Tue.May 02, 2023

article thumbnail

Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data

Krebs on Security

A sprawling online company based in Georgia that has made tens of millions of dollars purporting to sell access to jobs at the United States Postal Service (USPS) has exposed its internal IT operations and database of nearly 900,000 customers. The leaked records indicate the network’s chief technology officer in Pakistan has been hacked for the past year, and that the entire operation was created by the principals of a Tennessee-based telemarketing firm that has promoted USPS employment we

Marketing 248
article thumbnail

Killer Use Cases for AI Dominate RSA Conference Discussions

Data Breach Today

Use Cases: Cybersecurity Offense, Defense and Safeguarding AI Itself, Experts Say Pre-RSA social media gaming predicted it. Many predicted they would loath it. And it happened: Discussions at this year's RSA conference again and again came back to generative artificial intelligence - but with a twist. Even some of the skeptics professed their conversion to the temple of AI.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST ESSAY: Making the case for leveraging automation to eradicate cybersecurity burnout

The Last Watchdog

The rising complexity and prevalence of cybersecurity threats are making experts anxious. Related: Training employees to mitigate phishing It pressures working analysts to perform 24 hours’ worth of work in an 8-hour day. Automation could alleviate the burden on IT teams and cybersecurity professionals by shouldering some monotonous, time-consuming tasks.

article thumbnail

Police Arrest Shuttered Monopoly Market Drug Sellers

Data Breach Today

Nearly 300 Arrests Made in the US and Europe International law enforcement agencies arrested hundreds in what authorities say is the largest crackdown on illicit drugs over the dark web, also revealing that German law enforcement was behind the December 2021 disappearance of dark web drug marketplace Monopoly Market.

Marketing 167
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Worried About AI? You Should Be (Part 2)

Weissman's World

Did you know that AI today can read the blood flow in your brain and translate your thoughts into words, or reconstitute a mental image into a tangible one? Kinda puts a new spin on the future of privacy, don’t it? I learned this startling fact from this remarkable video from the Center for Humane Technology.… Read More » Worried About AI?

Privacy 120

More Trending

article thumbnail

List of Data Breaches and Cyber Attacks in April 2023 – 4.3 Million Records Breached

IT Governance

Welcome to our April 2023 list of data breaches and cyber attacks. Our research identified 120 publicly disclosed incidents during the month, accounting for 4,353,257 breached records. You can find the full list of data breaches and cyber attacks below, along with our rundown of the biggest incidents of the month. Meanwhile, if you enjoy this sort of cyber security news, be sure to subscribe to our Weekly Round-up to receive the latest stories straight to your inbox.

article thumbnail

How Early-Stage Startups Plan to Use AI for Decision-Making

Data Breach Today

Chenxi Wang of Rain Capital on What Types of Data Should Be Withheld from AI Models Early-stage startups interested in the implementation of artificial intelligence are often concerned about the policies surrounding AI use. While some startups are looking at automating policies, others are building platforms to test the accuracy, integrity and robustness of AI models.

article thumbnail

Don’t pause AI development, prioritize ethics instead

IBM Big Data Hub

The introduction of generative AI systems into the public domain exposed people all over the world to new technological possibilities, implications, and even consequences many had yet to consider. Thanks to systems like ChatGPT, just about anyone can now use advanced AI models that are not only capable of detecting patterns, honing data, and making recommendations as earlier versions of AI would, but also moving beyond that to create new content, develop original chat responses, and more.

Privacy 111
article thumbnail

Insider Threat: Organizations Must Focus on Risk

Data Breach Today

Software Engineering Institute's Randy Trzeciak on Hybrid Workforce, Insider Risk The definition of insider threat seems to have evolved since the hybrid workforce became the norm. More organizations are now talking about the "compromised insider." Randall Trzeciak of Software Engineering Institute said that in the last three years, insider threats have changed to insider risks.

Risk 130
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Google Ads Abused to Lure Corporate Workers to LOBSHOT Backdoor

Dark Reading

The cyberattack campaign, similar to one to spread the Rhadamanthys Stealer, is part of a larger trend by attackers to use malvertising as initial access for ransomware and other threat activity.

article thumbnail

Collaboration Data Challenges Before Litigation (And How Technology Can Help)

Hanzo Learning Center

Collaboration data is essential for many businesses in the digital age. However, determining how long to keep records on communication tools like Slack and Teams has become a challenge due to legal cases. Companies must balance regulatory requirements, business needs, and records hygiene when managing collaboration data. To help with information governance, many organizations are turning to technology.

article thumbnail

Fortinet warns of a spike in attacks against TBK DVR devices

Security Affairs

FortiGuard Labs researchers observed a worrisome level of attacks attempting to exploit an authentication bypass vulnerability in TBK DVR devices. FortiGuard Labs researchers are warning of a spike in malicious attacks targeting TBK DVR devices. Threat actors are attempting to exploit a five-year-old authentication bypass issue, tracked as CVE-2018-9995 (CVSS score of 9.8), in TBK DVR devices.

article thumbnail

Fake Chrome Update Error Messages

KnowBe4

Compromised websites (legitimate sites that have been successfully compromised to support social engineering) are serving visitors fake Google Chrome update error messages.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Jamf Pro 10.46 supports Apple’s Rapid Security Response

Jamf

Jamf Pro supports Rapid Security Response. The first response was released May 1, 2023—learn how to interact with this feature in Jamf Pro.

Security 105
article thumbnail

[Feet on the Ground] Stepping Carefully When Making an AI Your BFF

KnowBe4

Bloomberg's Brad Stone wrote an op-ed covering this topic. In the past month, a chatbot called " My AI " or "Sage" has appeared as a new friend for several hundred million Snapchat users. The chatbot utilizes OpenAI's advanced artificial intelligence tool, ChatGPT. It has shown up unexpectedly at the top of many users' friend lists on the messaging app, which is considered prime app real estate.

article thumbnail

PrivateGPT Tackles Sensitive Info in ChatGPT Prompts

Dark Reading

In an effort to curb employees from entering private data into the AI, ChatGPT is blocked from ingesting more than 50+ types of PII and other sensitive information.

97
article thumbnail

SolarWinds: The Untold Story of the Boldest Supply-Chain Hack

WIRED Threat Level

The attackers were in thousands of corporate and government networks. They might still be there now. Behind the scenes of the SolarWinds investigation.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

NIST Draft Document on Post-Quantum Cryptography Guidance

Schneier on Security

NIST has release a draft of Special Publication1800-38A: Migration to Post-Quantum Cryptography: Preparation for Considering the Implementation and Adoption of Quantum Safe Cryptography.” It’s only four pages long, and it doesn’t have a lot of detail—more “volumes” are coming, with more information—but it’s well worth reading.

IT 94
article thumbnail

FBI and Ukrainian police seized 9 crypto exchanges used by cybercriminals

Security Affairs

A joint operation conducted by the FBI and Ukrainian police seized 9 crypto exchanges used by cybercriminal groups for money laundering. The Cyber ​​Police Department together with the Main Investigative Department of the National Police, the Office of the Prosecutor General of Ukraine and in cooperation with the FBI conducted an international operation that seized nine crypto exchanges used by cybercriminal groups to launder profits from illegal activities, including ransomware attacks and onli

article thumbnail

China 'Innovated' Its Cyberattack Tradecraft, Mandia Says

Dark Reading

Mandiant CEO Kevin Mandia explains why a recently revealed targeted attack by a cyber-espionage group out of China rivals the SolarWinds attack in its complexity, and weighs in on how defenders can best leverage generative AI.

IT 86
article thumbnail

CISA adds TP-Link, Apache, and Oracle bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

US Cybersecurity and Infrastructure Security Agency (CISA) added TP-Link, Apache, and Oracle vulnerabilities to its Known Exploited Vulnerabilities catalog. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the following three new issues to its Known Exploited Vulnerabilities Catalog : CVE-2023-1389 (CVSS score: 8.8) – TP-Link Archer AX-21 Command Injection Vulnerability.

IT 89
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

The Two Best Things You Can Do To Protect Yourself and Organization

KnowBe4

Since the beginning, two types of computer attacks (known as initial root cause exploits ) have composed the vast majority of successful attacks: social engineering and exploiting unpatched vulnerabilities. These two root causes account for somewhere between 50% to 90% of all successful attacks. There are tons of other ways you can be attacked (e.g., password guessing, misconfiguration, eavesdropping, physical attacks, etc.), but all other types of attacks added up all together do not equal eith

article thumbnail

North Korea-linked ScarCruft APT uses large LNK files in infection chains

Security Affairs

North Korea-linked ScarCruft APT group started using oversized LNK files to deliver the RokRAT malware starting in early July 2022. Check Point researchers reported that the infection chains observed in the attacks attributed to North Korea-linked ScarCruft APT group (aka APT37 , Reaper , and Group123 ) since 2022 have stopped heavily relying on malicious documents to deliver malware and instead begun using oversized LNK files embedding malicious payloads. “ROKRAT has not changed signifi

article thumbnail

North Korean APT Gets Around Macro-Blocking With LNK Switch-Up

Dark Reading

APT37 is among a growing list of threat actors that have switched to Windows shortcut files after Microsoft blocked macros last year.

92
article thumbnail

SpecTor operation: 288 individuals arrested in the seizure of marketplace Monopoly Market

Security Affairs

International law enforcement operation SpecTor resulted in the seizure of an online marketplace and the arrest of nearly 300 people. In an international law enforcement operation coordinated by Europol, codenamed ‘SpecTor’, the police seized the illegal dark web marketplace ‘Monopoly Market.’ The law enforcement agencies from nine countries (Austria, France, Germany, the Netherlands, Poland, Brazil, the United Kingdom, the United States, and Switzerland) arrested 288 ind

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

4 Principles for Creating a New Blueprint for Secure Software Development

Dark Reading

Improving the security of the software development process is key to thwarting bad actors.

Security 105
article thumbnail

The first iPhone Rapid Security Response update released by Apple fails to install

Security Affairs

Apple has released its first Rapid Security Response update, but many iPhone users reported problems during the installation of the iOS Security Response. On June 2022, Apple announced that the Rapid Security Response feature would be available starting with iOS 16.4.1, iPadOS 16.4.1, and macOS 13.3.1 operating systems. Once a Rapid Security Response has been installed, a letter will appear after the software version (i.e. iOS 16.4.1 will become iOS 16.4.1 (a)).

article thumbnail

Phishing as an Espionage Tactic for Cybercriminals

KnowBe4

Phishing is a familiar criminal tactic. It’s also used by intelligence services for cyber espionage campaigns. On Friday, April 28th, 2023, CERT-UA, Ukraine’s Computer Emergency Response Team, reported that Russian operators are sending phishing emails that misrepresent themselves as sending instructions on installing a Windows security update.