Tue.Feb 20, 2024

article thumbnail

Chinese Hacking Contractor iSoon Leaks Internal Documents

Data Breach Today

Company Mainly Hacked for the Ministry of Public Security An apparent leak of internal documents from a Chinese hacking contractor paints a picture of a disaffected, poorly paid workforce that nonetheless penetrated multiple regional governments and possibly NATO. Multiple experts told Information Security Media Group the documents appear to be legitimate.

article thumbnail

Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates

Krebs on Security

U.S. and U.K. authorities have seized the darknet websites run by LockBit , a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Instead of listing data stolen from ransomware victims who didn’t pay, LockBit’s victim shaming website now offers free recovery tools, as well as news about arrests and criminal charges involving LockBit affiliates.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Broken LockBit: Ransomware Group Takedown Will Have Impact

Data Breach Today

Even if Group Reboots, Disruption Already Stands as a Success, Experts Say Blue Monday arrived late this year for the LockBit ransomware-as-a-service group, after an international coalition of law enforcement agencies seized swathes of its infrastructure. Security experts said even if the down-on-its-heels group reboots, the disruption already stands as a big win.

article thumbnail

GUEST ESSAY: Everything you should know about the cybersecurity vulnerabilities of AI chatbots

The Last Watchdog

AI chatbots are computer programs that talk like humans, gaining popularity for quick responses. They boost customer service, efficiency and user experience by offering constant help, handling routine tasks, and providing prompt and personalized interactions. Related: The security case for AR, VR AI chatbots use natural language processing, which enables them to understand and respond to human language and machine learning algorithms.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Vastaamo Hacker Disappears Amid Ongoing Trial

Data Breach Today

Aleksanteri Kivimaki Vanished After the Court Ordered His Reconfinement A Finnish hacker on trial for his alleged role in the hack and leak of mental patient notes taken during psychotherapy sessions has vanished. A Finnish court on Friday ordered Aleksanteri Tomminpoika Kivimäki back into jail. He was under home detention at the time of his disappearance.

271
271

More Trending

article thumbnail

Arrests and Indictments in LockBit Crackdown

Data Breach Today

US, UK and European Authorities Seize Decryption Keys and Will Contact Victims An international law enforcement operation that infiltrated ransomware-as-a-service operation LockBit has resulted in arrests, indictments and the seizure of encryption keys that can be used to help victims recover their data. LockBit emerged in 2019 and was one of the largest ransomware operations.

article thumbnail

Microsoft Is Spying on Users of Its AI Tools

Schneier on Security

Microsoft announced that it caught Chinese, Russian, and Iranian hackers using its AI tools—presumably coding tools—to improve their hacking abilities. From their report : In collaboration with OpenAI, we are sharing threat intelligence showing detected state affiliated adversaries—tracked as Forest Blizzard, Emerald Sleet, Crimson Sandstorm, Charcoal Typhoon, and Salmon Typhoon—using LLMs to augment cyberoperations.

IT 132
article thumbnail

Joomla CMS Patches Critical XSS Vulnerabilities

Data Breach Today

Millions of Websites Potentially at Risk Cross-site scripting vulnerabilities in Joomla, a widely used free-source content management system, were fixed in a patch published Tuesday by the open-source project that maintains the software. The flaws potentially expose millions of websites to attacks that can end with remote code execution.

CMS 246
article thumbnail

Microsoft Exchange flaw CVE-2024-21410 could impact up to 97,000 servers

Security Affairs

Researchers from Shadowserver Foundation identified roughly 28,000 internet-facing Microsoft Exchange servers vulnerable to CVE-2024-21410. The vulnerability CVE-2024-21410 is a bypass vulnerability that can be exploited by an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

1Password Acquires Kolide, Aiming to Enhance Device Security

Data Breach Today

1Password CEO Says Acquisition Will Help Customers Achieve Zero Trust Objectives Jeff Shiner, CEO of the popular password management company 1Password, said Monday that the company is acquiring leading device security platform Kolide in response to the "historic transformation of the workplace that demands transformative and intuitive new security solutions.

Security 243
article thumbnail

Climate change predictions: Anticipating and adapting to a warming world

IBM Big Data Hub

In an era of accelerating climate change , predicting the near-future can yield major benefits. For instance, when utility officials are aware that a heat wave is on its way, they can plan energy procurement to prevent power outages. When farmers in drought-prone regions are able to predict which crops are susceptible to failure , they can deploy additional irrigation.

article thumbnail

Bill Proposes Measuring the Accuracy of Patient Matching

Data Breach Today

Aim Is to Reduce Medical Mistakes and Breaches That Result From Mismatched Records A bipartisan pair of congressmen is again attempting to address long-standing issues of patient safety and privacy - as well as medical errors, inadvertent information disclosures and denied medical claims - which all occur when patients and the health records used to treat them do not match.

Privacy 242
article thumbnail

The Notorious Lockbit Ransomware Gang Has Been Disrupted by Law Enforcement

WIRED Threat Level

LockBit’s website, infrastructure, and data have been seized by law enforcement—striking a huge blow against one of the world's most prolific ransomware groups.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Moving First-Party Fraud Out of the Bank's Blind Spot

Data Breach Today

Fraud Expert Ian Mitchell on Creating a Holistic Program to Tackle Authorized Fraud Unlike identity theft, first-party fraud is harder to spot when a consumer opens an account. To guard against this growing blind spot, banks need to invest in transaction-monitoring tools and take a more holistic approach to fraud, said Ian Mitchell, co-founder of Mission Omega.

233
233
article thumbnail

Signal Finally Rolls Out Usernames, So You Can Keep Your Phone Number Private

WIRED Threat Level

We tested the end-to-end encrypted messenger’s new feature aimed at addressing critics’ most persistent complaint. Here’s how it works.

article thumbnail

ConnectWise fixed critical flaws in ScreenConnect remote access tool

Security Affairs

ConnectWise addressed two critical vulnerabilities in its ScreenConnect remote desktop access product and urges customers to install the patches asap. ConnectWise warns of the following two critical vulnerabilities in its ScreenConnect remote desktop access product: CWE-288 Authentication bypass using an alternate path or channel (CVSS score 10) CWE-22 Improper limitation of a pathname to a restricted directory (“path traversal”) (CVSS score 8.4) Both vulnerabilities were reported on February 1

Access 100
article thumbnail

IBM Tests Audio-Based Large Language Model to Hijack Live Conversations

KnowBe4

With the idea in mind to “audio-jack” a live call-based banking transaction, security researchers were successful in inserting cybercriminal-controlled account details.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

More details about Operation Cronos that disrupted Lockbit operation

Security Affairs

Law enforcement provided additional details about the international Operation Cronos that led to the disruption of the Lockbit ransomware operation. Yesterday, a joint law enforcement action, code-named Operation Cronos , conducted by law enforcement agencies from 11 countries disrupted the LockBit ransomware operation. Below is the image of the Tor leak site of the Lockbit ransomware gang that was seized by the UK National Crime Agency (NCA).

article thumbnail

Protect funding for public libraries at risk

CILIP

Protect funding for public libraries at risk In this election year it is more important than ever to bring libraries into the public and political spotlight as central government cuts council budgets across the country. CILIP will write to every local authority where budget-reductions threaten their public libraries with closure or a reduction in service provision, to ensure that due process is followed with every decision, and councillors understand the vital importance of libraries in their co

article thumbnail

4 hidden benefits of generative AI in DevOps

OpenText Information Management

Large-scale, generative AI models are opening up the possibility to do anything—from building applications to designing game-changing UI experiences. And as generative AI continues to make waves, its promise to revolutionize development and testing will usher in a new era of DevOps. But with generative AI comes uncertainty and doubt, which casts a shadow on … The post 4 hidden benefits of generative AI in DevOps appeared first on OpenText Blogs.

IT 78
article thumbnail

The Unsettling Leap of AI in Video Creation: A Glimpse Into Sora

KnowBe4

In the rapidly evolving landscape of artificial intelligence (AI), the launch of Sora by OpenAI marks an unnerving milestone in video synthesis.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

How to protect your machinelearning Models

Thales Cloud Protection & Licensing

How to protect your machinelearning Models richard-r.stew… Tue, 02/20/2024 - 21:50 Dr. Werner Dondl and Michael Zunke In computer technology, few fields have garnered as much attention as artificial intelligence ( [KD1] [RJ2] AI) and machine learning (ML). This discipline – sitting at the intersection of computer science and data analysis – has become integral to mobile applications, voice assistants, fraudulent transaction detection, image recognition, autonomous driving, and even medical d

article thumbnail

Malvertising Campaign Spreads Phony Utility Bills

KnowBe4

A widespread malvertising campaign is attempting to trick users into paying phony utility bills, according to researchers at Malwarebytes.

article thumbnail

How to protect your machinelearning Models

Thales Cloud Protection & Licensing

How to protect your machinelearning Models richard-r.stew… Tue, 02/20/2024 - 21:50 Dr. Werner Dondl and Michael Zunke In computer technology, few fields have garnered as much attention as artificial intelligence ( [KD1] [RJ2] AI) and machine learning (ML). This discipline – sitting at the intersection of computer science and data analysis – has become integral to mobile applications, voice assistants, fraudulent transaction detection, image recognition, autonomous driving, and even medical

article thumbnail

Making The Return on Investment (ROI) Case For Security Awareness Training

KnowBe4

Join us for this webinar where Joanna Huisman, SVP of Strategic Insights and Research at KnowBe4, helps you understand the value and articulate.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Urgent appeal: protect funding for public libraries at risk

CILIP

Urgent appeal: protect funding for public libraries at risk CILIP is the leading industry voice championing and representing library and information professionals across the United Kingdom, guided by our Royal Charter to develop and improve library and information services, and as a Charity to act in the public good. We are concerned at increasing reports of a significant number of proposed changes to public library services which appear to be motivated primarily financially rather than by the n

article thumbnail

CyberheistNews Vol 14 #08 Browser-Based Phishing Attacks Increase 198%, With Evasive Attacks Increasing 206%

KnowBe4

Browser-Based Phishing Attacks Increase 198%, With Evasive Attacks Increasing 206%

article thumbnail

Harnessing the power of generative AI to increase matching accuracy and data steward productivity

Reltio

Welcome to the future of data unification and management with Reltio! We're thrilled to unveil our latest innovations in the Reltio Connected Data Platform , marking significant leaps in the realm of data stewardship and entity resolution. Our pioneering new capabilities powered by generative AI (gen AI) and large language models (LLMs) set a new industry standard, offering you unparalleled ability to unify, manage, and mobilize trusted data in real time.