems Security Certified Practitioner) certifications.

Cloud 118

Cloud Risk Access Security 118

Hunton Privacy

JANUARY 9, 2024

On January 8, 2024, the French Data Protection Authority (the “CNIL”) opened a consultation on its draft guidance for the use of transfer impact assessments (“Guidance”). In describing the Guidance, the CNIL references the decision of the Court of Justice of the European Union in Schrems II and states that exporters relying on tools listed in Article 46(2) and Article 46(3) of the EU General Data Protection Regulation (“GDPR”) for personal data transfers are required to assess the level of prote

GDPR 125

GDPR Personal data Risk IT 125

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Security Affairs

JANUARY 2, 2024

Hudson Researchers reported that a mysterious hacker launched a series of attacks against industry-leading companies in Iran. Hudson Researchers reported that on December 20th, a hacker using the moniker ‘irleaks’ announced the availability for sale of over 160,000,000 records allegedly stolen from 23 leading insurance companies in Iran.

Insurance 138

Insurance Sales Passwords Access 138

Data Breach Today

JANUARY 18, 2024

LeftoverLocals Affects Apple, AMD and Qualcomm Devices Researchers uncovered a critical vulnerability in graphic processing units of popular devices that could allow attackers to access data from large language models. They dubbed the vulnerability LeftoverLocals and said it affects the GPU frameworks of Apple, AMD and Qualcomm devices.

Access 317

Access IT 317

KnowBe4

JANUARY 10, 2024

Artificial intelligence (AI) in the cybersecurity realm is a nuanced topic. On the one hand, it has the potential to enhance our abilities to detect and prevent cyber threats significantly.

Artificial Intelligence 118

Artificial Intelligence Cybersecurity Security IT 118

IBM Big Data Hub

JANUARY 22, 2024

It’s the news no organization wants to hear―you’ve been the victim of a ransomware attack, and now you’re wondering what to do next. The first thing to keep in mind is you’re not alone. Over 17 percent of all cyberattacks involve ransomware —a type of malware that keeps a victim’s data or device locked unless the victim pays the hacker a ransom.

Ransomware 116

Ransomware Encryption Analytics Data breaches 116

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

Customer Experience

CGI

JANUARY 24, 2024

Every January 28, organizations around the world celebrate Data Privacy Day (also known as Data Protection Day). Data Privacy Day commemorates the first international treaty governing data privacy, signed on January 28, 1981. Back then, legal requirements encouraging businesses to respect privacy were limited. Over the next decades, we experienced across the globe many regulatory developments and advances in how organizations safeguard data to better protect individuals.

Data Privacy 115

Data Privacy Privacy Government 115

Hunton Privacy

JANUARY 23, 2024

On January 23, 2024, the UK government announced that it published a draft Code of Practice on cybersecurity governance (the “Code”). The guidelines in the Code are intended to “help directors and senior leaders shore up their defences from cyber threats.” The Code has been designed in partnership with industry directors, cyber and governance experts, and the UK National Cyber Security Centre (NCSC), with a key focus to ensure that organizations have detailed plans in place to respond to and rec

Government 118

Government Cybersecurity Risk Security 118

Security Affairs

JANUARY 21, 2024

The LockBit ransomware gang claimed to have hacked Subway, the American multinational fast food restaurant franchise. Subway IP LLC is an American multinational fast-food restaurant franchise that specializes in submarine sandwiches (subs), wraps, salads, and drinks. The Lockbit ransomware group added Subway to the list of victims on its Tor data leak site and threatened to leak the stolen data on February 02, 2024 at 21:44:16 UTC.

Ransomware 135

Ransomware IT Data breaches Information Security 135

Data Breach Today

JANUARY 15, 2024

Alliance Had Sued LockBit Gang to Force Cloud Firm to Release Affected Patient Data A cloud services firm has turned over to a New York hospital alliance the patient data stolen in a ransomware attack by LockBit. The hospital group had filed a lawsuit against LockBit as a legal maneuver to force the storage firm to return data the cybercriminals had stashed on the vendor's servers.

Cloud 317

Cloud Ransomware 317

Advertisement

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

Analytics

Schneier on Security

JANUARY 17, 2024

Interesting research: “ Do Users Write More Insecure Code with AI Assistants? “: Abstract: We conduct the first large-scale user study examining how users interact with an AI Code assistant to solve a variety of security related tasks across different programming languages. Overall, we find that participants who had access to an AI assistant based on OpenAI’s codex-davinci-002 model wrote significantly less secure code than those without access.

Security 115

Security Access Artificial Intelligence Paper 115

Hanzo Learning Center

JANUARY 9, 2024

As we step into 2024, the legal industry continues to be reshaped by technological advancements. This year promises to bring new developments that could revolutionize how legal professionals work and interact with clients.

114

114

KnowBe4

JANUARY 19, 2024

A new job posting scam found by IT security company Qualysys is focused on capturing victim’s identity details, accessing victim’s Facebook accounts, and committing fraud. In this new scam, legitimate Facebook advertising is used to post fake work-from-home job ads from several companies. As with most of these scams, victims are directed to a third-party messaging app and are asked to sign a realistic-looking employment contract.

Access 113

Access Security IT Phishing 113