Mon.Jun 05, 2023

article thumbnail

Psychiatry Practice Fined for Posting PHI Online

Data Breach Today

HHS Settlement Is Latest Involving Negative Social Media Responses Federal regulators have once again smacked a healthcare provider with a HIPAA settlement involving patient protected health information that was disclosed in response to a negative online review.

246
246
article thumbnail

The Significance of Diversity, Equity, and Inclusion in Information Management

AIIM

In honor of Pride Month in June, I wanted to share some thoughts about diversity, equity, and inclusion (DEI) in the information management industry. The Value of DEI in the Workplace Extensive research has already established the value of DEI in the workplace, with Boston Consulting Group finding that companies with diverse leadership teams report higher innovation revenue.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Microsoft Attributes MOVEit Transfer Hack to Clop Affiliate

Data Breach Today

UK Payroll Provider Zellis' MOVEit Hack Affects British Airways, Boots and the BBC Microsoft says an affiliate of the Russian-speaking Clop ransomware gang is behind a rash of attacks exploiting a recently patched vulnerability in Progress Software's MOVEit application. Known victims include British payroll provider Zellis, which says eight corporate customers were affected.

article thumbnail

GUEST ESSAY: Using generative AI to support — not replace — overworked cybersecurity pros

The Last Watchdog

As the threat of cybercrime grows with each passing year, cybersecurity must begin utilizing artificial intelligence tools to better combat digital threats. Related: Leveraging human sensors Although AI has become a powerful weapon, there’s concern it might be too effective compared to human cybersecurity professionals — leading to layoffs and replacements.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Microsoft Pays $20M to Settle FTC COPPA Complaint

Data Breach Today

FTC Says Violations Stem From XBox Live Registration Process Microsoft will pay $20 million to settle a U.S. federal investigation into whether the computing giant violated children's privacy protections during the XBox Live registration process. The Federal Trade Commission accused the company of a slew of infractions.

Privacy 255

More Trending

article thumbnail

Iowa Reports Third Big Vendor Breach This Year

Data Breach Today

Latest Breach Affects 234,000 Individuals; Involves Recent MCNA Insurance Co. Hack The Iowa Department of Health and Human Services has reported to federal regulators its third major health data breach involving a vendor since April. This time, Iowa HHS/Medicaid says the data of nearly 234,000 individuals was compromised in a mega hack recently reported by MCNA Insurance Co.

Insurance 234
article thumbnail

Digitizing Records: File Format Requirements

National Archives Records Express

This is the sixth in a series of posts supporting the publication of 36 CFR section 1236 subpart E – Digitizing Permanent Records. All of the posts have been collected under the 36 CFR Section 1236 category. Digital PDP11 DIGITAL EQUIPMENT MODEL 704 AND 420. NAID: 17423632 This week we continue to review the new rule 36 CFR 1236 Subpart E. In this post, we discuss § 1236.48–File Format Requirements.

Paper 96
article thumbnail

Why Rubrik Is Looking to Break Cybersecurity's IPO Dry Spell

Data Breach Today

Data Protection Titan Could Raise More than $750M Through 2024 IPO, Reuters Reports Despite the beating new publicly traded security companies have taken during the economic downturn, Rubrik is looking to test its luck in the public market. Reuters reported Monday the firm is working with Goldman Sachs, Barclays and Citigroup in preparation for an IPO that could take place in 2024.

article thumbnail

KeePass fixed the bug that allows the extraction of the cleartext master password

Security Affairs

KeePass addressed the CVE-2023-32784 bug that allows the extraction of the cleartext master password from the memory of the client. KeePass has addressed the CVE-2023-32784 vulnerability, which allowed the retrieval of the clear-text master password from the client’s memory. KeePass is a free and open-source software used to securely manage passwords.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Why Cyber Defenders Need Partnerships, Tools and Education

Data Breach Today

In this episode of "Cybersecurity Insights," Lonnie Price of Peraton discusses the importance of partnerships between the public and private sectors to help Ukrainians with the war effort. He also shares how we can become better educated and more efficient as cyber defenders.

Education 130
article thumbnail

[FBI ALERT] Skin Deep: The Scary Reality of New Deepfake-Enabled Sextortion

KnowBe4

Today, the FBI alerted warned against a new even more disgusting type of sextortion. Previously, these schemes involved coerced or stolen digital material, but now some criminals are using technology to create explicit content from innocent images or videos found online. This information comes from today's alert by the FBI's Internet Crime Complaint Center (IC3).

93
article thumbnail

The Software-Defined Car

Schneier on Security

Developers are starting to talk about the software-defined car. For decades, features have accumulated like cruft in new vehicles: a box here to control the antilock brakes, a module there to run the cruise control radar, and so on. Now engineers and designers are rationalizing the way they go about building new models, taking advantage of much more powerful hardware to consolidate all those discrete functions into a small number of domain controllers.

Risk 94
article thumbnail

Microsoft blames Clop ransomware gang for ‘MOVEit Transfer’ attacks

Security Affairs

Microsoft attributes the recent campaign exploiting a zero-day in the MOVEit Transfer platform to the Clop ransomware gang. The Clop ransomware gang (aka Lace Tempest ) is credited by Microsoft for the recent campaign that exploits a zero-day vulnerability, tracked as CVE-2023-34362 , in the MOVEit Transfer platform. Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Clop extortion

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Gigabyte Slams Backdoor Shut With Attack-Killing BIOS Update

Dark Reading

A firmware update for hundreds of Gigabyte PC models gets rid of a backdoor capability that could be hijacked by cybercriminals, the company says.

96
article thumbnail

Idaho Hospitals hit by a cyberattack that impacted their operations

Security Affairs

Last week two eastern Idaho hospitals and their clinics were hit by a cyberattack that temporarily impacted their operations. Last week the Idaho Falls Community Hospital was hit by a cyber attack that impacted its operations. Officials at the hospital confirmed that some clinics closed due to the cyber attack and some ambulances have been diverted to nearby hospitals.

article thumbnail

Microsoft Links MOVEit Attack to Cl0p as British Airways, BBC Fall

Dark Reading

Some billion-dollar organizations have already been identified as victims of the prolific ransomware group's latest exploit, amidst ongoing attacks.

article thumbnail

Spanish bank Globalcaja confirms Play ransomware attack

Security Affairs

Play ransomware group claims responsibility for a ransomware attack that hit Globalcaja, one of the major banks in Spain. Globalcaja is a financial institution in the autonomous community of Castilla-La Mancha, it has more than 300 offices across Spain and provides banking services to more than half a million clients. Globalcaja was the victim of a Play ransomware attack that impacted operations at several offices of the bank.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Moonlighter Satellite Offers In-Orbit Target for Space Hackers

Dark Reading

Moonlighter, which offers red teams a chance at operational disruption, will be up for pwning at in August, timed with DEF CON.

97
article thumbnail

New Phishing Campaign Uses Hyperlinked Images for Fake Gift Cards and Promotions

KnowBe4

A phishing campaign is using hyperlinked images in order to trick users into visiting malicious sites, according to Jeremy Fuchs at Avanan. The emails contain images that offer gift cards or promotions for Delta or Kohls.

article thumbnail

Experts warn of a surge of TrueBot activity in May 2023

Security Affairs

VMware’s Carbon Black Managed Detection and Response (MDR) team observed a surge of TrueBot activity in May 2023. Researchers at VMware’s Carbon Black Managed Detection and Response (MDR) team warn of a surge of TrueBot activity in May 2023. Truebot has been active since 2017 and some researchers linked it to the Silence Group , while a recent investigation linked it to threat actor TA505 (aka Evil Corp).

article thumbnail

Apple Expands Its On-Device Nudity Detection to Combat CSAM

WIRED Threat Level

Instead of scanning iCloud for illegal content, Apple’s tech will locally flag inappropriate images for kids. And adults are getting an opt-in nudes filter too.

IT 81
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

British Airways, BBC and Boots were impacted the by Zellis data breach

Security Affairs

The BBC and British Airways were both impacted by the data breach suffered by the payroll provider Zellis. As a result of the cyber attack on the payroll provider Zellis, the personal data of employees at the BBC and British Airways has been compromised and exposed. “Zellis, a payroll company based in the UK, is understood to have been impacted by a cyber security attack targeting file transfer company MOVEit, with British Airways among the firms impacted” reported The Mirror. “

article thumbnail

Don't Overlook Twitter's Trove of Threat Intel for Enterprise Cybersecurity

Dark Reading

Social media data can provide critical clues to help get ahead of the next cyberattack, experts say.

article thumbnail

Texas Amends State Data Breach Notification Law

Hunton Privacy

On May 27, 2023, Texas Governor Greg Abbott signed into law an amendment to Texas’s data breach notification law. The amendment shortens the time period for notifying the Texas Attorney General, requiring notification of a data breach as soon as practicable and not later than 30 days after discovery of the breach. The amendment also requires notification to the Texas Attorney General to be submitted electronically using a form accessed through the Texas Attorney General’s Internet website.

article thumbnail

7 steps for managing the work order process

IBM Big Data Hub

Work orders are the driving force behind any organization’s asset management apparatus. Whenever a person or entity submits a service request, the maintenance team that receives it must create a formal paper and/or digital document that includes all the details of maintenance tasks and outlines a process for completing the tasks. That document is called a work order.

Paper 79
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

After 'Inception' Attack, New Due Diligence Requirements Are Needed

Dark Reading

To stem supply chain attacks, forging a new dynamic of shared cybersecurity hygiene accountability is the right thing to do.

article thumbnail

Magecart campaign abuses legitimate sites to host web skimmers and act as C2

Security Affairs

A new ongoing Magecart web skimmer campaign abuse legitimate websites to act as makeshift command and control (C2) servers. Akamai researchers discovered a new ongoing Magecart web skimmer campaign aimed at stealing personally identifiable information (PII) and credit card information from users in North America, Latin America, and Europe. Magecart attacks target e-commerce websites, the name “Magecart” is derived from the malicious code (JavaScript) typically injected by the attacke

CMS 75
article thumbnail

2.5M Impacted by Enzo Biochem Data Leak After Ransomware Attack

Dark Reading

With the leak of information such as Social Security numbers, in addition to other protected information, 600,000 of the nearly 2.5 million affected are at risk for identity theft.