Thu.Mar 28, 2024

article thumbnail

Breach Roundup: Russian Organizations Losing Microsoft Cloud

Data Breach Today

Also: Hackers Target Apple Password Reset Flaw This week, Russian organizations are losing Microsoft Cloud, hackers targeted an Apple flaw, Germany warned of critical flaws in Microsoft Exchange, an info stealer targeted Indian government agencies and the energy sector, and Finland confirmed APT31's role in a 2020 breach of Parliament.

Cloud 305
article thumbnail

Cisco addressed high-severity flaws in IOS and IOS XE software

Security Affairs

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to trigger a denial-of-service (DoS) condition. Cisco this week released patches to address multiple IOS and IOS XE software vulnerabilities. An unauthenticated attacker can exploit several issues fixed by the IT giant to cause a denial-of-service (DoS) condition.

Access 110
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Feds Seek Secure-by-Design Armageddon for SQL Injection Bugs

Data Breach Today

Hackers Continue to Abuse Easily Preventable Vulnerability to Cause Massive Damage What will it take to rid the world of SQL injection vulnerabilities, which remain too easily exploitable by attackers for ransacking databases and worse, despite having been classified as "unforgivable" for nearly two decades? U.S. government cybersecurity officials have thoughts.

Security 293
article thumbnail

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Security Affairs

Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. Google’s Threat Analysis Group (TAG) and its subsidiary Mandiant reported that in 2023 97 zero-day vulnerabilities were exploited in attacks, while in 2022 the actively exploited zero-day flaws were 62.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

UnitedHealth Admits Patient Data Was 'Taken' in Mega Attack

Data Breach Today

US Government Offers $10M Bounty to Track Down Leadership of BlackCat Crime Group UnitedHealth Group has admitted data was "taken" in the cyberattack on Change Healthcare and has just started analyzing the types of personal, financial and health information potentially compromised. The U.S. is offering a $10 million bounty for BlackCat, which claims to have launched the attack.

More Trending

article thumbnail

OMB Issues First Governmentwide AI Risk Mitigation Rules

Data Breach Today

Guidance Calls for Agencies to Appoint Chief AI Officers, Set Up Governance Boards The Office of Management and Budget issued the first-ever governmentwide guidance for mitigating risks associated with the federal use of artificial intelligence, including specific actions agencies must complete within a year to help ensure the responsible use of emerging tools and technologies.

Risk 289
article thumbnail

Hardware Vulnerability in Apple’s M-Series Chips

Schneier on Security

It’s yet another hardware side-channel attack: The threat resides in the chips’ data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CPU cache before it’s actually needed, the DMP, as the feature is abbreviated, reduces latency between the main memory and the CPU, a common bottleneck in modern computing.

article thumbnail

How AI Is Shaping an Inclusive and Diverse Future

Data Breach Today

AI's Transformative Impact and Challenges in Developing Regions AI presents enormous opportunities for reducing inequalities and promoting inclusivity in developing regions, but its deployment must be guided by ethical practices and a conscious effort to integrate diversity and inclusion at every stage. We must leverage AI responsibly.

IT 284
article thumbnail

[New Feature] Start Coaching Your Users in Real Time With the New Google Chat Integration for KnowBe4's SecurityCoach

KnowBe4

Now you can use Google Chat messages to offer immediate security advice the moment a user demonstrates risky behavior through KnowBe4's SecurityCoach.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

UnitedHealth Admits Patient Data Was 'Taken' in Mega Breach

Data Breach Today

US Government Offers $10M Bounty to Track Down Leadership of BlackCat Crime Group UnitedHealth Group has admitted data was "taken" in the cyberattack on Change Healthcare and has just started analyzing the types of personal, financial and health information potentially compromised. The U.S. is offering a $10 million bounty for BlackCat, which claims to have launched the attack.

article thumbnail

Cybersecurity Services combat an APT with NDR

OpenText Information Management

Attackers linked to Iran and China are actively targeting critical infrastructure. Both the U.S. Environmental Protection Agency and National Security Agency have requested that each U.S. State carry out comprehensive assessments of their cybersecurity services and practices. Critical Infrastructure, like water treatment plants, need to defend against network-only level attacks (e.g.

article thumbnail

Federal Elections Commission Considers Regulating AI

Data Breach Today

FEC Commissioner Says Group Is Exploring How to Regulate Campaign Deepfakes The U.S. Federal Elections Commission is determining whether its existing statutory authorities allow it to regulate the use of artificial intelligence in campaign advertisements after receiving thousands of comments from the public about the use of AI in political ads.

article thumbnail

Navigating perpetual healthcare challenges with new thinking and innovation

CGI

Reflecting on my journey in the healthcare sector—from my years as a practitioner, through my tenures as U.S. Army Surgeon General and Secretary of Veterans Affairs, to my time in industry with CGI—I’m struck by the seismic shifts impacting public and private health systems and their stakeholders. Two decades ago, healthcare looked vastly different than it does today.

Access 52
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Securing SMBs Globally: Coro Raises $100M to Go Into Europe

Data Breach Today

Series D Funding Will Strengthen Coro's Channel Program, European Market Presence Coro completed a $100 million Series D round to expand its global footprint and enhance its channel program. The funding aims to address the needs of Europe's expansive midmarket business community through Coro's all-in-one modular cybersecurity platform.

Marketing 280
article thumbnail

The Passwordless World — Put a Secure Fence Around Your Data

HID Global

Dive into passwordless authentication with RFID & FIDO tech. Boost data safety, user experience & cut costs. Explore the shift to a safer, efficient future.

article thumbnail

Cryptohack Roundup: Sam Bankman-Fried Gets 25-Year Sentence

Data Breach Today

Also: US Sanctions for Russia-Linked DeFi, Coinbase Can't Escape SEC Lawsuit This week, Sam Bankman-Fried got 25 years, the U.S sanctioned a Russian fintech, Coinbase can't get out of an SEC lawsuit, Munchables lost millions and had it returned, Curio and ParaSwap had smart contract problems, Hong Kong warned about crypto entities, and TRM Labs reported 2023 crypto trends.

IT 279
article thumbnail

HID Offering a First-of-Its-Kind Design Workshop for Security Consultants

HID Global

HID is set to host an upcoming series of virtual and in-person design workshops providing strategy and guidance to the security specifier community.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

OnDemand | 1 in 3 Breaches Go Undetected: Strengthen Your Defense Against Identity Attacks

Data Breach Today

Insights from recent cyberattacks where weak authentication measures were circumvented Insights from recent cyberattacks where weak authentication measures were circumvented

article thumbnail

New ‘GoFetch’ Apple CPU Attack Exposes Crypto Keys via Security Week

IG Guru

Check out the article here. The post New ‘GoFetch’ Apple CPU Attack Exposes Crypto Keys via Security Week first appeared on IG GURU.

article thumbnail

From Despair to Disruption: Zafran Takes on Cyber Mitigation

Data Breach Today

Amid COVID-19 Ransomware Woes, Sanaz Yashar's Frustration Sparked Zafran's Birth Faced with relentless cyberattacks and the shortcomings of existing defenses, Sanaz Yashar embarked on a journey to create a security risk and mitigation platform, transforming frustration into startup Zafran, which emerged from stealth Thursday with more than $30 million in funding.

article thumbnail

Revolutionizing healthcare: Navigating the opportunities and challenges of AI integration

CGI

Governments around the globe are issuing rules and frameworks for responsible artificial intelligence (AI) development and deployment. In the U.S., the landmark Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence underscores the imperative to ensure the safety and security of AI systems, emphasizing the importance of building trust in these technologies.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

How eDiscovery Technology and Workflows Speed Public Records Requests Response

eDiscovery Daily

This is the second blog in a series on streamlining public records request response. By Rick Clark In the two separate worlds of legal processes and Freedom of Information Act (FOIA)/public records requests, eDiscovery technology and standard workflows have emerged as powerful ways to streamline operations and ensure compliance. Particularly, the handling of FOIA requests and public records requests showcases the potential similarities between these processes and eDiscovery workflows.

FOIA 41
article thumbnail

Private cloud use cases: 6 ways private cloud brings value to enterprise business

IBM Big Data Hub

As cloud computing continues to transform the enterprise workplace, private cloud infrastructure is evolving in lockstep, helping organizations in industries like healthcare, government and finance customize control over their data to meet compliance, privacy, security and other business needs. According to a report from Future Market Insights (link resides outside ibm.com), the global private cloud services market is forecast to grow to USD 405.30 billion by 2033, up from USD 92.64 billion in 2

Cloud 102
article thumbnail

Thread Hijacking: Phishes That Prey on Your Curiosity

Krebs on Security

Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipient’s natural curiosity about being copied on a private discussion, which is modified to include a malicious link or attachment.

Phishing 237
article thumbnail

Jeffrey Epstein's Island Visitors Exposed by Data Broker

WIRED Threat Level

A WIRED investigation uncovered coordinates collected by a controversial data broker that reveal sensitive information about visitors to an island once owned by Epstein, the notorious sex offender.

Privacy 145
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.