Krebs on Security

FEBRUARY 7, 2024

In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. The leaked user database shows one of the forum’s founders was an attorney who advised Russia’s top hackers on the legal risks of their work, and what to do if they got caught. A review of this user’s hacker identities shows that during his time on the forums he served as an officer in the special forces of the GRU , the foreign military intelligence agency of the Russian Federation.

Military 237

Military IT Communications Risk 237

Data Breach Today

FEBRUARY 8, 2024

Also: A Widespread Linux Bootloader Vulnerability This week, the U.S. banned AI robocalls, researchers discovered a Linux bootloader flaw, France investigated health sector hackings, the feds offered money for Hive information, Verizon disclosed an insider breach, Germany opened a cybersecurity center, and cyberattack victims reported high costs.

Cybersecurity 299

Cybersecurity 299

WIRED Threat Level

FEBRUARY 8, 2024

In a test at one station, Transport for London used a computer vision system to try and detect crime and weapons, people falling on the tracks, and fare dodgers, documents obtained by WIRED show.

Artificial Intelligence 118

Artificial Intelligence Privacy Security 118

The Last Watchdog

FEBRUARY 5, 2024

Even in the cloud era, Microsoft Exchange Server remains a staple business communications tool across the globe. Related: The need for robust data recovery policies. One critical issue faced by organizations that rely on Exchange Server is the risk of a corrupt Exchange Server database cropping up. Fortunately, effective tools and wise best practices can help mitigate this this exposure enabling companies to indefinitely leverage Exchange Server as a productive, resilient and secure communicatio

Risk 239

Risk Cloud Communications Education 239

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

Krebs on Security

FEBRUARY 9, 2024

Until earlier this week, the support website for networking equipment vendor Juniper Networks was exposing potentially sensitive information tied to customer products, including which devices customers bought, as well as each product’s warranty status, service contracts and serial numbers. Juniper said it has since fixed the problem, and that the inadvertent data exposure stemmed from a recent upgrade to its support portal.

Artificial Intelligence 257

Artificial Intelligence Access IT Government 257

AIIM

FEBRUARY 9, 2024

Artificial Intelligence is a key focus of AIIM's new strategy , which the AIIM Board of Directors debuted in January 2024. So it's only fitting that AI take the lead at the AIIM Conference 2024 in San Antonio, Texas, April 3-5.

Artificial Intelligence 175

Artificial Intelligence IT 175

Security Affairs

FEBRUARY 9, 2024

Black Basta ransomware gang claims the hack of the car maker Hyundai Motor Europe and the theft of three terabytes of their data. BleepingComputer reported that the Car maker Hyundai Motor Europe was breached by the Black Basta ransomware gang. The threat actors claim to have stolen three terabytes of data from the company. In January the company experienced IT issues, the outage was likely caused by the ransomware attack, but the company did not disclose it.

Ransomware 131

Ransomware Data breaches Manufacturing Sales 131

Data Matters

FEBRUARY 9, 2024

Last week, the U.S. Department of Commerce published a notice of proposed rulemaking ( NPRM ) implementing Executive Orders (EO) 13984 and 14110 to prevent “foreign malicious cyber actors” from accessing U.S. infrastructure as a service products 1 (IaaS Rule). The IaaS Rule seeks to strengthen the U.S. government’s ability to track “foreign malicious cyber actors” who have relied on U.S.

Cloud 158

Cloud Privacy Access Security 158

Data Breach Today

FEBRUARY 7, 2024

Ongoing Innovation and Sophistication Drive Unparalleled Profits Attackers wielding ransomware collectively earned over $1 billion last year - breaking previous records. Their increasingly sophisticated attacks targeted "high-profile institutions and critical infrastructure, including hospitals, schools and government," reported Chainalysis.

Ransomware 326

Ransomware Government 326

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

AIIM

FEBRUARY 6, 2024

In today's rapidly evolving business landscape, information reigns supreme. A company's ability to manage its information proactively and effectively often dictates its success in the market. However, with the increasing volume and complexity of data, it becomes imperative to have a solid framework in place to process and protect this vital asset. Enter Standard Operating Procedures (SOPs).

Marketing 161

Marketing IT 161

Security Affairs

FEBRUARY 4, 2024

Resecurity identified bad actors offering a significant number of AnyDesk customer credentials for sale on the Dark Web. Such information being available for cybercriminals could act as a catalyst for new attacks, including targeted phishing campaigns. Having additional context about a particular customer, the probability of a successful compromise could increase significantly.

Sales 129

Sales Passwords Phishing Cybersecurity 129

The Last Watchdog

FEBRUARY 8, 2024

Kenilworth, NJ, Feb. 8, 2024 – Diversified , a leading global technology solutions provider, today announced a partnership and trio of solutions with GroCyber. Together, the companies are empowering AV and media companies to improve their cybersecurity stance by providing a “clean bill of health” for their digital media environments, ensuring hardware and software are current, and protecting media storage and devices against the threat of malware.

Cybersecurity 100

Cybersecurity Marketing Risk Access 100

Data Breach Today

FEBRUARY 9, 2024

Researchers Find Unprotected Unitronics Devices Here's one reason why Iranian state hackers may have been able to target Israeli-made pressure-monitoring controllers used by American water systems: Nearly 150 of the controllers are exposed to the internet - and some still use the default password 1111.

Passwords 301

Passwords 301

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Hunton Privacy

FEBRUARY 5, 2024

In November 2023, the UK Information Commissioner’s Office (“ICO”) wrote to organizations operating 53 of the UK’s biggest websites regarding their compliance with data protection laws when using cookies. On January 31, 2024, the ICO released a statement on such action noting that it received “an overwhelmingly positive response” with 38 of those organizations having changed their cookie banners in order to come into compliance.

Compliance 121

Compliance IT Privacy 121

Security Affairs

FEBRUARY 6, 2024

Google released Android ’s February 2024 security patches to address 46 vulnerabilities, including a critical remote code execution issue. Google released Android February 2024 security patches to address 46 vulnerabilities, including a critical remote code execution flaw tracked as CVE-2024-0031. The vulnerability resides in the System and impacts Android Open Source Project (AOSP) versions 11, 12, 12L, 13, and 14. “Source code patches for these issues have been released to the Android Op

Security 127

Security Information Security IT 127

IT Governance

FEBRUARY 9, 2024

What the Common Vulnerability Scoring System is, how to use it, limitations and alternatives, and key changes in CVSS v4.0 Our senior penetration tester Leon Teale has more than ten years’ experience performing penetration tests for clients in various industries all over the world. In addition, he’s won hackathon events in the UK and internationally, and is accredited for multiple bug bounties.

IoT 118

IoT Risk Security Access 118

Data Breach Today

FEBRUARY 7, 2024

OnDemand | The Tools & Technology You Need to Meet Google/Yahoo Email Authentication Requirements Our email authentication experts will be on hand to provide their insight and a demonstration of how exactly Proofpoint Email Fraud Defense can help identify and close requirement gaps.

Authentication 298

Authentication 298

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

WIRED Threat Level

FEBRUARY 3, 2024

Plus: Russia was likely behind widespread GPS outages, Vault 7 leaker was sentenced, police claim to trace Monero cryptocurrency, and more.

Security 132

Security 132

Security Affairs

FEBRUARY 7, 2024

Fortinet warns of two critical OS command injection vulnerabilities in FortiSIEM that could allow remote attackers to execute arbitrary code Cybersecurity vendor Fortinet warned of two critical vulnerabilities in FortiSIEM, tracked as CVE-2024-23108 and CVE-2024-23109 (CVSS score 10), which could lead to remote code execution. “Multiple improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiSIEM supervisor may allow a remote unauthenticated attacke

Cybersecurity 125

Cybersecurity IT Information Security Security 125

IT Governance

FEBRUARY 5, 2024

29,530,829,012 known records breached so far in 4,645 publicly disclosed incidents Welcome to our 2024 data breaches and cyber attacks page, where you can find an overview of the year’s top security incidents, the most breached sectors of 2024, month-on-month trends, links to our monthly reports, and much more. Use the links in the ‘On this page’ section below to navigate.

Data breaches 112

Data breaches Security Government Personal data 112

Data Breach Today

FEBRUARY 8, 2024

New Report Shows a Surge in OT/IoT Threats and a 123% Increase in Hacking Attempts Threats to critical infrastructure are on the rise, as threat actors continue to scan networks, attack networks and devices, and try to get past access controls. At the same time, according to a new report, sectors such as manufacturing have experienced a 230% increase in vulnerabilities.

IoT 295

IoT Manufacturing Access 295

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

KnowBe4

FEBRUARY 5, 2024

Check out this one line for a moment.“ duped into attending a video call with what he thought were several other members of staff, but all of whom were in fact deepfake recreations.

108

108

Security Affairs

FEBRUARY 5, 2024

Scammers stole HK$200 million (roughly $25,5 million) from a multi-national company using a deepfake conf call to trick an employee into transferring the funds. Scammers successfully stole HK$200 million (approximately $25.5 million) from a multinational company in Hong Kong by employing a deepfake video call to deceive an employee into transferring the funds.

Information Security 126

Information Security IT Security 126

WIRED Threat Level

FEBRUARY 8, 2024

Known for doing business with far-right extremist websites, Epik has been acquired by a company that specializes in helping businesses keep their operations secret.

Security 110

Security 110

Data Breach Today

FEBRUARY 8, 2024

Authorities Hacked the End-to-End Encryption Platform in 2020 The Dominican Republic earlier this month extradited to France a suspected administrator of now-defunct encrypted messaging service EncroChat. The extradition is the latest in a series of actions European authorities have been taking against EncroChat users since authorities penetrated its network.

Encryption 292

Encryption IT 292

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

KnowBe4

FEBRUARY 8, 2024

Cybercriminals increasingly used malvertising to gain initial access to victims’ networks in 2023, according to Malwarebytes’s latest State of Malware report.

Ransomware 112

Ransomware Access Security 112

Security Affairs

FEBRUARY 7, 2024

The maintainers of Shim addressed six vulnerabilities, including a critical flaw that could potentially lead to remote code execution. The maintainers of ‘shim’ addressed six vulnerabilities with the release of version 15.8. The most severe of these vulnerabilities, tracked as CVE-2023-40547 (CVSS score: 9.8), can lead to remote code execution under specific circumstances.

Access 119

Access Security IT Information Security 119

Schneier on Security

FEBRUARY 7, 2024

Interesting research: “ Sleeper Agents: Training Deceptive LLMs that Persist Through Safety Training “: Abstract: Humans are capable of strategically deceptive behavior: behaving helpfully in most situations, but then behaving very differently in order to pursue alternative objectives when given the opportunity. If an AI system learned such a deceptive strategy, could we detect it and remove it using current state-of-the-art safety training techniques?

Security 105

Security IT Paper 105