Wed.Feb 07, 2024

article thumbnail

Record-Breaking Ransomware Profits Surpassed $1B in 2023

Data Breach Today

Ongoing Innovation and Sophistication Drive Unparalleled Profits Attackers wielding ransomware collectively earned over $1 billion last year - breaking previous records. Their increasingly sophisticated attacks targeted "high-profile institutions and critical infrastructure, including hospitals, schools and government," reported Chainalysis.

article thumbnail

From Cybercrime Saul Goodman to the Russian GRU

Krebs on Security

In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. The leaked user database shows one of the forum’s founders was an attorney who advised Russia’s top hackers on the legal risks of their work, and what to do if they got caught. A review of this user’s hacker identities shows that during his time on the forums he served as an officer in the special forces of the GRU , the foreign military intelligence agency of the Russian Federation.

Military 251
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Meta Is Being Urged to Crack Down on UK Payment Scams

Data Breach Today

Banking Fraud Heads Say Facebook Marketplace Is Teeming With Scammers Meta-owned online marketplaces are swarming with scammers who use deceptive ads to defraud banking customers, fraud prevention heads at leading British banks testified before a U.K. Parliament committee. They called on the social media giant to roll out stronger fraud prevention measures.

263
263
article thumbnail

Teaching LLMs to Be Deceptive

Schneier on Security

Interesting research: “ Sleeper Agents: Training Deceptive LLMs that Persist Through Safety Training “: Abstract: Humans are capable of strategically deceptive behavior: behaving helpfully in most situations, but then behaving very differently in order to pursue alternative objectives when given the opportunity. If an AI system learned such a deceptive strategy, could we detect it and remove it using current state-of-the-art safety training techniques?

Security 131
article thumbnail

The Tumultuous IT Landscape Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

To BEC or Not to BEC: How to Approach New Email Authentication Requirements

Data Breach Today

OnDemand | The Tools & Technology You Need to Meet Google/Yahoo Email Authentication Requirements Our email authentication experts will be on hand to provide their insight and a demonstration of how exactly Proofpoint Email Fraud Defense can help identify and close requirement gaps.

More Trending

article thumbnail

Chinese Hackers Preparing 'Destructive Attacks,' CISA Warns

Data Breach Today

Officials Say Hackers Are Evading Detection on Critical Infrastructure Networks The U.S. Cybersecurity and Infrastructure Security Agency urged critical infrastructure owners to patch systems after publishing a warning that Chinese hackers are evading detection and maintaining persistent unauthorized access in U.S. information technology environments.

article thumbnail

Fortinet addressed two critical FortiSIEM vulnerabilities

Security Affairs

Fortinet warns of two critical OS command injection vulnerabilities in FortiSIEM that could allow remote attackers to execute arbitrary code Cybersecurity vendor Fortinet warned of two critical vulnerabilities in FortiSIEM, tracked as CVE-2024-23108 and CVE-2024-23109 (CVSS score 10), which could lead to remote code execution. “Multiple improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiSIEM supervisor may allow a remote unauthenticated attacke

article thumbnail

DHS Is Recruiting Techies for the AI Corps

Data Breach Today

The Agency Plans to Hire 50 AI Experts This Year The U.S. Department of Homeland Security is recruiting dozens of artificial intelligence experts to integrate AI abilities into government work such as defending against cyberthreats and using AI-powered computer vision to assess damages after a disaster.

article thumbnail

Critical shim bug impacts every Linux boot loader signed in the past decade

Security Affairs

The maintainers of Shim addressed six vulnerabilities, including a critical flaw that could potentially lead to remote code execution. The maintainers of ‘shim’ addressed six vulnerabilities with the release of version 15.8. The most severe of these vulnerabilities, tracked as CVE-2023-40547 (CVSS score: 9.8), can lead to remote code execution under specific circumstances.

Access 113
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Entrust in Talks to Acquire Onfido for AI-Based ID Checks

Data Breach Today

Acquisition Would Support Entrust's Digital Identity Security Portfolio Entrust, a pioneer payment, identity and data security software and services provider, is in talks to acquire Onfido, a pioneer in cloud-based, AI-powered identity verification technology, for a reported $400 million. The combined solution will help customers fight identity fraud.

Cloud 207
article thumbnail

CISA adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Google Chromium V8 Type Confusion bug, tracked as CVE-2023-4762 , to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability impacts Google Chrome prior to 116.0.5845.179, it allows a remote attacker to execute arbitrary code via a crafted HTML page.

IT 101
article thumbnail

Holes Appear in Internet-Connected Toothbrush Botnet Warning

Data Breach Today

Don't Brush in Fear, as Supposed DDoS Dental Trauma Fails to Pass Muster Breathless reports claim 3 million IoT toothbrushes have been remotely compromised and used to target unsuspecting businesses via distributed denial-of-service attacks. Just one problem: This story has more holes in it than the teeth of kid with a 10-pack-a-day Gummy Bear habit.

IoT 204
article thumbnail

Experts warn of a critical bug in JetBrains TeamCity On-Premises

Security Affairs

A new vulnerability in JetBrains TeamCity On-Premises can be exploited by threat actors to take over vulnerable instances. JetBrains addressed a critical security vulnerability, tracked as CVE-2024-23917 (CVSS score 9.8) in its TeamCity On-Premises continuous integration and continuous deployment (CI/CD) software. An attacker can trigger the vulnerability to take over vulnerable installs. “The vulnerability may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to

article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

article thumbnail

Google Settles Google+ API Data Leak Lawsuit for $350M

Data Breach Today

Plaintiffs Alleged Google Sought to Cover Up API Flaw That Exposed Private Data Silicon Valley giant Google agreed to settle for $350 million a shareholder lawsuit alleging it mislead investors by attempting to cover up a privacy flaw in now-defunct social network Google+ that resulted in outside applications having access to private profile information.

Privacy 194
article thumbnail

How to Fight Long-Game Social Engineering Attacks

KnowBe4

Sophisticated cybercriminals are playing the long game. Unlike the typical hit-and-run cyber attacks, they build trust before laying their traps. They create a story so believable and intertwined with trust that even the most careful individuals can get caught in a trap set over time. Are your users prepared to confront such calculated attacks?

94
article thumbnail

2054, Part III: The Singularity

WIRED Threat Level

“You’d have an incomprehensible level of computational, predictive, analytic, and psychic skill. You’d have the mind of God.” An exclusive excerpt from 2054: A Novel.

article thumbnail

Chinese Hackers Spy on Dutch Ministry of Defense: A Story of Alarming Cyber Espionage

KnowBe4

In a revelation that adds yet another chapter to the ongoing saga of international cybersecurity threats, the Dutch Ministry of Defense recently shed light on a significant security breach. Reports that state-sponsored Chinese hackers have infiltrated the internal computer network the ministry uses were confirmed.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Sustainability trends: 5 issues to watch in 2024

IBM Big Data Hub

In 2024, sustainability is taking center stage. Efforts to track and reduce emissions, environmental impact and contributions to climate change are no longer rare or optional; instead, they’ve become the norm. Businesses, governments and individuals now see sustainability as a global imperative. Advanced technologies, more stringent reporting standards and stronger support from stakeholders are building momentum for eco-friendly initiatives and the incentives that encourage them.

article thumbnail

Navigating the Digital Landscape: Insights from the 2024 Thales Digital Trust Index

Thales Cloud Protection & Licensing

Navigating the Digital Landscape: Insights from the 2024 Thales Digital Trust Index madhav Thu, 02/08/2024 - 05:04 In today's rapidly evolving digital world, the balance between a seamless online experience and robust data security is more critical than ever. The 2024 Thales Digital Trust Index sheds light on this delicate balance, revealing compelling insights into consumer and employee perspectives on digital trust and experience.

article thumbnail

Destination: Artificial General Intelligence

OpenText Information Management

At OpenText, we are fully committed to helping organizations gain the AI advantage to reimagine work, as evidenced by our OpenText™ Aviator announcement last fall. But we won’t stop there – our AI strategy is ambitious and far-reaching because we believe we’ve only scratched the surface of how this innovative technology can elevate us to … The post Destination: Artificial General Intelligence appeared first on OpenText Blogs.

article thumbnail

U.S. CFTC Seeks Public Input on Use of Artificial Intelligence in Commodity Markets and Simultaneously Warns of AI Scams

Data Matters

The staff of the Commodity Futures Trading Commission (CFTC) is seeking public comment (the Request for Comment) on the risks and benefits associated with use of artificial intelligence (AI) in the commodity derivatives markets. According to the Request for Comment, the staff “recognizes that use of AI may lead to significant benefits in derivatives markets, but such use may also pose risks relating to market safety, customer protection, governance, data privacy, mitigation of bias, and cybers

article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

New Wave of Website Privacy Lawsuits Under the Pen Register and Trap and Trace Device Theory

Hunton Privacy

In the latest evolution of lawsuits challenging technologies that track website users, California class action plaintiffs have begun to file under a new theory—the pen register and trap and trace device theory under Section 638.51 of the California Invasion of Privacy Act (“CIPA”). Over the last two years, courts have seen an influx of putative class action lawsuits targeting businesses with websites that utilize technology to track users’ website interactions.

Privacy 67
article thumbnail

Opinion: Should I be charged for my own site data, harvested without my consent/request? on Slashdot

IG Guru

Check out the page here. The post Opinion: Should I be charged for my own site data, harvested without my consent/request? on Slashdot first appeared on IG GURU.

Risk 81
article thumbnail

Elearning Staff Awareness Course Overview: Ransomware

IT Governance

Understanding the threat, and how staff awareness training can address it Damian Garcia has worked in the IT sector in the UK and internationally, including for IBM and Microsoft. In his more than 30 years in the industry, he’s helped both private- and public-sector organisations reduce the risks to their on-site and Cloud-based IT environments. He also has an MSc in cyber security risk management.

article thumbnail

The case for separating DNS from your CDN 

IBM Big Data Hub

If you’re signing on with a content delivery network (CDN) provider, you’ll probably see DNS as part of the standard service package. It’s only natural—to access your content delivered by the CDN, the Internet has to know where to send the traffic. CDNs make it easy to configure and manage those DNS settings. It’s easy to accept DNS services as part of a CDN package.

IT 82
article thumbnail

Launching LLM-Based Products: From Concept to Cash in 90 Days

Speaker: Christophe Louvion, Chief Product & Technology Officer of NRC Health and Tony Karrer, CTO at Aggregage

Christophe Louvion, Chief Product & Technology Officer of NRC Health, is here to take us through how he guided his company's recent experience of getting from concept to launch and sales of products within 90 days. In this exclusive webinar, Christophe will cover key aspects of his journey, including: LLM Development & Quick Wins 🤖 Understand how LLMs differ from traditional software, identifying opportunities for rapid development and deployment.

article thumbnail

Bolstering Healthcare Cybersecurity: The Regulatory Outlook

Data Breach Today

The Biden administration's strategy for bolstering health sector cybersecurity, which includes newly released voluntary cyber performance goals and plans to update the HIPAA Security Rule, is fueling uncertainty in some organizations, said privacy attorney Iliana Peters of law firm Polsinelli.