Trending Articles

article thumbnail

On the Increase: Zero-Days Being Exploited in the Wild

Data Breach Today

Espionage Groups and Commercial Surveillance Vendors Tied to Many Zero-Day Exploits Fresh zero-day vulnerabilities continue to be getting actively exploited in the wild by attackers, often for surveillance and espionage purposes, according to the latest annual review of in-the-wild exploits published by Google. In 2023, 97 new zero-days came to light, up from 62 in 2022.

273
273
article thumbnail

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

Krebs on Security

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. In this scenario, a target’s Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds “Allow” or “Don’t Allow” to each prompt.

Passwords 306
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Alert: Hackers Hit High-Risk Individuals' Personal Accounts

Data Breach Today

Cybersecurity Experts Recommend Defenses to Counter Surge in Such Attacks Calling all high-risk individuals: Ensure you're taking adequate steps to secure your personal devices and accounts, as criminals and nation-state hackers increasingly target them instead of grappling with corporate defenses, warned the U.K.'s National Cyber Security Center.

Risk 316
article thumbnail

GUEST ESSAY: NIST’s Cybersecurity Framework update extends best practices to supply chain, AI

The Last Watchdog

The National Institute of Standards and Technology (NIST) has updated their widely used Cybersecurity Framework (CSF) — a free respected landmark guidance document for reducing cybersecurity risk. Related: More background on CSF However, it’s important to note that most of the framework core has remained the same. Here are the core components the security community knows: Govern (GV): Sets forth the strategic path and guidelines for managing cybersecurity risks, ensuring harmony with business go

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Data Privacy in the Age of AI

AIIM

Data privacy and Artificial Intelligence (AI) are two of biggest issues in the information spaces today. However, despite the enormous amount of coverage they receive in the trade and general media, what is not yet well understood is how tightly intertwined they are, and how risky it can be to address them without a proper foundation. Here are a few points to ponder to help you avoid the most common risks.

More Trending

article thumbnail

Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

Krebs on Security

The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep , an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by KrebsOnSecurity forced Onerep’s CEO to admit that he has founded dozens of people-search networks over the years.

article thumbnail

Large-scale Sign1 malware campaign already infected 39,000+ WordPress sites

Security Affairs

A large-scale malware campaign, tracked as Sign1, has already compromised 39,000 WordPress sites in the last six months. Sucurity researchers at Sucuri spotted a malware campaign, tracked as Sign1, which has already compromised 39,000 WordPress sites in the last six months. The experts discovered that threat actors compromised the websites implanting malicious JavaScript injections that redirect visitors to malicious websites.

IT 125
article thumbnail

Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds

WIRED Threat Level

The company behind the Saflok-brand door locks is offering a fix, but it may take months or years to reach some hotels.

IT 141
article thumbnail

FBI: Losses Due to Cybercrime Jump to $12.5 Billion as Phishing Continues to Dominate

KnowBe4

The FBI’s Internet Crime Complaint Center (IC3) newly-released Internet Crimes Report provides an unbiased big picture of the cyber crimes that were the most used and most successful.

Phishing 101
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Hospitals Lobby Feds to Clarify Breach Duties in UHG Attack

Data Breach Today

AHA Wants Change Healthcare on Hook for Notification in Potential Breach As thousands of hospitals, clinics and doctor practices potentially have to notify millions of patients about the Change Healthcare breach, the American Hospital Association said the IT services firm and parent company, UnitedHealth Group, should be the sole sender of notifications.

IT 292
article thumbnail

Ahead of the curve: How generative AI is revolutionizing the content supply chain

IBM Big Data Hub

The global adoption of generative AI is upon us, and it’s essential for marketing organizations to understand and play in this space to stay competitive. With content demands expected to grow in the next few years, organizations need to create more content at a faster pace to meet customer expectations and business needs. Knowing how to manifest these improvements is not always clear: Enter generative AI and the content supply chain.

Risk 107
article thumbnail

CISA adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2023-48788 Fortinet FortiClient EMS SQL Injection Vulnerability CVE-2021-44529 Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulne

IT 116
article thumbnail

Security Vulnerability in Saflok’s RFID-Based Keycard Locks

Schneier on Security

It’s pretty devastating : Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

New Phishing-as-a-Service Kit Attempts to Bypass MFA

KnowBe4

A Phishing-as-a-Service (PhaaS) platform called “Tycoon 2FA” has surged in popularity over the past several months, according to researchers at Sekoia. The phishing kit is notable for its focus on bypassing victims’ multi-factor authentication measures.

article thumbnail

UK Discloses Chinese Espionage Activities

Data Breach Today

Deputy Prime Minister Says Violet Typhoon Is Behind Attacks on UK Politicians Chinese state hackers targeted multiple British politicians, the U.K. government said Monday in a coordinated disclosure of Chinese state hacking activities designed to ramp up international pressure on Beijing. The British government summoned the Chinese ambassador to the Foreign Office.

article thumbnail

EU Formally Adopts World’s First AI Law

Data Matters

On March 13, 2024, the European Parliament formally adopted the EU Artificial Intelligence Act (“ AI Act ”) with a large majority of 523-46 votes in favor of the legislation. The AI Act is the world’s first horizontal and standalone law governing AI, and a landmark piece of legislation for the EU. The post EU Formally Adopts World’s First AI Law appeared first on Data Matters Privacy Blog.

article thumbnail

Pwn2Own Vancouver 2024: participants earned $1,132,500 for 29 unique 0-days

Security Affairs

Pwn2Own Vancouver 2024 hacking competition has ended, and participants earned $1,132,500 for demonstrating 29 unique zero-days. Trend Micro’s Zero Day Initiative (ZDI) announced that participants earned $1,132,500 on the Pwn2Own Vancouver 2024 hacking competition for demonstrating 29 unique zero-days. On day one , the Team Synacktiv successfully demonstrated exploits against a Tesla car.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

On Secure Voting Systems

Schneier on Security

Andrew Appel shepherded a public comment —signed by twenty election cybersecurity experts, including myself—on best practices for ballot marking devices and vote tabulation. It was written for the Pennsylvania legislature, but it’s general in nature. From the executive summary: We believe that no system is perfect, with each having trade-offs.

article thumbnail

[New Research] KnowBe4's Report is a Call to Action for Global Organizations to Improve Their Security Culture

KnowBe4

We’re thrilled to announce the release of the 2024 Security Culture Report , which dives deep into how security measures affect organizations and the way employees act and feel at work.

article thumbnail

NTIA Pushes for Independent Audits of AI Systems

Data Breach Today

Accountability Needed to Unleah Full Potential of AI, Says NTIA Administrator The U.S. National Telecommunications and Information Administration released a report Wednesday calling for improved transparency into high-risk artificial intelligence systems, as well as independent audits that can help hold AI developers accountable.

article thumbnail

Cybersecurity Takeaways From White House Tech Report

Data Matters

On Feb. 26, the White House's Office of the National Cyber Director (ONCD), released a report on how technology manufacturers and software developers can improve the cybersecurity posture of the U.S. This report, "Back to the Building Blocks: A Path Toward Secure and Measurable Software," aligns with the Biden administration's current, intense focus on combatting ever-increasing cyberthreats through software development and software manufacturer accountability.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

TheMoon bot infected 40,000 devices in January and February

Security Affairs

A new variant of TheMoon malware infected thousands of outdated small office and home office (SOHO) routers and IoT devices worldwide. The Black Lotus Labs team at Lumen Technologies uncovered an updated version of “ TheMoon ” bot targeting end-of-life (EoL) small home/small office (SOHO) routers and IoT devices. The new version of the bot has been spotted infecting thousands of outdated devices in 88 countries.

IoT 99
article thumbnail

Migrating data to the cloud? Don’t neglect change management

Collibra

Did you know 72% of companies identify data as their biggest challenge to achieving AI goals by 2025? 1 For data professionals embarking on a data cloud migration , the stakes couldn’t be any higher. It’s why effective change management is not just a luxury; it’s a necessity for unlocking the full power of cloud capabilities and ensuring adoption.

Cloud 83
article thumbnail

Cloud-Conscious Cyber Attacks Spike 110% as Threat Groups Sharpen their Attack Skills

KnowBe4

Cybercriminals are catching up to all the digital transformation done over the last decade, as new data shows increased expertise in leveraging and.

article thumbnail

European Commission to Investigate Meta Subscription Model

Data Breach Today

'Pay or Consent' May Violate the Digital Services Act, Say EU Officials The European Commission will scrutinize Meta's pivot to a subscription model in response to a string of rulings from data protection boards limiting the social media giant's ability to legally collect user data. Europe announced a slew of investigations into American big-tech companies.

277
277
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Chinese Hackers Charged in Decade-Long Global Spying Rampage

WIRED Threat Level

US and UK officials hit Chinese hacking group APT31 with sanctions and criminal charges after they targeted thousands of businesses, politicians, and critics of China.

article thumbnail

Pwn2Own Vancouver 2024 Day 1 – team Synacktiv hacked a Tesla

Security Affairs

Participants earned $732,500 on the first day of the Pwn2Own Vancouver 2024 hacking competition, a team demonstrated a Tesla hack. Participants earned $732,000 on the first day of the Pwn2Own Vancouver 2024 hacking competition for demonstrating 19 unique zero-days, announced Trend Micro’s Zero Day Initiative (ZDI). The experts successfully demonstrated exploits against a Tesla car, Linux and Windows operating systems, and more.

Security 113
article thumbnail

Google Pays $10M in Bug Bounties in 2023

Schneier on Security

BleepingComputer has the details. It’s $2M less than in 2022, but it’s still a lot. The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the program’s launch in 2010 has reached $59 million. For Android, the world’s most popular and widely used mobile operating system, the program awarded over $3.4 million.