Fri.Dec 08, 2023

article thumbnail

Europe Reaches Deal on AI Act, Marking a Regulatory First

Data Breach Today

European Union Will Enact Comprehensive Regulations on AI EU officials announced a compromise over a regulation on artificial intelligence in the works since 2021, making the trading bloc first in the world to comprehensively regulate the nascent technology. Europe understands "the importance of its role as global standard setter,” said Thierry Breton.

article thumbnail

Bypassing major EDRs using Pool Party process injection techniques

Security Affairs

Researchers devised a novel attack vector for process injection, dubbed Pool Party, that evades EDR solutions. Researchers from cybersecurity firm SafeBreach devised a set of process injection techniques, dubbed Pool Party, that allows bypassing EDR solutions. They presented the technique at Black Hat Europe 2023. The experts relied on the less-explored Windows thread pools to discover a novel attack vector for process injection.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

ISMG Editors: Ugly Health Data Breach Trends in 2023

Data Breach Today

Also: Top Threat Actors Are Targeting Hospitals; Remembering Steve Katz In the latest weekly update, editors at ISMG discuss the rampant rise in healthcare sector attacks and breaches in 2023, the most common vulnerabilities and targets, and remember the life of the Steve Katz, the world's first CISO who inspired generations of security leaders.

article thumbnail

Nearly Every CIO Identifies at Least One Cyber Threat as a Risk to their Business

KnowBe4

When 97% of CIOs all see things the same way, it’s probably a sign to take the risk of cyber threats seriously – a problem new data shows is only going to get worse in the next five years.

Risk 118
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

ISMG Editors: Call for Cooperation at Black Hat Europe 2023

Data Breach Today

Highlights From the Conference on Improving Public-Private Sector Collaboration In this special edition at Black Hat Europe 2023 in London, three ISMG editors cover the highlights of the conference, including a resounding call for better collaboration between government agencies and the private sector, regulatory trends, and the cautionary tale of ex-Uber CISO Joe Sullivan.

More Trending

article thumbnail

UK Market Regulator Reviews Microsoft's Interest in OpenAI

Data Breach Today

Microsoft and OpenAI Have Intertwined Their Futures, Sparking UK CMA Concern The British antitrust authority is conducting a preliminary review of Microsoft's interest in OpenAI. The agency will examine whether the companies' partnership means Microsoft has material influence or whether it in effect controls more than half of OpenAI voting rights.

Marketing 302
article thumbnail

Phishing Defense: Train Often to Avoid the Bait

KnowBe4

Surveys, unfortunately, show that the vast majority of organizations do little to no security awareness training. The average organization, if it does security awareness training, does it once annually, likely as part of a compliance program.

Phishing 113
article thumbnail

FBI to Evaluate Bids to Delay Reporting Cybersecurity Events

Data Breach Today

SEC Says Large Companies Must Report Material Incidents to Investors as of Dec. 18 The FBI outlined procedures for publicly traded companies to invoke a delay in reporting material cybersecurity incidents to investors as required under a U.S. SEC rule. Regulators allow companies a pause of up to 60 business days and up to 120 business days for a substantial national security risk.

article thumbnail

Cyber Attacks and Data Breaches Cited as the Number One Business Risk for Organizations

KnowBe4

Even when looking at the various kinds of risks to business, cyber attacks still remain the biggest problem. But new data shows there may be a lesson to be learned to minimize losses.

Risk 98
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Feds Warn Health Sector to Watch for Open-Source Threats

Data Breach Today

Apps and Devices Powered by Open-Source Code Are Pervasive in Healthcare Open-source software is pervasive in healthcare. It is used in critical systems such as electronic health records and components contained in medical devices. Federal regulators are urging healthcare sector firms to be vigilant in managing risks and threats involving open-source software.

Risk 298
article thumbnail

In a Win for Defendants, Illinois Supreme Court Holds That Health Care Exemption Under BIPA Is Not Limited to Patients’ Biometric Information

Data Matters

For the third time in 2023, the Illinois Supreme Court addressed the scope of the Illinois Biometric Information Privacy Act (BIPA) — this time in Mosby v. Ingalls Memorial Hospital. In a unanimous decision, the court held that BIPA’s “health care exemption” is not limited to patients’ biometric information (such as fingerprint scans), but also extends to biometric information collected, used, or stored for health care treatment, payment, or operations — regardless of its source. 1 This deci

Privacy 88
article thumbnail

'Krasue' Linux RAT Targets Organizations in Thailand

Data Breach Today

RAT Is Tailored to Exploit Vulnerabilities in Linux Kernel Versions Hackers targeted telecommunications companies in Thailand with a Linux remote access Trojan designed to attack different versions of the open-source kernel, researchers say. Dubbed "Krasue," the malware poses a "severe risk to critical systems and sensitive data," says Group-IB researchers.

Risk 286
article thumbnail

Founder of Bitzlato exchange has pleaded for unlicensed money transmitting

Security Affairs

Anatoly Legkodymov, the founder of the Bitzlato cryptocurrency exchange has pleaded in a money-laundering scheme. Anatoly Legkodymov (41) (aka Anatolii Legkodymov, Gandalf, and Tolik), the Russian founder of the unlicensed Bitzlato cryptocurrency exchange, has pleaded guilty in a money-laundering scheme. The police arrested Legkodymov in Miami in January, he was charged in a U.S. federal court with conducting a money-transmitting business that transported and transmitted illicit funds and that f

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Proof of Concept: A Guide to Navigating Software Liability

Data Breach Today

Also: Vendor Self-Attestation vs. Third Parties; Safe Harbor Guidelines In the latest "Proof of Concept," Chris Hughes, co-founder and CISO of Aquia, join editors at ISMG to discuss the nuances around software liability, how organizations are integrating standards development practices, and guidelines for determining when a supplier qualifies for safe harbor.

286
286
article thumbnail

New Bluetooth Attack

Schneier on Security

New attack breaks forward secrecy in Bluetooth. Three. news articles. The vulnerability has been around for at least a decade.

article thumbnail

Leveraging CISA Known Exploited Vulnerabilities: Why attack surface vulnerability validation is your strongest defense 

IBM Big Data Hub

With over 20,000 Common Vulnerabilities and Exposures (CVEs) being published each year 1 , the challenge of finding and fixing software with known vulnerabilities continues to stretch vulnerability management teams thin. These teams are given the impossible task of driving down risk by patching software across their organization, with the hope that their efforts will help to prevent a cybersecurity breach.

Risk 76
article thumbnail

How to get ready for your data cloud migration (Hint: Start with data intelligence)

Collibra

Migrating to the cloud? You’re not alone. We live in the era of the cloud. Industry research makes it clear. Nearly 5 out of 10 senior IT managers have a cloud-first policy for deploying new applications, according to a recent TechTarget survey. More than 9 out of 10 have either a cloud-first or a hybrid cloud policy (1). And more than 85% of organizations will embrace cloud-first as a principle by 2025, according to Gartner (2).

Cloud 59
article thumbnail

The Big Payoff of Application Analytics

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

article thumbnail

The software-defined vehicle: The architecture behind the next evolution of the automotive industry

IBM Big Data Hub

More and more consumers now expect their vehicles to offer an experience no different from that offered by other smart devices. They seek full integration into their digital lives, desiring a vehicle that can manage their operations, add functionality and enable new features primarily or entirely through software. According to a GMI report , the global software-defined vehicle (SDV) market is expected to achieve a CAGR of 22.1% between 2023 and 2032.

article thumbnail

Meet software delivery deadlines using OpenText DevOps Aviator

OpenText Information Management

When rumors about an upcoming software release start spreading, everyone always wants to know two things: What are we getting? When are we getting it? Answering the first question is usually pretty easy, but the second one is far more complicated. No one has a crystal ball to see into the future, and even the … The post Meet software delivery deadlines using OpenText DevOps Aviator appeared first on OpenText Blogs.

IT 57
article thumbnail

How to build a successful risk mitigation strategy

IBM Big Data Hub

As Benjamin Franklin once said, “If you fail to plan, you are planning to fail.” This same sentiment can be true when it comes to a successful risk mitigation plan. The only way for effective risk reduction is for an organization to use a step-by-step risk mitigation strategy to sort and manage risk, ensuring the organization has a business continuity plan in place for unexpected events.

Risk 74
article thumbnail

Automating Basic Treasury Functions 

OpenText Information Management

Optimizing cash flow and mitigating risk are two of the most critical tasks for treasury departments. Yet, the demands placed on the treasury team often involve labor-intensive tasks that tie up valuable resources and expose organizations to unnecessary risks. Fortunately, as technology advances, automating these essential treasury functions has become increasingly accessible.

Risk 57
article thumbnail

A Tale of Two Case Studies: Using LLMs in Production

Speaker: Tony Karrer, Ryan Barker, Grant Wiles, Zach Asman, & Mark Pace

Join our exclusive webinar with top industry visionaries, where we'll explore the latest innovations in Artificial Intelligence and the incredible potential of LLMs. We'll walk through two compelling case studies that showcase how AI is reimagining industries and revolutionizing the way we interact with technology. Some takeaways include: How to test and evaluate results 📊 Why confidence scoring matters 🔐 How to assess cost and quality 🤖 Cross-platform cost vs. quality tr

article thumbnail

Get ready for change with IBM Cloud Training

IBM Big Data Hub

As generative AI creates new opportunities and transforms cloud operations, it is crucial to learn how to maximize the value of these tools. A recent report from the IBM Institute for Business Value found that 68% of hybrid cloud users already have a formal, organization-wide policy or approach for the use of generative AI. That same report also noted that 58% of global decision makers say that cloud skills remain a considerable challenge.

Cloud 73
article thumbnail

Professional Services for eDiscovery – When is it Time to Ask for Help?

eDiscovery Daily

Software is meant to make our lives easier when it comes to eDiscovery. Automation, artificial intelligence, and advanced search and culling technologies have all reduced the need for hundreds of human hours reviewing documents. Still, there is plenty of work to be done, and even “small” eDiscovery cases can be highly complex and time consuming. When you don’t have permanent resources on hand to take on these additional duties or if a surge in work strains a lean team, professional services can

IT 60
article thumbnail

U.S. Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers via The Hacker News

IG Guru

Check out the article here. The post U.S. Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers via The Hacker News first appeared on IG GURU.

article thumbnail

Reduce Operating Costs with a Digital Document Management System

Docuware

The possibility of an economic downturn during the upcoming year is unsettling, and its potential impact is difficult to predict. But reducing operating expenses (OPEX), which include everything your company spends to keep your business up and running, is sure to have a positive impact on your company’s financial health. Switching from paper-based processes and partial solutions like Google Drive or SharePoint to a digital document management system (DMS), reduces OPEX in every department where

Paper 32
article thumbnail

Monetizing Analytics Features

Think your customers will pay more for data visualizations in your application? Five years ago, they may have. But today, dashboards and visualizations have become table stakes. Turning analytics into a source of revenue means integrating advanced features in unique, hard-to-steal ways. Download this white paper to discover which features will differentiate your application and maximize the ROI of your analytics.

article thumbnail

How to Prevent DNS Attacks: DNS Security Best Practices

eSecurity Planet

Domain name service (DNS) attacks threaten every internet connection because they can deny, intercept, and hijack connections. With the internet playing an increasing role in business, securing DNS plays a critical role in both operations and security. This article explores how to secure the DNS protocol, DNS servers, and DNS access against a spectrum of attacks through: Table of Contents Toggle 3 General DNS Attack Prevention Best Practices Prevention Tips for DNS Server Attacks How to Prevent

article thumbnail

Android barcode scanner app exposes user passwords

Security Affairs

An Android app with over 100k Google Play downloads and a 4.5-star average rating has let an open instance go unchecked, leaving sensitive user data up for grabs. The Cybernews team discovered the Android app Barcode to Sheet leaking sensitive user information and enterprise data stored by app creators. Barcode to Sheet has over 100k downloads on the Google Play store and focuses on e-commerce clients.

Passwords 105
article thumbnail

Infosource Global Capture & IDP Vertical Market Analysis 2022-2023 Update

Info Source

KEY TAKEAWAYS This vertical market assessment is an integral part of Infosource’s analyst services in the Software practice. We analyse industry sectors in key countries around the world and leverage this knowledge in the regional forecasting of the Capture & IDP market. While the digital maturity of all industry sectors has improved as result of emergency digitalisation actions during the pandemic, most organisations yet have to establish a comprehensive strategy that meets the changing req