Thu.Jun 06, 2024

article thumbnail

Cryptohack Roundup: Robinhood to Acquire Bitstamp

Data Breach Today

Also: FBI Warns About Work-From-Home Scammers Demanding Crypto This week, Robinhood said it will acquire Bitstamp in a $200 million deal, a senior promoter of the Forcount crypto Ponzi scheme pleaded guilty, crypto scammers targeted work-from-home job seekers, and Tether and CoinGecko warned of crypto phishing attacks.

Phishing 271
article thumbnail

Microsoft's Recall Feature Is Even More Hackable Than You Thought

WIRED Threat Level

A new discovery that the AI-enabled feature's historical data can be accessed even by hackers without administrator privileges only contributes to the growing sense that the feature is a “dumpster fire.

Access 141
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Microsoft Says Azure Cloud Attack Scenario Isn't a Flaw

Data Breach Today

Redmond Calls Tenable Report Evidence of Customers Misconstruing Azure Service Tags Microsoft is calling security research asserting a high-severity vulnerability exists in Microsoft Azure evidence that customers should better configure their cloud environments. An attacker with an Azure instance could obtain access to company resources by sending customizable HTTP requests.

Cloud 269
article thumbnail

The Snowflake Attack May Be Turning Into One of the Largest Data Breaches Ever

WIRED Threat Level

The number of alleged hacks targeting the customers of cloud storage firm Snowflake appears to be snowballing into one of the biggest data breaches of all time.

article thumbnail

10 Rules for Managing Apache Cassandra

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

article thumbnail

Breach Roundup: Microsoft Deprecates NTLM Authentication

Data Breach Today

Also: Hacker Sells Data Obtained Through Snowflake Attack This week, Microsoft deprecated NTLM authentication, a hacker put apparently stolen Snowflake data up for sale, Ticketmaster confirmed its breach, Cisco patched Webex vulnerabilities, pro-Russian hacktivists claimed a DDoS attack in Spain and Kaspersky launched a free virus removal tool for Linux.

More Trending

article thumbnail

US Regulators Intensify Antitrust Scrutiny of AI Developers

Data Breach Today

DOJ and FTC to Launch Antitrust Investigations Into Microsoft, OpenAI and Nvidia The Justice Department and the Federal Trade Commission reportedly reached an agreement Thursday that will allow U.S. regulators to move forward with long-anticipated antitrust investigations into the leading developers of commercial artificial intelligence products.

article thumbnail

One Step Closer: AI Act Approved by Council of the EU

Data Matters

On 21 May 2024, the Council of the European Union approved the EU Artificial Intelligence Act (the “ AI Act ”). This is the final stage in the legislative process and comes after the EU Parliament voted to adopt the legislation on 13 March 2024. This final vote clears the path for the formal signing of the legislation and its publication in the Official Journal of the EU in the coming weeks.

article thumbnail

Meta's AI Model Training Comes Under European Scrutiny

Data Breach Today

Austrian Privacy Group Lodges Complaints With 11 European Regulators Against Meta Meta's plan to train artificial intelligence with data generated by Facebook and Instagram users faces friction in Europe after a rights group alleged it violates continental privacy law. Austrian privacy organization NOYB said it lodged complaints against Meta with 11 European data regulators.

article thumbnail

A new Linux version of TargetCompany ransomware targets VMware ESXi environments

Security Affairs

A new Linux variant of the TargetCompany ransomware family targets VMware ESXi environments using a custom shell script. A new variant of the TargetCompany ransomware group uses a custom shell script as a means of payload delivery and execution, this is the first time the technique was observed in the wild. The script was also used for data exfiltration, the stolen data are sent to two different servers so the ransomware actors have a backup of the information.

article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

article thumbnail

Wiz Counters Orca Security's Patent Infringement Allegations

Data Breach Today

Wiz Hits Back With Counterclaims, Says Orca Copied Patented Cloud Security Features In a clash of cloud security titans, Wiz denied all claims made by rival Orca Security of patent infringement and unauthorized use of proprietary information. Instead, Wiz said Orca copied its technological advancements and used confidential information to enhance its own products.

Security 152
article thumbnail

The Lords of Silicon Valley Are Thrilled to Present a ‘Handheld Iron Dome’

WIRED Threat Level

ZeroMark wants to build a system that will let soldiers easily shoot a drone out of the sky with the weapons they’re already carrying—and venture capital firm a16z is betting the startup can pull it off.

IT 99
article thumbnail

Renewed Info Stealer Campaign Targets Ukrainian Military

Data Breach Today

CERT-UA Says Threat Actor 'Vermin' Used Syncthing Application Ukrainian cyber defenders say Russian intelligence hackers operating from the occupied Donbas city of Luhansk targeted military email inboxes with an info stealer. A group tracked as UAC-0020 - also known as "Vermin" - deployed a malware strain dubbed "Spectr" as part of a spear-phishing campaign.

Military 152
article thumbnail

Social Engineering Scams Can Come in the Mail, Too

KnowBe4

Social engineering scams can come through any communications channel (e.g., email, web, social media, SMS, phone call, etc.). They can even come in the mail as the Nextdoor warning below shares.

article thumbnail

10 Rules for Managing Apache Kafka

Without proper guidance, it’s easy to miss out on Kafka’s full capabilities. While not the easiest technology to optimize, Kafka rewards those willing to explore its depths. Under the hood, it is an elegant system for stream processing, event sourcing, and data integration. Download this white paper to learn the 10 critical rules that will help you optimize your Kafka system and unlock its full potential.

article thumbnail

Google to start permanently deleting users’ location history

The Guardian Data Protection

Tech firm earlier committed to storing less data about individuals in response to privacy concerns Google will delete everything it knows about users’ previously visited locations, the company has said, a year after it committed to reducing the amount of personal data it stores about users. The company’s “timeline” feature – previously known as Location History – will still work for those who choose to use it, letting them scroll back through potentially decades of travel history to check where

article thumbnail

26% of Global Organizations Lack Security Training Programs

KnowBe4

More than a quarter (26%) of organizations around the world provide no security awareness training for their employees, according to a survey by Hornetsecurity. The researchers found that smaller companies in particular tend to lack security training programs.

article thumbnail

Weekly Update 403

Troy Hunt

I just watched back a little segment from this week's video and somehow landed at exactly the point where I said "I am starting to lose my patience with repeating the same thing over and over again" (about 46 mins if you want to skip to it), which is precisely how I wanted to start this post. In running HIBP for the last 10 and a bit years, there have been so many breaches where people have asked for the data within them beyond just the email address to be made available.

Risk 90
article thumbnail

Espionage with a Drone

Schneier on Security

The US is using a World War II law that bans aircraft photography of military installations to charge someone with doing the same thing with a drone.

article thumbnail

Navigating the Future: Generative AI, Application Analytics, and Data

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

article thumbnail

“Operation Endgame” Ends with the Arrest of 4 Cybercriminal Suspects and 100 Servers

KnowBe4

Coordinated efforts between law enforcement agencies across nine countries has resulted in a major disruption of a threat group’s malware and ransomware operations.

article thumbnail

RansomHub operation is a rebranded version of the Knight RaaS

Security Affairs

Researchers believe the RansomHub ransomware-as-a-service is a rebranded version of the Knight ransomware operation. Cybersecurity experts who analyzed the recently emerged ransomware operation RansomHub speculate that is is a rebranded version of Knight ransomware. Knight, also known as Cyclops 2.0, appeared in the threat landscape in May 2023. The malware targets multiple platforms, including Windows, Linux, macOS, ESXi, and Android.

article thumbnail

Honorary Fellowships 2024 - Nominations Open

CILIP

Honorary Fellowships 2024 - Nominations Open Honorary Fellowship has been awarded by CILIP and its predecessor the Library Association since 1896. It is the highest recognition given to a person who has made an outstanding contribution to the library and information world. Members are invited to put forward nominations by the close of play 30th July following the criteria and using the nominations form listed on the Honorary Fellowship page Nominating someone for honorary fellowship is a way for

article thumbnail

From Artificial Intelligence to Change Management: Key Takeaways from the 2024 Future Lawyer Conference in Boston

eDiscovery Daily

By Rick Clark The Future Lawyer 2024 Conference was held in Boston, MA, and hosted by Ropes & Gray LLP in their Prudential Tower offices. This two-day event hosted private practicing attorneys the first day and corporate in-house personnel the second day. The law firm day topics hovered mostly on how Generative and Predictive AI are gaining more steam in the legal industry, with the corporate agenda track more focused on change management.

article thumbnail

Get Better Network Graphs & Save Analysts Time

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

article thumbnail

Apple device and app compliance in aviation

Jamf

Learn about Apple device and app compliance in aviation, focusing on security compliance management, challenges and solutions with Jamf Pro

article thumbnail

SHARED INTEL Q&A: Forrester report shows Identity and Access Management (IAM) in flux

The Last Watchdog

Identity and Access Management (IAM) is at a crossroads. Related: Can IAM be a growth engine? A new Forrester Trends Report dissects ten IAM trends now in play, notably how AI is influencing IAM technologies to meet evolving identity threats. IAM is a concept that arose in the 1970s when usernames and passwords first got set up to control access mainframe computers.

Access 113
article thumbnail

How to Lead an Army of Digital Sleuths in the Age of AI

WIRED Threat Level

Eliot Higgins and his 28,000 forensic foot soldiers at Bellingcat have kept a miraculous nose for truth—and a sharp sense of its limits—in Gaza, Ukraine, and everywhere else atrocities hide online.

IT 137
article thumbnail

How You Can Prevent Breaches like Snowflake in the Future

Thales Cloud Protection & Licensing

How You Can Prevent Breaches like Snowflake in the Future andrew.gertz@t… Thu, 06/06/2024 - 14:36 Recently, major data breaches at accounts with Snowflake highlight how something as easy to implement as Multi-Factor Authentication could have helped prevent unauthorized access to millions of data records. There were signs that something was afoot with Snowflake accounts as the Australian Signal Directorate issued an alert about increased cyber threat activity targeting Snowflake customers.

article thumbnail

How Embedded Analytics Gets You to Market Faster with a SAAS Offering

Start-ups & SMBs launching products quickly must bundle dashboards, reports, & self-service analytics into apps. Customers expect rapid value from your product (time-to-value), data security, and access to advanced capabilities. Traditional Business Intelligence (BI) tools can provide valuable data analysis capabilities, but they have a barrier to entry that can stop small and midsize businesses from capitalizing on them.