Data Breach Today
DECEMBER 7, 2023
The Risk of Insider Threats Is Growing, But So Are Methods to Detect Them Whether because they're malicious, oblivious to company rules or outsmarted by hackers, insiders pose a mounting degree of risk to companies. Hunting for outside hackers offers lessons in preventing insider incidents, said Thomas Etheridge, CrowdStrike chief global professional services officer.
Krebs on Security
DECEMBER 6, 2023
More than five years after domain name registrars started redacting personal data from all public domain registration records, the non-profit organization overseeing the domain industry has introduced a centralized online service designed to make it easier for researchers, law enforcement and others to request the information directly from registrars.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
AIIM
DECEMBER 5, 2023
AIIM debuted a new version of the Certified Information Professional (CIP) credential. As of November 27, 2023, AIIM is offering a new version of the exam, which reflects the skills needed for today’s information professionals.
Security Affairs
DECEMBER 8, 2023
Researchers devised a novel attack vector for process injection, dubbed Pool Party, that evades EDR solutions. Researchers from cybersecurity firm SafeBreach devised a set of process injection techniques, dubbed Pool Party, that allows bypassing EDR solutions. They presented the technique at Black Hat Europe 2023. The experts relied on the less-explored Windows thread pools to discover a novel attack vector for process injection.
Advertisement
Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.
Data Breach Today
DECEMBER 7, 2023
Convicted Former Uber CSO Shares Lessons Learned From Government's Case Against Him Cybersecurity professionals must choose their own destiny, former CSO Joe Sullivan said at this week's Black Hat Europe in London. CISOs will either remain down in the weeds, technically speaking, or learn to become true senior executives and be treated as such by the board.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
WIRED Threat Level
DECEMBER 4, 2023
A WIRED investigation into internet censorship in US schools found widespread use of filters to censor health, identity, and other crucial information. Students say it makes the web entirely unusable.
Security Affairs
DECEMBER 3, 2023
Threat actors are using the Agent Raccoon malware in attacks against organizations in the Middle East, Africa and the U.S. Unit42 researchers uncovered a new backdoor named Agent Raccoon, which is being used in attacks against organizations in the Middle East, Africa, and the U.S. The malware was used in attacks against multiple industries, including education, real estate, retail, non-profit organizations, telecom companies, and governments.
Data Breach Today
DECEMBER 5, 2023
Andariel Group Rented Server to Steal 1.2TB of Data, Extort $357,000 in Ransoms Seoul police have accused the North Korean hacker group Andariel of stealing sensitive defense secrets from South Korean defense companies and laundering ransomware proceeds back to North Korea. The hackers stole 1.2TB of data, including information on advanced anti-aircraft weapons.
IBM Big Data Hub
DECEMBER 8, 2023
Last year, almost 200 million people shopped on Black Friday. Online alone, they spent more than $9 billion. This holiday season, shoppers are ready to shop again and they’re prepared to spend even more. Are your IT systems ready to handle any spikes and keep everyone jolly? Or are you worried that incidents—finicky apps, slow page loads or even downtime— might ruin the holiday spirit along with your bottom line?
Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage
Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.
WIRED Threat Level
DECEMBER 7, 2023
Mark Zuckerberg personally promised that the privacy feature would launch by default on Messenger and Instagram chat. WIRED goes behind the scenes of the company’s colossal effort to get it right.
Security Affairs
DECEMBER 2, 2023
WeMystic, a website on astrology, numerology, tarot, and spiritual orientation, left an open database exposing 34GB of sensitive data about the platforms’ users. Telling the future is a tricky business, and failure to foretell your own mishaps doesn’t help. The content platform WeMystic is a good example of this, with the Cybernews research team discovering that it exposed its users’ sensitive data.
Data Breach Today
DECEMBER 8, 2023
European Union Will Enact Comprehensive Regulations on AI EU officials announced a compromise over a regulation on artificial intelligence in the works since 2021, making the trading bloc first in the world to comprehensively regulate the nascent technology. Europe understands "the importance of its role as global standard setter,” said Thierry Breton.
KnowBe4
DECEMBER 6, 2023
A phishing campaign is impersonating Disney+ with phony invoices, according to researchers at Abnormal Security. The phishing emails targeted individuals at 22 organizations in September.
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
WIRED Threat Level
DECEMBER 5, 2023
23andMe has provided more information about the scope and scale of its recent breach, but with these details come more unanswered questions.
Security Affairs
DECEMBER 5, 2023
Google fixed a critical zero-click RCE vulnerability (CVE-2023-40088) with the release of the December 2023 Android security updates. Google December 2023 Android security updates addressed 85 vulnerabilities, including a critical zero-click remote code execution (RCE) flaw tracked as CVE-2023-40088. The vulnerability resides in Android’s System component, it doesn’t require additional privileges to be triggered.
Data Breach Today
DECEMBER 7, 2023
Also: Judge Accepts Changpeng Zhao Guilty Plea; November's 'Damaging' Hack Numbers This week, a Bitzlato co-founder pleaded guilty to money laundering charges, a federal judge accepted ex-Binance chief's guilty plea, thieves stole $363M in crypto this November, KyberSwap looks to compensate hack victims, Platypus hackers walked free, and Velodrome and Aerodrome were hacked again.
Schneier on Security
DECEMBER 7, 2023
When you get a push notification on your Apple or Google phone, those notifications go through Apple and Google servers. Which means that those companies can spy on them—either for their own reasons or in response to government demands. Sen. Wyden is trying to get to the bottom of this : In a statement, Apple said that Wyden’s letter gave them the opening they needed to share more details with the public about how governments monitored push notifications. “In this case, the fed
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
Hanzo Learning Center
DECEMBER 6, 2023
The use of generative AI in eDiscovery is opening new avenues for efficiency and precision. But, as is often the case with powerful tools, the devil is in the details. A significant part of those details? Prompt engineering. Let's take a look.
Security Affairs
DECEMBER 7, 2023
Japanese carmaker Nissan announced it has suffered a cyberattack impacting the internal systems at Nissan Oceania. Nissan Oceania, the regional division of the multinational carmaker, announced it had suffered a cyber attack and launched an investigation into the incident. Nissan already notified the Australian Cyber Security Centre and the New Zealand National Cyber Security Centre.
Data Breach Today
DECEMBER 8, 2023
Also: Top Threat Actors Are Targeting Hospitals; Remembering Steve Katz In the latest weekly update, editors at ISMG discuss the rampant rise in healthcare sector attacks and breaches in 2023, the most common vulnerabilities and targets, and remember the life of the Steve Katz, the world's first CISO who inspired generations of security leaders.
Schneier on Security
DECEMBER 5, 2023
Spying and surveillance are different but related things. If I hired a private detective to spy on you, that detective could hide a bug in your home or car, tap your phone, and listen to what you said. At the end, I would get a report of all the conversations you had and the contents of those conversations. If I hired that same private detective to put you under surveillance, I would get a different report: where you went, whom you talked to, what you purchased, what you did.
Advertisement
Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.
IT Governance
DECEMBER 5, 2023
IT Governance’s research has found the following for November 2023: 470 publicly disclosed security incidents. 519,111,354 records known to be breached. The number of incidents is particularly high this month, partly because we’ve improved our incident-finding processes, but also partly because we’ve seen several big supply chain attacks this month.
Security Affairs
DECEMBER 2, 2023
Researchers devised an attack technique that could have been used to trick ChatGPT into disclosing training data. A team of researchers from several universities and Google have demonstrated an attack technique against ChetGPT that allowed them to extract several megabytes of ChatGPT’s training data. The researchers were able to query the model at a cost of a couple of hundred dollars. “By matching against this dataset, we recover over ten thousand examples from ChatGPT’s training dataset
Data Breach Today
DECEMBER 8, 2023
Highlights From the Conference on Improving Public-Private Sector Collaboration In this special edition at Black Hat Europe 2023 in London, three ISMG editors cover the highlights of the conference, including a resounding call for better collaboration between government agencies and the private sector, regulatory trends, and the cautionary tale of ex-Uber CISO Joe Sullivan.
WIRED Threat Level
DECEMBER 6, 2023
Binance’s settlement requires it to offer years of transaction data to US regulators and cops, exposing the company—and its customers—to a “24/7, 365-days-a-year financial colonoscopy.
Advertisement
“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.
KnowBe4
DECEMBER 6, 2023
In the ever-evolving landscape of cybersecurity, the battle against ransomware has taken a concerning turn. According to the latest findings from Secureworks annual State of the Threat Report , the deployment of ransomware is now occurring within just one day of initial access in more than half of all engagements.
Security Affairs
DECEMBER 5, 2023
ENISA published the ENISA Threat Landscape for DoS Attacks report to bring new insights to the DoS threat landscape. Denial-of-Service (DoS) attacks pose a persistent and significant security risk for organizations. Over the past few years, threat actors have increasingly had access to cost-effective and efficient means and services to carry out such kinds of attacks.
Data Breach Today
DECEMBER 8, 2023
Microsoft and OpenAI Have Intertwined Their Futures, Sparking UK CMA Concern The British antitrust authority is conducting a preliminary review of Microsoft's interest in OpenAI. The agency will examine whether the companies' partnership means Microsoft has material influence or whether it in effect controls more than half of OpenAI voting rights.
Expert insights. Personalized for you.
301 
Let's personalize your content