Krebs on Security

AUGUST 17, 2023

You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The international police organization INTERPOL said last week it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017 that made it simple for even complete novices to conduct complex and convincing phishing scams.

Phishing 185

Phishing Passwords Insurance Sales 185

Data Breach Today

AUGUST 17, 2023

Nation-States Running Information Operations Embrace AI-Generated Images and Video Hackers wielding generative artificial intelligence tools have yet to pose a serious cybersecurity risk, say researchers at Google's threat intelligence group Mandiant, as they sound the alarm instead about a rise in information operations featuring AI-generated fake images and video.

Artificial Intelligence 245

Artificial Intelligence Cybersecurity Risk 245

The Last Watchdog

AUGUST 13, 2023

LAS VEGAS – Just when we appeared to be on the verge of materially shrinking the attack surface, along comes an unpredictable, potentially explosive wild card: generative AI. Related: Can ‘CNAPP’ do it all? Unsurprisingly, generative AI was in the spotlight at Black Hat USA 2023 , which returned to its full pre-Covid grandeur here last week.

Security 233

Security Cloud Artificial Intelligence Cybersecurity 233

Weissman's World

AUGUST 14, 2023

Q: “Aioli? What’s aioli?” A: “It’s just mayonnaise.” Q: “What’s information governance?” A: That’s the topic of today’s edition of Speaking Of! Join me and Elizabeth Weeks of the Alberta School Employee Benefit Plan as we discuss the need to know our audiences and communicate in their terms. Just as restaurateurs do when telling uninitiated… Read More » IG Needs a Makeover (or, It’s Just Mayonnaise) The post IG Needs a Makeover (or, It’s Just Mayonnaise) appeared first on

Information governance 156

Information governance Communications Government IT 156

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

Krebs on Security

AUGUST 14, 2023

John Clifton Davies , a convicted fraudster estimated to have bilked dozens of technology startups out of more than $30 million through phony investment schemes, has a brand new pair of scam companies that are busy dashing startup dreams: A fake investment firm called Equity-Invest[.]ch , and Diligere[.]co.uk , a scam due diligence company that Equity-Invest insists all investment partners use.

Cloud 160

Cloud IT 160

AIIM

AUGUST 15, 2023

"With great power comes great responsibility" is an adage that Stan Lee’s Spider-Man popularized in popular comics, films, and other media. In Information Management today, there is great power in systems that leverage Artificial Intelligence for quickly making decisions and processing massive volumes of information. As information managers, we have a responsibility to understand that these systems have a potential for bias and how to identify and mitigate risks associated with producing reliabl

Artificial Intelligence 104

Artificial Intelligence Risk 104

Jamf

AUGUST 18, 2023

Is your Small or Medium-sized Business (SMB) protected against cyber threats? Safeguard your organization's sensitive data and assets with Jamf Now. Read now and enhance your SMB's cybersecurity posture.

Security 98

Security Cybersecurity 98

Security Affairs

AUGUST 18, 2023

A flaw impacting the file archiver utility for Windows WinRAR can allow the execution of commands on a computer by opening an archive. WinRAR is a popular file compression and archival utility for Windows operating systems. The utility is affected by a now-fixed high-severity vulnerability, tracked as CVE-2023-40477 (CVSS score 7.8), that can allow remote execution of arbitrary code on a computer by opening a crafted RAR archive.

Archiving 98

Archiving Access Security Information Security 98

Data Breach Today

AUGUST 18, 2023

In this episode of CyberEd.io's podcast series "Cybersecurity Insights," Oliver Tavakoli, CTO at Vectra AI, discusses ways that discriminative AI technology can filter out all of the noise from the massive volume of alerts from a portfolio of cybersecurity tools.

Cybersecurity 246

Cybersecurity 246

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

OpenText Information Management

AUGUST 16, 2023

In our discussions with customers and countless surveys, cybersecurity and sensitive data protection are always top-ranking issues. IT now has available some of the most advanced cybersecurity innovations in its arsenal than ever before, with excellent authentication and real-time threat detection. While these tools are critical to secure IT infrastructure, many organizations still struggle with … The post 5 steps to strengthen critical information protection appeared first on OpenText Blo

Cybersecurity 98

Cybersecurity Authentication Security IT 98

Jamf

AUGUST 17, 2023

Jamf Threat Labs developed a post-exploit persistence technique on iOS 16 that falsely shows a functional Airplane Mode. In reality, after successful device exploit the attacker plants an artifical Airplane Mode that edits the UI to display Airplane Mode icons and cuts internet connection to all apps except the attacker application. This enables the attacker to maintain access to the device even when the user believes it is offline.

Access 98

Access IT 98

Security Affairs

AUGUST 17, 2023

Researchers discovered a massive campaign that delivered a proxy server application to at least 400,000 Windows systems. AT&T Alien Labs researchers uncovered a massive campaign that delivered a proxy server application to at least 400,000 Windows systems. The experts identified a company that is charging for proxy service on traffic that goes through infected machines.

IT 98

IT Security Information Security 98

Data Breach Today

AUGUST 18, 2023

Also: Highlights from BlackHat 2023; Latest Cybersecurity M&A Activity In the latest weekly update, ISMG editors discuss important cybersecurity and privacy issues including highlights of interviews at Black Hat 2023, lessons learned from the success of the Lapsus$ cybercrime group's attacks and why Check Point is buying startup Perimeter 81 for $490 million.

Cybersecurity 246

Cybersecurity Privacy 246

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Information Governance Perspectives

AUGUST 16, 2023

The following excerpt is from an inspiring new memoir, The Bastard of Beverly Hills, from JIA Publishing Group, available on Amazon , Barnes & Noble and wherever fine books are sold. Mr. Hale was menacing—a carbon copy of boxer Muhammad Ali, with beefy forearms, scarred knuckles, and a perfectly cut Afro. Even his chubby cheeks looked mean. He sat the entire lecture, staring at us like plebs.

IT 98

IT Education 98

CILIP

AUGUST 15, 2023

New approaches to leadership and combatting imposter syndrome at CILIP conference 2023 Leadership was the main theme of CILIP Conference 2023, and for an academic librarian and recently-joined CILIP member, the programme of keynotes and seminars that covered topics from imposter syndrome to rethinking leadership was welcoming and insightful. At conferences, it can often feel like there is an over-abundance of new information and people, that can lead to feelings of low-confidence and helplessnes

Libraries 97

Libraries IT 97

Security Affairs

AUGUST 15, 2023

Researchers found several flaws in the ScrutisWeb ATM fleet monitoring software that can expose ATMs to hack. Researchers from the Synack Red Team found multi flaws ( CVE-2023-33871, CVE-2023-38257, CVE-2023-35763 and CVE-2023-35189 ) in the ScrutisWeb ATM fleet monitoring software that can be exploited to remotely hack ATMs. ScrutisWeb software is developed by Lagona, it allows to remotely manage ATMs fleets.

Encryption 98

Encryption Access Cybersecurity Security 98

Data Breach Today

AUGUST 16, 2023

Constabularies of Norfolk and Suffolk Alert Follows FOIA Breach in Northern Ireland England's Norfolk and Suffolk constabularies report that they accidentally exposed information on victims and witnesses in response to freedom of information requests just one week after police in Northern Ireland accidentally exposed information on all police officers and staff via an FOI request.

FOIA 246

FOIA Data breaches 246

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Collibra

AUGUST 17, 2023

Created in 2019, the concept of the data mesh is one of the most-discussed topics in data management. As more and more zettabytes of data are created every year, organizations everywhere are seeking better ways to accelerate turning data into better decisions, better products, and ultimately better organizations. Over the last year, together with Accenture, we’ve created a number of helpful data mesh assets, and we wanted to pull them together to help you quickly get to what you need.

Government 96

Government Analytics IT 96

KnowBe4

AUGUST 15, 2023

Get the resources you need to help keep your users safe from malicious social engineering attacks during this year's Cybersecurity Awareness Month with our free resource kit.

Cybersecurity 97

Cybersecurity 97

Security Affairs

AUGUST 18, 2023

Experts warn of an ongoing campaign attributed to China-linked Bronze Starlight that is targeting the Southeast Asian gambling sector. SentinelOne observed China-linked APT group Bronze Starlight (aka APT10 , Emperor Dragonfly or Storm-0401) targeting the gambling sector within Southeast Asia. The malware and infrastructure employed in the campaign are linked to the ones observed in Operation ChattyGoblin attributed by the security firm ESET to China-linked threat actors.

Archiving 98

Archiving File names Encryption Passwords 98

Data Breach Today

AUGUST 15, 2023

Rapattoni-Hosted Multiple Listing Services Can't Add or Update Property Information Property listings nationwide are being disrupted due to an apparent ransomware attack against California-based Rapattoni, which hosts Multiple Listing Services used by real estate brokers to list, market and sell properties. Rapattoni said it's not clear when its systems might be back online.

Ransomware 246

Ransomware Marketing IT 246

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Schneier on Security

AUGUST 15, 2023

This is why we need regulation: Zoom updated its Terms of Service in March, spelling out that the company reserves the right to train AI on user data with no mention of a way to opt out. On Monday, the company said in a blog post that there’s no need to worry about that. Zoom execs swear the company won’t actually train its AI on your video calls without permission, even though the Terms of Service still say it can.

IT 94

IT Artificial Intelligence Privacy 94

KnowBe4

AUGUST 14, 2023

We previously reported independently on PDF-based phishing attacks skyrocketing and the rise of SEO attacks. A recent research study found that the combination of both is quite common. Most worryingly, PDF-based SEO attacks are poorly detected by common defense mechanisms such as blocklists, ad blockers or even crowdsourced antivirus services VirusTotal.

Phishing 93

Phishing 93

Security Affairs

AUGUST 15, 2023

Monti Ransomware operators returned, after a two-month pause, with a new Linux variant of their encryptor. The Monti ransomware operators returned, after a two-month break, with a new Linux version of the encryptor. The variant was employed in attacks aimed at organizations in government and legal sectors. The Monti group has been active since June 2022, shortly after the Conti ransomware gang shut down its operations.

Ransomware 98

Ransomware Encryption IT Government 98

Data Breach Today

AUGUST 17, 2023

WormGPT, DarkGPT and Their Ilk Underdelivered - or Were Scams, Researchers Report Various "dark" generative artificial intelligence tools purportedly help criminals more quickly amass victims. Guess what? They've all gone bust, if they weren't simply outright scams - in part because legitimate tools can be "jailbroken" to achieve similar results. What are they really achieving?

Artificial Intelligence 246

Artificial Intelligence 246

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Dark Reading

AUGUST 17, 2023

Users report losing access to their accounts, with some being pressured into paying a ransom to get back in or else face permanent account deletion.

Access 98

Access 98

KnowBe4

AUGUST 14, 2023

For the fourth consecutive year, we received a Tech Cares Award from TrustRadius! This fourth annual award celebrates companies that have gone above and beyond to provide strong Corporate Social Responsibility (CSR).

Security awareness 93

Security awareness Security 93

Security Affairs

AUGUST 15, 2023

QwixxRAT is a new Windows remote access trojan (RAT) that is offered for sale through Telegram and Discord platforms. The Uptycs Threat Research team discovered the QwixxRAT (aka Telegram RAT) in early August 2023 while it was advertised through Telegram and Discord platforms. The RAT is able to collect sensitive data and exfiltrate them by sending the info to the attacker’s Telegram bot.

Sales 98

Sales Access Cybersecurity IT 98