Sat.Aug 10, 2024 - Fri.Aug 16, 2024

article thumbnail

How to Get Started with Gen AI for Information Management

AIIM

AIIM research shows that many organizations feel ready for AI, but encounter obstacles to implementation, especially a lack of available use cases. Where do organization start with Generative AI (Gen AI)?

article thumbnail

NIST Releases First Post-Quantum Encryption Algorithms

Schneier on Security

From the Federal Register : After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes: CRYSTALS-Dilithium, FALCON, and SPHINCS+. These algorithms are part of three NIST standards that have been finalized: FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism Standard FIPS 204: Module-Lattice-Base

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Breach Roundup: Microsoft's August Patch Contains 90 Fixes

Data Breach Today

Also: Azure Health Bot Vulnerabilities Expose Risks in Cloud-Based Chatbots This week, Microsoft released its August patch of 90 fixes, flaws were discovered in Azure Health Bot, Orion lost $60 million in a BEC scam, Schlatter Industries was hit by malware, Microsoft said it will discontinue Paint 3D in November and Russia restricted access to Signal.

Cloud 169
article thumbnail

Six 0-Days Lead Microsoft’s August 2024 Patch Push

Krebs on Security

Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attackers. Image: Shutterstock. This month’s bundle of update joy from Redmond includes patches for security holes in Office ,NET , Visual Studio , Azure , Co-Pilot , Microsoft Dynamics , Teams , Secure Boot, and of course Windows itself.

Security 245
article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

article thumbnail

Want to Win a Bike Race? Hack Your Rival’s Wireless Shifters

WIRED Threat Level

Researchers have discovered a way that would allow anyone with a few hundred dollars to hack into a wireless gear-shifting systems used by the top cycling teams for events like the Tour de France.

Security 138

More Trending

article thumbnail

Suspected Ransom Cartel Operator Extradited to the US

Data Breach Today

Maksim Silnikau, aka 'J.P.Morgan,' Charged in New Jersey and Virginia Federal Court A pioneer of the ransomware-as-a-service model appeared in U.S. federal court Tuesday where he faces a slew of charges stemming from a nearly two-decade online career. Poland extradited Maksim Silnikau to the United States on Friday; authorities arrested him in a Spanish seaside town in 2023.

article thumbnail

New Windows IPv6 Zero-Click Vulnerability

Schneier on Security

The press is reporting a critical Windows vulnerability affecting IPv6. As Microsoft explained in its Tuesday advisory, unauthenticated attackers can exploit the flaw remotely in low-complexity attacks by repeatedly sending IPv6 packets that include specially crafted packets. Microsoft also shared its exploitability assessment for this critical vulnerability, tagging it with an “exploitation more likely” label, which means that threat actors could create exploit code to “consis

IT 126
article thumbnail

Nearly All Google Pixel Phones Exposed by Unpatched Flaw in Hidden Android App

WIRED Threat Level

A fix is coming, but data analytics giant Palantir says it’s ditching Android devices altogether because Google’s response to the vulnerability has been troubling.

Analytics 142
article thumbnail

EU Governments Sign-off Proposed Reforms to GDPR Procedural Rules and Council Reaches Common Member States’ Position

Data Matters

On 24 May 2024, the Council of the European Union (the “Council”) released new details of a proposed reform of the General Data Protection Regulation’s (“GDPR”) procedural rules, which representatives of EU national governments approved on 29 May 2024. On 13 June 2024, the Council issued a press release detailing its agreed common Member States’ position that maintains the general thrust of the original proposed reforms, but which seeks to: (i) introduce clearer timelines; (ii) improve efficienc

GDPR 114
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Revoked DigiCert Digital Certificates: 27% Not Yet Replaced

Data Breach Today

Many Customers Apparently Still Struggling to Reissue Certificates, Researchers Say Thousands of organizations appear to still be struggling to comply with a forced, mass revocation of thousands of digital certificates issued by DigiCert using a buggy verification mechanism. Researchers recently said 27% of the 83,267 revoked certificates have yet to be reissued by customers.

189
189
article thumbnail

The Post-Quantum Cryptography Algorithms are finalized! Now what?

Thales Cloud Protection & Licensing

The Post-Quantum Cryptography Algorithms are finalized! Now what? josh.pearson@t… Tue, 08/13/2024 - 16:11 With the recent release from NIST about their final, published Post-Quantum Cryptography (PQC) algorithms (ML-KEM (formerly Kyber), ML-DSA (formerly Dilithium), SLH-DSA (formerly SPHINCS+) and with it the imminent end-of-life of the encryption foundations we have relied upon for decades, many organizations are left wondering exactly what they should do next.

article thumbnail

The Slow-Burn Nightmare of the National Public Data Breach

WIRED Threat Level

Social Security numbers, physical addresses, and more—all available online. After months of confusion, leaked information from a background-check firm underscores the long-term risks of data breaches.

article thumbnail

Asia-Pacific Regulations Keep Pace With Rapid Evolution of Artificial Intelligence Technology

Data Matters

Regulation of artificial intelligence (AI) technology in the Asia-Pacific region (APAC) is developing rapidly, with at least 16 jurisdictions having some form of AI guidance or regulation. Some countries are implementing AI-specific laws and regulation, while others take a more “soft” law approach in reliance on nonbinding principles and standards. While regulatory approaches in the region differ, policy drivers feature common principles including responsible use, data security, end-user protect

article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

Russian Sentenced to 3 Years for Selling Stolen Identities

Data Breach Today

FBI Sting Identified Georgy Kavzharadze as Vendor on Illicit Slilpp Markplace Russian national Georgy Kavzharadze, 27, has been sentenced to serve 40 months in U.S. prison after pleading guilty to earning over $200,000 by selling stolen U.S. bank account access credentials via the illicit Slilpp stolen-credential marketplace.

Access 152
article thumbnail

Hacker Stories: A Facebook Physical Threat

KnowBe4

Most people take a lot of measures to secure their online bank accounts, credit card accounts, retirement accounts and other financial accounts. This often means enabling some form of multi-factor authentication (MFA), using a strong password, or other means of keeping money safe.

Passwords 122
article thumbnail

Microsoft Patch Tuesday security updates for August 2024 addressed six actively exploited bugs

Security Affairs

Microsoft’s August 2024 Patch Tuesday addressed 90 vulnerabilities, including six that are actively exploited. Patch Tuesday security updates for August 2024 addressed 90 vulnerabilities in Microsoft products including Windows and Windows Components; Office and Office Components; NET and Visual Studio; Azure; Co-Pilot; Microsoft Dynamics; Teams; and Secure Boot and others, bringing the total to 102 when including third-party bugs.

Security 120
article thumbnail

Texas Sues GM for Collecting Driving Data without Consent

Schneier on Security

Texas is suing General Motors for collecting driver data without consent and then selling it to insurance companies: From CNN : In car models from 2015 and later, the Detroit-based car manufacturer allegedly used technology to “collect, record, analyze, and transmit highly detailed driving data about each time a driver used their vehicle,” according to the AG’s statement.

Insurance 118
article thumbnail

Launching LLM-Based Products: From Concept to Cash in 90 Days

Speaker: Christophe Louvion, Chief Product & Technology Officer of NRC Health and Tony Karrer, CTO at Aggregage

Christophe Louvion, Chief Product & Technology Officer of NRC Health, is here to take us through how he guided his company's recent experience of getting from concept to launch and sales of products within 90 days. In this exclusive webinar, Christophe will cover key aspects of his journey, including: LLM Development & Quick Wins 🤖 Understand how LLMs differ from traditional software, identifying opportunities for rapid development and deployment.

article thumbnail

Deep Dive: Why Can't We Solve API Security?

Data Breach Today

CISOs, Analysts Explore Solutions to Visibility, Governance and Incident Response APIs are the connections that make digital business happen. Companies on average rely on more than 15,000 APIs, but these interfaces pose security risks. In this "Deep Dive" special report, ISMG's Anna Delaney explores how security leaders are tackling API security.

Security 152
article thumbnail

DORA – ESAs Publish Draft Technical Standards on ICT Subcontracting

Data Matters

On 26 July 2024, the European Supervisory Authorities (EBA, EIOPA and ESMA, collectively, the “ESAs”) published their joint final report on the draft Regulatory Technical Standards (“RTS”) specifying the elements that a financial entity should determine and assess when subcontracting ICT services supporting critical or important functions under Article 30(5) of the Digital Operational Resilience Act (“DORA”).

article thumbnail

Microsoft found OpenVPN bugs that can be chained to achieve RCE and LPE

Security Affairs

Microsoft found four bugs in OpenVPN that could be chained to achieve remote code execution and local privilege escalation. During the Black Hat USA 2024 conference, Microsoft researchers disclosed multiple medium-severity bugs in the open-source project OpenVPN that could be chained to achieve remote code execution (RCE) and local privilege escalation (LPE).

article thumbnail

Taxonomy of Generative AI Misuse

Schneier on Security

Interesting paper: “ Generative AI Misuse: A Taxonomy of Tactics and Insights from Real-World Data “: Generative, multimodal artificial intelligence (GenAI) offers transformative potential across industries, but its misuse poses significant risks. Prior research has shed light on the potential of advanced AI systems to be exploited for malicious purposes.

article thumbnail

How Top Tech CFOs Solve Annual Planning’s Biggest Challenges

Gearing up for 2025 annual planning? Our latest eBook from the Operators Guild is your ultimate guide. Discover real-world solutions and best practices shared by top CFOs, drawn directly from discussions within OG’s vibrant online community. Learn from senior executives at high-growth tech startups as they outline financial planning strategies, align CEO and board goals, and coordinate budgets across departments.

article thumbnail

Iran Still Attempting to Hack US Elections: Google

Data Breach Today

Computing Giant Says APT42 Behind 'Small But Steady Cadence' of Phishing Emails Iranian nation-state hackers are continuing a campaign to infiltrate the U.S. presidential election by penetrating the email inboxes of campaign and election officials, Google said Wednesday. The Iranian cyberespionage group tracked as APT42 started "a small but steady cadence" of phishing emails.

Phishing 152
article thumbnail

Microsoft Discovers Critical OpenVPN Vulnerabilities

eSecurity Planet

OpenVPN has long been a popular choice for creating secure point-to-point or site-to-site connections over the internet. Its open-source nature and robust encryption capabilities have made it a staple in many organizations’ and individuals’ security arsenals. However, a recent discovery by Microsoft researchers has unveiled a critical flaw in this widely trusted software.

article thumbnail

Crooks took control of a cow milking robot causing the death of a cow

Security Affairs

Crooks took control of a cow milking robot and demanded a ransom from a farmer who refused to pay it, resulting in the death of a cow. An extortion attempt had a tragic outcome, cybercriminals took control of a cow milking robot and demanded a ransom from a farmer, but he did not pay, resulting in the death of a cow. In November 2023, farmer Vital Bircher received a message from his milking robot on his phone, then he noticed that the device’s display was blank and was missing essential da

article thumbnail

Reflecting on KnowBe4's 5th Consecutive TrustRadius Tech Cares Award

KnowBe4

For the fifth year in a row, we've been honored with the TrustRadius Tech Cares Award ! This recognition is a testament to our unwavering commitment to corporate social responsibility (CSR) and the incredible efforts of our team.

112
112
article thumbnail

An Architect’s Guide for Selecting Scalable, Data-Layer Technologies

There’s no getting around it: selecting the right foundational data-layer components is crucial for long-term application success. That’s why we developed this white paper to give you insights into four key open-source technologies – Apache Cassandra®, Apache Kafka®, Apache Spark™, and OpenSearch® – and how to leverage them for lasting success. Discover everything you’ll want to know about scalable, data-layer technologies: Learn when to choose these technologies and when to avoid them Explore h

article thumbnail

FBI Seizes Servers Powering Dispossessor Ransomware Group

Data Breach Today

Feds Also File Criminal Complaint Against 'Brain,' Alleged Leader of the Operation The FBI said it led the disruption of a ransomware group called Dispossessor, aka Radar, that amassed victims in dozens of countries. An international dismantling of the group's alleged infrastructure seized servers in the U.S., the U.K. and Germany, as well as multiple domain names.

article thumbnail

Online Merchants: PCI DSS Compliance Tips When Outsourcing

IT Governance

Common challenges for SAQ A/e-commerce merchants and how to resolve them E-commerce merchants, by definition, accept card payments. So, they’re subject to the PCI DSS (Payment Card Industry Data Security Standard). This standard, currently at v4.0.1 (a limited revision to PCI DSS v4.0 ), contains 277 sub-requirements. However, you can reduce your scope to drastically lower the number of requirements you must meet, thereby significantly reducing your compliance burden.

article thumbnail

SolarWinds addressed a critical RCE in all Web Help Desk versions

Security Affairs

SolarWinds addressed a critical remote code execution vulnerability in its Web Help Desk solution for customer support. SolarWinds fixed a critical vulnerability, tracked as CVE-2024-28986 (CVSS score 9.8), in SolarWinds’ Web Help Desk solution for customer support. The flaw is a Java deserialization issue that an attacker can exploit to run commands on a vulnerable host leading to remote code execution.