Trending Articles

article thumbnail

Senator: Top Banks Only Reimburse 38% of Unauthorized Claims

Data Breach Today

Bank Execs at Senate Hearing Defend Zelle Reimbursements, Payment Fraud Programs During a hearing Tuesday, U.S. Sen. Richard Blumenthal, D-Conn., revealed that Bank of America, JPMorgan Chase and Wells Fargo only reimbursed 38% of unauthorized Zelle transactions - leaving consumers on the hook for $100 million in fraud losses. The banks disputed the committee's findings.

280
280
article thumbnail

AIIM's Take on AI Input Transparency Policy

AIIM

Copyright is intended to incentivize creativity to serve the purpose of enriching the public by providing access to creative work. Generative AI engines use content (aka information or unstructured data) to develop large language models. This content can and often does include copyrighted works.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

CrowdStrike Says Code-Testing Bugs Failed to Prevent Outage

Data Breach Today

Cybersecurity Vendor's Preliminary Review Details Problems, Promises Improvements CrowdStrike, in a preliminary report, has blamed internal testing problems for failing to prevent the faulty "rapid content update" that caused worldwide disruption on Friday. The cybersecurity vendor has promised to refine its testing and deployment processes to avoid any repeats.

article thumbnail

Wanted! An IG Code of Human Ethics

Weissman's World

I recently gave a presentation to ARMA International about the human consequences of what we do, and though you probably can get a copy of it from ARMA itself – and for sure you can from me – I wanted to take a minute to reinforce the criticality of my point. Most of us spend… Read More » Wanted! An IG Code of Human Ethics The post Wanted!

IT 290
article thumbnail

Solving Open Source Complexity with a Managed Data Infrastructure Platform

With its unparalleled flexibility, rapid development and cost-saving capabilities, open source is proving time and again that it’s the leader in data management. But as the growth in open source adoption increases, so does the complexity of your data infrastructure. In this Analyst Brief developed with IDC, discover how and why the best solution to this complexity is a managed service, including: Streamlined compliance with some of the most complex regulatory guidelines Simplified operations, li

article thumbnail

How a North Korean Fake IT Worker Tried to Infiltrate Us

KnowBe4

Incident Report Summary: Insider Threat TLDR: KnowBe4 was in need of a software engineer for our internal IT AI team. Posted the job, got resumes, did the interviews, did the background check, checked the references and hired the person. We sent the Mac and the moment it was received it immediately started to load malware. The EDR software saw it and started to throw alerts to our InfoSec SOC team.

IT 145

More Trending

article thumbnail

Vulnerabilities in LangChain Gen AI Could Prompt Data Leak

Data Breach Today

Open-Source Company Issues Patches After Being Alerted by Palo Alto A widely used generative artificial intelligence framework is vulnerable to a prompt injunction flaw that could enable sensitive data to leak. Security researchers at Palo Alto Networks uncovered two arbitrary code flaws in open-source library LangChain.

article thumbnail

This Machine Exposes Privacy Violations

WIRED Threat Level

A former Google engineer has built a search engine, WebXray, that aims to find illicit online data collection and tracking—with the goal of becoming “the Henry Ford of tech lawsuits.

Privacy 130
article thumbnail

The Value of Information Management: Compliance versus Business Outcomes

AIIM

I want to share my thoughts on the ongoing debate within the information management industry about how to effectively sell the value of investing in information management. Some argue that the focus should be on business outcomes and solving the problems that keep decision-makers up at night, while others emphasize the importance of compliance and risk mitigation.

article thumbnail

Heightened Focus in the EU for the Protection of Minors Online

Data Matters

The protection of minors online continues to be a focus for EU regulators. Following the publication last year by the European Parliament of its guidelines on online age verification methods for children, the European Commission has recently announced it will be holding a dedicated stakeholder workshop in September 2024 to discuss guidelines for age verification and protecting minors.

Privacy 88
article thumbnail

Provide Real Value in Your Applications with Data and Analytics

The complexity of financial data, the need for real-time insight, and the demand for user-friendly visualizations can seem daunting when it comes to analytics - but there is an easier way. With Logi Symphony, we aim to turn these challenges into opportunities. Our platform empowers you to seamlessly integrate advanced data analytics, generative AI, data visualization, and pixel-perfect reporting into your applications, transforming raw data into actionable insights.

article thumbnail

Hackers exploit Microsoft Defender SmartScreen bug CVE-2024-21412 to deliver ACR, Lumma, and Meduza Stealers

Security Affairs

The CVE-2024-21412 flaw in the Microsoft Defender SmartScreen has been exploited to deliver information stealers such as ACR Stealer, Lumma, and Meduza. Fortinet FortiGuard Labs researchers observed a malware campaign exploiting the vulnerability CVE-2024-21412 (CVSS score: 8.1) to spread information stealer, such as ACR Stealer, Lumma , and Meduza.

Education 110
article thumbnail

How One Bad CrowdStrike Update Crashed the World’s Computers

WIRED Threat Level

A defective CrowdStrike kernel driver sent computers around the globe into a reboot death spiral, taking down air travel, hospitals, banks, and more with it. Here’s how that’s possible.

IT 145
article thumbnail

North Korean Fake IT Worker FAQ

KnowBe4

Frequently Asked Questions About KnowBe4's Fake IT Worker Blog July 23, 2024, I wrote a blog post about how KnowBe4 inadvertently hired a skillful North Korean IT worker who used the stolen identity of a US citizen. He participated in several rounds of video interviews and circumvented background check processes commonly used. The intent was to share an organizational learning moment, so you can make sure this does not happen to you.

IT 101
article thumbnail

Robot Dog Internet Jammer

Schneier on Security

Supposedly the DHS has these : The robot, called “NEO,” is a modified version of the “Quadruped Unmanned Ground Vehicle” (Q-UGV) sold to law enforcement by a company called Ghost Robotics. Benjamine Huffman, the director of DHS’s Federal Law Enforcement Training Centers (FLETC), told police at the 2024 Border Security Expo in Texas that DHS is increasingly worried about criminals setting “booby traps” with internet of things and smart home devices, and t

article thumbnail

Entity Resolution: Your Guide to Deciding Whether to Build It or Buy It

Adding high-quality entity resolution capabilities to enterprise applications, services, data fabrics or data pipelines can be daunting and expensive. Organizations often invest millions of dollars and years of effort to achieve subpar results. This guide will walk you through the requirements and challenges of implementing entity resolution. By the end, you'll understand what to look for, the most common mistakes and pitfalls to avoid, and your options.

article thumbnail

US Gov sanctioned key members of the Cyber Army of Russia Reborn hacktivists group

Security Affairs

The US government sanctioned two Russian hacktivists for their cyberattacks targeting critical infrastructure, including breaches of water facilities. The United States sanctioned Russian hacktivists Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, members of the Russian hacktivist group Cyber Army of Russia Reborn (CARR), for their roles in cyber operations against U.S. critical infrastructure.

article thumbnail

CrowdStrike Disruption Restoration Is Taking Time

Data Breach Today

Microsoft's Tool Requires Physical Access, a 'Time-Consuming and Laborious Task' Microsoft's statement that a faulty CrowdStrike update affected less than 1% of active Windows systems doesn't tell the full story, since large organizations in critical sectors make up a disproportionate part of the user base, as the outages in healthcare, transportation and banking demonstrate.

Access 309
article thumbnail

How Russia-Linked Malware Cut Heat to 600 Ukrainian Buildings in Deep Winter

WIRED Threat Level

The code, the first of its kind, was used to sabotage a heating utility in Lviv at the coldest point in the year—what appears to be yet another innovation in Russia’s torment of Ukrainian civilians.

IT 112
article thumbnail

Phishing Campaigns Abuse Cloud Platforms to Target Latin America

KnowBe4

Several threat actors are abusing legitimate cloud services to launch phishing attacks against users in Latin America, according to Google’s latest Threat Horizons Report.

Phishing 107
article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

article thumbnail

Data Wallets Using the Solid Protocol

Schneier on Security

I am the Chief of Security Architecture at Inrupt, Inc. , the company that is commercializing Tim Berners-Lee’s Solid open W3C standard for distributed data ownership. This week, we announced a digital wallet based on the Solid architecture. Details are here , but basically a digital wallet is a repository for personal data and documents. Right now, there are hundreds of different wallets, but no standard.

article thumbnail

Hackers abused swap files in e-skimming attacks on Magento sites

Security Affairs

Threat actors abused swap files in compromised Magento websites to hide credit card skimmer and harvest payment information. Security researchers from Sucuri observed threat actors using swap files in compromised Magento websites to conceal a persistent software skimmer and harvest payment information. The attackers used this tactic to maintain persistence and allowing the malware to survive multiple cleanup attempts.

Cleanup 110
article thumbnail

CrowdStrike Outage Losses Will Hit Healthcare, Banking Hard

Data Breach Today

$5.4 Billion in Losses Estimated for 500 Largest Public US Firms - Except Microsoft Expect the healthcare and banking sectors to record the greatest direct losses in the U.S. as a result of the global disruptions caused by a faulty CrowdStrike software update crashing Windows systems, an underwriting agency reported, forecasting Fortune 500 direct losses of $5.4 billion.

289
289
article thumbnail

Huge Microsoft Outage Linked to CrowdStrike Takes Down Computers Around the World

WIRED Threat Level

A software update from cybersecurity company CrowdStrike appears to have inadvertently disrupted IT systems globally.

article thumbnail

10 Rules for Managing Apache Cassandra

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

article thumbnail

Vulnerability Recap 7/22/24 – CrowdStrike Issue Is One of Many

eSecurity Planet

The failed CrowdStrike sensor update that affected Windows systems may have put those computers at risk, but this is just one potential vulnerability during an interesting week. SolarWinds recently patched 13 vulnerabilities, and Ivanti has fixed yet another flaw in its Endpoint Manager product. The CISA requires federal agencies to patch their instances of GeoServer by August 5, and Wiz recently reported on a major AI model training vulnerability.

Libraries 108
article thumbnail

CrowdStrike Phishing Attacks Appear in Record Time

KnowBe4

I have been the CEO of an anti-virus software developer. We had a special acronym for catastrophic events like this, a so-called "CEE". As in Company Extinction Event. Within hours of mass IT outages on Friday, a surge of new domains began appearing online, all sharing one common factor: the name CrowdStrike. As the company grapples with a global tech outage that has delayed flights and disrupted emergency services, opportunistic cybercriminals are quick to exploit the chaos.

Phishing 114
article thumbnail

U.S. CISA adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-34102 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability CVE-2024-28995 SolarW

IT 116
article thumbnail

Banks and Airlines Disrupted as Mass Outage Hits Windows PCs

Data Breach Today

CrowdStrike Confirms Faulty Software Update for Falcon Sensor, Is Deploying Fix Banks, airlines, media giants and others are being disrupted by a mass, global IT outage tied to Windows PCs. While CrowdStrike has issued a workaround tied to a Falcon software update that appears to be the culprit, many IT administrators say it so far remains difficult to implement at scale.

IT 306
article thumbnail

Deliver Mission Critical Insights in Real Time with Data & Analytics

In the fast-moving manufacturing sector, delivering mission-critical data insights to empower your end users or customers can be a challenge. Traditional BI tools can be cumbersome and difficult to integrate - but it doesn't have to be this way. Logi Symphony offers a powerful and user-friendly solution, allowing you to seamlessly embed self-service analytics, generative AI, data visualization, and pixel-perfect reporting directly into your applications.

article thumbnail

MVP 14

Troy Hunt

Just over 13 years ago, Microsoft gave me my first "Most Valuable Professional" award. Out of the blue, as far as I was concerned. It wasn't something I'd planned for and it certainly wasn't something I'd expected, but it has become a cornerstone of my professional identity. Indulge me while I go off on a bit of a tangent here: like the other things in my professional life that have turned into a success, the things I did to earn that first MVP award were things I was

article thumbnail

This $45 mini screwdriver kit has a useful LED screen - and I highly recommend it

Collaboration 2.0

The Arrowmax SES ultra mini power screwdriver kit combines high-quality hardware with customizable settings, and its one of the first I've seen with its own display.

IT 97
article thumbnail

The Pentagon Wants to Spend $141 Billion on a Doomsday Machine

WIRED Threat Level

The DOD wants to refurbish ICBM silos that give it the ability to end civilization. But these missiles are useless as weapons, and their other main purpose—attracting an enemy’s nuclear strikes—serves no end.

IT 103