Mon.Apr 10, 2023

article thumbnail

White House Probes Classified Intelligence 'Discord Leaks'

Data Breach Today

Leaks Likely as Significant as Snowden Files, Vault 7, Shadow Brokers, Expert Says The Biden administration is probing how highly classified military and intelligence documents detailing national security secrets came to be leaked via Discord servers and social media. Experts say the leaked documents appear to be genuine, although some have been crudely doctored.

Military 257
article thumbnail

New U.S. FDA Draft Guidance Outlines Path To Faster Modification of AI/ML-Enabled Devices

Data Matters

The U.S. Food and Drug Administration (FDA or Agency) has issued new draft guidance on “Marketing Submission Recommendations for a Predetermined Change Control Plan for Artificial Intelligence/Machine Learning (AI/ML)-Enabled Device Software Functions” 1 that discusses a “science-based approach to ensuring that AI/ML-enabled devices can be safely, effectively, and rapidly modified, updated, and improved in response to new data.” 2 This approach should offer more certainty to industry as FDA’s

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How Much Damage Would US Action Against Kaspersky Inflict?

Data Breach Today

Enforcement Action Could Deal Fatal Blow to Kaspersky's North American Business Further punishment of Moscow-based Kaspersky by the Biden administration could be the final nail in the coffin of the company's deeply wounded North American business. The U.S. Commerce Department is weighing enforcement action against the Russian cybersecurity giant under its online security rules.

article thumbnail

Apps for Sale: Cybercriminals Sell Android Hacks for Up to $20K a Pop

Dark Reading

The marketplace for malicious Google Play applications and app-takeover tools is thriving, thanks to novel hacking techniques and lax enterprise security.

Sales 118
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Samsung employees unwittingly leaked company secret data by using ChatGPT

Security Affairs

Samsung employees have unwittingly leaked top secret data by providing them to the popular chatbot service ChatGPT. Samsung employees have shared internal documents, including meeting notes and source code, with the popular chatbot service ChatGPT. ChatGPT uses data provided by the users to train itself and build its experience, with the risk that this data can be available to other users that will query the popular chatbot.

More Trending

article thumbnail

Verify Apple ID domains with ABM

Jamf

Creating managed Apple IDs in Apple Business Manager with your company's domain is a convenient way to use Apple at Work. Learn how to verify your domain in this blog.

97
article thumbnail

How the right data and AI foundation can empower a successful ESG strategy

IBM Big Data Hub

A well-designed data architecture should support business intelligence and analysis, automation, and AI—all of which can help organizations to quickly seize market opportunities, build customer value, drive major efficiencies, and respond to risks such as supply chain disruptions. A well-designed data foundation can also be a game-changer when it comes to managing ESG (environmental, social, and governance) commitments.

article thumbnail

Sophos patches three issues in the Sophos Web Security appliance, one of them rated as critical

Security Affairs

Sophos addressed three vulnerabilities in Sophos Web Appliance, including a critical flaw that can lead to code execution. Cybersecurity vendor Sophos addressed three vulnerabilities in Sophos Web Appliance, including a critical flaw, tracked as CVE-2023-1671 (CVSS score of 9.8), that can lead to code execution. The CVE-2023-1671 flaw is a pre-auth command injection issue that resides in the warn-proceed handler, it affects appliances older than version 4.3.10.4.

article thumbnail

Alarming Tax Phishing Campaign Targets US with Malware

KnowBe4

Researchers at Securonix are tracking an ongoing phishing campaign dubbed “TACTICAL#OCTOPUS” that’s been targeting users in the US with tax-related phishing emails.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

CISA adds zero-day bugs in iPhones, Macs, and iPads to its Known Exploited Vulnerabilities catalog

Security Affairs

US Cybersecurity and Infrastructure Security Agency (CISA) added two flaws in iPhones, Macs, and iPads to its Known Exploited Vulnerabilities catalog. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the following five new issues to its Known Exploited Vulnerabilities Catalog: CVE-2023-28205 – Apple Multiple Products WebKit Use-After-Free Vulnerability; CVE-2023-28206 – Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability; This wee

IT 91
article thumbnail

High-Stakes Ransomware Response: Know What Cards You Hold

Dark Reading

When ransomware strikes, how much should you gamble on your resources and opponents' intentions? Here's how to deal yourself a rational, informed way to weigh your options after an attack.

article thumbnail

Iran-linked MERCURY APT behind destructive attacks on hybrid environments

Security Affairs

Iran-linked APT group MERCURY is behind destructive attacks on hybrid environments masquerading as a ransomware operation. The Microsoft Threat Intelligence team observed a series of destructive attacks on hybrid environments that were carried out by MuddyWater APT group (aka MERCURY ). Threat actors masqueraded the attacks as a standard ransomware operation.

article thumbnail

Pair of Apple Zero-Days Under Active Exploit; Patch & Update Accordingly

Dark Reading

Unpatched Macs, iPhones, and iPads open to browser takeover and system kernel-level malicious code execution, Apple warns.

105
105
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

SD Worx shuts down UK and Ireland services after cyberattack

Security Affairs

Belgian HR giant SD Worx was forced to shut down its IT infrastructure for its UK and Ireland services after a cyber attack. HR and payroll management firm SD Worx shut down its IT systems for its UK and Ireland services after a cyber attack. The company employs more than 7,000 HR professionals and serves over 5.2 million employees every month. The company claims a client base of over 82,000.

article thumbnail

How and Why to Put Multicloud to Work

Dark Reading

Complex multicloud environments present organizations with security challenges, but also opportunities for efficiency.

article thumbnail

How Biometrics Strike the Right Balance Between Convenience and Security

HID Global

Learn how biometrics helps safeguard banking information while delivering exceptional customer experience.

article thumbnail

Adding to Our Team

The Texas Record

The records management assistance team at the Texas State Library and Archives Commission welcomes our newest analysts, Sahar Arafat-Ray and Sebastian Loza! Read more about Sahar who is now the point of contact for local governments in the West-North region of Texas. The West-North region is comprised of the following counties: Archer Eastland Montague Tarrant Clay Erath Palo Pinto Wichita Comanche Hood Parker Wise Cooke Jack Somervell Young Denton Johnson Stephens Read more about Sebastian who

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Russia's Joker DPR Claims Access to Ukraine Troop Movement Data

Dark Reading

A hacktivist group working with Russia claims it breached DELTA, the Ukrainian battlefield management system (BMS).

Access 88
article thumbnail

Can a performance and incentives gamification program drive agent performance?

OpenText Information Management

In today’s fast-paced and ever-evolving contact center landscape, performance and efficiency are critical factors in achieving business success. To achieve optimal results, contact centers must rely on their agents to perform at their peak, and for that, they must be motivated and engaged. One powerful strategy that can be used to improve agent performance and … The post Can a performance and incentives gamification program drive agent performance?

article thumbnail

Renewed Focus on Incident Response Brings New Competitors and Partnerships

Dark Reading

Microsoft and others are doubling down on incident response, adding services and integrating programs to make security analysts and IR engagements more efficient.

article thumbnail

How can a performance and incentives gamification program drive agent performance?

OpenText Information Management

In today’s fast-paced and ever-evolving contact center landscape, performance and efficiency are critical factors in achieving business success. To achieve optimal results, contact centers must rely on their agents to perform at their peak, and for that, they must be motivated and engaged. One powerful strategy that can be used to improve agent performance and … The post How can a performance and incentives gamification program drive agent performance?

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

CISA Warns of 5 Actively Exploited Security Flaws: Urgent Action Required via The Hacker News

IG Guru

Check out the article here.

article thumbnail

GUEST ESSAY: Cyber hygiene need not be dreary — why engaging training is much more effective

The Last Watchdog

Instilling a culture of cyber security at your organization requires your people to maintain a high level of knowledge and awareness about cyber security risks—and that takes an effective, impactful, and ongoing security awareness program. Related: Deploying employees as human sensors However, a security awareness program is only as good as its content.

article thumbnail

LLMs and Phishing

Schneier on Security

Here’s an experiment being run by undergraduate computer science students everywhere: Ask ChatGPT to generate phishing emails, and test whether these are better at persuading victims to respond or click on the link than the usual spam. It’s an interesting experiment, and the results are likely to vary wildly based on the details of the experiment.

Phishing 110
article thumbnail

[INFOGRAPHIC] The Forrester Total Economic Impact™ of KnowBe4 by the Numbers

KnowBe4

KnowBe4 commissioned Forrester Consulting to conduct a Total Economic Impact TM study* examining the potential Return on Investment (ROI) enterprises might realize by deploying KnowBe4's Security Awareness Training and Simulated Phishing and PhishER platforms.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

The three-layered approach to network data monetization

IBM Big Data Hub

Automated operations in the modern state-of-the-art telco networks, such as 5G Core, O-RAN and SDN, all follow the same pattern. The main enabler is the entity that streamlines collection and consumption of the network state. This is Network Data and Analytics Function (NWDAF) in 5G Core, Radio Intelligent Controller (RIC) in O-RAN and SDN Controller in Software Defined Networks.