Krebs on Security

APRIL 4, 2023

Several domain names tied to Genesis Market , a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. Sources tell KrebsOnsecurity the domain seizures coincided with “dozens” of arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly

Marketing 332

Marketing Passwords Authentication Access 332

Data Breach Today

APRIL 4, 2023

Chinese-Owned App Will Pay 12.7 Million Pounds A British government agency added to TikTok's reputational woes by finding it failed to protect children's privacy. TikTok is playing defense in multiple Western countries against concerns it collects massive amounts of data it could use for surveillance or information operations.

Privacy 294

Privacy Government IT 294

Dark Reading

APRIL 4, 2023

In the height of tax-return season, a popular tax prep software service leaves a malicious JavaScript file online for weeks.

140

140

Data Breach Today

APRIL 4, 2023

Tallahassee Memorial Says Patient Data 'Obtained' in February Security Incident A Florida-based community healthcare system has begun notifying about 20,000 individuals whose information was compromised in a data security incident that prompted the organization to operate under its IT downtime procedures, including diverting some emergency patients, for two weeks in February.

Security 277

Security IT 277

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Dark Reading

APRIL 4, 2023

The malware is one of the most sophisticated ransomwares ever seen in the wild, and marks a leap ahead for cybercrime.

Ransomware 133

Ransomware Encryption 133

Hunton Privacy

APRIL 4, 2023

On April 4, 2023, the data protection regulator of the UK, the Information Commissioner’s Office (ICO), issued a fine of a £12.7 million to TikTok Information Technologies UK Limited and TikTok Inc (together, “TikTok”) for a number of breaches of UK data protection law, including failing to use children’s personal data lawfully. In summary, the ICO found that TikTok breached the UK GDPR between May 2018 and July 2020 by: providing its services (i.e., an information society service) to UK childr

Personal data 105

Personal data GDPR IT Information Security 105

Data Breach Today

APRIL 4, 2023

Tranche of Stolen Data Is Disguised Royal Ransomware Installer, Researchers Warn The Royal ransomware group has been running a social engineering campaign designed to trick targets into thinking they've fallen victim to a crypto-locking and data exfiltration attack by giving them a purported list of what was stolen that, if opened, installs Royal ransomware, researchers warn.

Ransomware 162

Ransomware 162

OpenText Information Management

APRIL 4, 2023

Legal teams are looking for ways to improve their prospects and transform their litigation support practices. To understand how pre-existing trends and the pandemic have affected how in-house legal professionals approach eDiscovery, OpenText engaged Ari Kaplan Advisors to anonymously survey corporate legal leaders online and through interviews about their immediate challenges, long-term opportunities and impressions … The post <strong>The Great eDiscovery Reset</strong> ap

Compliance 105

Compliance 105

Data Breach Today

APRIL 4, 2023

CEO Says Ransomware Attack Encrypted, Exfiltrated Legacy Data From 'Old Servers' A West Virginia hospital will soon begin notifying patients and employees affected by ransomware attackers who leaked data on the dark web. Hackers encrypted a handful of servers hosting historic "institutional data," including budget documents, cost reports and payments to vendors.

Encryption 147

Encryption Ransomware 147

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Dark Reading

APRIL 4, 2023

Have you ever wondered how they design blue team exercises? One ransomware and cyber extortion simulation demonstrates the best practices.

Ransomware 113

Ransomware 113

Data Breach Today

APRIL 4, 2023

Six Crypto Wallets Linked to Laundering Confidence Scam Proceeds The U.S. Department of Justice seized virtual assets worth $112 million in a crackdown on "pig butchering," a romance-based cryptocurrency investment scam. Cybercriminals used six accounts to launder funds from cryptocurrency confidence scams, federal prosecutors said.

147

147

KnowBe4

APRIL 4, 2023

In a groundbreaking move, Italy has imposed a ban on the widely popular AI tool ChatGPT. This decision comes in the wake of concerns over possible misinformation, biases and the ethical challenges AI-powered technology presents. The ban has sparked a global conversation, with many speculating whether other countries will follow suit.

Artificial Intelligence 94

Artificial Intelligence 94

Data Breach Today

APRIL 4, 2023

Rob Lalumondier of Sophos on Questions to Ask When Selecting MDR Provider Gartner says by 2025, 50% of companies will be using MDR. What's the compelling business case, and how does it translate to meet the needs of public sector entities? Rob Lalumondier of Sophos shares five reasons to use MDR, as well as key questions to ask when selecting a provider.

IT 130

IT 130

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Hunton Privacy

APRIL 4, 2023

On March 30, 2023, the California Privacy Protection Agency (“CPPA”) announced that California’s Office of Administrative Law (“OAL”) approved the CPPA’s substantive rulemaking package to implement the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CPRA”). The CPPA previously released the draft proposed final CPRA regulations and draft final statement of reasons.

Privacy 94

Privacy IT Cybersecurity 94

Data Breach Today

APRIL 4, 2023

Deal Will Give Cradlepoint Robust Portfolio Across SD-WAN and Security Service Edge Cradlepoint has bought seasoned Israeli security veteran Ericom Software to bring SASE, zero trust and cloud security to hybrid 5G and wireline environments. The deal will help Cradlepoint's SASE and zero trust technology portfolio cover fixed-site, remote worker, in-vehicle and IoT use cases.

Cloud 130

Cloud IoT Security 130

Security Affairs

APRIL 4, 2023

An ALPHV/BlackCat ransomware affiliate was spotted exploiting vulnerabilities in the Veritas Backup solution. An affiliate of the ALPHV/BlackCat ransomware gang, tracked as UNC4466, was observed exploiting three vulnerabilities in the Veritas Backup solution to gain initial access to the target network. Unlike other ALPHV affiliates, UNC4466 doesn’t rely on stolen credentials for initial access to victim environments.

Ransomware 95

Ransomware Authentication Communications Access 95

IG Guru

APRIL 4, 2023

MEMPHIS, Tenn., March 30, 2023 /PRNewswire/ — Vital Records Control (“VRC”) a leading national records and information management provider, is proud to announce that it has updated its sub-brand logos. The new logo designs better represent the company’s suite of high-quality information management solutions that cover the entire information lifecycle—from document capture to secure disposition.

Security 92

Security IT Information governance Government 92

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Security Affairs

APRIL 4, 2023

US CISA has added a Zimbra flaw, which was exploited in attacks targeting NATO countries, to its Known Exploited Vulnerabilities catalog U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Zimbra flaw, tracked as CVE-2022-27926 , to its Known Exploited Vulnerabilities Catalog. The CVE-2022-27926 flaw affects Zimbra Collaboration version 9.0.0, which is used to host publicly-facing webmail portals.

IT 94

IT Military Phishing Passwords 94

KnowBe4

APRIL 4, 2023

BleepingComputer reports that a cybercriminal gang is sending phony ransomware threats to prior victims of ransomware attacks. The gang, which calls itself “Midnight,” claims to have stolen hundreds of gigabytes of data and threatens to leak it if the victim doesn’t pay a ransom.

Ransomware 86

Ransomware IT 86

Security Affairs

APRIL 4, 2023

A new ransomware strain named Rorschach ransomware supports the fastest file-encrypting routine observed to date. Check Point Research (CPR) and Check Point Incident Response Team (CPIRT) researchers detected a previously unknown ransomware strain, dubbed Rorschach ransomware , that was employed in attack against a US-based company. The experts pointed out that the Rorschach ransomware appears to be unique.

Encryption 92

Encryption Ransomware Education Security 92

WIRED Threat Level

APRIL 4, 2023

Digging through manuals for security cameras, a group of gearheads found sinister details and ignited a new battle in the US-China tech war.

Security 100

Security 100

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

IBM Big Data Hub

APRIL 4, 2023

For years IBM has been using cutting-edge AI to improve the digital experiences found in the Masters app. We taught an AI model to analyze Masters video and produce highlight reels for every player, minutes after their round is complete. We built models that generate scoring predictions for every player on every hole. But I believe the “AI Commentary” solution we built this year is the most consequential work we’ve done in the history of our 25-year partnership with the Masters

Metadata 85

Metadata IT Access 85

Security Affairs

APRIL 4, 2023

Threat actors behind the 3CX supply chain attack have targeted a limited number of cryptocurrency companies with a second-state implant. As of Mar 22, 2023, SentinelOne observed a spike in behavioral detections of the 3CXDesktopApp, which is a popular voice and video conferencing software product. The products from multiple cybersecurity vendors started detecting the popular software as malware suggesting that the company has suffered a supply chain attack.

Manufacturing 83

Manufacturing Cybersecurity Education Security 83

KnowBe4

APRIL 4, 2023

New insights from cybersecurity artificial intelligence (AI) company Darktrace shows a 135% increase in novel social engineering attacks from Generative AI.

Artificial Intelligence 82

Artificial Intelligence Cybersecurity 82

Jamf

APRIL 4, 2023

Learn about how to manually prepare stubborn devices with Apple Configurator 2 and also how to add them to Apple Business Manager for greater flexibility when enrolling them into your preferred MDM solution or when deploying special use cases.

MDM 80

MDM 80

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

KnowBe4

APRIL 4, 2023

CyberheistNews Vol 13 #14 | April 4th, 2023 [Eyes on the Prize] How Crafty Cons Attempted a 36 Million Vendor Email Heist The details in this thwarted VEC attack demonstrate how the use of just a few key details can both establish credibility and indicate the entire thing is a scam. It's not every day you hear about a purely social engineering-based scam taking place that is looking to run away with tens of millions of dollars.

Phishing 76

Phishing Security awareness Cybersecurity Education 76

Data Matters

APRIL 4, 2023

2023 is rapidly becoming the year of AI policy and regulation. A particular focus of regulatory concern relates to AI impacts on employees, and the U.S. Equal Employment Opportunity Commission (EEOC) is not sitting on the sidelines. On January 31, 2023, the EEOC held a public hearing to examine the use of automated systems, including artificial intelligence (AI), in employment decisions.

Artificial Intelligence 97

Artificial Intelligence Privacy 97

Dark Reading

APRIL 4, 2023

When runtime application self-protection is held to a higher standard, it can secure thousands of applications and prevent burnout in security teams.

Security 86

Security IT 86