Trending Articles

article thumbnail

OMB Issues First Governmentwide AI Risk Mitigation Rules

Data Breach Today

Guidance Calls for Agencies to Appoint Chief AI Officers, Set Up Governance Boards The Office of Management and Budget issued the first-ever governmentwide guidance for mitigating risks associated with the federal use of artificial intelligence, including specific actions agencies must complete within a year to help ensure the responsible use of emerging tools and technologies.

Risk 255
article thumbnail

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

Krebs on Security

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. In this scenario, a target’s Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds “Allow” or “Don’t Allow” to each prompt.

Passwords 330
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Alert: Hackers Hit High-Risk Individuals' Personal Accounts

Data Breach Today

Cybersecurity Experts Recommend Defenses to Counter Surge in Such Attacks Calling all high-risk individuals: Ensure you're taking adequate steps to secure your personal devices and accounts, as criminals and nation-state hackers increasingly target them instead of grappling with corporate defenses, warned the U.K.'s National Cyber Security Center.

Risk 311
article thumbnail

GUEST ESSAY: NIST’s Cybersecurity Framework update extends best practices to supply chain, AI

The Last Watchdog

The National Institute of Standards and Technology (NIST) has updated their widely used Cybersecurity Framework (CSF) — a free respected landmark guidance document for reducing cybersecurity risk. Related: More background on CSF However, it’s important to note that most of the framework core has remained the same. Here are the core components the security community knows: Govern (GV): Sets forth the strategic path and guidelines for managing cybersecurity risks, ensuring harmony with business go

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Data Privacy in the Age of AI

AIIM

Data privacy and Artificial Intelligence (AI) are two of biggest issues in the information spaces today. However, despite the enormous amount of coverage they receive in the trade and general media, what is not yet well understood is how tightly intertwined they are, and how risky it can be to address them without a proper foundation. Here are a few points to ponder to help you avoid the most common risks.

More Trending

article thumbnail

Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

Krebs on Security

The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep , an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by KrebsOnSecurity forced Onerep’s CEO to admit that he has founded dozens of people-search networks over the years.

article thumbnail

On the Increase: Zero-Days Being Exploited in the Wild

Data Breach Today

Espionage Groups and Commercial Surveillance Vendors Tied to Many Zero-Day Exploits Fresh zero-day vulnerabilities continue to be getting actively exploited in the wild by attackers, often for surveillance and espionage purposes, according to the latest annual review of in-the-wild exploits published by Google. In 2023, 97 new zero-days came to light, up from 62 in 2022.

276
276
article thumbnail

Large-scale Sign1 malware campaign already infected 39,000+ WordPress sites

Security Affairs

A large-scale malware campaign, tracked as Sign1, has already compromised 39,000 WordPress sites in the last six months. Sucurity researchers at Sucuri spotted a malware campaign, tracked as Sign1, which has already compromised 39,000 WordPress sites in the last six months. The experts discovered that threat actors compromised the websites implanting malicious JavaScript injections that redirect visitors to malicious websites.

IT 127
article thumbnail

Migrating data to the cloud? Don’t neglect change management

Collibra

Did you know 72% of companies identify data as their biggest challenge to achieving AI goals by 2025? 1 For data professionals embarking on a data cloud migration , the stakes couldn’t be any higher. It’s why effective change management is not just a luxury; it’s a necessity for unlocking the full power of cloud capabilities and ensuring adoption.

Cloud 106
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Security Vulnerability in Saflok’s RFID-Based Keycard Locks

Schneier on Security

It’s pretty devastating : Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba.

article thumbnail

New Phishing-as-a-Service Kit Attempts to Bypass MFA

KnowBe4

A Phishing-as-a-Service (PhaaS) platform called “Tycoon 2FA” has surged in popularity over the past several months, according to researchers at Sekoia. The phishing kit is notable for its focus on bypassing victims’ multi-factor authentication measures.

article thumbnail

Pwn2Own Vancouver 2024: participants earned $1,132,500 for 29 unique 0-days

Security Affairs

Pwn2Own Vancouver 2024 hacking competition has ended, and participants earned $1,132,500 for demonstrating 29 unique zero-days. Trend Micro’s Zero Day Initiative (ZDI) announced that participants earned $1,132,500 on the Pwn2Own Vancouver 2024 hacking competition for demonstrating 29 unique zero-days. On day one , the Team Synacktiv successfully demonstrated exploits against a Tesla car.

article thumbnail

Ahead of the curve: How generative AI is revolutionizing the content supply chain

IBM Big Data Hub

The global adoption of generative AI is upon us, and it’s essential for marketing organizations to understand and play in this space to stay competitive. With content demands expected to grow in the next few years, organizations need to create more content at a faster pace to meet customer expectations and business needs. Knowing how to manifest these improvements is not always clear: Enter generative AI and the content supply chain.

Risk 111
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

On Secure Voting Systems

Schneier on Security

Andrew Appel shepherded a public comment —signed by twenty election cybersecurity experts, including myself—on best practices for ballot marking devices and vote tabulation. It was written for the Pennsylvania legislature, but it’s general in nature. From the executive summary: We believe that no system is perfect, with each having trade-offs.

article thumbnail

FBI: Losses Due to Cybercrime Jump to $12.5 Billion as Phishing Continues to Dominate

KnowBe4

The FBI’s Internet Crime Complaint Center (IC3) newly-released Internet Crimes Report provides an unbiased big picture of the cyber crimes that were the most used and most successful.

Phishing 101
article thumbnail

Hackers Developing Malicious LLMs After WormGPT Falls Flat

Data Breach Today

Crooks Are Recruiting AI Experts to Jailbreak Existing LLM Guardrails Cybercrooks are exploring ways to develop custom, malicious large language models after existing tools such as WormGPT failed to cater to their demands for advanced intrusion capabilities, security researchers say. Undergrounds forums teem with hackers' discussions about how to exploit guardrails.

Security 257
article thumbnail

CISA adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2023-48788 Fortinet FortiClient EMS SQL Injection Vulnerability CVE-2021-44529 Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulne

IT 117
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Chinese Hackers Charged in Decade-Long Global Spying Rampage

WIRED Threat Level

US and UK officials hit Chinese hacking group APT31 with sanctions and criminal charges after they targeted thousands of businesses, politicians, and critics of China.

article thumbnail

Hardware Vulnerability in Apple’s M-Series Chips

Schneier on Security

It’s yet another hardware side-channel attack: The threat resides in the chips’ data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CPU cache before it’s actually needed, the DMP, as the feature is abbreviated, reduces latency between the main memory and the CPU, a common bottleneck in modern computing.

article thumbnail

[New Research] KnowBe4's Report is a Call to Action for Global Organizations to Improve Their Security Culture

KnowBe4

We’re thrilled to announce the release of the 2024 Security Culture Report , which dives deep into how security measures affect organizations and the way employees act and feel at work.

article thumbnail

Turning to a Career in Cybersecurity

Data Breach Today

Cyberthreats Are Rampant, Expertise Is Needed, and the Rewards Are Great The transition to a career in cybersecurity is not just a change of professional direction; it represents a commitment to defending the digital world. Here's how you can get the critical technical skills needed to fill the 4-million-job shortfall and protect our interconnected world.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

TheMoon bot infected 40,000 devices in January and February

Security Affairs

A new variant of TheMoon malware infected thousands of outdated small office and home office (SOHO) routers and IoT devices worldwide. The Black Lotus Labs team at Lumen Technologies uncovered an updated version of “ TheMoon ” bot targeting end-of-life (EoL) small home/small office (SOHO) routers and IoT devices. The new version of the bot has been spotted infecting thousands of outdated devices in 88 countries.

IoT 110
article thumbnail

EclipseStore enables high performance and saves 96% data storage costs with WebSphere Liberty InstantOn

IBM Big Data Hub

As AI technology advances, the need for high-performance, cost-effective and easily deployable solutions reached unprecedented levels. EclipseStore, a groundbreaking data storage platform from MicroStream , is revolutionizing the development of cutting-edge software applications. IBM ® collaborated with MicroStream to integrate the IBM WebSphere ® Liberty InstantOn feature within EclipseStore.

Cloud 85
article thumbnail

Google Pays $10M in Bug Bounties in 2023

Schneier on Security

BleepingComputer has the details. It’s $2M less than in 2022, but it’s still a lot. The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the program’s launch in 2010 has reached $59 million. For Android, the world’s most popular and widely used mobile operating system, the program awarded over $3.4 million.

Security 101
article thumbnail

Cloud-Conscious Cyber Attacks Spike 110% as Threat Groups Sharpen their Attack Skills

KnowBe4

Cybercriminals are catching up to all the digital transformation done over the last decade, as new data shows increased expertise in leveraging and.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

New Regulations Pose Compliance Challenges

Data Breach Today

How to Navigate New SEC Rules The new SEC rules, which took effect in late 2023, introduce mandatory cyber-incident reporting requirements for all U.S.-listed companies.

article thumbnail

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Security Affairs

Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. Google’s Threat Analysis Group (TAG) and its subsidiary Mandiant reported that in 2023 97 zero-day vulnerabilities were exploited in attacks, while in 2022 the actively exploited zero-day flaws were 62.

article thumbnail

Hyperscale vs. colocation: Go big or go rent?

IBM Big Data Hub

Here’s the situation: You’re the CIO or similarly empowered representative of an organization. Different voices within your business are calling attention to the awesome scalability and power of hyperscale computing, which you’ve also noticed with increasing interest. Now the word comes down from on high that you’ve been tasked with designing and implementing your company’s hyperscale computing solution—whatever that should be.

Cloud 82