Thu.Feb 23, 2023

article thumbnail

The Security Perks and Perils of OpenAI on Microsoft Bing

Data Breach Today

OpenAI on Bing Carries Code and Traffic Risks But Will Also Simplify Code Analysis Embedding OpenAI technology in Microsoft Bing will help both hackers and cyber defenders. The AI tool could make it easier for hackers to drive traffic to malicious sites, avoid search engine blocking and distribute malware, but it could also help security teams with code analysis and threat intel.

Security 205
article thumbnail

The IG Business Case is Like Playing with Table Stakes

Weissman's World

Oddly enough, the term “table stakes” applies to information governance (IG) as well as gambling because you’ll usually have but one chance to convince the other people at the table that IG makes good business sense and can’t readily add to your argument. Here’s 171 seconds more about this! The post The IG Business Case is Like Playing with Table Stakes appeared first on Holly Group.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Breach Roundup: Activision, SAS, Dole, Atlassian, VGTRK

Data Breach Today

Incidents at Video Game Maker, Airline, Fruit Processor, SW and Broadcast Companies In this week's roundup of cybersecurity incidents happening around the world, ISMG looks at incidents affecting the maker of the video game Call of Duty, Scandinavian Airlines, renowned fruit and vegetable giant Dole, Australian software maker Atlassian, and Russian broadcast company VGTRK.

article thumbnail

Evasive cryptojacking malware targeting macOS found lurking in pirated applications

Jamf

Over the past few months Jamf Threat Labs has been following a family of malware that resurfaced and has been operating undetected, despite an earlier iteration being a known quantity to the security community. In this article, we’ll examine this malware and the glimpse it offers into the ongoing arms race between malware authors and security researchers as well as highlight the need for enhanced security on Apple devices to ensure their safe and effective use in production environments.

Security 145
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Cryptohack Roundup: Hope Finance, Platypus and Coinbase

Data Breach Today

Plus, New Malware That Demands Crypto Payments Every week, Information Security Media Group rounds up cybersecurity incidents in the world of digital assets. This week, we look at incidents at Hope Finance, decentralized finance firm new malware demanding crypto and a phishing campaign aimed at Coinbase.

Phishing 167

More Trending

article thumbnail

Europe Will 'Streamline' Cross-Border GDPR Enforcement

Data Breach Today

European Commission Anticipates 'Cooperation' Proposal After March The European Commission is preparing a proposal mandating more cooperation among national government agencies charged with enforcing the General Data Protection Regulation. Nationally driven enforcement of the regulation has emerged as a sore point for some during the GDPR's first half decade.

GDPR 157
article thumbnail

Pirated Final Cut Pro for macOS Offers Stealth Malware Delivery

Dark Reading

The number of people who have made the weaponized software available for sharing via torrent suggests that many unsuspecting victims may have downloaded the XMRig coin miner.

107
107
article thumbnail

NLBrute Malware Developer Pleads Not Guilty in US Court

Data Breach Today

NLBrute Used to Perpetuate Ransomware Attacks A Russian national accused by U.S. federal prosecutors of developing an application for decrypting login credentials pleaded not guilty during a first appearance in Tampa federal court. The man, Dariy Pankov, faces seven criminal counts, including conspiracy, access device fraud and computer fraud.

article thumbnail

IT Governance Podcast 2023-4: EU-US Data Privacy Framework, Twitter 2FA, GoDaddy, HardBit 2.0

IT Governance

This week, we discuss the European Parliament Committee on Civil Liberties’s opinion of the EU-US Data Privacy Framework, Twitter’s decision to disable free text-based 2FA, a series of attacks on GoDaddy’s infrastructure and the HardBit 2.0 ransomware group’s negotiation tactics. Now available on Spotify , Amazon Music , Apple Podcasts and SoundCloud.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

LA School District Confirms Student Data Leaked in Attack

Data Breach Today

Admission Comes After Release of Report Finding Sensitive Records on Dark Web Site The Los Angeles Unified School District confirmed that records containing mental health data and other sensitive information of about 2,000 students, including 60 current pupils, were among data leaked in a ransomware attack last fall by Russian hacking group Vice Society.

article thumbnail

87% of Container Images in Production Have Critical or High-Severity Vulnerabilities

Dark Reading

At the inaugural CloudNativeSecurityCon, DevSecOps practitioners discussed how to shore up the software supply chain.

130
130
article thumbnail

Twitter to Charge Users for SMS Two-Factor Authentication in Apparent Security Crackdown

IT Governance

In yet another controversial policy move, Twitter announced this week that it’s removing text-based 2FA (two-factor authentication) for non-paying users. The log-in mechanism is designed to protect people’s accounts from scammers by requiring them to provide second piece of information in addition to a password. This is typically a code generated in an app, sent to an email address or delivered by text message. 2FA is considered an essential part of online security, but Twitter announced last we

article thumbnail

This Will Be the Year of the SBOM, for Better or for Worse

Dark Reading

Sharing attestations on software supply chain data that are formed into a policy will give us a framework to interpret risk and develop compliance directives.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Fortinet FortiNAC CVE-2022-39952 flaw exploited in the wild hours after the release of PoC exploit

Security Affairs

Threat actors are actively exploiting the Fortinet FortiNAC vulnerability CVE-2022-39952 a few hours after the publication of the PoC exploit code. This week, researchers at Horizon3 cybersecurity firm have released a proof-of-concept exploit for a critical-severity vulnerability, tracked as CVE-2022-39952 , in Fortinet’s FortiNAC network access control solution.

article thumbnail

Hydrochasma Threat Group Bombards Targets With Slew of Commodity Malware, Tools

Dark Reading

A previously unidentified threat group uses open source malware and phishing to conduct cyber-espionage on shipping and medical labs associated with COVID-19 treatments and vaccines.

article thumbnail

Autonomous Vehicles – Canada’s Current Legal Framework: Privacy (Part 4)

Data Protection Report

Across the globe, the race is already underway among vehicle manufacturers to develop fully autonomous vehicles (AVs). AVs currently under development make sense of their surroundings and control vehicle operation through data gathered about the outside world. Like other connected vehicles, AVs can also collect and use specific personal information about a driver (e.g., through synced mobile devices, user input) to enable multimedia, navigation, or internet-based applications.

Privacy 85
article thumbnail

Student Medical Records Exposed After LAUSD Breach

Dark Reading

"Hundreds" of special education students' psych records have turned up on the Dark Web. School records like these are covered by FERPA, not HIPAA, so parents have little recourse.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Many cyber operations conducted by Russia are yet to be publicly disclosed, says Dutch intelligence

Security Affairs

Dutch intelligence revealed that many cyber operations attributed to Russia against Ukraine and NATO members have yet to be publicly disclosed. According to a joint report published by the Dutch General Intelligence and Security Service (AIVD), and the Military Intelligence and Security Service (MIVD), many cyber operations conducted by Russia-linked hackers against Ukraine and NATO members during the past year have yet to be publicly disclosed. “Before and during the war, Russian intellig

article thumbnail

Why Are My Employees Integrating With So Many Unsanctioned SaaS Apps?

Dark Reading

Before adopting SaaS apps, companies should set security guardrails to vet new vendors and check security integration for misconfiguration risks.

Risk 90
article thumbnail

Malware Report: The Number of Unique Phishing Emails in Q4 Rose by 36%

KnowBe4

With nearly 280 million phishing emails detected by just one vendor , and the increase in the number of unique emails, organizations have a lot to be worried about in 2023.

article thumbnail

Unanswered Questions Cloud the Recent Targeting of an Asian Research Org

Dark Reading

A novel threat group, utilizing new malware, is out in the wild. But the who, what, where, and why are yet to be determined, and there's evidence of a false-flag operation.

Cloud 81
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

28% of Users Open BEC Emails as BEC Attack Volume Skyrockets by 178%

KnowBe4

New data shows users aren’t scrutinizing emails used in business email compromise (BEC) attacks, allowing critical changes in banking details that would impact the victim's organization financially.

article thumbnail

Cris Thomas: Space Rogue, From L0pht Hacker to IBM Security Influencer

Dark Reading

Security Pro File: The old-school hacker traces a path from young hardware tinkerer to senior cybersecurity executive.

article thumbnail

Batteries Are Ukraine’s Secret Weapon Against Russia

WIRED Threat Level

With Russia regularly knocking out Ukraine’s power grid, the country has turned to high-capacity batteries to keep it connected to the world—and itself.

IT 84
article thumbnail

The alleged author of NLBrute Malware was extradited to US from Georgia

Security Affairs

Dariy Pankov, a Russian VXer behind the NLBrute malware, has been extradited to the United States from Georgia. The Russian national Dariy Pankov, aka dpxaker, is suspected to be the author of the NLBrute malware. The man has been extradited to the United States from Georgia. “Pankov, a citizen and resident of Russia, was taken into custody by Georgian authorities in the Republic of Georgia, on October 4, 2022, and extradited to the United States pursuant to a request from the United Stat

Sales 79
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

You Can’t Trust App Developers’ Privacy Claims on Google Play

WIRED Threat Level

Mozilla researchers found that apps often provide inaccurate data use disclosures, giving people “a false sense of security.

Privacy 92
article thumbnail

W-2s Are Just the Beginning of Tax-Related Scams This Year

KnowBe4

Email scammers can’t pass up a tried and true theme that is almost guaranteed to produce results. And with W-2 forms being sent out, it marks the start of this year’s expected campaigns.

IT 75
article thumbnail

Illinois Supreme Court Clarifies Accrual for Illinois Biometric Privacy Act Claims

Data Matters

For the second time in two weeks, the Illinois Supreme Court clarified the scope of the Illinois Biometric Privacy Act (BIPA) — this time in Cothron v. White Castle. The court, in a 4–3 decision, held that BIPA claims accrue each time biometric data is collected or transmitted, and not just the first time. 1 The post Illinois Supreme Court Clarifies Accrual for Illinois Biometric Privacy Act Claims appeared first on Data Matters Privacy Blog.

Privacy 88