June, 2024

article thumbnail

On the Future of Cybersecurity in Hybrid Cloud Environments

Data Breach Today

An Interview with Gigamon's Chief Security Officer, Chaim Mazal Chief Information Security Officers (CISOs) face unprecedented challenges in their efforts to protect their organizations against a rising tide of increasingly sophisticated cyberthreats.

Cloud 319
article thumbnail

RSAC Fireside Chat: Seclore advances ‘EDRM’ by aligning granular controls onto sensitive data

The Last Watchdog

Digital rights management ( DRM ) has come a long way since Hollywood first recognized in the 1990s that it needed to rigorously protect digital music and movies. By the mid-2000s a branch called enterprise digital rights management ( EDRM ) cropped up to similarly protect sensitive business information. Today, businesses amass vast amounts of business-critical data – at a pace that’s quickening as GenAI takes hold.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. The Spanish daily Murcia Today reports the suspect was wanted by the FBI and arrested in Palma de Mallorca as he tried to board a flight to Italy.

Phishing 288
article thumbnail

Assessing Information Management Programs for Mergers & Acquisitions

AIIM

I was curious about how organizations cope with information management during a merger and acquisition process. What I discovered when I asked our members in AIIM’s Online Community, is that it’s common during the aftermath of a merger and acquisition to be presented with a dilemma of what to do with the two different information management programs of the merging organizations.

183
183
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

LockBit claims the hack of the US Federal Reserve

Security Affairs

The Lockbit ransomware group announced that it had breached the US Federal Reserve and exfiltrated 33 TB of sensitive data. The Lockbit ransomware group announced that it had breached the systems of Federal Reserve of the United States and exfiltrated 33 TB of sensitive data, including “Americans’ banking secrets.” The Lockbit ransomware group added the Federal Reserve to the list of victims on its Tor data leak site and threatened to leak the stolen data on 25 June, 2024 20:27

More Trending

article thumbnail

Spanish Police Bust Alleged Leader of Scattered Spider

Data Breach Today

US International Arrest Warrant Accuses Suspect of Cryptocurrency-Theft Campaigns Spanish National Police have arrested a 22-year-old British national based on an International Arrest Warrant from the U.S. that accuses him of stealing bitcoins worth $27 million. Reports suggest the suspect is a key member of the Scattered Spider cybercrime group that hacked MGM and Clorox.

310
310
article thumbnail

RSAC Fireside Chat: Jscrambler levels-up JavaScript security, slows GenAI-fueled privacy loss

The Last Watchdog

Could we be on the verge of Privacy Destruction 2.0, thanks to GenAI? Related: Next-level browser security That’s a question that spilled out of a thought-provoking conversation I had with Pedro Fortuna , co-founder and CTO of Jscrambler , at RSAC 2024. Jscrambler provides granular visibility and monitoring of JavaScript coding thus enabling companies to set and enforce security rules and privacy policies.

Privacy 261
article thumbnail

Leveraging Virtual Reality to Enhance Diversity and Inclusion training at Google

Elie

This case-study explores the effectiveness of virtual reality (VR) for diversity, equity, and inclusion (DEI) training through the lens of a custom VR application developped to train Google employees.

138
138
article thumbnail

AI Will Increase the Quantity—and Quality—of Phishing Scams

Schneier on Security

A piece I coauthored with Fredrik Heiding and Arun Vishwanath in the Harvard Business Review : Summary. Gen AI tools are rapidly making these emails more advanced, harder to spot, and significantly more dangerous. Recent research showed that 60% of participants fell victim to artificial intelligence (AI)-automated phishing, which is comparable to the success rates of non-AI-phishing messages created by human experts.

Phishing 129
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

APT28 targets key networks in Europe with HeadLace malware

Security Affairs

Russia-linked APT28 used the HeadLace malware and credential-harvesting web pages in attacks against networks across Europe. Researchers at Insikt Group observed Russian GRU’s unit APT28 targeting networks across Europe with information-stealer Headlace and credential-harvesting web pages. The experts observed the APT deploying Headlace in three distinct phases from April to December 2023, respectively, using phishing, compromised internet services, and living off the land binaries.

Military 136
article thumbnail

Microsoft's Recall Feature Is Even More Hackable Than You Thought

WIRED Threat Level

A new discovery that the AI-enabled feature's historical data can be accessed even by hackers without administrator privileges only contributes to the growing sense that the feature is a “dumpster fire.

Access 142
article thumbnail

Hacker Sells Apparent Santander Bank Customer Data

Data Breach Today

ShinyHunters Advertises Data Set of '30 Million Customers' for $2 Million A hacker is selling the purported data of 30 million customers of Spanish multinational bank Santander for $2 million on a criminal online forum the FBI recently attempted to shut down. Sample data posted online suggests the data set is genuine.

315
315
article thumbnail

Bouncing Back: How to Investigate and Recover After a Ransomware Attack

Thales Cloud Protection & Licensing

Bouncing Back: How to Investigate and Recover After a Ransomware Attack madhav Thu, 06/13/2024 - 05:49 You've likely seen the headlines about ransomware attacks and the monumental challenges they pose for organizations. But what should you do when an attack occurs, even if you have a ransomware protection solution in place? In this post, we will delve into the forensics of a ransomware attack, showing you how to classify the attack and recover from it if a ransomware protection solution is in pl

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

5 WordPress Plugins Compromised; Millions of Websites at Risk

eSecurity Planet

Millions of WordPress websites are under threat after a critical security breach involving several popular plugins. Security researchers discovered malicious code injected into these plugins, granting hackers the ability to create unauthorized administrator accounts. This compromise can lead to severe consequences for website owners, including data breaches and total website takeovers.

Risk 113
article thumbnail

Breaking a Password Manager

Schneier on Security

Interesting story of breaking the security of the RoboForm password manager in order to recover a cryptocurrency wallet password. Grand and Bruno spent months reverse engineering the version of the RoboForm program that they thought Michael had used in 2013 and found that the pseudo-random number generator used to generate passwords in that version­and subsequent versions until 2015­did indeed have a significant flaw that made the random number generator not so random.

Passwords 128
article thumbnail

Google Chrome 126 update addresses multiple high-severity flaws

Security Affairs

Google released Chrome 126 update that addresses a high-severity vulnerability demonstrated at the TyphoonPWN 2024 hacking competition. Google has issued a Chrome 126 security update, addressing six vulnerabilities, including a flaw, tracked as CVE-2024-6100 which was demonstrated during the SSD Secure Disclosure’s TyphoonPWN 2024. TyphoonPWN is a live hacking competition held annually at TyphoonCon, an Offensive Security Conference in Seoul, South Korea.

Security 130
article thumbnail

Microsoft Will Switch Off Recall by Default After Security Backlash

WIRED Threat Level

After weeks of withering criticism and exposed security flaws, Microsoft has vastly scaled back its ambitions for Recall, its AI-enabled silent recording feature, and added new privacy features.

Security 141
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Researchers Uncover Chinese Hacking Cyberespionage Campaign

Data Breach Today

Chinese Threat Actor 'Velvet Ant' Evaded Detection for Years in Victim Network A Chinese threat actor used state-sponsored techniques to carry out a cyberespionage campaign targeting a major organization's networks after exploiting legacy technology to gain multiple footholds across the enterprise infrastructure, researchers said in a Monday blog post.

298
298
article thumbnail

The State of Data Breaches

Troy Hunt

I've been harbouring some thoughts about the state of data breaches over recent months, and I feel they've finally manifested themselves into a cohesive enough story to write down. Parts of this story relate to very sensitive incidents and parts to criminal activity, not just on behalf of those executing data breaches but also very likely on behalf of some organisations handling them.

article thumbnail

Vulnerability Recap 6/18/24 – Patch Tuesday, Plus More Ivanti Issues

eSecurity Planet

The remote code execution vulnerabilities from last week’s recap continue, and Microsoft Patch Tuesday identifies plenty of issues to patch — but fortunately, most of them aren’t critical vulnerabilities. PHP’s Windows flaw is now being exploited by ransomware, almost immediately after researchers publicized the issue. Google also has an elevation of privilege vulnerability in its Pixel phones, among others; Android has published fixes for all the device issues.

article thumbnail

LLMs Acting Deceptively

Schneier on Security

New research: “ Deception abilities emerged in large language models “: Abstract: Large language models (LLMs) are currently at the forefront of intertwining AI systems with human communication and everyday life. Thus, aligning them with human values is of great importance. However, given the steady increase in reasoning abilities, future LLMs are under suspicion of becoming able to deceive human operators and utilizing this ability to bypass monitoring efforts.

article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

An unpatched bug allows anyone to impersonate Microsoft corporate email accounts

Security Affairs

A researcher discovered a flaw that allows attackers to impersonate Microsoft corporate email accounts and launch phishing attacks. The security researcher Vsevolod Kokorin (@Slonser) discovered a bug that allows anyone to impersonate Microsoft corporate email accounts. An attacker can trigger the vulnerability to launch phishing attacks. I want to share my recent case: > I found a vulnerability that allows sending a message from any user@domain > We cannot reproduce it > I send a v

Phishing 132
article thumbnail

The Age of the Drone Police Is Here

WIRED Threat Level

A WIRED investigation, based on more than 22 million flight coordinates, reveals the complicated truth about the first full-blown police drone program in the US—and why your city could be next.

Privacy 141
article thumbnail

Australia Optus 2022 Data Breach 'Not Highly Sophisticated'

Data Breach Today

Hackers Exploited Coding Error, Says Australian Communications and Media Authority Hackers behind the leak of 10 million records from Australia's second-largest telecommunications carrier Optus exploited a vulnerability the company unwittingly inserted four years earlier into a web portal access control, said the Australian Communications and Media Authority.

article thumbnail

Are you ready for a cyberattack?

OpenText Information Management

In today's digital age, cybersecurity threats are an ever-present danger for organizations of all sizes. While sophisticated technology solutions are critical in defending against cyber threats, they are only part of the equation. Cybersecurity is not just about having the right tools; it's also about having the right people and processes in place. This is where Tabletop Exercises (or incident response simulations), come into play.

article thumbnail

How Top Tech CFOs Solve Annual Planning’s Biggest Challenges

Gearing up for 2025 annual planning? Our latest eBook from the Operators Guild is your ultimate guide. Discover real-world solutions and best practices shared by top CFOs, drawn directly from discussions within OG’s vibrant online community. Learn from senior executives at high-growth tech startups as they outline financial planning strategies, align CEO and board goals, and coordinate budgets across departments.

article thumbnail

U.S. Imposes Ban on Russia’s Kaspersky; Sanctions 12 Executives

eSecurity Planet

Kaspersky Lab is a widely known name in the world of cybersecurity. Founded in 1997, the Russian firm has grown into a global leader, boasting millions of users for its antivirus software and other security solutions. With a presence in over 200 countries and territories, Kaspersky Lab protects individuals, businesses, and critical infrastructure from a wide range of cyber threats.

article thumbnail

Using LLMs to Exploit Vulnerabilities

Schneier on Security

Interesting research: “ Teams of LLM Agents can Exploit Zero-Day Vulnerabilities.” Abstract: LLM agents have become increasingly sophisticated, especially in the realm of cybersecurity. Researchers have shown that LLM agents can exploit real-world vulnerabilities when given a description of the vulnerability and toy capture-the-flag problems.

article thumbnail

Ticketmaster confirms data breach impacting 560 million customers

Security Affairs

Ticketmaster owner Live Nation confirmed the Ticketmaster data breach that compromised the data of 560 million customers. ShinyHunters, the current administrator of BreachForums , recently claimed the hack of Ticketmaster and offered for sale 1.3 TB of data, including full details of 560 million customers, for $500,000. Stolen data includes names, emails, addresses, phone numbers, ticket sales, and order details.