Krebs on Security
APRIL 27, 2023
A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in.
Weissman's World
APRIL 27, 2023
Many of our fears about Artificial Intelligence (AI) are absolutely terrifying! So, no surprise, it’s becoming a major talking point in the information profession. And while there’s definitely something to be worried about here., it probably isn’t what you think it is. It’ll take just 3 minutes for me to tell you what it is.… Read More » Worried About AI?
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Data Breach Today
APRIL 27, 2023
Point32Health Says Its Harvard Pilgrim Health Care's IT Systems Remain Offline Point32Health, which provides health plans to millions of New Englanders and is Massachusetts' second-largest health insurer, is still struggling to recover 10 days after it identified a ransomware attack that forced the company to take many of its IT systems and functions offline.
WIRED Threat Level
APRIL 27, 2023
No matter what happens with generative AI, its disruptive forces are already beginning to play a role in the fast-approaching US presidential race.
Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage
Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.
Data Breach Today
APRIL 27, 2023
Clop and LockBit Spotted Exploiting Unpatched Print Management Software An affiliate of the Russian-speaking Clop ransomware-as-a-service gang and the LockBit cybercrime group are each exploiting vulnerabilities in popular print management software. PaperCut began urging customers to update their software earlier this month after customer reports of suspicious activity.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Data Breach Today
APRIL 27, 2023
Feds Warn of Vulnerabilities Affecting Illumina's Universal Copy Service Software Federal authorities warn that hackers could take over genetic testing devices manufactured by Illumina, although neither the manufacturer nor the Food and Drug Administration has received reports of attacks. The vulnerabilities affect Illumina's Universal Copy Service software.
Data Protection Report
APRIL 27, 2023
In December 2022, OpenAI released ChatGPT, a powerful AI-powered chatbot that could handle users’ questions and requests for information or content in a convincing and confident manner. The number of users signing up to use the tool increased very rapidly, with users using the tool to write letters, edit text, generate lists, prepare presentations and generate code, among a myriad of other things.
Data Breach Today
APRIL 27, 2023
Intel 471's Michael DeBolt on Why HUMINT is an Imperative, Not an Option Everyone has their favorite threat intelligence feeds, and information sharing is a must between public and private sectors. But don't overlook the power of cyber human intelligence, says Michael DeBolt of Intel 471. In fact, HUMINT is an imperative, not an option, he says.
KnowBe4
APRIL 27, 2023
Poker players and other human lie detectors look for “tells,” that is, a sign by which someone might unwittingly or involuntarily reveal what they know, or what they intend to do. A cardplayer yawns when he’s about to bluff, for example, or someone’s pupils dilate when they’ve successfully drawn to an insider straight.
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
Data Breach Today
APRIL 27, 2023
Tony Bai of A-LIGN Discusses the Changes, Differences in the Two Standards Changes to FedRAMP regulations will have a major impact on cloud services providers, compliance and cybersecurity controls, said Tony Bai, director, federal practice lead, at A-LIGN. Bai offers insight on navigating the U.S government authorization requirements as well as the StateRAMP program.
Schneier on Security
APRIL 27, 2023
Stanford and Georgetown have a new report on the security risks of AI—particularly adversarial machine learning—based on a workshop they held on the topic. Jim Dempsey, one of the workshop organizers, wrote a blog post on the report: As a first step, our report recommends the inclusion of AI security concerns within the cybersecurity programs of developers and users.
eSecurity Planet
APRIL 27, 2023
After two years of development, OpenAI launched GPT-4 last month, and it’s a major leap beyond GPT-3 and even ChatGPT. But in addition to vastly improved reasoning and visual capabilities, GPT-4 also retains many of ChatGPT’s security and privacy issues , in some cases even enhancing them. Here’s a look at some of those issues — including some that came up at this week’s RSA Conference in San Francisco.
KnowBe4
APRIL 27, 2023
A new impersonation scam targets users of the popular pay platform under the guise of the victim having money coming to them and with the goal to obtain Zelle credentials.
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
Troy Hunt
APRIL 27, 2023
I stand by my expression in the image above. It's a perfectly accurate representation of how I looked after receiving the CityJerks breach, clicking on the link to the website then seeing what it actually was 😳 Fortunately, the published email address on their site did go through to someone at TruckerSucker (😳😳) so they're aware of the breach and that it's circulating broadly via a public hacking website.
KnowBe4
APRIL 27, 2023
New data shows how poorly organizations are at identifying – let alone removing – an attacker's foothold, putting themselves at continued risk of further attacks and data breaches.
Dark Reading
APRIL 27, 2023
CISOs who have survived major cyber incidents recommend letting company ethos guide incident response.
WIRED Threat Level
APRIL 27, 2023
The security issues raised by ChatGPT and similar tech are just beginning to emerge, but Rob Joyce says it’s time to prepare for what comes next.
Advertisement
“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.
KnowBe4
APRIL 27, 2023
A new survey points to an overconfidence around organization’s preparedness, despite admitting to falling victim to ransomware attacks – in some cases multiple times.
Dark Reading
APRIL 27, 2023
Researchers observed downloads of installers for the APT's flagship backdoor, MgBot, when users at a Chinese NGO were updating legitimate applications.
Security Affairs
APRIL 27, 2023
RTM ransomware-as-a-service (RaaS) started offering locker ransomware that targets Linux, NAS, and ESXi systems. The Uptycs threat research team discovered the first ransomware binary attributed to the RTM ransomware-as-a-service (RaaS) provider. The new variant of the encryptor targets Linux, NAS, and ESXi hosts, it appears to be based on the source code of Babuk ransomware that was leaked online in 2021.
IBM Big Data Hub
APRIL 27, 2023
While many organizations have established environmental, social and governance (ESG) goals and made ESG commitments, driven by purpose and emerging regulatory requirements, they face several challenges when making the transition from ambition to action. A recent IBM study found that global executives cite inadequate data (41%) as the biggest obstacle to their ESG progress, followed by regulatory barriers (39%), inconsistent standards (37%) and inadequate skills (36%).
Advertisement
If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.
IG Guru
APRIL 27, 2023
April 25, 2023 For the past 18+ months, the National Institute of Standards and Technology (NIST), in collaboration with the HHS Office for Civil Rights (OCR), has been working to update NIST Special Publication (SP) 800-66, Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide, from Revision 1 to Revision 2.
Security Affairs
APRIL 27, 2023
Microsoft revealed that recent attacks against PaperCut servers aimed at distributing Cl0p and LockBit ransomware. Microsoft linked the recent attacks against PaperCut servers to a financially motivated threat actor tracked as Lace Tempest (formerly DEV-0950 ). The group is known to be an affiliate of the Clop ransomware RaaS affiliate, it has been linked to GoAnywhere attacks and Raspberry Robin infection.
Dark Reading
APRIL 27, 2023
The government needs to shift focus and reconsider how it thinks about securing our nation's digital and physical assets.
KnowBe4
APRIL 27, 2023
QBot malware seems to be outliving its competitors through innovative new ways to socially engineer victims into helping install it.
Advertisement
Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.
Dark Reading
APRIL 27, 2023
IT leaders need to ensure Kubernetes clusters don't become a gateway for cybercriminals.
Data Matters
APRIL 27, 2023
On April 25, 2023, the UK government published the Digital Markets, Competition and Consumers Bill (the UK Bill). The Bill proposes wide-ranging reforms to UK competition and consumer law, including obligations for digital platforms designated with so-called “strategic market status” (SMS). The post New UK Digital Markets Regime: Key Differences With the EU Digital Markets Act appeared first on Data Matters Privacy Blog.
Dark Reading
APRIL 27, 2023
As threat actors around the world grow and evolve, APTs from the DPRK stand out for their spread and variety of targets.
Expert insights. Personalized for you.
276 
Let's personalize your content