Krebs on Security

DECEMBER 19, 2023

The U.S. Federal Bureau of Investigation (FBI) disclosed today that it infiltrated the world’s second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang’s darknet website, and released a decryption tool that hundreds of victim companies can use to recover systems. Meanwhile, BlackCat responded by briefly “unseizing” its darknet site with a message promising 90 percent commissions for affiliates who con

Ransomware 240

Ransomware Encryption IT Access 240

Data Breach Today

DECEMBER 18, 2023

Cyber Group Dubbed Predatory Sparrow Takes Responsibility for Widespread Attack A group known as Predatory Sparrow claimed responsibility for a Monday cyberattack that shut down a majority of gas stations across Iran as officials blamed the attack on foreign powers. The group has previously taken credit for a number of attacks targeting Iran's fuel supply and rail system.

328

328

The Last Watchdog

DECEMBER 17, 2023

The Internet of Things ( IoT ) is on the threshold of ascending to become the Internet of Everything ( IoE.) Related: Why tech standards matter IoT is transitioning from an array of devices that we can control across the Internet into a realm where billions of IoE devices can communicate with each other and make unilateral decisions on our behalf. This, of course, is the plot of endless dystopian books and movies that end with rogue machines in charge.

IoT 255

IoT Cloud Authentication Manufacturing 255

AIIM

DECEMBER 21, 2023

As organizations have settled into the business of the business, one thing seems clear: the new workplace is much different than the one we were used to. Remote work and virtual teams are now a prevalent way of working, with on-site employees often the exception rather than the rule. Now that work-from-home has proven to be a viable alternative, C-Suite executives and business owners are less likely to invest in the resources, infrastructure, and space needed for all of their workers to return t

150

150

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

Security Affairs

DECEMBER 22, 2023

The Akira ransomware group announced it had breached the network of Nissan Australia, the Australian branch of the car maker giant. The Akira ransomware gang claimed to have breached Nissan Australia and to have stolen around 100GB of files from the carmaker giant. The company refused to pay the ransom and the ransomware gang threatened to leak the alleged stolen documents, including project data, clients’ and partners’ info, and NDAs. “We’ve obtained 100 GB of data of N

Ransomware 130

Ransomware Data breaches Financial Services Archiving 130

WIRED Threat Level

DECEMBER 18, 2023

On Telegram, scammers are impersonating doctors to sell fake Covid-19 vaccination certificates and other products, showing how criminals are taking advantage of conspiracy theories.

Security 124

Security 124

Hunton Privacy

DECEMBER 18, 2023

As we previously reported , the U.S. Securities and Exchange Commission’s (“SEC”) new Form 8-K rules for reporting material cybersecurity incidents take effect today, December 18, for filers other than smaller reporting companies. The new rules require reporting to the SEC within four business days from the determination of materiality. Incident response will potentially become more complicated as the incremental burdens of timely compliance with the new Form 8-K requirements add additional comp

Cybersecurity 121

Cybersecurity Risk Compliance Security 121

Security Affairs

DECEMBER 18, 2023

An alleged Lockbit 3.0 ransomware attack on the Italian cloud service provider Westpole disrupted multiple services of local and government organizations and municipalities. A cyber attack hit on December 8, 2023 the Italian cloud service provider Westpole, which is specialized in digital services for public administration. The incident impacted a Westpole’s customer company named PA Digitale which offers its services to various local and government organizations that rely on its platform

Ransomware 130

Ransomware Cloud Government Privacy 130

Data Breach Today

DECEMBER 19, 2023

Ransomware Group Declares Nothing Off Limits Outside of CIS Countries The BlackCat ransomware as service operation's putative "unseizing" of its leak site from the FBI is a stunt made possible by way the dark web handles address resolution, security researchers said Monday. The stung was a "tactical error" that could alienate affiliates.

Ransomware 312

Ransomware Security IT 312

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Hanzo Learning Center

DECEMBER 19, 2023

In 2023, the legal landscape has been significantly shaped by two key trends: the rapid evolution of Artificial Intelligence (AI) and the advancements in ediscovery. These developments have not only transformed legal processes but also presented new challenges and opportunities for legal professionals. As we delve into this first part of our series, we examine the top blogs that have been at the forefront of these trends.

Artificial Intelligence 119

Artificial Intelligence 119

IT Governance

DECEMBER 22, 2023

DORA’s supply chain security requirements IT Governance’s research for November 2023 found that 48% of the month’s incidents originated from the supply chain (i.e. were third-party attacks). For Europe , this number rises to 61%. Admittedly, it only takes a comparatively small number of supply chain attacks to skew the number of incidents. It’s in their nature for one attack to compromise potentially hundreds or even thousands of organisations.

Risk 114

Risk Information Security Compliance GDPR 114

Security Affairs

DECEMBER 17, 2023

A supply chain attack against Crypto hardware wallet maker Ledger resulted in the theft of $600,000 in virtual assets. Threat actors pushed a malicious version of the “ @ledgerhq/connect-kit ” npm module developed by crypto hardware wallet maker Ledger, leading to the theft of more than $600,000 in virtual assets. Once the attack was discovered, the Crypto hardware wallet maker Ledger published a new version (version 1.1.8) of its npm module.

Phishing 125

Phishing Libraries Authentication Access 125

Data Breach Today

DECEMBER 21, 2023

Also: Hackers Scrooge The North Face Holiday Shipments This week, MongoDB blamed a phishing email for causing unauthorized access to its corporate environment, hackers interrupted VF Corp. holiday shipping, Britain electrical grid operator National Grid dropped a Chinese supplier, German authorities shut down an online criminal bazaar, and more.

Phishing 310

Phishing Access IT 310

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

OpenText Information Management

DECEMBER 22, 2023

Remaining at the forefront of the ever-evolving innovation curve is imperative for ensuring the financial vitality of any organization. Despite this urgency, numerous treasury management departments rely on outdated data and manual processes, oblivious to the extensive ramifications of such practices. In a previous blog, I looked at the cost and resource savings companies can … The post Treasury Management: The true cost of manual processes and outdated data appeared first on OpenText Blog

111

111

KnowBe4

DECEMBER 20, 2023

This new attack is pretty simple to spot on the front, but should it be successful in launching its’ malicious code, it’s going to take its’ victims for everything of value they have on their computer.

IT 109

IT Phishing 109

Security Affairs

DECEMBER 17, 2023

MongoDB on Saturday announced it is investigating a cyberattack that exposed customer account metadata and contact information. MongoDB on Saturday disclosed it is investigating a cyber attack against certain corporate systems. MongoDB is a US company that developed the popular open-source NoSQL database management system. The cyber attack was discovered on December 13, 2023, and led to the exposure of customer account metadata and contact information.

Metadata 124

Metadata Data breaches Phishing Authentication 124

Data Breach Today

DECEMBER 22, 2023

Hackers Crippled Systems, Stole Patient Data From ESO Solutions Hackers carried out a double-extortion ransomware attack on medical software company ESO Solutions, exposing personal details and healthcare information of 2.7 million U.S. patients and encrypting some of the company's systems. Double-extortion attacks also exfiltrate data.

Encryption 296

Encryption Ransomware 296

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Schneier on Security

DECEMBER 22, 2023

Interesting attack on a LLM: In Writer, users can enter a ChatGPT-like session to edit or create their documents. In this chat session, the LLM can retrieve information from sources on the web to assist users in creation of their documents. We show that attackers can prepare websites that, when a user adds them as a source, manipulate the LLM into sending private information to the attacker or perform other malicious activities.

106

106

KnowBe4

DECEMBER 19, 2023

Researchers at Bitdefender warn that scammers are tricking victims with fake remote job opportunities. In this case, the scammers tell victims that they’ll get paid for liking YouTube videos.

Security 109

Security 109

Security Affairs

DECEMBER 20, 2023

Google has released emergency updates to address a new actively exploited zero-day vulnerability in the Chrome browser. Google has released emergency updates to address a new zero-day vulnerability, tracked as CVE-2023-7024, in its web browser Chrome. The flaw has been addressed with the release of version 120.0.6099.129 for Mac,Linux and 120.0.6099.129/130 for Windows which will roll out over the coming days/weeks.

Libraries 122

Libraries Access IT Information Security 122

Data Breach Today

DECEMBER 18, 2023

Financial Stability Oversight Council Expects AI Use to Increase U.S. regulators for the first time detailed the risks artificial intelligence poses to the financial system and classified the technology as an "emerging vulnerability." The Financial Stability Oversight Council in its annual report flagged AI's ability to introduce "certain risks.

Risk 298

Risk Artificial Intelligence IT 298

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

IBM Big Data Hub

DECEMBER 18, 2023

One of the largest sources of data is all around us—that is, geospatial data. This is information relating to the Earth’s surface, its climate, the people who live on it, its ecosystems and more. Geographic information systems (GIS ) visualize and make sense of this data, helping people and businesses better understand the patterns and relationships of our world.

Energy and Utilities 103

Energy and Utilities Artificial Intelligence IoT Agriculture 103

KnowBe4

DECEMBER 21, 2023

Cybercriminals of the lowest kind breached as many as 800,000 patients and then sent emails threatening to sell their data if they didn’t pay a fee to block it from selling.

IT 104

IT Phishing 104

Security Affairs

DECEMBER 17, 2023

The Mirai-based botnet InfectedSlurs was spotted targeting QNAP VioStor NVR (Network Video Recorder) devices. In November, Akamai warned of a new Mirai -based DDoS botnet, named InfectedSlurs , actively exploiting two zero-day vulnerabilities to infect routers and video recorder (NVR) devices. The researchers discovered the botnet in October 2023, but they believe it has been active since at least 2022.

Honeypots 121

Honeypots IoT Communications Security 121

Data Breach Today

DECEMBER 22, 2023

Attackers Masquerade as Hotels to Steal Clients' Payment Card Data, Experts Warn Scammers are stealing hotels' log-in credentials for online travel site Booking.com and targeting their customers, experts warn. In many cases, attackers use Booking's own messaging system to contact customers and request their payment card data, they say.

293

293

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

IT Governance

DECEMBER 20, 2023

Making compliance easy with our Cloud-based solution CyberComply is a Cloud-based, end-to-end solution that simplifies compliance with a range of cyber security and data privacy standards and laws, including ISO 27001 , the GDPR (General Data Protection Regulation), and more. This SaaS (Software as a Service) will help you manage all your cyber security and data privacy obligations in one place.

GDPR 103

GDPR Compliance Data Privacy Privacy 103

Schneier on Security

DECEMBER 18, 2023

More unconstrained surveillance : Lawmakers noted the pharmacies’ policies for releasing medical records in a letter dated Tuesday to the Department of Health and Human Services (HHS) Secretary Xavier Becerra. The letter—signed by Sen. Ron Wyden (D-Ore.), Rep. Pramila Jayapal (D-Wash.), and Rep. Sara Jacobs (D-Calif.)—said their investigation pulled information from briefings with eight big prescription drug suppliers.

Government 102

Government IT Privacy 102

Security Affairs

DECEMBER 20, 2023

JaskaGO is a new Go-based information stealer malware that targets both Windows and Apple macOS systems, experts warn. Researchers from AT&T Alien Labs uncovered a previously undetected Go-based information stealer dubbed JaskaGO that targets Windows and macOS systems. JaskaGO is a sophisticated malware that supports an extensive array of commands and can maintain persistence in different ways.

Passwords 119

Passwords Encryption IT Information Security 119