Krebs on Security

APRIL 15, 2024

The U.S. government is warning that “smart locks” securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock’s maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021. Meanwhile, Chirp’s parent company, RealPage, Inc. , is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents.

Analytics 232

Analytics Cybersecurity Passwords Communications 232

Data Breach Today

APRIL 12, 2024

Experts Warn AI Tools Can Now Compromise Voice Password Systems Used by Many Banks At many financial institutions, your voice is your password. Tiny variations in pitch, tone and timbre make human voices an ideal method for authenticating customers - as long as computers can't be trained to synthesize those pitch, tone and timbre characteristics in real time.

Passwords 275

Passwords Authentication 275

Krebs on Security

APRIL 10, 2024

On April 9, Twitter/X began automatically modifying links that mention “twitter.com” to read “x.com” instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links — such as fedetwitter[.]com , which until very recently rendered as fedex.com in tweets.

Phishing 302

Phishing IT 302

AIIM

APRIL 11, 2024

It’s funny how corporate leaders get serious about information governance right after their company has been hit with a lawsuit or regulatory action. OK, it’s not funny at all. But that’s usually when many executives decide it's time to implement information governance and in particular, document retention. We’re here to advise you to not put off having a defensible retention p rogram in place long before any legal action occur s.

Information governance 166

Information governance Government IT 166

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

WIRED Threat Level

APRIL 15, 2024

Microsoft has stumbled through a series of major cybersecurity failures over the past few years. Experts say the US government’s reliance on its systems means the company continues to get a free pass.

Government 118

Government Cybersecurity IT Security 118

Data Breach Today

APRIL 12, 2024

US Cyber Mission Force Led 22 Defensive Cyber Operations in 2023, Commander Says Air Force Gen. Timothy Haugh told the Senate Armed Services Committee the U.S. Cyber Command carried out nearly two dozen defensive cyber operations across the globe in 2023, expanding in size and scope since the "hunt forward" teams were first launched in 2014.

274

274

AIIM

APRIL 16, 2024

Think about your organization for a moment. Is there any employee who doesn't collect, store, transform, analyze, and delete information? We all need information to be successful and help our organizations achieve better business outcomes.

115

115

The Last Watchdog

APRIL 11, 2024

Mountain View, Calif. – April 11, 2024 – Simbian today emerged from stealth mode with oversubscribed $10M seed funding to deliver on fully autonomous security. As a first step towards that goal, the company is introducing the industry’s first GenAI-powered security co-pilot that integrates secure and intelligent AI solutions into diverse IT environments to maximize coverage and expedite resolutions to security teams’ ever-changing needs.

Security 100

Security Risk Cloud Marketing 100

Security Affairs

APRIL 15, 2024

Cisco Duo warns that a data breach involving one of its telephony suppliers exposed multifactor authentication (MFA) messages sent by the company via SMS and VOIP to its customers. Cisco Duo warns of a data breach involving one of its telephony suppliers, compromising multifactor authentication (MFA) messages sent to customers via SMS and VOIP. The security breach occurred on April 1, 2024, the threat actors used a Provider employee’s credentials that illicitly obtained through a phishing attac

Data breaches 107

Data breaches Metadata Authentication Phishing 107

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Krebs on Security

APRIL 9, 2024

If only Patch Tuesdays came around infrequently — like total solar eclipse rare — instead of just creeping up on us each month like The Man in the Moon. Although to be fair, it would be tough for Microsoft to eclipse the number of vulnerabilities fixed in this month’s patch batch — a record 147 flaws in Windows and related software.

Security 221

Security Phishing Passwords Authentication 221

Data Breach Today

APRIL 10, 2024

Survey: SMBs, Charities Mostly Targeted With Phishing, Online Impersonation in 2023 Cybercriminals launched 7.78 million attacks against U.K. businesses and nearly 1 million against charity organizations, according to the latest U.K. government survey report. But fewer than half of those firms reported the incidents to authorities, something researchers say is a concerning trend.

Phishing 261

Phishing Government 261

WIRED Threat Level

APRIL 10, 2024

Some companies let you opt out of allowing your content to be used for generative AI. Here’s how to take back (at least a little) control from ChatGPT, Google’s Gemini, and more.

Artificial Intelligence 121

Artificial Intelligence Privacy Security 121

KnowBe4

APRIL 11, 2024

In December 2023, a joint alert was issued by the FBI, CISA, NSA, EPA, and INCD regarding Iranian cyber actors known as "CyberAv3ngers" linked to Iran's Islamic Revolutionary Guard Corps (IRGC).

Cybersecurity 110

Cybersecurity Security 110

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Security Affairs

APRIL 11, 2024

Palo Alto Networks fixed several vulnerabilities in its PAN-OS operating system, including 3 issues that can trigger a DoS condition on its firewalls. Palo Alto Networks released security updates to address several high-severity vulnerabilities in its PAN-OS operating system. The company fixed the following DoS vulnerabilities: CVE-2024-3385 – The company reported that a packet processing mechanism in Palo Alto Networks PAN-OS software allows a remote attacker to reboot hardware-based fire

IT 121

IT Authentication Cloud Access 121

Krebs on Security

APRIL 16, 2024

For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state’s revenue department in 2012 and stealing tax and bank account information for 3.6 million people. The answer may no longer be a mystery: KrebsOnSecurity found compelling clues suggesting the intrusion was carried out by the same Russian hacking crew that stole of millions of payment card records from big box retailers like

Sales 149

Sales Retail Insurance Access 149

Data Breach Today

APRIL 15, 2024

Experts Warn of Growing Threat From Supply Chain Attacks After High-Profile Breach Cybersecurity experts are sounding the alarm over a rise in supply chain attacks targeting the interconnected systems of global corporate giants after the top U.S. cyber agency urged Sisense customers to reset their credentials following an apparent hack.

Cybersecurity 174

Cybersecurity 174

WIRED Threat Level

APRIL 11, 2024

Privacy-focused company DuckDuckGo is launching a tool to remove data from people-search websites, a VPN, and an identity theft restoration service.

Privacy 119

Privacy IT Security 119

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Schneier on Security

APRIL 15, 2024

A new paper presents a polynomial-time quantum algorithm for solving certain hard lattice problems. This could be a big deal for post-quantum cryptographic algorithms, since many of them base their security on hard lattice problems. A few things to note. One, this paper has not yet been peer reviewed. As this comment points out: “We had already some cases where efficient quantum algorithms for lattice problems were discovered, but they turned out not being correct or only worked for simple

Paper 86

Paper Security IT 86

Security Affairs

APRIL 9, 2024

Researchers found multiple vulnerabilities in LG webOS running on smart TVs that could allow attackers to gain root access to the devices. Bitdefender researchers discovered multiple vulnerabilities in LG webOS running on smart TVs that could be exploited to bypass authorization and gain root access on the devices. The vulnerabilities discovered by the researchers impact WebOS versions 4 through 7 running on LG TVs. “WebOS runs a service on ports 3000/3001 (HTTP/HTTPS/WSS) which is used by

Authentication 123

Authentication Libraries Access Information Security 123

Record Nations

APRIL 12, 2024

Data archiving is the process of storing and preserving electronic data to ensure your information is safe and protected over time. The goal of data archiving is to simplify data management, reduce costs, maintain regulatory compliance, and improve operational efficiency. The process of data archiving involves moving data from active storage systems, which are.

Archiving 98

Archiving Compliance Cloud 98

Data Breach Today

APRIL 15, 2024

Company Released a Hotfix to the Command Injection Vulnerability Firewall appliance manufacturer Palo Alto Networks rushed out a hotfix Friday to a command injection vulnerability present in its custom operating system after security researchers spotted a campaign to exploit the zero-day starting in March, likely from a state-backed threat actor.

Manufacturing 158

Manufacturing Security IT 158

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

Customer Experience

WIRED Threat Level

APRIL 12, 2024

US House of Representatives voted on Friday to extend the Section 702 spy program. It passed without an amendment that would have required the FBI to obtain a warrant to access Americans' information.

Access 104

Access IT Privacy Security 104

Data Matters

APRIL 11, 2024

The newest editions of the Chambers Global Practice Guides have been published and, once again, Sidley lawyers have contributed to two guides: Data Protection & Privacy 2024 and Cybersecurity 2024. These publications cover important developments across the globe and offer insightful legal commentary for businesses on issues related to data privacy and cybersecurity, such as regulatory enforcement and litigation, global cooperation to combat cybercrime, international agreement on ‘Softw

Privacy 88

Privacy Cybersecurity Artificial Intelligence Data Privacy 88

Security Affairs

APRIL 15, 2024

The Ukrainian hacking group Blackjack used a destructive ICS malware dubbed Fuxnet in attacks against Russian infrastructure. Industrial and enterprise IoT cybersecurity firm Claroty reported that the Ukrainian Blackjack hacking group claims to have damaged emergency detection and response capabilities in Moscow and beyond the Russian capital using a destructive ICS malware dubbed Fuxnet.

IoT 98

IoT Access Communications Military 98

IBM Big Data Hub

APRIL 15, 2024

The manufacturing industry is in an unenviable position. Facing a constant onslaught of cost pressures, supply chain volatility and disruptive technologies like 3D printing and IoT. The industry must continually optimize process, improve efficiency, and improve overall equipment effectiveness. At the same time, there is this huge sustainability and energy transition wave.

Manufacturing 86

Manufacturing Cloud IoT Analytics 86

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Data Breach Today

APRIL 12, 2024

Sunstone Partners: We Had a Letter of Intent to Buy Synopsys' Security Testing Unit A California private equity firm sued Synopsys and accused the systems design behemoth of breaching an exclusivity agreement by shopping its $525 million software integrity business. Sunstone Partners Management said it signed a letter of intent to acquire Synopsys' security testing services unit.

Security 180

Security IT 180

KnowBe4

APRIL 9, 2024

This complexly dangerous new service brings the bypassing of MFA to the world’s most-used email platforms to the masses… something that should be.

Phishing 120

Phishing Security 120

Data Matters

APRIL 10, 2024

The National Association of Insurance Commissioners (NAIC) held its Spring 2024 National Meeting (Spring Meeting) March 15 through 18, 2024. This Sidley Update summarizes the highlights from this meeting in addition to interim meetings held in lieu of taking place during the Spring Meeting. Highlights include proposed updates to the regulatory review process for affiliated investment management agreements, continued discussion of considerations related to private equity ownership of insurers, an

Insurance 88

Insurance Privacy Security IT 88