Krebs on Security

APRIL 15, 2024

The U.S. government is warning that “smart locks” securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock’s maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021. Meanwhile, Chirp’s parent company, RealPage, Inc. , is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents.

Analytics 229

Analytics Passwords Cybersecurity Communications 229

Data Breach Today

APRIL 12, 2024

Experts Warn AI Tools Can Now Compromise Voice Password Systems Used by Many Banks At many financial institutions, your voice is your password. Tiny variations in pitch, tone and timbre make human voices an ideal method for authenticating customers - as long as computers can't be trained to synthesize those pitch, tone and timbre characteristics in real time.

Passwords 267

Passwords Authentication 267

Krebs on Security

APRIL 10, 2024

On April 9, Twitter/X began automatically modifying links that mention “twitter.com” to read “x.com” instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links — such as fedetwitter[.]com , which until very recently rendered as fedex.com in tweets.

Phishing 300

Phishing IT 300

The Last Watchdog

APRIL 15, 2024

San Francisco, Calif. — The amazing digital services we have today wouldn’t have come to fruition without the leading technology and telecom giants investing heavily in R&D. Related: GenAi empowers business I had the chance to attend NTT Research’s Upgrade Reality 2024 conference here last week to get a glimpse at some of what’s coming next.

Cybersecurity 197

Cybersecurity Cloud Phishing Ransomware 197

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

AIIM

APRIL 11, 2024

It’s funny how corporate leaders get serious about information governance right after their company has been hit with a lawsuit or regulatory action. OK, it’s not funny at all. But that’s usually when many executives decide it's time to implement information governance and in particular, document retention. We’re here to advise you to not put off having a defensible retention p rogram in place long before any legal action occur s.

Information governance 166

Information governance Government IT 166

Data Breach Today

APRIL 10, 2024

Survey: SMBs, Charities Mostly Targeted With Phishing, Online Impersonation in 2023 Cybercriminals launched 7.78 million attacks against U.K. businesses and nearly 1 million against charity organizations, according to the latest U.K. government survey report. But fewer than half of those firms reported the incidents to authorities, something researchers say is a concerning trend.

Phishing 264

Phishing Government 264

Security Affairs

APRIL 15, 2024

Threat actors have been exploiting the recently disclosed zero-day in Palo Alto Networks PAN-OS since March 26, 2024. Palo Alto Networks and Unit 42 are investigating the activity related to CVE-2024-3400 PAN-OS flaw and discovered that threat actors have been exploiting it since March 26, 2024. CVE-2024-3400 (CVSS score of 10.0) is a critical command injection vulnerability in Palo Alto Networks PAN-OS software.

File names 112

File names Access Authentication IT 112

The Last Watchdog

APRIL 11, 2024

San Francisco and Tokyo, Apr. 11, 2024 – At Upgrade 2024 , NTT Corporation (NTT) and NTT DATA announced the successful demonstration of All-Photonics Network (APN) -driven hyper low-latency connections between data centers in the United States and United Kingdom. In the U.K., NTT connected data centers north and east of London via NTT’s Innovative Optical Wireless Network (IOWN) APN, and communication between them was realized with a round-trip delay of less than 1 millisecond.

Communications 100

Communications IoT Cloud Marketing 100

WIRED Threat Level

APRIL 10, 2024

Some companies let you opt out of allowing your content to be used for generative AI. Here’s how to take back (at least a little) control from ChatGPT, Google’s Gemini, and more.

Artificial Intelligence 121

Artificial Intelligence Privacy Security 121

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Krebs on Security

APRIL 11, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense , whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense customers to reset any credentials and secrets that may have been shared with the company, which is the same advice Sisense gave to its customers Wednesday evening.

Encryption 235

Encryption Passwords Access Financial Services 235

Data Breach Today

APRIL 12, 2024

US Cyber Mission Force Led 22 Defensive Cyber Operations in 2023, Commander Says Air Force Gen. Timothy Haugh told the Senate Armed Services Committee the U.S. Cyber Command carried out nearly two dozen defensive cyber operations across the globe in 2023, expanding in size and scope since the "hunt forward" teams were first launched in 2014.

255

255

Security Affairs

APRIL 14, 2024

A joint investigation conducted by U.S. and Australian authorities led to the arrest of two key figures behind the Firebird RAT operation. A joint law enforcement operation conducted by the Australian Federal Police (AFP) and the FBI resulted in the arrest and charging of two individuals suspected of creating and selling the Firebird RAT, which was later renamed as Hive.

Computer and Electronics 104

Computer and Electronics Blockchain Communications Access 104

The Last Watchdog

APRIL 11, 2024

Mountain View, Calif. – April 11, 2024 – Simbian today emerged from stealth mode with oversubscribed $10M seed funding to deliver on fully autonomous security. As a first step towards that goal, the company is introducing the industry’s first GenAI-powered security co-pilot that integrates secure and intelligent AI solutions into diverse IT environments to maximize coverage and expedite resolutions to security teams’ ever-changing needs.

Security 100

Security Risk Marketing Cloud 100

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Schneier on Security

APRIL 11, 2024

Last week, the internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s an important moral to the story of the attack and its discovery : The security of the global internet depends on countless obscure pieces of software written and maintained by even more obscure unpaid, distractible, and sometimes vulnerable volunteers.

Libraries 112

Libraries e-Discovery Cybersecurity Government 112

Krebs on Security

APRIL 9, 2024

If only Patch Tuesdays came around infrequently — like total solar eclipse rare — instead of just creeping up on us each month like The Man in the Moon. Although to be fair, it would be tough for Microsoft to eclipse the number of vulnerabilities fixed in this month’s patch batch — a record 147 flaws in Windows and related software.

Security 220

Security Phishing Passwords Authentication 220

Data Breach Today

APRIL 15, 2024

Reports: 100s of Drones and Missiles Shot Down; Cyber Group Makes Threats Israel Defense Forces reported the launch of rockets by Iran from Lebanon into Israel on Saturday. Hezbollah militants claim responsibility, citing retaliation for recent Israeli actions and solidarity with Palestinians in Gaza, according to reports.

169

169

Security Affairs

APRIL 15, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto Networks PAN-OS Command Injection flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2024-3400 Palo Alto Networks PAN-OS Command Injection vulnerability to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-3400 (CVSS score of 10.0) is a critical command injection vulnerability in Palo Alto Networks PAN-OS software.

IT 103

IT Cybersecurity Access Risk 103

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

WIRED Threat Level

APRIL 11, 2024

Privacy-focused company DuckDuckGo is launching a tool to remove data from people-search websites, a VPN, and an identity theft restoration service.

Privacy 119

Privacy IT Security 119

Data Matters

APRIL 11, 2024

The newest editions of the Chambers Global Practice Guides have been published and, once again, Sidley lawyers have contributed to two guides: Data Protection & Privacy 2024 and Cybersecurity 2024. These publications cover important developments across the globe and offer insightful legal commentary for businesses on issues related to data privacy and cybersecurity, such as regulatory enforcement and litigation, global cooperation to combat cybercrime, international agreement on ‘Softw

Privacy 88

Privacy Cybersecurity Artificial Intelligence Data Privacy 88

KnowBe4

APRIL 11, 2024

In December 2023, a joint alert was issued by the FBI, CISA, NSA, EPA, and INCD regarding Iranian cyber actors known as "CyberAv3ngers" linked to Iran's Islamic Revolutionary Guard Corps (IRGC).

Cybersecurity 100

Cybersecurity Security 100

Data Breach Today

APRIL 15, 2024

Orrick Herrington Cyberattack Compromised Clients' Data, Affected Nearly 638,000 A global law firm that provides data breach legal services has agreed to an $8 million settlement to resolve a proposed class action lawsuit filed against the firm in the aftermath of its cyberattack last year, which affected some health sector clients and nearly 638,000 individuals.

Data breaches 152

Data breaches IT 152

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

Customer Experience

Security Affairs

APRIL 11, 2024

Palo Alto Networks fixed several vulnerabilities in its PAN-OS operating system, including 3 issues that can trigger a DoS condition on its firewalls. Palo Alto Networks released security updates to address several high-severity vulnerabilities in its PAN-OS operating system. The company fixed the following DoS vulnerabilities: CVE-2024-3385 – The company reported that a packet processing mechanism in Palo Alto Networks PAN-OS software allows a remote attacker to reboot hardware-based fire

IT 118

IT Authentication Cloud Access 118

WIRED Threat Level

APRIL 12, 2024

US House of Representatives voted on Friday to extend the Section 702 spy program. It passed without an amendment that would have required the FBI to obtain a warrant to access Americans' information.

Access 104

Access IT Privacy Security 104

Data Matters

APRIL 10, 2024

The National Association of Insurance Commissioners (NAIC) held its Spring 2024 National Meeting (Spring Meeting) March 15 through 18, 2024. This Sidley Update summarizes the highlights from this meeting in addition to interim meetings held in lieu of taking place during the Spring Meeting. Highlights include proposed updates to the regulatory review process for affiliated investment management agreements, continued discussion of considerations related to private equity ownership of insurers, an

Insurance 88

Insurance Privacy Security IT 88

KnowBe4

APRIL 9, 2024

This complexly dangerous new service brings the bypassing of MFA to the world’s most-used email platforms to the masses… something that should be.

Phishing 117

Phishing Security 117

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Data Breach Today

APRIL 15, 2024

Experts Warn of Growing Threat From Supply Chain Attacks After High-Profile Breach Cybersecurity experts are sounding the alarm over a rise in supply chain attacks targeting the interconnected systems of global corporate giants after the top U.S. cyber agency urged Sisense customers to reset their credentials following an apparent hack.

Cybersecurity 152

Cybersecurity 152

Security Affairs

APRIL 9, 2024

Researchers found multiple vulnerabilities in LG webOS running on smart TVs that could allow attackers to gain root access to the devices. Bitdefender researchers discovered multiple vulnerabilities in LG webOS running on smart TVs that could be exploited to bypass authorization and gain root access on the devices. The vulnerabilities discovered by the researchers impact WebOS versions 4 through 7 running on LG TVs. “WebOS runs a service on ports 3000/3001 (HTTP/HTTPS/WSS) which is used by

Authentication 121

Authentication Libraries Access Information Security 121

WIRED Threat Level

APRIL 9, 2024

The US Congress will this week decide the fate of Section 702, a major surveillance program that will soon expire if lawmakers do not act. WIRED is tracking the major developments as they unfold.

Privacy 103

Privacy Security 103