Trending Articles

article thumbnail

Courtroom Recording Software Hit by Supply Chain Attack

Data Breach Today

Backdoored Installer Facilitates Full, Remote Takeover, Justice AV Solutions Warns Attackers backdoored versions of widely used audiovisual recording software being distributed by Justice AV Solutions via its official download site. Experts say users should "immediately" update to patched versions, review their IT environments for signs of compromise and wipe affected endpoints.

IT 274
article thumbnail

Stark Industries Solutions: An Iron Hammer in the Cloud

Krebs on Security

The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. An investigation into Stark Industries reveals it is being used as a global proxy network that conceals the true source of cyberattacks and disinformation c

Cloud 251
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

RSAC Fireside Chat: IRONSCALES utilizes LLM, superior intel to stay a step ahead of Deep Fakes

The Last Watchdog

There was a lot of buzz at RSAC 2024 about how GenAI and Large Language Models (LLM) are getting leveraged — by both attackers and defenders. Related: Is your company moving too slow or too fast on GenAI? One promising example of the latter comes from messaging security vendor IRONSCALES. I had the chance to sit down with Eyal Benishti , IRONSCALES founder and CEO, to get a breakdown of how their new Generative Adversarial Network (GAN) technology utilizes a specialized LLM to reinforce an

Phishing 290
article thumbnail

Embracing the Unique Identity of Women in Information Management: Finding Acceptance and Home

AIIM

We live and work in the liminal spaces where transformation and possibility reside. It is this possibility that we, as Women in Information Management, must take advantage of.

IT 151
article thumbnail

10 Rules for Managing Apache Cassandra

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

article thumbnail

Blackbasta group claims to have hacked Atlas, one of the largest US oil distributors

Security Affairs

The Blackbasta extortion group claims to have hacked Atlas, one of the largest national distributors of fuel in the United States. Atlas is one of the largest national fuel distributors to 49 continental US States with over 1 billion gallons per year. The Blackbasta extortion group added the company to the list of victims on its Tor leak site, as the researcher Dominic Alvieri reported.

More Trending

article thumbnail

RSAC Fireside Chat: SquareX introduces security-infused browser extension to stop threats in real time

The Last Watchdog

The open-source Chromium project seeded by Google more than a decade ago has triggered something of a web browser renaissance. Related: Browser attacks mount Browsers based on Chromium include Google Chrome and Microsoft Edge, which dominate in corporate settings – as well as popular upstarts Brave, Opera and Vivaldi. Together these browsers have given rise to a vast ecosystem of extensions – one that happens to align perfectly with a highly distributed work force and global supply chain.

Security 162
article thumbnail

Teslas Can Still Be Stolen With a Cheap Radio Hack—Despite New Keyless Tech

WIRED Threat Level

Ultra-wideband radio has been heralded as the solution for “relay attacks” that are used to steal cars in seconds. But researchers found Teslas equipped with it are as vulnerable as ever.

IT 120
article thumbnail

ICO Publishes Its Strategic Approach to Regulating AI

Data Matters

On 30 April 2024, the UK’s Information Commissioner’s Office (“ICO”) published its strategic approach to regulating artificial intelligence (“AI”) (the “Strategy”), following the UK government’s request that key regulators set out their approach to AI regulation and compliance with the UK government’s previous AI White Paper (see our previous blog post here).

article thumbnail

Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors

Security Affairs

The use of Dynamic DNS (DDNS) services embedded in appliances can potentially expose data and devices to attacks. The use of Dynamic DNS (DDNS) services embedded in appliances, such as those provided by vendors like Fortinet or QNAP, carries cybersecurity implications. It increases the discoverability of customer devices by attackers. Advisory on security impacts related to the use of TLS in proprietary vendor Dynamic DNS (DDNS) services.

article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

article thumbnail

Australian Telecom Watchdog Sues Optus Over 2022 Data Breach

Data Breach Today

Telecom Company Also Faces OAIC Investigation and Potentially Millions in Fines The Australian Communications and Media Authority says it has filed proceedings against Optus in a federal court as the company failed to protect sensitive customer data during a data breach in September 2022. The Office of the Australian Information Commissioner is also investigating the incident.

article thumbnail

News alert: AI SPERA integrates its ‘Criminal IP’ threat intelligence tool into AWS Marketplace

The Last Watchdog

Torrance,Calif., May 22, 2024, CyberNewsWire — AI SPERA, a leader in Cyber Threat Intelligence (CTI) solutions, announced today that its proprietary search engine, Criminal IP , is now available on the AWS Marketplace. This integration ensures efficient software procurement and deployment, aligning seamlessly with customers’ existing cloud architectures.

IT 130
article thumbnail

A Leak of Biometric Police Data Is a Sign of Things to Come

WIRED Threat Level

Thousands of fingerprints and facial images linked to police in India have been exposed online. Researchers say it’s a warning of what will happen as the collection of biometric data increases.

Privacy 104
article thumbnail

Malicious Use of Generative AI Large Language Models Now Comes in Multiple Flavors

KnowBe4

Analysis of malicious large language model (LLM) offerings on the dark web uncovers wide variation in service quality, methodology and value – with some being downright scams.

article thumbnail

Navigating the Future: Generative AI, Application Analytics, and Data

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

article thumbnail

An ongoing malware campaign exploits Microsoft Exchange Server flaws

Security Affairs

A threat actor is targeting organizations in Africa and the Middle East by exploiting Microsoft Exchange Server flaws to deliver malware. Positive Technologies researchers observed while responding to a customer’s incident spotted an unknown keylogger embedded in the main Microsoft Exchange Server page. The keylogger was used to collect account credentials.

article thumbnail

Anyone Can Trick AI Bots into Spilling Passwords

Data Breach Today

Thousands of People Tricked Bots into Revealing Sensitive Data in Lab Setting It doesn't take a skilled hacker to glean sensitive information anymore: all you need to trick a chatbot into spilling someone else's passwords is "creativity." In a multi-level test, nearly all participants were able to trick the chatbot into revealing a password on at least one level.

Passwords 278
article thumbnail

News analysis Q&A: Shake up of the SIEM, UEBA markets continues as LogRhythm-Exabeam merge

The Last Watchdog

It’s easy to compile a checklist on why the announced merger of LogRhythm and Exabeam could potentially make strategic sense. Related: Cisco pays $28 billion for Splunk LogRhythm’s is a long established SIEM provider and Exabeam has been making hay since its 2013 launch advancing its UEBA capabilities. Combining these strengths falls in line with the drive to make cloud-centric, hyper-interconnected company networks more resilient.

Marketing 100
article thumbnail

Eventbrite Promoted Illegal Opioid Sales to People Searching for Addiction Recovery Help

WIRED Threat Level

A WIRED investigation found thousands of Eventbrite posts selling escort services and drugs like Xanax and oxycodone—some of which the company’s algorithm recommended alongside addiction recovery events.

Sales 106
article thumbnail

Get Better Network Graphs & Save Analysts Time

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

article thumbnail

On the Zero-Day Market

Schneier on Security

New paper: “ Zero Progress on Zero Days: How the Last Ten Years Created the Modern Spyware Market “: Abstract: Spyware makes surveillance simple. The last ten years have seen a global market emerge for ready-made software that lets governments surveil their citizens and foreign adversaries alike and to do so more easily than when such work required tradecraft.

article thumbnail

Two students uncovered a flaw that allows to use laundry machines for free

Security Affairs

Two students discovered a security flaw in over a million internet-connected laundry machines that could allow laundry for free. CSC ServiceWorks is a company that provides laundry services and air vending solutions for multifamily housing, academic institutions, hospitality, and other commercial sectors. They manage and operate many internet-connected laundry machines and systems, offering services such as coin and card-operated laundry machines, mobile payment solutions, and maintenance suppor

article thumbnail

Breach Roundup: Fluent Bit Flaw Is Risky for Cloud Providers

Data Breach Today

Also: Spanish Hacker Alcasec Arrested Again This week, Fluent Bit contains a flaw, Microsoft is nuking VBScript, Irish police and the SEC face fines, a man was sentenced for BEC, a flaw was found in Netflix's Genie, an Australia university said it was breached and Black Basta claimed an attack, and hacker Alcasec was arrested again.

Cloud 275
article thumbnail

Announcing KnowBe4 Student Edition: Cybersecurity Education Tailored for the Next Generation

KnowBe4

I recently heard another heartbreaking story of students who were scammed out of financial aid by a phishing attack. We have also heard stories of employment scams and social media based attacks where students fell victim to cybercriminals.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

He Trained Crypto Cops to Fight Crypto Crime—and Allegedly Ran a $100M Dark Web Drug Market

WIRED Threat Level

The strange journey of Lin Rui-siang, the 23-year-old accused of running the Incognito black market, extorting his own site's users—and then refashioning himself as a legit crypto crime expert.

Marketing 100
article thumbnail

Detecting Malicious Trackers

Schneier on Security

From Slashdot : Apple and Google have launched a new industry standard called “ Detecting Unwanted Location Trackers ” to combat the misuse of Bluetooth trackers for stalking. Starting Monday, iPhone and Android users will receive alerts when an unknown Bluetooth device is detected moving with them. The move comes after numerous cases of trackers like Apple’s AirTags being used for malicious purposes.

IT 98
article thumbnail

An XSS flaw in GitLab allows attackers to take over accounts

Security Affairs

GitLab addressed a high-severity cross-site scripting (XSS) vulnerability that allows unauthenticated attackers to take over user accounts. GitLab fixed a high-severity XSS vulnerability, tracked as CVE-2024-4835 , that allows attackers to take over user accounts. An attacker can exploit this issue by using a specially crafted page to exfiltrate sensitive user information.

Passwords 103
article thumbnail

Cybersecurity workforce development: A Public/Private Partnership that enhances cybersecurity while giving hands-on SOC experience to students

Data Breach Today

TekStream's Johnson and Splunk's Prevost on Tapping Into Student Talent for the SOC The threat landscape has evolved for state and local government entities as well as higher education institutes. Mary Lou Prevost from Splunk and Bruce Johnson of TekStream discuss innovative public-private partnerships that boost institutional defense mechanisms.

article thumbnail

10 Rules for Managing Apache Kafka

Without proper guidance, it’s easy to miss out on Kafka’s full capabilities. While not the easiest technology to optimize, Kafka rewards those willing to explore its depths. Under the hood, it is an elegant system for stream processing, event sourcing, and data integration. Download this white paper to learn the 10 critical rules that will help you optimize your Kafka system and unlock its full potential.

article thumbnail

From Boredom to Engagement: Gamification in Cybersecurity Awareness

KnowBe4

As someone who can barely keep up when my 10-year-old shows me around his Minecraft worlds, I was a bit apprehensive about writing a review of our gamified cybersecurity awareness module. But hey, maybe being a bit of a klutz at gaming might actually be beneficial from a test case point of view, and who doesn't like a challenge, right?

article thumbnail

How to establish lineage transparency for your machine learning initiatives

IBM Big Data Hub

Machine learning (ML) has become a critical component of many organizations’ digital transformation strategy. From predicting customer behavior to optimizing business processes, ML algorithms are increasingly being used to make decisions that impact business outcomes. Have you ever wondered how these algorithms arrive at their conclusions? The answer lies in the data used to train these models and how that data is derived.

article thumbnail

Personal AI Assistants and Privacy

Schneier on Security

Microsoft is trying to create a personal digital assistant: At a Build conference event on Monday, Microsoft revealed a new AI-powered feature called “Recall” for Copilot+ PCs that will allow Windows 11 users to search and retrieve their past activities on their PC. To make it work, Recall records everything users do on their PC, including activities in apps, communications in live meetings, and websites visited for research.

Privacy 92