Thu.Feb 22, 2024

article thumbnail

Breach Roundup: More Fallout From the LockBit Takedown

Data Breach Today

Also: Avast Agrees to $16.5 Million Civil Penalty to Settle Privacy Investigation This week: more fallout from LockBit, Avast to pay $16.5M, Russia-linked group targeted mail servers, no indication that AT&T was hacked, analysis of a patched Apple flaw, Microsoft enhanced logging, an Android banking Trojan, North Korean hackers and a baking giant fell to ransomware.

article thumbnail

European Commission to Establish AI Office

Hunton Privacy

On January 24, 2024, the European Commission announced that it had published the Commission Decision establishing the European AI Office (the “Decision”). The AI Office will be established within the Commission as part of the administrative structure of the Directorate-General for Communication Networks, Content and Technology , and subject to its annual management plan.

Risk 106
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

LockBit Group Prepared New Crypto-Locker Before Takedown

Data Breach Today

Numerous Impediments Remain If Administrators Attempt to Reboot the Operation The notorious ransomware-as-a-service group LockBit, disrupted by law enforcement this week, was developing a new version of its crypto-locking malware prior to being shut down, security researchers reported. Even so, experts say it's unlikely the group would be able to successfully reboot.

article thumbnail

Multiple XSS flaws in Joomla can lead to remote code execution

Security Affairs

Joomla maintainers have addressed multiple vulnerabilities in the popular content management system (CMS) that can lead to execute arbitrary code. The maintainers of the Joomla! Project released Joomla 5.0.3 and 4.4.3 versions that addressed the following vulnerabilities in the popular content management system (CMS): [ 20240201 ] – CVE-2024-21722 Core – Insufficient session expiration in MFA management views: The MFA management features did not properly terminate existing user sessi

CMS 102
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

LockBit Ransomware Group Building New Locker Before Takedown

Data Breach Today

Numerous Impediments Remain, Should Administrators Attempt to Reboot Operation The notorious ransomware-as-a-service group LockBit, disrupted by law enforcement this week, was developing a new version of its crypto-locking malware prior to being disrupted, security researchers report. Even so, experts say it's unlikely the group would be able to successfully reboot.

More Trending

article thumbnail

Change Healthcare Cyber Outage Disrupts Firms Nationwide

Data Breach Today

HHS Issues Special Alert Urging Providers and Contractors to 'Stay Vigilant' Change Healthcare - a unit of Optum that provides IT services and applications to hundreds of U.S. pharmacies, payers and healthcare providers - is dealing with a cyber incident that has forced the company to take its applications offline enterprisewide. The company said is triaging the situation.

IT 254
article thumbnail

CISA orders federal agencies to fix ConnectWise ScreenConnect bug in a week

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds ConnectWise ScreenConnect bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a ConnectWise ScreenConnect vulnerability, tracked as CVE-2024-1709 , to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is an authentication bypass vulnerability issue that an attacker with network access to the management interface can exploit to create a new,

article thumbnail

Report: Ofcom Unprepared to Implement UK Online Safety Bill

Data Breach Today

UK Parliamentary Committee Says the Agency Is Not Likely to Meet the 2025 Deadline The U.K. telecom regulatory Ofcom faces "significant challenges" in implementing the newly passed Online Safety Act, which is intended to protect children from online harm, says analysis by the House of Commons Committee of Public Accounts.

244
244
article thumbnail

FTC charged Avast with selling users’ browsing data to advertising companies

Security Affairs

US FTC charged cyber security firm Avast with harvesting consumer web browsing data through its browser extension and antivirus and sold it. The US Federal Trade Commission (FTC) has filed charges against cybersecurity firm Avast, accusing it of collecting and selling consumer web browsing data gathered through its browser extension and antivirus services.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Privacy Teams Expected to Guard AI Future

Data Breach Today

Tarun Samtani of International SOS Discusses AI Privacy Implementation Principles In most organizations, the privacy team plays an important role in artificial intelligence implementation and governance. Tarun Samtani, DPO and privacy program director at International SOS, said privacy principles inherently align with the demand for responsible data use of AI technology.

Privacy 244
article thumbnail

New Image/Video Prompt Injection Attacks

Schneier on Security

Simon Willison has been playing with the video processing capabilities of the new Gemini Pro 1.5 model from Google, and it’s really impressive. Which means a lot of scary new video prompt injection attacks. And remember, given the current state of technology, prompt injection attacks are impossible to prevent in general.

IT 93
article thumbnail

Cryptohack Roundup: $26 Million FixedFloat Hack

Data Breach Today

Also: FCA Rounds Up Noncompliant Firms; GoFundMe Shuts Down Tornado Cash Fundraiser This week, FixedFloat lost $26 million in a hack, the U.K. Financial Conduct Authority found illegal promotions of cryptocurrency, GoFundMe shuttered a Tornado Cash fundraiser, and an Australian cop allegedly stole $4 million worth of bitcoins.

242
242
article thumbnail

An Update on the SEC’s Cybersecurity Reporting Rules

Hunton Privacy

As we pass the two-month anniversary of the effectiveness of the U.S. Securities and Exchange Commission’s (“SEC’s”) Form 8-K cybersecurity reporting rules under new Item 1.05, this blog post provides a high-level summary of the filings made to date. Six companies have now made Item 1.05 Form 8-K filings. Three of these companies also have amended their first Form 8-K filings to provide additional detail regarding subsequent events.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Leak Shows Alarm in Congress Over a Russian ‘Threat’ Is a Real Anomaly

WIRED Threat Level

The US Congress was preparing to vote on a key foreign surveillance program last week. Then a wild Russian threat appeared.

Privacy 96
article thumbnail

IBM Cloud delivers enterprise sovereign cloud capabilities

IBM Big Data Hub

As we see enterprises increasingly face geographic requirements around sovereignty, IBM Cloud® is committed to helping clients navigate beyond the complexity so they can drive true transformation with innovative hybrid cloud technologies. We believe this is particularly important with the rise of generative AI. While AI can undoubtedly offer a competitive edge to organizations that effectively leverage its capabilities, we have seen unique concerns from industry to industry and region to re

Cloud 76
article thumbnail

Driving innovation and growth, Reltio powers into 2024

Reltio

Every company needs to unify information from disparate sources, derive actionable insights, and fuel real-time operations in a data-driven world. As a pioneer in data unification and management, Reltio® continues to push the frontiers in empowering customers to realize the full potential of their data and enable digital transformation. Last year represented a watershed moment for us, with major new product launches, high-profile industry recognition, and increased growth in new customers.

article thumbnail

Empower your technical staff with hands-on technology training

IBM Big Data Hub

With a vast amount of technology training and education available today, it’s difficult to know what deserves your attention and what’s just a marketing ploy. Furthermore, most training and education in technology is only offered through text or video, meaning that the learner doesn’t have an opportunity to apply the theory that they are learning.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Security 360 spotlight: Back to basics

Jamf

Jamf’s annual report helps Security teams understand which real-world threats made the greatest impact while underscoring the need for a defense-in-depth security plan to best protect your organization from evolving risk to Mac and mobile platforms.

article thumbnail

Expanding on ethical considerations of foundation models

IBM Big Data Hub

The rise of foundation models that power the growth of generative AI and other AI use cases offers exciting possibilities—yet it also raises new questions and concerns about their ethical design, development, deployment, and use. The IBM AI Ethics Board publication Foundation models: Opportunities, risks and mitigations addresses those concerns and explores the technology’s benefits, risks, guardrails, and mitigations.

Paper 63
article thumbnail

Thanks to Machine Learning, Scientist Finally Recover Text From The Charred Scrolls of Vesuvius via Slashdot.org

IG Guru

Check out the post here. The post Thanks to Machine Learning, Scientist Finally Recover Text From The Charred Scrolls of Vesuvius via Slashdot.org first appeared on IG GURU.

article thumbnail

HID Connects Podcast Season 2 Episode 1: Is There a Generation Gap in the Security Industry?

HID Global

People of different ages think about security differently. We review these inherent differences in this podcast episode.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Here Are the Secret Locations of ShotSpotter Gunfire Sensors

WIRED Threat Level

The locations of microphones used to detect gunshots have been kept hidden from police and the public. A WIRED analysis of leaked coordinates confirms arguments critics have made against the technology.

Privacy 28
article thumbnail

Season 2 Episode 1: Is There a Generation Gap in the Security Industry?

HID Global

People of different ages think about security differently. We review these inherent differences in this podcast episode.

article thumbnail

Archive-It Partner News, February 2024

Archive-It

Introducing ARCHWay ARCHWay, a free Archives Research Compute Hub (ARCH) service, lets you computationally explore web archives in new ways. Users have access to a diverse set of collections, as well as the ARCH user guide with written and video tutorials on how to use and explore ARCH datasets. If you’d like to learn more and request access to your own ARCHWay account, check out the ARCHWay announcement on the Archive-It Blog.

article thumbnail

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign espionage campaigns to the nation’s burgeoning and highly competitive cybersecurity industry.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Operationalizing responsible AI principles for defense

IBM Big Data Hub

Artificial intelligence (AI) is transforming society, including the very character of national security. Recognizing this, the Department of Defense (DoD) launched the Joint Artificial Intelligence Center (JAIC) in 2019, the predecessor to the Chief Digital and Artificial Intelligence Office (CDAO), to develop AI solutions that build competitive military advantage, conditions for human-centric AI adoption, and the agility of DoD operations.