Sat.Mar 23, 2024 - Fri.Mar 29, 2024

article thumbnail

Alert: Hackers Hit High-Risk Individuals' Personal Accounts

Data Breach Today

Cybersecurity Experts Recommend Defenses to Counter Surge in Such Attacks Calling all high-risk individuals: Ensure you're taking adequate steps to secure your personal devices and accounts, as criminals and nation-state hackers increasingly target them instead of grappling with corporate defenses, warned the U.K.'s National Cyber Security Center.

Risk 314
article thumbnail

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

Krebs on Security

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. In this scenario, a target’s Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds “Allow” or “Don’t Allow” to each prompt.

Passwords 306
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST ESSAY: NIST’s Cybersecurity Framework update extends best practices to supply chain, AI

The Last Watchdog

The National Institute of Standards and Technology (NIST) has updated their widely used Cybersecurity Framework (CSF) — a free respected landmark guidance document for reducing cybersecurity risk. Related: More background on CSF However, it’s important to note that most of the framework core has remained the same. Here are the core components the security community knows: Govern (GV): Sets forth the strategic path and guidelines for managing cybersecurity risks, ensuring harmony with business go

article thumbnail

Data Privacy in the Age of AI

AIIM

Data privacy and Artificial Intelligence (AI) are two of biggest issues in the information spaces today. However, despite the enormous amount of coverage they receive in the trade and general media, what is not yet well understood is how tightly intertwined they are, and how risky it can be to address them without a proper foundation. Here are a few points to ponder to help you avoid the most common risks.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

On the Increase: Zero-Days Being Exploited in the Wild

Data Breach Today

Espionage Groups and Commercial Surveillance Vendors Tied to Many Zero-Day Exploits Fresh zero-day vulnerabilities continue to be getting actively exploited in the wild by attackers, often for surveillance and espionage purposes, according to the latest annual review of in-the-wild exploits published by Google. In 2023, 97 new zero-days came to light, up from 62 in 2022.

270
270

More Trending

article thumbnail

Large-scale Sign1 malware campaign already infected 39,000+ WordPress sites

Security Affairs

A large-scale malware campaign, tracked as Sign1, has already compromised 39,000 WordPress sites in the last six months. Sucurity researchers at Sucuri spotted a malware campaign, tracked as Sign1, which has already compromised 39,000 WordPress sites in the last six months. The experts discovered that threat actors compromised the websites implanting malicious JavaScript injections that redirect visitors to malicious websites.

IT 127
article thumbnail

FBI: Losses Due to Cybercrime Jump to $12.5 Billion as Phishing Continues to Dominate

KnowBe4

The FBI’s Internet Crime Complaint Center (IC3) newly-released Internet Crimes Report provides an unbiased big picture of the cyber crimes that were the most used and most successful.

Phishing 102
article thumbnail

Hospitals Lobby Feds to Clarify Breach Duties in UHG Attack

Data Breach Today

AHA Wants Change Healthcare on Hook for Notification in Potential Breach As thousands of hospitals, clinics and doctor practices potentially have to notify millions of patients about the Change Healthcare breach, the American Hospital Association said the IT services firm and parent company, UnitedHealth Group, should be the sole sender of notifications.

IT 289
article thumbnail

Ahead of the curve: How generative AI is revolutionizing the content supply chain

IBM Big Data Hub

The global adoption of generative AI is upon us, and it’s essential for marketing organizations to understand and play in this space to stay competitive. With content demands expected to grow in the next few years, organizations need to create more content at a faster pace to meet customer expectations and business needs. Knowing how to manifest these improvements is not always clear: Enter generative AI and the content supply chain.

Risk 105
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

CISA adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2023-48788 Fortinet FortiClient EMS SQL Injection Vulnerability CVE-2021-44529 Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulne

IT 117
article thumbnail

New Phishing-as-a-Service Kit Attempts to Bypass MFA

KnowBe4

A Phishing-as-a-Service (PhaaS) platform called “Tycoon 2FA” has surged in popularity over the past several months, according to researchers at Sekoia. The phishing kit is notable for its focus on bypassing victims’ multi-factor authentication measures.

article thumbnail

UK Discloses Chinese Espionage Activities

Data Breach Today

Deputy Prime Minister Says Violet Typhoon Is Behind Attacks on UK Politicians Chinese state hackers targeted multiple British politicians, the U.K. government said Monday in a coordinated disclosure of Chinese state hacking activities designed to ramp up international pressure on Beijing. The British government summoned the Chinese ambassador to the Foreign Office.

article thumbnail

Security Vulnerability in Saflok’s RFID-Based Keycard Locks

Schneier on Security

It’s pretty devastating : Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

TheMoon bot infected 40,000 devices in January and February

Security Affairs

A new variant of TheMoon malware infected thousands of outdated small office and home office (SOHO) routers and IoT devices worldwide. The Black Lotus Labs team at Lumen Technologies uncovered an updated version of “ TheMoon ” bot targeting end-of-life (EoL) small home/small office (SOHO) routers and IoT devices. The new version of the bot has been spotted infecting thousands of outdated devices in 88 countries.

IoT 102
article thumbnail

[New Research] KnowBe4's Report is a Call to Action for Global Organizations to Improve Their Security Culture

KnowBe4

We’re thrilled to announce the release of the 2024 Security Culture Report , which dives deep into how security measures affect organizations and the way employees act and feel at work.

article thumbnail

Feds Wave Sticks & Carrots at Health Sector to Bolster Cyber

Data Breach Today

Industry Groups Welcome Help for Hospitals and Others - But Oppose Penalties Proposed federal sticks and carrots to incentivize the health sector to implement stronger cybersecurity standards are already meeting opposition from some industry groups that say financial help is welcome but payment penalties for perceived laggards likely will do more harm than good.

article thumbnail

On Secure Voting Systems

Schneier on Security

Andrew Appel shepherded a public comment —signed by twenty election cybersecurity experts, including myself—on best practices for ballot marking devices and vote tabulation. It was written for the Pennsylvania legislature, but it’s general in nature. From the executive summary: We believe that no system is perfect, with each having trade-offs.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

GoFetch side-channel attack against Apple systems allows secret keys extraction

Security Affairs

Researchers demonstrated a new side-channel attack, named GoFetch, against Apple CPUs that could allow an attacker to obtain secret keys. A team of researchers from several US universities demonstrated a new microarchitectural side-channel attack named GoFetch that could allow attackers to extract secret keys from systems using Apple CPUs. GoFetch side-channel attack can extract secret keys from constant-time cryptographic implementations via data memory-dependent prefetchers (DMPs).

article thumbnail

Cloud-Conscious Cyber Attacks Spike 110% as Threat Groups Sharpen their Attack Skills

KnowBe4

Cybercriminals are catching up to all the digital transformation done over the last decade, as new data shows increased expertise in leveraging and.

article thumbnail

NTIA Pushes for Independent Audits of AI Systems

Data Breach Today

Accountability Needed to Unleah Full Potential of AI, Says NTIA Administrator The U.S. National Telecommunications and Information Administration released a report Wednesday calling for improved transparency into high-risk artificial intelligence systems, as well as independent audits that can help hold AI developers accountable.

article thumbnail

Cybersecurity Takeaways From White House Tech Report

Data Matters

On Feb. 26, the White House's Office of the National Cyber Director (ONCD), released a report on how technology manufacturers and software developers can improve the cybersecurity posture of the U.S. This report, "Back to the Building Blocks: A Path Toward Secure and Measurable Software," aligns with the Biden administration's current, intense focus on combatting ever-increasing cyberthreats through software development and software manufacturer accountability.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Russia-linked APT29 targeted German political parties with WINELOADER backdoor Mozilla fixed Firefox zero-days exploited at Pwn2Own Vancouver 2024 Large-scale Sign1 malware campaign already infected 39,000+ WordPress sites German police seized the

article thumbnail

It’s Official: Cyber Insurance is No Longer Seen as a 'Safety Net'

KnowBe4

A new report on the state of email security sheds some light on how organizations are viewing and approaching cyber insurance as they shift strategy toward being cyber resilient.

article thumbnail

European Commission to Investigate Meta Subscription Model

Data Breach Today

'Pay or Consent' May Violate the Digital Services Act, Say EU Officials The European Commission will scrutinize Meta's pivot to a subscription model in response to a string of rulings from data protection boards limiting the social media giant's ability to legally collect user data. Europe announced a slew of investigations into American big-tech companies.

273
273
article thumbnail

Migrating data to the cloud? Don’t neglect change management

Collibra

Did you know 72% of companies identify data as their biggest challenge to achieving AI goals by 2025? 1 For data professionals embarking on a data cloud migration , the stakes couldn’t be any higher. It’s why effective change management is not just a luxury; it’s a necessity for unlocking the full power of cloud capabilities and ensuring adoption.

Cloud 83
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Cybercriminals Accelerate Online Scams During Ramadan and Eid Fitr

Security Affairs

During the month of Ramadan, Resecurity observed a significant increase in fraudulent activities and scams. During the month of Ramadan, Resecurity observed a significant increase in fraudulent activities and scams, coinciding with a surge in retail and online transactions. Middle Eastern enterprises, facing this heightened risk, are urged to bolster consumer protection and reinforce their brand security.

Retail 98
article thumbnail

Chinese Hackers Charged in Decade-Long Global Spying Rampage

WIRED Threat Level

US and UK officials hit Chinese hacking group APT31 with sanctions and criminal charges after they targeted thousands of businesses, politicians, and critics of China.

article thumbnail

US Indicts Accused APT31 Chinese Hackers for Hire

Data Breach Today

Prosecutors Say China Set Up a Wuhan Front Company for Geopolitical Hacks U.S. federal prosecutors indicted seven Chinese nationals they accuse of hacking for a Beijing economic and intelligence espionage group whose operations reacted to geopolitical trends. The suspects allegedly were contractors for a front company set up by an arm of the Ministry of State Security.

Security 246