Wed.Feb 07, 2024

article thumbnail

Record-Breaking Ransomware Profits Surpassed $1B in 2023

Data Breach Today

Ongoing Innovation and Sophistication Drive Unparalleled Profits Attackers wielding ransomware collectively earned over $1 billion last year - breaking previous records. Their increasingly sophisticated attacks targeted "high-profile institutions and critical infrastructure, including hospitals, schools and government," reported Chainalysis.

article thumbnail

From Cybercrime Saul Goodman to the Russian GRU

Krebs on Security

In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. The leaked user database shows one of the forum’s founders was an attorney who advised Russia’s top hackers on the legal risks of their work, and what to do if they got caught. A review of this user’s hacker identities shows that during his time on the forums he served as an officer in the special forces of the GRU , the foreign military intelligence agency of the Russian Federation.

Military 256
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

To BEC or Not to BEC: How to Approach New Email Authentication Requirements

Data Breach Today

OnDemand | The Tools & Technology You Need to Meet Google/Yahoo Email Authentication Requirements Our email authentication experts will be on hand to provide their insight and a demonstration of how exactly Proofpoint Email Fraud Defense can help identify and close requirement gaps.

article thumbnail

Fortinet addressed two critical FortiSIEM vulnerabilities

Security Affairs

Fortinet warns of two critical OS command injection vulnerabilities in FortiSIEM that could allow remote attackers to execute arbitrary code Cybersecurity vendor Fortinet warned of two critical vulnerabilities in FortiSIEM, tracked as CVE-2024-23108 and CVE-2024-23109 (CVSS score 10), which could lead to remote code execution. “Multiple improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiSIEM supervisor may allow a remote unauthenticated attacke

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Chinese Hackers Preparing 'Destructive Attacks,' CISA Warns

Data Breach Today

Officials Say Hackers Are Evading Detection on Critical Infrastructure Networks The U.S. Cybersecurity and Infrastructure Security Agency urged critical infrastructure owners to patch systems after publishing a warning that Chinese hackers are evading detection and maintaining persistent unauthorized access in U.S. information technology environments.

More Trending

article thumbnail

Meta Is Being Urged to Crack Down on UK Payment Scams

Data Breach Today

Banking Fraud Heads Say Facebook Marketplace Is Teeming With Scammers Meta-owned online marketplaces are swarming with scammers who use deceptive ads to defraud banking customers, fraud prevention heads at leading British banks testified before a U.K. Parliament committee. They called on the social media giant to roll out stronger fraud prevention measures.

287
287
article thumbnail

Teaching LLMs to Be Deceptive

Schneier on Security

Interesting research: “ Sleeper Agents: Training Deceptive LLMs that Persist Through Safety Training “: Abstract: Humans are capable of strategically deceptive behavior: behaving helpfully in most situations, but then behaving very differently in order to pursue alternative objectives when given the opportunity. If an AI system learned such a deceptive strategy, could we detect it and remove it using current state-of-the-art safety training techniques?

Security 110
article thumbnail

Holes Appear in Internet-Connected Toothbrush Botnet Warning

Data Breach Today

Don't Brush in Fear, as Supposed DDoS Dental Trauma Fails to Pass Muster Breathless reports claim 3 million IoT toothbrushes have been remotely compromised and used to target unsuspecting businesses via distributed denial-of-service attacks. Just one problem: This story has more holes in it than the teeth of kid with a 10-pack-a-day Gummy Bear habit.

IoT 285
article thumbnail

How to Fight Long-Game Social Engineering Attacks

KnowBe4

Sophisticated cybercriminals are playing the long game. Unlike the typical hit-and-run cyber attacks, they build trust before laying their traps. They create a story so believable and intertwined with trust that even the most careful individuals can get caught in a trap set over time. Are your users prepared to confront such calculated attacks?

109
109
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

DHS Is Recruiting Techies for the AI Corps

Data Breach Today

The Agency Plans to Hire 50 AI Experts This Year The U.S. Department of Homeland Security is recruiting dozens of artificial intelligence experts to integrate AI abilities into government work such as defending against cyberthreats and using AI-powered computer vision to assess damages after a disaster.

article thumbnail

Ransomware Payments Hit a Record $1.1 Billion in 2023

WIRED Threat Level

After a slowdown in payments to ransomware gangs in 2022, last year saw total ransom payouts jump to their highest level yet, according to a new report from crypto-tracing firm Chainalysis.

article thumbnail

Entrust in Talks to Acquire Onfido for AI-Based ID Checks

Data Breach Today

Acquisition Would Support Entrust's Digital Identity Security Portfolio Entrust, a pioneer payment, identity and data security software and services provider, is in talks to acquire Onfido, a pioneer in cloud-based, AI-powered identity verification technology, for a reported $400 million. The combined solution will help customers fight identity fraud.

Cloud 272
article thumbnail

Chinese Hackers Spy on Dutch Ministry of Defense: A Story of Alarming Cyber Espionage

KnowBe4

In a revelation that adds yet another chapter to the ongoing saga of international cybersecurity threats, the Dutch Ministry of Defense recently shed light on a significant security breach. Reports that state-sponsored Chinese hackers have infiltrated the internal computer network the ministry uses were confirmed.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Google Settles Google+ API Data Leak Lawsuit for $350M

Data Breach Today

Plaintiffs Alleged Google Sought to Cover Up API Flaw That Exposed Private Data Silicon Valley giant Google agreed to settle for $350 million a shareholder lawsuit alleging it mislead investors by attempting to cover up a privacy flaw in now-defunct social network Google+ that resulted in outside applications having access to private profile information.

Privacy 266
article thumbnail

Experts warn of a critical bug in JetBrains TeamCity On-Premises

Security Affairs

A new vulnerability in JetBrains TeamCity On-Premises can be exploited by threat actors to take over vulnerable instances. JetBrains addressed a critical security vulnerability, tracked as CVE-2024-23917 (CVSS score 9.8) in its TeamCity On-Premises continuous integration and continuous deployment (CI/CD) software. An attacker can trigger the vulnerability to take over vulnerable installs. “The vulnerability may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to

article thumbnail

Bolstering Healthcare Cybersecurity: The Regulatory Outlook

Data Breach Today

The Biden administration's strategy for bolstering health sector cybersecurity, which includes newly released voluntary cyber performance goals and plans to update the HIPAA Security Rule, is fueling uncertainty in some organizations, said privacy attorney Iliana Peters of law firm Polsinelli.

article thumbnail

Sustainability trends: 5 issues to watch in 2024

IBM Big Data Hub

In 2024, sustainability is taking center stage. Efforts to track and reduce emissions, environmental impact and contributions to climate change are no longer rare or optional; instead, they’ve become the norm. Businesses, governments and individuals now see sustainability as a global imperative. Advanced technologies, more stringent reporting standards and stronger support from stakeholders are building momentum for eco-friendly initiatives and the incentives that encourage them.

article thumbnail

The Big Payoff of Application Analytics

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

article thumbnail

CISA adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Google Chromium V8 Type Confusion bug, tracked as CVE-2023-4762 , to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability impacts Google Chrome prior to 116.0.5845.179, it allows a remote attacker to execute arbitrary code via a crafted HTML page.

IT 98
article thumbnail

2054, Part III: The Singularity

WIRED Threat Level

“You’d have an incomprehensible level of computational, predictive, analytic, and psychic skill. You’d have the mind of God.” An exclusive excerpt from 2054: A Novel.

article thumbnail

Navigating the Digital Landscape: Insights from the 2024 Thales Digital Trust Index

Thales Cloud Protection & Licensing

Navigating the Digital Landscape: Insights from the 2024 Thales Digital Trust Index madhav Thu, 02/08/2024 - 05:04 In today's rapidly evolving digital world, the balance between a seamless online experience and robust data security is more critical than ever. The 2024 Thales Digital Trust Index sheds light on this delicate balance, revealing compelling insights into consumer and employee perspectives on digital trust and experience.

article thumbnail

Destination: Artificial General Intelligence

OpenText Information Management

At OpenText, we are fully committed to helping organizations gain the AI advantage to reimagine work, as evidenced by our OpenText™ Aviator announcement last fall. But we won’t stop there – our AI strategy is ambitious and far-reaching because we believe we’ve only scratched the surface of how this innovative technology can elevate us to … The post Destination: Artificial General Intelligence appeared first on OpenText Blogs.

article thumbnail

A Tale of Two Case Studies: Using LLMs in Production

Speaker: Tony Karrer, Ryan Barker, Grant Wiles, Zach Asman, & Mark Pace

Join our exclusive webinar with top industry visionaries, where we'll explore the latest innovations in Artificial Intelligence and the incredible potential of LLMs. We'll walk through two compelling case studies that showcase how AI is reimagining industries and revolutionizing the way we interact with technology. Some takeaways include: How to test and evaluate results 📊 Why confidence scoring matters 🔐 How to assess cost and quality 🤖 Cross-platform cost vs. quality tr

article thumbnail

U.S. CFTC Seeks Public Input on Use of Artificial Intelligence in Commodity Markets and Simultaneously Warns of AI Scams

Data Matters

The staff of the Commodity Futures Trading Commission (CFTC) is seeking public comment (the Request for Comment) on the risks and benefits associated with use of artificial intelligence (AI) in the commodity derivatives markets. According to the Request for Comment, the staff “recognizes that use of AI may lead to significant benefits in derivatives markets, but such use may also pose risks relating to market safety, customer protection, governance, data privacy, mitigation of bias, and cybers

article thumbnail

New Wave of Website Privacy Lawsuits Under the Pen Register and Trap and Trace Device Theory

Hunton Privacy

In the latest evolution of lawsuits challenging technologies that track website users, California class action plaintiffs have begun to file under a new theory—the pen register and trap and trace device theory under Section 638.51 of the California Invasion of Privacy Act (“CIPA”). Over the last two years, courts have seen an influx of putative class action lawsuits targeting businesses with websites that utilize technology to track users’ website interactions.

Privacy 63
article thumbnail

Opinion: Should I be charged for my own site data, harvested without my consent/request? on Slashdot

IG Guru

Check out the page here. The post Opinion: Should I be charged for my own site data, harvested without my consent/request? on Slashdot first appeared on IG GURU.

Risk 83
article thumbnail

The case for separating DNS from your CDN 

IBM Big Data Hub

If you’re signing on with a content delivery network (CDN) provider, you’ll probably see DNS as part of the standard service package. It’s only natural—to access your content delivered by the CDN, the Internet has to know where to send the traffic. CDNs make it easy to configure and manage those DNS settings. It’s easy to accept DNS services as part of a CDN package.

IT 92
article thumbnail

Monetizing Analytics Features

Think your customers will pay more for data visualizations in your application? Five years ago, they may have. But today, dashboards and visualizations have become table stakes. Turning analytics into a source of revenue means integrating advanced features in unique, hard-to-steal ways. Download this white paper to discover which features will differentiate your application and maximize the ROI of your analytics.

article thumbnail

Elearning Staff Awareness Course Overview: Ransomware

IT Governance

Understanding the threat, and how staff awareness training can address it Damian Garcia has worked in the IT sector in the UK and internationally, including for IBM and Microsoft. In his more than 30 years in the industry, he’s helped both private- and public-sector organisations reduce the risks to their on-site and Cloud-based IT environments. He also has an MSc in cyber security risk management.