Fri.Dec 08, 2023

article thumbnail

Europe Reaches Deal on AI Act, Marking a Regulatory First

Data Breach Today

European Union Will Enact Comprehensive Regulations on AI EU officials announced a compromise over a regulation on artificial intelligence in the works since 2021, making the trading bloc first in the world to comprehensively regulate the nascent technology. Europe understands "the importance of its role as global standard setter,” said Thierry Breton.

article thumbnail

Bypassing major EDRs using Pool Party process injection techniques

Security Affairs

Researchers devised a novel attack vector for process injection, dubbed Pool Party, that evades EDR solutions. Researchers from cybersecurity firm SafeBreach devised a set of process injection techniques, dubbed Pool Party, that allows bypassing EDR solutions. They presented the technique at Black Hat Europe 2023. The experts relied on the less-explored Windows thread pools to discover a novel attack vector for process injection.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

ISMG Editors: Ugly Health Data Breach Trends in 2023

Data Breach Today

Also: Top Threat Actors Are Targeting Hospitals; Remembering Steve Katz In the latest weekly update, editors at ISMG discuss the rampant rise in healthcare sector attacks and breaches in 2023, the most common vulnerabilities and targets, and remember the life of the Steve Katz, the world's first CISO who inspired generations of security leaders.

article thumbnail

Get your IT team battle-ready for the next holiday rush 

IBM Big Data Hub

Last year, almost 200 million people shopped on Black Friday. Online alone, they spent more than $9 billion. This holiday season, shoppers are ready to shop again and they’re prepared to spend even more. Are your IT systems ready to handle any spikes and keep everyone jolly? Or are you worried that incidents—finicky apps, slow page loads or even downtime— might ruin the holiday spirit along with your bottom line?

IT 115
article thumbnail

The Tumultuous IT Landscape Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Feds Warn Health Sector to Watch for Open-Source Threats

Data Breach Today

Apps and Devices Powered by Open-Source Code Are Pervasive in Healthcare Open-source software is pervasive in healthcare. It is used in critical systems such as electronic health records and components contained in medical devices. Federal regulators are urging healthcare sector firms to be vigilant in managing risks and threats involving open-source software.

Risk 249

More Trending

article thumbnail

ISMG Editors: Call for Cooperation at Black Hat Europe 2023

Data Breach Today

Highlights From the Conference on Improving Public-Private Sector Collaboration In this special edition at Black Hat Europe 2023 in London, three ISMG editors cover the highlights of the conference, including a resounding call for better collaboration between government agencies and the private sector, regulatory trends, and the cautionary tale of ex-Uber CISO Joe Sullivan.

article thumbnail

New Bluetooth Attack

Schneier on Security

New attack breaks forward secrecy in Bluetooth. Three. news articles. The vulnerability has been around for at least a decade.

article thumbnail

UK Market Regulator Reviews Microsoft's Interest in OpenAI

Data Breach Today

Microsoft and OpenAI Have Intertwined Their Futures, Sparking UK CMA Concern The British antitrust authority is conducting a preliminary review of Microsoft's interest in OpenAI. The agency will examine whether the companies' partnership means Microsoft has material influence or whether it in effect controls more than half of OpenAI voting rights.

Marketing 239
article thumbnail

Phishing Defense: Train Often to Avoid the Bait

KnowBe4

Surveys, unfortunately, show that the vast majority of organizations do little to no security awareness training. The average organization, if it does security awareness training, does it once annually, likely as part of a compliance program.

Phishing 101
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

FBI to Evaluate Bids to Delay Reporting Cybersecurity Events

Data Breach Today

SEC Says Large Companies Must Report Material Incidents to Investors as of Dec. 18 The FBI outlined procedures for publicly traded companies to invoke a delay in reporting material cybersecurity incidents to investors as required under a U.S. SEC rule. Regulators allow companies a pause of up to 60 business days and up to 120 business days for a substantial national security risk.

article thumbnail

In a Win for Defendants, Illinois Supreme Court Holds That Health Care Exemption Under BIPA Is Not Limited to Patients’ Biometric Information

Data Matters

For the third time in 2023, the Illinois Supreme Court addressed the scope of the Illinois Biometric Information Privacy Act (BIPA) — this time in Mosby v. Ingalls Memorial Hospital. In a unanimous decision, the court held that BIPA’s “health care exemption” is not limited to patients’ biometric information (such as fingerprint scans), but also extends to biometric information collected, used, or stored for health care treatment, payment, or operations — regardless of its source. 1 This deci

Privacy 86
article thumbnail

Proof of Concept: A Guide to Navigating Software Liability

Data Breach Today

Also: Vendor Self-Attestation vs. Third Parties; Safe Harbor Guidelines In the latest "Proof of Concept," Chris Hughes, co-founder and CISO of Aquia, join editors at ISMG to discuss the nuances around software liability, how organizations are integrating standards development practices, and guidelines for determining when a supplier qualifies for safe harbor.

224
224
article thumbnail

Founder of Bitzlato exchange has pleaded for unlicensed money transmitting

Security Affairs

Anatoly Legkodymov, the founder of the Bitzlato cryptocurrency exchange has pleaded in a money-laundering scheme. Anatoly Legkodymov (41) (aka Anatolii Legkodymov, Gandalf, and Tolik), the Russian founder of the unlicensed Bitzlato cryptocurrency exchange, has pleaded guilty in a money-laundering scheme. The police arrested Legkodymov in Miami in January, he was charged in a U.S. federal court with conducting a money-transmitting business that transported and transmitted illicit funds and that f

article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

article thumbnail

'Krasue' Linux RAT Targets Organizations in Thailand

Data Breach Today

RAT Is Tailored to Exploit Vulnerabilities in Linux Kernel Versions Hackers targeted telecommunications companies in Thailand with a Linux remote access Trojan designed to attack different versions of the open-source kernel, researchers say. Dubbed "Krasue," the malware poses a "severe risk to critical systems and sensitive data," says Group-IB researchers.

Risk 210
article thumbnail

Cyber Attacks and Data Breaches Cited as the Number One Business Risk for Organizations

KnowBe4

Even when looking at the various kinds of risks to business, cyber attacks still remain the biggest problem. But new data shows there may be a lesson to be learned to minimize losses.

Risk 86
article thumbnail

Leveraging CISA Known Exploited Vulnerabilities: Why attack surface vulnerability validation is your strongest defense 

IBM Big Data Hub

With over 20,000 Common Vulnerabilities and Exposures (CVEs) being published each year 1 , the challenge of finding and fixing software with known vulnerabilities continues to stretch vulnerability management teams thin. These teams are given the impossible task of driving down risk by patching software across their organization, with the hope that their efforts will help to prevent a cybersecurity breach.

Risk 67
article thumbnail

How to get ready for your data cloud migration (Hint: Start with data intelligence)

Collibra

Migrating to the cloud? You’re not alone. We live in the era of the cloud. Industry research makes it clear. Nearly 5 out of 10 senior IT managers have a cloud-first policy for deploying new applications, according to a recent TechTarget survey. More than 9 out of 10 have either a cloud-first or a hybrid cloud policy (1). And more than 85% of organizations will embrace cloud-first as a principle by 2025, according to Gartner (2).

Cloud 59
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

How to build a successful risk mitigation strategy

IBM Big Data Hub

As Benjamin Franklin once said, “If you fail to plan, you are planning to fail.” This same sentiment can be true when it comes to a successful risk mitigation plan. The only way for effective risk reduction is for an organization to use a step-by-step risk mitigation strategy to sort and manage risk, ensuring the organization has a business continuity plan in place for unexpected events.

Risk 67
article thumbnail

Meet software delivery deadlines using OpenText DevOps Aviator

OpenText Information Management

When rumors about an upcoming software release start spreading, everyone always wants to know two things: What are we getting? When are we getting it? Answering the first question is usually pretty easy, but the second one is far more complicated. No one has a crystal ball to see into the future, and even the … The post Meet software delivery deadlines using OpenText DevOps Aviator appeared first on OpenText Blogs.

IT 57
article thumbnail

The software-defined vehicle: The architecture behind the next evolution of the automotive industry

IBM Big Data Hub

More and more consumers now expect their vehicles to offer an experience no different from that offered by other smart devices. They seek full integration into their digital lives, desiring a vehicle that can manage their operations, add functionality and enable new features primarily or entirely through software. According to a GMI report , the global software-defined vehicle (SDV) market is expected to achieve a CAGR of 22.1% between 2023 and 2032.

article thumbnail

Automating Basic Treasury Functions 

OpenText Information Management

Optimizing cash flow and mitigating risk are two of the most critical tasks for treasury departments. Yet, the demands placed on the treasury team often involve labor-intensive tasks that tie up valuable resources and expose organizations to unnecessary risks. Fortunately, as technology advances, automating these essential treasury functions has become increasingly accessible.

Risk 57
article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

Get ready for change with IBM Cloud Training

IBM Big Data Hub

As generative AI creates new opportunities and transforms cloud operations, it is crucial to learn how to maximize the value of these tools. A recent report from the IBM Institute for Business Value found that 68% of hybrid cloud users already have a formal, organization-wide policy or approach for the use of generative AI. That same report also noted that 58% of global decision makers say that cloud skills remain a considerable challenge.

Cloud 65
article thumbnail

Professional Services for eDiscovery – When is it Time to Ask for Help?

eDiscovery Daily

Software is meant to make our lives easier when it comes to eDiscovery. Automation, artificial intelligence, and advanced search and culling technologies have all reduced the need for hundreds of human hours reviewing documents. Still, there is plenty of work to be done, and even “small” eDiscovery cases can be highly complex and time consuming. When you don’t have permanent resources on hand to take on these additional duties or if a surge in work strains a lean team, professional services can

IT 64
article thumbnail

U.S. Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers via The Hacker News

IG Guru

Check out the article here. The post U.S. Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers via The Hacker News first appeared on IG GURU.

article thumbnail

Reduce Operating Costs with a Digital Document Management System

Docuware

The possibility of an economic downturn during the upcoming year is unsettling, and its potential impact is difficult to predict. But reducing operating expenses (OPEX), which include everything your company spends to keep your business up and running, is sure to have a positive impact on your company’s financial health. Switching from paper-based processes and partial solutions like Google Drive or SharePoint to a digital document management system (DMS), reduces OPEX in every department where

Paper 32
article thumbnail

Launching LLM-Based Products: From Concept to Cash in 90 Days

Speaker: Christophe Louvion, Chief Product & Technology Officer of NRC Health and Tony Karrer, CTO at Aggregage

Christophe Louvion, Chief Product & Technology Officer of NRC Health, is here to take us through how he guided his company's recent experience of getting from concept to launch and sales of products within 90 days. In this exclusive webinar, Christophe will cover key aspects of his journey, including: LLM Development & Quick Wins 🤖 Understand how LLMs differ from traditional software, identifying opportunities for rapid development and deployment.

article thumbnail

How to Prevent DNS Attacks: DNS Security Best Practices

eSecurity Planet

Domain name service (DNS) attacks threaten every internet connection because they can deny, intercept, and hijack connections. With the internet playing an increasing role in business, securing DNS plays a critical role in both operations and security. This article explores how to secure the DNS protocol, DNS servers, and DNS access against a spectrum of attacks through: Table of Contents Toggle 3 General DNS Attack Prevention Best Practices Prevention Tips for DNS Server Attacks How to Prevent

Security 112
article thumbnail

Android barcode scanner app exposes user passwords

Security Affairs

An Android app with over 100k Google Play downloads and a 4.5-star average rating has let an open instance go unchecked, leaving sensitive user data up for grabs. The Cybernews team discovered the Android app Barcode to Sheet leaking sensitive user information and enterprise data stored by app creators. Barcode to Sheet has over 100k downloads on the Google Play store and focuses on e-commerce clients.

Passwords 102
article thumbnail

Infosource Global Capture & IDP Vertical Market Analysis 2022-2023 Update

Info Source

KEY TAKEAWAYS This vertical market assessment is an integral part of Infosource’s analyst services in the Software practice. We analyse industry sectors in key countries around the world and leverage this knowledge in the regional forecasting of the Capture & IDP market. While the digital maturity of all industry sectors has improved as result of emergency digitalisation actions during the pandemic, most organisations yet have to establish a comprehensive strategy that meets the changing req