Wed.May 31, 2023

article thumbnail

Ring Settles FTC Allegations of Poor Cybersecurity, Privacy

Data Breach Today

Amazon-Owned Ring Will Pay $5.8 Million to Settle FTC Investigation Amazon agreed to pay $5.8 million to settle a Federal Trade Commission investigation into allegedly poor cybersecurity practices by its Ring home surveillance device subsidiary. The company is also poised to come under two decades' worth of outside reviews of a mandated data and security program.

article thumbnail

RSAC Fireside Chat: Reinforcing ‘Identity and Access Management’ to expose ‘shadow access’

The Last Watchdog

The world of Identity and Access Management ( IAM ) is rapidly evolving. Related: Stopping IAM threats IAM began 25 years ago as a method to systematically grant human users access to company IT assets. Today, a “user” most often is a snippet of code seeking access at the cloud edge. At the RSAC Conference 2023 , I sat down with Venkat Raghavan , founder and CEO of start-up Stack Identity.

Access 214
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Dark Pink Ramps Up Cyberespionage Attacks, Hits New Targets

Data Breach Today

Threat Actor's Targets This Year Include Government Agencies in Brunei, Indonesia A recently emerged threat actor dubbed Dark Pink is updating its custom tool set in a bid to evade detection while expanding its operations to new Southeast Asian targets. Threat intel firm Group-IB counts 13 total victims of Dark Pink, which first became active in mid-2021.

article thumbnail

AI’s “Oppenheimer Moment” Is B t.

John Battelle's Searchblog

Well that was something. Yesterday the Center for AI Safety, which didn’t exist last year, released a powerful 22-word statement that sent the world’s journalists into a predictable paroxysm of hand-wringing: “Mitigating the risk of extinction from A.I. should be a global priority alongside other societal-scale risks, such as pandemics and nuclear war.

Risk 122
article thumbnail

Provide Real Value in Your Applications with Data and Analytics

The complexity of financial data, the need for real-time insight, and the demand for user-friendly visualizations can seem daunting when it comes to analytics - but there is an easier way. With Logi Symphony, we aim to turn these challenges into opportunities. Our platform empowers you to seamlessly integrate advanced data analytics, generative AI, data visualization, and pixel-perfect reporting into your applications, transforming raw data into actionable insights.

article thumbnail

Hackers Exploited Zero-Day Bug for 8 Months, Barracuda Warns

Data Breach Today

Attackers Exploited Now-Fixed Flaw in ESG Appliances to Install Malware, Steal Data Barracuda Networks is warning that a zero-day vulnerability that it recently discovered and patched in its Email Security Gateway appliances appears to have been exploited since October 2022. Attackers used the flaw to gain persistent remote access to networks and exfiltrate data, it said.

Access 241

More Trending

article thumbnail

Ukrainian CERT Warns of New SmokeLoader Campaign

Data Breach Today

Hackers Using Compromised Mail to Deliver the Malware Ukrainian cyber defenders warn users for the second time this month to be aware of financially-motivated phishing campaigns that load the Smokeloader malware onto computers. Hackers behind UAC-0006 typically targets computers used by accountants and look for and credential data.

Phishing 152
article thumbnail

AI Voice-Based Scams Rise as One-Third of Victims Can’t Tell if the Voice is Real or Not

KnowBe4

As audio deepfake technology continues to go mainstream as part of the evolution in AI-based tools, new data shows there are plenty of victims and they aren’t prepared for such an attack.

article thumbnail

Cisco Buys Armorblox to Bring Generative AI to Its Portfolio

Data Breach Today

SentinelOne-Backed Armorblox Protects Email Through Natural Language Understanding Cisco plans to make its third tuck-in cybersecurity acquisition of 2023 to protect email, cloud office applications and enterprise communications through natural language understanding. Cisco will take advantage of Armorblox's predictive and generative AI to help customers bolster their security.

IT 141
article thumbnail

Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor

WIRED Threat Level

Hidden code in hundreds of models of Gigabyte motherboards invisibly and insecurely downloads programs—a feature ripe for abuse, researchers say.

Security 105
article thumbnail

Entity Resolution: Your Guide to Deciding Whether to Build It or Buy It

Adding high-quality entity resolution capabilities to enterprise applications, services, data fabrics or data pipelines can be daunting and expensive. Organizations often invest millions of dollars and years of effort to achieve subpar results. This guide will walk you through the requirements and challenges of implementing entity resolution. By the end, you'll understand what to look for, the most common mistakes and pitfalls to avoid, and your options.

article thumbnail

AI Tech Execs Put AI On Par With Nukes for Extinction Risk

Data Breach Today

Sam Altman, Geoffrey Hinton Say Abating Risk of Extinction Must Be Global Priority Artificial intelligence poses a global risk of extinction tantamount to nuclear war and pandemics, say a who's who of artificial intelligence executives in an open letter that invokes danger without suggesting how to mitigate it. Among the signatories are Sam Altman and Geoffrey Hinton.

article thumbnail

Can Cloud Services Encourage Better Login Security? Netflix's Accidental Model

Dark Reading

Netflix's unpopular password-sharing policy change had a positive cybersecurity silver lining. Can more B2C service providers nudge their users toward secure authentication?

B2C 94
article thumbnail

Cisco's New XDR Tool Emphasizes Robust Telemetry Correlation

Data Breach Today

Jeetu Patel Says Native Visibility Into Network, Endpoint, Email Benefit Cisco XDR Cisco Security Executive Vice President and General Manager Jeetu Patel said the industry struggles to address multifaceted attacks that originate in email and include bad links, malware downloads to a device and more. Cyber defenders need correlated data from multiple sources of telemetry, he said.

Security 130
article thumbnail

Swiss real estate agency Neho fails to put a password on its systems

Security Affairs

A misconfiguration of Swiss real estate agency Neho’s systems exposed sensitive credentials to the public. Neho, a Switzerland-based real estate agency, leaked credentials recently, potentially allowing threat actors to prey on sensitive data about the company and its clients. A misconfiguration of Swiss real estate agency Neho’s systems exposed sensitive credentials to the public.

article thumbnail

Deliver Mission Critical Insights in Real Time with Data & Analytics

In the fast-moving manufacturing sector, delivering mission-critical data insights to empower your end users or customers can be a challenge. Traditional BI tools can be cumbersome and difficult to integrate - but it doesn't have to be this way. Logi Symphony offers a powerful and user-friendly solution, allowing you to seamlessly embed self-service analytics, generative AI, data visualization, and pixel-perfect reporting directly into your applications.

article thumbnail

Cyberattack Diverts Patients From Rural Idaho Hospital

Data Breach Today

Ambulances Being Diverted to Other Facilities; Clinic Care Limited A community hospital and its clinics in rural Idaho are diverting ambulances and some patients to other facilities as the entities recover from a cyberattack discovered on Monday. The incident spotlights ongoing healthcare sector cyber challenges, especially in rural communities.

IT 130
article thumbnail

Chinese Hacking of US Critical Infrastructure

Schneier on Security

Everyone is writing about an interagency and international report on Chinese hacking of US critical infrastructure. Lots of interesting details about how the group, called Volt Typhoon , accesses target networks and evades detection.

Access 91
article thumbnail

Integrating Generative AI Into the Threat Detection Process

Data Breach Today

In this episode of "Cybersecurity Insights," Chen Burshan and Amir Shachar of Skyhawk Security discuss how they integrated generative AI into their threat detection process and significantly increased the speed and lowered the costs of detecting breaches based by focusing on anomalous activity.

article thumbnail

Experts warn of backdoor-like behavior within Gigabyte systems

Security Affairs

Researchers discovered a suspected backdoor-like behavior within Gigabyte systems that exposes devices to compromise. Researchers from firmware security firm Eclypsium have discovered a suspected backdoor-like behavior within Gigabyte systems. The experts discovered that the firmware in Gigabyte systems drops and executes a Windows native executable during the system startup process.

article thumbnail

10 Rules for Managing Apache Cassandra

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

article thumbnail

Apple Patched System Integrity Protection Bypass Flaw

Data Breach Today

Microsoft Researchers Say Flaw Allowed Hackers to Load Undetectable Malware A now-patched macOS vulnerability allowed attackers with root access to bypass a kernel-level security feature that prevents malicious software from modifying protected files. An attacker could use the exploit to load malware that was shielded by Apple's System Integrity Protection.

Access 130
article thumbnail

Threat actors are exploiting Barracuda Email Security Gateway bug since October 2022

Security Affairs

Recently disclosed zero-day flaw in Barracusa Email Security Gateway (ESG) appliances had been actively exploited by attackers since October 2022. The network security solutions provider Barracuda recently warned customers that some of its Email Security Gateway (ESG) appliances were recently breached by threat actors exploiting a now-patched zero-day vulnerability.

article thumbnail

Investment May Be Down, but Cybersecurity Remains a Hot Sector

Dark Reading

There's still a great deal of capital available for innovative companies helping businesses secure their IT environments.

article thumbnail

Connected products at the edge

IBM Big Data Hub

There are many overlapping business usage scenarios involving both the disciplines of the Internet of Things (IoT) and edge computing. But there is one very practical and promising use case that has been commonly deployed without many people thinking about it: connected products. This use case involves devices and equipment embedded with sensors, software and connectivity that exchange data with other products, operators or environments in real-time.

article thumbnail

Using Data & Analytics for Improving Healthcare Innovation and Outcomes

In the rapidly evolving healthcare industry, delivering data insights to end users or customers can be a significant challenge for product managers, product owners, and application team developers. The complexity of healthcare data, the need for real-time analytics, and the demand for user-friendly interfaces can often seem overwhelming. But with Logi Symphony, these challenges become opportunities.

article thumbnail

Microsoft found a new bug that allows bypassing SIP root restrictions in macOS

Security Affairs

Apple fixed a vulnerability discovered by Microsoft researchers that lets attackers with root privileges bypass System Integrity Protection (SIP). Researchers from Microsoft discovered a vulnerability, tracked as CVE-2023-32369 and dubbed Migraine, that can allow attackers with root privileges to bypass System Integrity Protection (SIP). System Integrity Protection (also referred to as rootless) is a macOS security feature introduced in OS X El Capitan (2015) (OS X 10.11).

article thumbnail

Spear Phishing Trends in 2023

KnowBe4

50% of organizations surveyed were victims of spear phishing attacks in the last twelve months, according to a new report from Barracuda. The report also found that, on average, organizations receive five “highly personalized spear phishing emails per day.

article thumbnail

Salesforce 'Ghost Sites' Expose Sensitive Corporate Data

Dark Reading

Some companies have moved on from using Salesforce. But without remembering to fully deactivate their clouds, Salesforce won't move on from them.

Cloud 96
article thumbnail

Join us at PrestoCon Day, a free virtual community event

IBM Big Data Hub

The Presto Foundation is excited to share its upcoming virtual community conference PrestoCon Day , taking place on 7 June 2023. Register for the free, virtual event What is Presto? Presto is an open-source, fast and reliable SQL query engine that provides one simple ANSI SQL interface for all your data analytics and your open lakehouse. Some of the biggest companies in the world are contributing to the Presto open-source project, including Meta, Uber and Intel.

article thumbnail

10 Rules for Managing Apache Kafka

Without proper guidance, it’s easy to miss out on Kafka’s full capabilities. While not the easiest technology to optimize, Kafka rewards those willing to explore its depths. Under the hood, it is an elegant system for stream processing, event sourcing, and data integration. Download this white paper to learn the 10 critical rules that will help you optimize your Kafka system and unlock its full potential.

article thumbnail

The University of Virginia Records and Information Management Office wins NAGARA Program Excellence Award

IG Guru

The NAGARA Program Excellence Award recognizes collaborative and innovative government archives and records management programs or initiatives. Recipients of this award demonstrate a commitment to creativity and partnering with people and groups outside of their own office.

article thumbnail

Russian Ransomware Cybercriminal Behind $200 Million in Damages is Sanctioned by the U.S. Government

KnowBe4

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has identified and designated Mikhail Matveev for his role in ransomware attacks back 2021.

article thumbnail

Mirai Variant Opens Tenda, Zyxel Gear to RCE, DDoS

Dark Reading

Researchers have observed several cyberattacks leveraging a botnet called IZ1H9, which exploits vulnerabilities in exposed devices and servers running on Linux.

84