Krebs on Security
MARCH 26, 2024
Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. In this scenario, a target’s Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds “Allow” or “Don’t Allow” to each prompt.
Data Breach Today
MARCH 30, 2024
Data of 75 Million Individuals, Including SSNs, Posted On Criminal Forum AT&T did an about-face Saturday, saying that a leaked tranche of data pertaining to 73 million individuals does in fact reveal sensitive information of current and former customers of America's largest wireless phone carrier. The company isn't necessarily taking responsibility for the breach.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
WIRED Threat Level
MAY 6, 2024
The iPhone maker has detected spyware attacks against people in more than 150 countries. Knowing if your device is infected can be tricky—but there are a few steps you can take to protect yourself.
Elie
MAY 8, 2024
This talk discuss through concrete examples how to use the Google Security AI Framework (SAIF) to protect AI systems and workflows
Advertisement
Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?
The Guardian Data Protection
APRIL 4, 2024
Exclusive: senior party officials worked on commercial venture that would allow brands to sell products to supporters Senior Conservative party officials worked on plans to hand over its entire membership database for a commercial venture that promised to make tens of millions of pounds, the Guardian can reveal. Leaked documents show Tory executives discussed exploiting members’ personal data to build a mobile phone app that could track users’ locations and allow big brands to advertise to Conse
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Security Affairs
APRIL 17, 2024
Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. At the end of October 2023, Atlassian warned of a critical security flaw, tracked as CVE-2023-22518 (CVSS score 9.1), that affects all versions of Confluence Data Center and Server. The vulnerability is an improper authorization issue that can lead to significant data loss if exploited by an unauthenticated attacker.
Troy Hunt
MARCH 18, 2024
I hate having to use that word - "alleged" - because it's so inconclusive and I know it will leave people with many unanswered questions. But sometimes, "alleged" is just where we need to begin and over the course of time, proper attribution is made and the dots are joined. We're here at "alleged" for two very simple reasons: one is that AT&T is saying "the data didn't come from us", and the other is that I have no way of proving otherwise.
Schneier on Security
APRIL 25, 2024
The web has become so interwoven with everyday life that it is easy to forget what an extraordinary accomplishment and treasure it is. In just a few decades, much of human knowledge has been collectively written up and made available to anyone with an internet connection. But all of this is coming to an end. The advent of AI threatens to destroy the complex online ecosystem that allows writers, artists, and other creators to reach human audiences.
eSecurity Planet
APRIL 12, 2024
Data loss prevention (DLP) best practices are principles that help prevent intentional or unintentional data erasure. By following these guidelines, organizations can reduce the detrimental impact of data loss and quickly resume operations after an incident. This also protects sensitive data and minimizes legal and reputational issues. Explore some real-world instances below and discover when and how to use DLP procedures for optimal data security.
Advertisement
Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.
IT Governance
JANUARY 24, 2024
Expert insight from Leon Teale into the implications of this historic data breach The security researcher Bob Diachenko and investigators from Cybernews have discovered an open instance with more than 26 billion data records, mostly compiled from previous breaches – although it likely also includes new data. Organisations associated with these data records include: Tencent QQ – 1.4 billion records; Weibo – 504 million records; Myspace – 360 million records; X/Twitter – 281 million records; Deeze
Krebs on Security
FEBRUARY 14, 2024
The Minnesota-based Internet provider U.S. Internet Corp. has a business unit called Securence , which specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide. But until it was notified last week, U.S. Internet was publishing more than a decade’s worth of its internal email — and that of thousands of Securence clients — in plain text out on the Internet and just a click away for anyone with a Web browser
Data Breach Today
JANUARY 20, 2024
Computing Giant Says Hackers Did Not Access Customer Data or Production Systems Russian state hackers obtained access to the inboxes of senior Microsoft executives for at least six weeks, the computing giant disclosed late Friday afternoon. "There is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems.
WIRED Threat Level
MAY 8, 2024
An internal email from FBI deputy director Paul Abbate, obtained by WIRED, tells employees to search for “US persons” in a controversial spy program's database that investigators have repeatedly misused.
Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage
Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.
OpenText Information Management
MARCH 18, 2024
AI changes everything—every role, every organization, and every industry. Those who make the most of it will be poised to lead their industries. Are you ready to put this game-changing technology to work for you? Join us at OpenText™ World Europe 2024 to learn how you can reimagine work with AI. Our complimentary event will be held in three locations: London (Queen Elizabeth II Centre, April 15), Munich (MOC—Event Center Messe München, April 16 & 17), and Paris (Maison de la Chimie, April 18
Hunton Privacy
MARCH 14, 2024
On March 13, 2024, the Federal Communications Commission’s updates to the FCC data breach notification rules (the “Rules”) went into effect. They were adopted in December 2023 pursuant to an FCC Report and Order (the “Order”). The Rules went into effect despite challenges brought in the United States Court of Appeals for the Sixth Circuit. Two trade groups, the Ohio Telecom Association and the Texas Association of Business, petitioned the United States Court of Appeals for the Sixth Circuit and
Jamf
MAY 6, 2024
Learn what Microsoft Copilot for Security is, how you can leverage Jamf management and security, and what it means when tools and expertise combine to make your devices much more secure.
Security Affairs
FEBRUARY 29, 2024
A critical vulnerability in Facebook could have allowed threat actors to hijack any Facebook account, researcher warns. Meta addressed a critical Facebook vulnerability that could have allowed attackers to take control of any account. The Nepalese researcher Samip Aryal described the flaw as a rate-limiting issue in a specific endpoint of Facebook’s password reset flow.
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
KnowBe4
APRIL 18, 2024
LastPass has warned that one of its employees was targeted by a social engineering attack that used an audio deepfake that impersonated the company’s CEO. Fortunately, the employee grew suspicious and avoided falling for the attack.
Schneier on Security
FEBRUARY 20, 2024
Microsoft announced that it caught Chinese, Russian, and Iranian hackers using its AI tools—presumably coding tools—to improve their hacking abilities. From their report : In collaboration with OpenAI, we are sharing threat intelligence showing detected state affiliated adversaries—tracked as Forest Blizzard, Emerald Sleet, Crimson Sandstorm, Charcoal Typhoon, and Salmon Typhoon—using LLMs to augment cyberoperations.
IBM Big Data Hub
FEBRUARY 13, 2024
Remember how cool it felt when you first held a smartphone in your hand? The compact design and touch-based interactivity seemed like a leap into the future. Before long, smartphones became a way of life for organizations worldwide because of all they offer for business productivity and communication. Generative AI ( artificial intelligence ) promises a similar leap in productivity and the emergence of new modes of working and creating.
Unwritten Record
MARCH 15, 2024
412_DSP_WashingtonDC_018_8x10, [link] Today’s post was written by Dan Rooney, Director of NARA’s Special Media Records Division. The National Archives Catalog Newsletter recently highlighted that the Moving Image and Sound Branch has made the totality of its Supreme Court audio recordings available for research in the National Archives Catalog.
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
Krebs on Security
APRIL 10, 2024
On April 9, Twitter/X began automatically modifying links that mention “twitter.com” to read “x.com” instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links — such as fedetwitter[.]com , which until very recently rendered as fedex.com in tweets.
Data Breach Today
JANUARY 5, 2024
A Settlement Has Been Reached. So, How Might This Affect Similar Cases? A proposed settlement has been reached between Merck & Co. and several insurers that were appealing a 2023 court decision saying the insurance companies could not invoke "hostile warlike action" exclusions in refusing to pay drugmakers' claims filed after the 2017 NotPetya cyberattack.
WIRED Threat Level
JANUARY 26, 2024
A California teenager who allegedly used the handle Torswats to carry out a nationwide swatting campaign is being extradited to Florida to face felony charges, WIRED has learned.
Troy Hunt
FEBRUARY 23, 2024
I've been getting a lot of those "your parcel couldn't be delivered" phishing attacks lately and if you're a human with a phone, you probably have been too. Just as a brief reminder, they look like this: These get through all the technical controls that exist at my telco and they land smack bang in my SMS inbox. However, I don't fall for the scams because I look for the warning signs: a sense of urgency, fear of missing out, and strange URLs that look nothing like any
Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO
The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.
Data Breach Today
MARCH 1, 2024
Calls Grow to Block Browser-Based Password Storage as Malware Comes Calling Saving passwords in browser-based password managers or via "remember my details" website options might make for simple and fast log-ins for employees, but they also give attackers an easy way to lift legitimate credentials, oftentimes via highly automated, information-stealing malware, experts warn.
Data Breach Today
APRIL 1, 2024
Chinese Hackers Have Used DinodasRAT Hackers are using a new version of a backdoor to target Linux servers and gain and maintain access in what appears to be an espionage campaign, warn researchers from Kaspersky. The hallmark of DinodasRAT's strategy is its sophisticated victim identification and persistence mechanisms.
Data Breach Today
JANUARY 26, 2024
Postmortem: Multiple Customers Also Targeted by Russian Nation-State Attackers A nation-state hacking group run by Russian intelligence gained access to a Microsoft "legacy, non-production test tenant account" and used it to authorize malicious Office 365 OAuth applications, access Outlook, and steal Microsoft and customers' emails and attachments, Microsoft said.
Expert insights. Personalized for you.
344 
Let's personalize your content