The Last Watchdog

JUNE 5, 2024

Digital rights management ( DRM ) has come a long way since Hollywood first recognized in the 1990s that it needed to rigorously protect digital music and movies. By the mid-2000s a branch called enterprise digital rights management ( EDRM ) cropped up to similarly protect sensitive business information. Today, businesses amass vast amounts of business-critical data – at a pace that’s quickening as GenAI takes hold.

Compliance 284

Compliance Marketing Cloud Access 284

Data Breach Today

JUNE 5, 2024

Sophos Finds 3 Clusters of Activity Dating at Least to May 2023 A government agency in a country that has repeatedly clashed with China over Beijing's territorial ambitions in the South China Sea was the subject of a prolonged cyberespionage campaign that used previously undetected backdoors and partially overlaps with known Sino state threat actors.

Government 249

Government 249

Data Breach Today

JUNE 3, 2024

ShinyHunters Advertises Data Set of '30 Million Customers' for $2 Million A hacker is selling the purported data of 30 million customers of Spanish multinational bank Santander for $2 million on a criminal online forum the FBI recently attempted to shut down. Sample data posted online suggests the data set is genuine.

285

285

Krebs on Security

MAY 30, 2024

Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware.

Ransomware 239

Ransomware 239

Advertisement

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

Paper

WIRED Threat Level

JUNE 4, 2024

Windows Recall takes a screenshot every five seconds. Cybersecurity researchers say the system is simple to abuse—and one ethical hacker has already built a tool to show how easy it really is.

Data collection 144

Data collection Cybersecurity IT Privacy 144

The Last Watchdog

JUNE 3, 2024

When Log4J came to light in 2021, Kinnaird McQuade , then a security engineer at Square , drew the assignment of testing endpoints at some 5,000 users of the popular mobile payments service. Related: The big lesson from Log4J “It took us eight hours to run the scan and I was sweating it because these were all small family businesses that depended on Square, and if any of them got popped, it would be real people that were affected,” McQuade told me.

Risk 148

Risk Security IT 148

Data Matters

JUNE 5, 2024

On May 16, 2024, the U.S. Securities and Exchange Commission (SEC) adopted amendments to its Regulation S-P. These final amendments impose significant cybersecurity requirements for several SEC-registered entities and transfer agents registered with another appropriate regulatory agency, including with respect to these entities’ policies and procedures, incident response and notification procedures, and cybersecurity risk management.

Privacy 97

Privacy Cybersecurity Risk Security 97

WIRED Threat Level

JUNE 5, 2024

A WIRED investigation, based on more than 22 million flight coordinates, reveals the complicated truth about the first full-blown police drone program in the US—and why your city could be next.

Privacy 115

Privacy Security 115

Security Affairs

JUNE 5, 2024

Zyxel Networks released an emergency security update to address critical vulnerabilities in end-of-life NAS devices. Zyxel Networks released an emergency security update to address three critical flaws in some of its NAS devices that have reached end-of-life. An attacker can exploit the vulnerabilities to perform command injection attacks and achieve remote code execution.

Authentication 105

Authentication Manufacturing Security IT 105

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

Artificial Intelligence

The Last Watchdog

MAY 30, 2024

From MFA to biometrics, a lot has been done to reinforce user ID and password authentication — for human users. Related: How weak service accounts factored into SolarWinds hack By comparison, almost nothing has been done to strengthen service accounts – the user IDs and passwords set up to authenticate all the backend, machine-to-machine connections of our digital world.

Passwords 130

Passwords Authentication Insurance Access 130

Data Breach Today

JUNE 4, 2024

IBM, Rubrik, Palo Alto & CrowdStrike All Bought into DSPM. Will Tenable Join Them? IBM, Rubrik, Palo Alto Networks and CrowdStrike entered the red-hot data security posture management market with nine-figure deals announced between May 2023 and March 2024. Now, Tenable reportedly wants a piece of the action as it eyes the purchase of Eureka.

Security 260

Security Marketing IT 260

Schneier on Security

JUNE 4, 2024

Interesting story of breaking the security of the RoboForm password manager in order to recover a cryptocurrency wallet password. Grand and Bruno spent months reverse engineering the version of the RoboForm program that they thought Michael had used in 2013 and found that the pseudo-random number generator used to generate passwords in that version­and subsequent versions until 2015­did indeed have a significant flaw that made the random number generator not so random.

Passwords 113

Passwords IT Security 113

WIRED Threat Level

JUNE 4, 2024

When a drug kingpin named Microsoft tried to seize control of an encrypted phone company for criminals, he was playing right into its real owners’ hands.

Encryption 129

Encryption IT Security 129

Advertisement

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

Analytics

Security Affairs

JUNE 3, 2024

Personal information of hundreds of British and EU politicians is available on dark web marketplaces. According to research conducted by Proton and Constella Intelligence, the email addresses and other sensitive information of 918 British MPs, European Parliament members, and French deputies and senators are available in the dark web marketplaces. 40% of 2,280 official government email addresses from the British, European, and French Parliaments were exposed, including passwords, birth dates, an

Passwords 116

Passwords Government Data breaches Risk 116

The Last Watchdog

MAY 31, 2024

AI has the potential to revolutionize industries and improve lives, but only if we can trust it to operate securely and ethically. Related: The key to the GenAI revolution By prioritizing security and responsibility in AI development, we can harness its power for good and create a safer, more unbiased future. Developing a secured AI system is essential because artificial intelligence is a transformative technology, expanding its capabilities and societal influence.

Artificial Intelligence 100

Artificial Intelligence Security Encryption Authentication 100

Data Breach Today

MAY 30, 2024

Also: Okta Alert on Credential Stuffing; Data Breaches in Spain This week, Google AI search provided wrong answers, Internet Archive suffered DDos attack, Okta warned of credential stuffing, Canada shut down two tech firms, attackers delivered malware with Stack Overflow, Telefónica is probing breach, Iberdrola was breached and RansomHub said it hit Christie's.

Data breaches 297

Data breaches Archiving IT 297

OpenText Information Management

JUNE 4, 2024

In today's digital age, cybersecurity threats are an ever-present danger for organizations of all sizes. While sophisticated technology solutions are critical in defending against cyber threats, they are only part of the equation. Cybersecurity is not just about having the right tools; it's also about having the right people and processes in place. This is where Tabletop Exercises (or incident response simulations), come into play.

Security awareness 104

Security awareness Cybersecurity Compliance GDPR 104

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

eSecurity Planet

JUNE 3, 2024

Last week, major security vendors Check Point and Okta both notified customers of threats, and an old Fortinet vulnerability reared its head when researchers published a proof of concept for it. Spoofed browser upgrades download malware onto victims’ computers, and threat actors have been actively exploiting a Linux kernel vulnerability. Check your vendors’ security bulletins regularly, and make sure your team is following security news to patch issues as soon as they arise.

Authentication 109

Authentication Passwords Access Cybersecurity 109

Security Affairs

JUNE 4, 2024

The RansomHub ransomware group added the American telecommunications company Frontier Comunications to the list of victims on its Tor leak site. The RansomHub ransomware group claimed to have stolen the information of over 2 million customers from the American telecommunications company Frontier Communications. The RansomHub group claims to have stolen 5GB of data from the telecommunications giant.

Communications 109

Communications Data breaches Ransomware Access 109

WIRED Threat Level

JUNE 1, 2024

Data breaches at Ticketmaster and financial services company Santander have been linked to attacks against cloud provider Snowflake. Researchers fear more breaches will soon be uncovered.

Data breaches 114

Data breaches Financial Services Cloud Security 114

Data Breach Today

JUNE 5, 2024

CHERI Architecture Enforces Memory Safety in Hardware A U.K. government official on Tuesday touted the potential of a processor designed to prevent memory-based cyberattacks even as he acknowledged commercial hurdles to its widespread adoption. The CHERI processor reduces attack surface, said John Goodacre.

Government 219

Government IT 219

Advertisement

Without proper guidance, it’s easy to miss out on Kafka’s full capabilities. While not the easiest technology to optimize, Kafka rewards those willing to explore its depths. Under the hood, it is an elegant system for stream processing, event sourcing, and data integration. Download this white paper to learn the 10 critical rules that will help you optimize your Kafka system and unlock its full potential.

Paper

KnowBe4

JUNE 4, 2024

The NIS2 Directive, also known as the Network and Information Security Directive, is a crucial piece of legislation designed to enhance cybersecurity and protect critical infrastructure across the European Union (EU). Building on the previous NIS Directive, it addresses its shortcomings and expands its scope to improve security requirements, reporting obligations, and crisis management capabilities.

Cybersecurity 98

Cybersecurity Compliance Information Security Security 98

Schneier on Security

JUNE 3, 2024

A piece I coauthored with Fredrik Heiding and Arun Vishwanath in the Harvard Business Review : Summary. Gen AI tools are rapidly making these emails more advanced, harder to spot, and significantly more dangerous. Recent research showed that 60% of participants fell victim to artificial intelligence (AI)-automated phishing, which is comparable to the success rates of non-AI-phishing messages created by human experts.

Phishing 98

Phishing Artificial Intelligence 98

Security Affairs

MAY 30, 2024

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-24919 Check Point Quantum Security Gateways Information Disclosure Vulnerability CVE-2024-1086 Linux Kernel Use-After-Free Vulnerability The vulnerability CVE-2024-24919 is a Quantum Gateway information disclosure

IT 115

IT Security Cybersecurity Risk 115

WIRED Threat Level

JUNE 4, 2024

Generative AI tools such as OpenAI’s ChatGPT and Microsoft’s Copilot are becoming part of everyday business life. But they come with privacy and security considerations you should know about.

IT 90

IT Privacy Security 90

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Data Breach Today

JUNE 5, 2024

Company Addresses Flaws in End-of-Life NAS Devices Networking solutions vendor Zyxel fixed critical vulnerabilities in end-of-life network-attached storage devices that allow remote code execution. It left two vulnerabilities allowing attacks by authenticated local attackers unpatched.

Authentication 201

Authentication Security IT 201

KnowBe4

JUNE 4, 2024

The prevalence of cyber crime continues to soar, victimizing individuals in both their work and private lives. Cybercriminals are indiscriminate, targeting around the clock and across the globe.

Phishing 90

Phishing 90

Schneier on Security

MAY 30, 2024

No word on how this backdoor was installed: A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website, researchers reported Thursday, in the latest episode of a supply-chain attack. The software, known as the JAVS Viewer 8, is a component of the JAVS Suite 8 , an application package courtrooms use to record, play back, and manage audio and video from proceed

Communications 110

Communications IT 110