Thu.Feb 22, 2024

article thumbnail

Breach Roundup: More Fallout From the LockBit Takedown

Data Breach Today

Also: Avast Agrees to $16.5 Million Civil Penalty to Settle Privacy Investigation This week: more fallout from LockBit, Avast to pay $16.5M, Russia-linked group targeted mail servers, no indication that AT&T was hacked, analysis of a patched Apple flaw, Microsoft enhanced logging, an Android banking Trojan, North Korean hackers and a baking giant fell to ransomware.

article thumbnail

Multiple XSS flaws in Joomla can lead to remote code execution

Security Affairs

Joomla maintainers have addressed multiple vulnerabilities in the popular content management system (CMS) that can lead to execute arbitrary code. The maintainers of the Joomla! Project released Joomla 5.0.3 and 4.4.3 versions that addressed the following vulnerabilities in the popular content management system (CMS): [ 20240201 ] – CVE-2024-21722 Core – Insufficient session expiration in MFA management views: The MFA management features did not properly terminate existing user sessi

CMS 113
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

LockBit Group Prepared New Crypto-Locker Before Takedown

Data Breach Today

Numerous Impediments Remain If Administrators Attempt to Reboot the Operation The notorious ransomware-as-a-service group LockBit, disrupted by law enforcement this week, was developing a new version of its crypto-locking malware prior to being shut down, security researchers reported. Even so, experts say it's unlikely the group would be able to successfully reboot.

article thumbnail

European Commission to Establish AI Office

Hunton Privacy

On January 24, 2024, the European Commission announced that it had published the Commission Decision establishing the European AI Office (the “Decision”). The AI Office will be established within the Commission as part of the administrative structure of the Directorate-General for Communication Networks, Content and Technology , and subject to its annual management plan.

Risk 106
article thumbnail

10 Rules for Managing Apache Cassandra

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

article thumbnail

LockBit Ransomware Group Building New Locker Before Takedown

Data Breach Today

Numerous Impediments Remain, Should Administrators Attempt to Reboot Operation The notorious ransomware-as-a-service group LockBit, disrupted by law enforcement this week, was developing a new version of its crypto-locking malware prior to being disrupted, security researchers report. Even so, experts say it's unlikely the group would be able to successfully reboot.

More Trending

article thumbnail

Change Healthcare Cyber Outage Disrupts Firms Nationwide

Data Breach Today

HHS Issues Special Alert Urging Providers and Contractors to 'Stay Vigilant' Change Healthcare - a unit of Optum that provides IT services and applications to hundreds of U.S. pharmacies, payers and healthcare providers - is dealing with a cyber incident that has forced the company to take its applications offline enterprisewide. The company said is triaging the situation.

IT 254
article thumbnail

CISA orders federal agencies to fix ConnectWise ScreenConnect bug in a week

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds ConnectWise ScreenConnect bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a ConnectWise ScreenConnect vulnerability, tracked as CVE-2024-1709 , to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is an authentication bypass vulnerability issue that an attacker with network access to the management interface can exploit to create a new,

article thumbnail

Report: Ofcom Unprepared to Implement UK Online Safety Bill

Data Breach Today

UK Parliamentary Committee Says the Agency Is Not Likely to Meet the 2025 Deadline The U.K. telecom regulatory Ofcom faces "significant challenges" in implementing the newly passed Online Safety Act, which is intended to protect children from online harm, says analysis by the House of Commons Committee of Public Accounts.

244
244
article thumbnail

FTC charged Avast with selling users’ browsing data to advertising companies

Security Affairs

US FTC charged cyber security firm Avast with harvesting consumer web browsing data through its browser extension and antivirus and sold it. The US Federal Trade Commission (FTC) has filed charges against cybersecurity firm Avast, accusing it of collecting and selling consumer web browsing data gathered through its browser extension and antivirus services.

article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

article thumbnail

Privacy Teams Expected to Guard AI Future

Data Breach Today

Tarun Samtani of International SOS Discusses AI Privacy Implementation Principles In most organizations, the privacy team plays an important role in artificial intelligence implementation and governance. Tarun Samtani, DPO and privacy program director at International SOS, said privacy principles inherently align with the demand for responsible data use of AI technology.

Privacy 244
article thumbnail

New Image/Video Prompt Injection Attacks

Schneier on Security

Simon Willison has been playing with the video processing capabilities of the new Gemini Pro 1.5 model from Google, and it’s really impressive. Which means a lot of scary new video prompt injection attacks. And remember, given the current state of technology, prompt injection attacks are impossible to prevent in general.

IT 100
article thumbnail

Cryptohack Roundup: $26 Million FixedFloat Hack

Data Breach Today

Also: FCA Rounds Up Noncompliant Firms; GoFundMe Shuts Down Tornado Cash Fundraiser This week, FixedFloat lost $26 million in a hack, the U.K. Financial Conduct Authority found illegal promotions of cryptocurrency, GoFundMe shuttered a Tornado Cash fundraiser, and an Australian cop allegedly stole $4 million worth of bitcoins.

242
242
article thumbnail

Leak Shows Alarm in Congress Over a Russian ‘Threat’ Is a Real Anomaly

WIRED Threat Level

The US Congress was preparing to vote on a key foreign surveillance program last week. Then a wild Russian threat appeared.

Privacy 98
article thumbnail

10 Rules for Managing Apache Kafka

Without proper guidance, it’s easy to miss out on Kafka’s full capabilities. While not the easiest technology to optimize, Kafka rewards those willing to explore its depths. Under the hood, it is an elegant system for stream processing, event sourcing, and data integration. Download this white paper to learn the 10 critical rules that will help you optimize your Kafka system and unlock its full potential.

article thumbnail

An Update on the SEC’s Cybersecurity Reporting Rules

Hunton Privacy

As we pass the two-month anniversary of the effectiveness of the U.S. Securities and Exchange Commission’s (“SEC’s”) Form 8-K cybersecurity reporting rules under new Item 1.05, this blog post provides a high-level summary of the filings made to date. Six companies have now made Item 1.05 Form 8-K filings. Three of these companies also have amended their first Form 8-K filings to provide additional detail regarding subsequent events.

article thumbnail

IBM Cloud delivers enterprise sovereign cloud capabilities

IBM Big Data Hub

As we see enterprises increasingly face geographic requirements around sovereignty, IBM Cloud® is committed to helping clients navigate beyond the complexity so they can drive true transformation with innovative hybrid cloud technologies. We believe this is particularly important with the rise of generative AI. While AI can undoubtedly offer a competitive edge to organizations that effectively leverage its capabilities, we have seen unique concerns from industry to industry and region to re

Cloud 79
article thumbnail

Driving innovation and growth, Reltio powers into 2024

Reltio

Every company needs to unify information from disparate sources, derive actionable insights, and fuel real-time operations in a data-driven world. As a pioneer in data unification and management, Reltio® continues to push the frontiers in empowering customers to realize the full potential of their data and enable digital transformation. Last year represented a watershed moment for us, with major new product launches, high-profile industry recognition, and increased growth in new customers.

article thumbnail

Empower your technical staff with hands-on technology training

IBM Big Data Hub

With a vast amount of technology training and education available today, it’s difficult to know what deserves your attention and what’s just a marketing ploy. Furthermore, most training and education in technology is only offered through text or video, meaning that the learner doesn’t have an opportunity to apply the theory that they are learning.

article thumbnail

Navigating the Future: Generative AI, Application Analytics, and Data

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

article thumbnail

Security 360 spotlight: Back to basics

Jamf

Jamf’s annual report helps Security teams understand which real-world threats made the greatest impact while underscoring the need for a defense-in-depth security plan to best protect your organization from evolving risk to Mac and mobile platforms.

article thumbnail

Expanding on ethical considerations of foundation models

IBM Big Data Hub

The rise of foundation models that power the growth of generative AI and other AI use cases offers exciting possibilities—yet it also raises new questions and concerns about their ethical design, development, deployment, and use. The IBM AI Ethics Board publication Foundation models: Opportunities, risks and mitigations addresses those concerns and explores the technology’s benefits, risks, guardrails, and mitigations.

Paper 66
article thumbnail

Thanks to Machine Learning, Scientist Finally Recover Text From The Charred Scrolls of Vesuvius via Slashdot.org

IG Guru

Check out the post here. The post Thanks to Machine Learning, Scientist Finally Recover Text From The Charred Scrolls of Vesuvius via Slashdot.org first appeared on IG GURU.

article thumbnail

HID Connects Podcast Season 2 Episode 1: Is There a Generation Gap in the Security Industry?

HID Global

People of different ages think about security differently. We review these inherent differences in this podcast episode.

article thumbnail

Get Better Network Graphs & Save Analysts Time

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

article thumbnail

Here Are the Secret Locations of ShotSpotter Gunfire Sensors

WIRED Threat Level

The locations of microphones used to detect gunshots have been kept hidden from police and the public. A WIRED analysis of leaked coordinates confirms arguments critics have made against the technology.

Privacy 28
article thumbnail

Season 2 Episode 1: Is There a Generation Gap in the Security Industry?

HID Global

People of different ages think about security differently. We review these inherent differences in this podcast episode.

article thumbnail

Archive-It Partner News, February 2024

Archive-It

Introducing ARCHWay ARCHWay, a free Archives Research Compute Hub (ARCH) service, lets you computationally explore web archives in new ways. Users have access to a diverse set of collections, as well as the ARCH user guide with written and video tutorials on how to use and explore ARCH datasets. If you’d like to learn more and request access to your own ARCHWay account, check out the ARCHWay announcement on the Archive-It Blog.

article thumbnail

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign espionage campaigns to the nation’s burgeoning and highly competitive cybersecurity industry.

article thumbnail

How Embedded Analytics Gets You to Market Faster with a SAAS Offering

Start-ups & SMBs launching products quickly must bundle dashboards, reports, & self-service analytics into apps. Customers expect rapid value from your product (time-to-value), data security, and access to advanced capabilities. Traditional Business Intelligence (BI) tools can provide valuable data analysis capabilities, but they have a barrier to entry that can stop small and midsize businesses from capitalizing on them.

article thumbnail

Operationalizing responsible AI principles for defense

IBM Big Data Hub

Artificial intelligence (AI) is transforming society, including the very character of national security. Recognizing this, the Department of Defense (DoD) launched the Joint Artificial Intelligence Center (JAIC) in 2019, the predecessor to the Chief Digital and Artificial Intelligence Office (CDAO), to develop AI solutions that build competitive military advantage, conditions for human-centric AI adoption, and the agility of DoD operations.