Fri.Feb 09, 2024

article thumbnail

Internet-Exposed Water PLCs Are Easy Targets for Iran

Data Breach Today

Researchers Find Unprotected Unitronics Devices Here's one reason why Iranian state hackers may have been able to target Israeli-made pressure-monitoring controllers used by American water systems: Nearly 150 of the controllers are exposed to the internet - and some still use the default password 1111.

Passwords 306
article thumbnail

Juniper Support Portal Exposed Customer Device Info

Krebs on Security

Until earlier this week, the support website for networking equipment vendor Juniper Networks was exposing potentially sensitive information tied to customer products, including which devices customers bought, as well as each product’s warranty status, service contracts and serial numbers. Juniper said it has since fixed the problem, and that the inadvertent data exposure stemmed from a recent upgrade to its support portal.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

As Elections Loom, So Do Adversaries' Influence Operations

Data Breach Today

US, UK, South Korea and India Most Targeted for Election Interference, Experts Warn With over 1 billion people across more than 50 countries - including the U.S., the U.K. and India - due to hold elections this year, one open question remains: How can nations combat adversaries who attempt to influence elections or otherwise interfere via physical, cyber or operational means?

297
297
article thumbnail

Mapping AI Readiness Content at AIIM Conference 2024

AIIM

Artificial Intelligence is a key focus of AIIM's new strategy , which the AIIM Board of Directors debuted in January 2024. So it's only fitting that AI take the lead at the AIIM Conference 2024 in San Antonio, Texas, April 3-5.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Large Language Models Won't Replace Hackers

Data Breach Today

UK AI Safety Institute Says LLMs Can't Give Novice Hackers Advanced Capabilities Large language models may boost the capabilities of novice hackers but are of little use to threat actors past their salad days, concludes a British governmental evaluation. "There may be a limited number of tasks in which use of currently deployed LLMs could increase the capability of a novice.

287
287

More Trending

article thumbnail

HHS Rule Aligns Substance Disorder Privacy Regs With HIPAA

Data Breach Today

Final Rule for 42 CFR Part 2 Changes Aims to Improve Patient Care Coordination The Department of Health and Human Services has finalized regulations to better align federal requirements for the confidentiality of substance use disorder records with privacy protections afforded under HIPAA. The aim is to improve care coordination while enhancing sensitive data protections.

Privacy 278
article thumbnail

New Know-Your-Customer and Reporting Rules Proposed for Cloud Providers: Five Key Takeaways

Data Matters

Last week, the U.S. Department of Commerce published a notice of proposed rulemaking ( NPRM ) implementing Executive Orders (EO) 13984 and 14110 to prevent “foreign malicious cyber actors” from accessing U.S. infrastructure as a service products 1 (IaaS Rule). The IaaS Rule seeks to strengthen the U.S. government’s ability to track “foreign malicious cyber actors” who have relied on U.S.

Cloud 158
article thumbnail

Authorities Take Down Seller of Widely Used RAT Malware

Data Breach Today

2 Men Arrested in Malta, Nigeria for Hawking Malware on Hacking Forums Since 2012 Federal authorities have seized internet domains and arrested two men in Malta and Nigeria who they say served as sales and customer service reps for a dark web business that sold RAT malware to cybercriminals over a 12-year period, leading to the "takeover and infection of computers worldwide.

Sales 277
article thumbnail

Your CVSS Questions Answered

IT Governance

What the Common Vulnerability Scoring System is, how to use it, limitations and alternatives, and key changes in CVSS v4.0 Our senior penetration tester Leon Teale has more than ten years’ experience performing penetration tests for clients in various industries all over the world. In addition, he’s won hackathon events in the UK and internationally, and is accredited for multiple bug bounties.

IoT 117
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

White House Launches First-Ever AI Safety Consortium

Data Breach Today

The National Group Will Develop Guidelines for AI Safety, Security and Red-Teaming Officials said the Artificial Intelligence Safety Institute Consortium will provide a "critical forum" for the public and private sectors as the federal government aims to use input from more than 200 stakeholders across public society to develop AI safety and security standards.

article thumbnail

Exploiting a vulnerable Minifilter Driver to create a process killer

Security Affairs

Researcher demonstrated how to exploit a signed Minifilter Driver in a BYOVD attack to terminate a specific process from the kernel. Exploiting a signed Minifilter Driver that can be used to used the BYOVD attack technique to a program able to terminate a specific process from the kernel. Exploiting a vulnerable Minifilter Driver to create a process killer Bring Your Own Vulnerable Driver (BYOVD) is a technique that uses a vulnerable driver in order to achieve a specific goal.

article thumbnail

ISMG Editors: What CISOs Should Prepare for in 2024

Data Breach Today

Joe Sullivan Also Discusses Identity Management, AI, State of Information Sharing In the latest weekly update, Joe Sullivan, CEO of Ukraine Friends, joins three editors at ISMG to discuss the challenges of being a CISO in 2024, growing threats from disinformation, vulnerabilities in MFA, AI's role in cybersecurity, and the obstacles to public-private information sharing.

article thumbnail

Browser-Based Phishing Attacks Increase 198%, With Evasive Attacks Increasing 206%

KnowBe4

A new report shows massive increases in browser attacks in the second half of 2023, with over 31,000 threats specifically designed to bypass security solution detection.

Phishing 114
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

Security Affairs

Fortinet warns that the recently discovered critical remote code execution flaw in FortiOS SSL VPN, tracked CVE-2024-21762, is being actively exploited. Fortinet is warning that the recently discovered critical remote code execution vulnerability in FortiOS SSL VPN, tracked as CVE-2024-21762 (CVSS score 9.6), is actively exploited in attacks in the wild.

Military 104
article thumbnail

No, Toothbrushes Were Not Used in a Massive DDoS Attack

Schneier on Security

The widely reported story last week that 1.5 million smart toothbrushes were hacked and used in a DDoS attack is false. Near as I can tell, a German reporter talking to someone at Fortinet got it wrong , and then everyone else ran with it without reading the German text. It was a hypothetical, which Fortinet eventually confirmed. Or maybe it was a stock-price hack.

IT 100
article thumbnail

Ivanti warns of a new auth bypass flaw in its Connect Secure, Policy Secure, and ZTA gateway devices

Security Affairs

Ivanti warns customers of a new authentication bypass vulnerability in its Connect Secure, Policy Secure, and ZTA gateway devices. Ivanti has warned customers of a new high-severity security vulnerability, tracked as CVE-2024-22024 (CVSS score 8.3), in its Connect Secure, Policy Secure, and ZTA gateway devices that could allow attackers to bypass authentication.

Security 102
article thumbnail

Calculating Materiality for SEC Rule 1.05

KnowBe4

The U.S. Securities and Exchange Commission (SEC), through a new requirement of Item 1.05 of the 8-K, requires that all regulated companies report significant cybersecurity breaches within four business days of determining that the incident was “material”.

article thumbnail

The Big Payoff of Application Analytics

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

article thumbnail

Patchwork Using Romance Scam Lures to Infect Android Devices with VajraSpy Malware via the Hacker News

IG Guru

Check out the story here. The post Patchwork Using Romance Scam Lures to Infect Android Devices with VajraSpy Malware via the Hacker News first appeared on IG GURU.

article thumbnail

2054, Part V: From Tokyo With Love

WIRED Threat Level

“Had this all been contrived? Had his life become a game in which everyone knew the rules but him?” An exclusive excerpt from 2054: A Novel.

article thumbnail

CNIL Publishes 2024 Investigation Focus Plan

Hunton Privacy

On February 8, 2024, the French Data Protection Authority (the “CNIL”) announced the priority topics for its inspections in 2024. In 2024, the CNIL will focus its investigations on the following priority topics: Data Collection for the Olympic and Paralympic Games. As millions of individuals are expected to travel to France for the Olympic and Paralympic Games this year, the CNIL will focus on verifying the measures that are deployed for security purposes ( e.g. , the use of QR codes for restr

article thumbnail

Vint Cerf: Maybe We Need an Internet Driver’s License

John Battelle's Searchblog

Vint Cerf is one of the most recognizable figures in the pantheon of Internet figures – and as he enters his ninth decade of a remarkable life, one of its most accomplished. I had the honor of interviewing Dr. Cerf last month as part of the “ Rebooting Democracy in the Age of AI” lecture series hosted by the Burnes Center for Social Change at Northeastern University.

article thumbnail

A Tale of Two Case Studies: Using LLMs in Production

Speaker: Tony Karrer, Ryan Barker, Grant Wiles, Zach Asman, & Mark Pace

Join our exclusive webinar with top industry visionaries, where we'll explore the latest innovations in Artificial Intelligence and the incredible potential of LLMs. We'll walk through two compelling case studies that showcase how AI is reimagining industries and revolutionizing the way we interact with technology. Some takeaways include: How to test and evaluate results 📊 Why confidence scoring matters 🔐 How to assess cost and quality 🤖 Cross-platform cost vs. quality tr

article thumbnail

What’s Next in Children’s Privacy: An Update on the FTC’s Proposed Changes to the COPPA Rule

Hunton Privacy

Hunton Andrews Kurth is hosting a webinar discussing the Federal Trade Commission’s proposed revisions to the Children’s Online Privacy Protection Rule ( i.e. , the COPPA Rule) on February 20, 2024, at 12:00 p.m. (ET). Hunton partners Phyllis Marcus and Lisa Sotto will discuss the FTC’s recent proposal to strengthen federal protections for children’s privacy and the implications of the new changes, if enacted, for organizations.

Privacy 64
article thumbnail

Google’s On The Field Now. Is It Being Too Cautious?

John Battelle's Searchblog

Google’s Gemini launch. As hype escalated around the debut of ChatGPT more than a year ago, I predicted that OpenAI and Microsoft would rapidly develop consumer subscription service models for their nascent businesses. Later that year I wrote a piece speculating that Google would inevitably follow suit. If Google was smart, and careful, it had a chance to become “ the world’s largest subscription service.” From that piece: Google can’t afford to fall behind as its closest

IT 58
article thumbnail

Acumatica Unveils New Features, Celebrates Customers at Annual Summit

Information Matters

Cloud ERP provider Acumatica showcased new capabilities and celebrated customer growth at its annual summit this week. The event highlighted Acumatica’s focus on customer feedback to drive product development. “Our Read more The post Acumatica Unveils New Features, Celebrates Customers at Annual Summit appeared first on Information Matters - Where AI Meets Knowledge Management.

Cloud 52
article thumbnail

Leadership 4.0: How to be an effective leader in a digitalized world

Docuware

Digitalization has fundamentally changed the leadership role. Authoritarian bosses, micromanagement and hierarchical thinking are a thing of the past. This is because traditional management structures can’t respond quickly to constantly changing market conditions and new customer demands. Instead, today’s leaders are called upon to exercise their emotional intelligence as well as business savvy and coach rather than give orders.

article thumbnail

Monetizing Analytics Features

Think your customers will pay more for data visualizations in your application? Five years ago, they may have. But today, dashboards and visualizations have become table stakes. Turning analytics into a source of revenue means integrating advanced features in unique, hard-to-steal ways. Download this white paper to discover which features will differentiate your application and maximize the ROI of your analytics.

article thumbnail

GenAI Reshaping Europe’s Intelligent Automation Landscape

Information Matters

A new report by Information Services Group (ISG) finds that advancements in generative AI are starting to reshape the European market for intelligent automation, though hype remains high. The ISG Read more The post GenAI Reshaping Europe’s Intelligent Automation Landscape appeared first on Information Matters - Where AI Meets Knowledge Management.

article thumbnail

The most important AI trends in 2024

IBM Big Data Hub

2022 was the year that generative artificial intelligence (AI) exploded into the public consciousness, and 2023 was the year it began to take root in the business world. 2024 thus stands to be a pivotal year for the future of AI, as researchers and enterprises seek to establish how this evolutionary leap in technology can be most practically integrated into our everyday lives.

article thumbnail

10 Major Benefits of Cloud-Native Application Development

eSecurity Planet

Cloud-native application development combines organizational and technical changes in the design, build, and deployment of software in the cloud to deliver value faster and improve overall business efficiency. This includes using cloud-native principles, services, architecture, and DevOps processes to build scalable, flexible, and resilient systems.

Cloud 96