Fri.Feb 09, 2024

article thumbnail

Juniper Support Portal Exposed Customer Device Info

Krebs on Security

Until earlier this week, the support website for networking equipment vendor Juniper Networks was exposing potentially sensitive information tied to customer products, including which devices customers bought, as well as each product’s warranty status, service contracts and serial numbers. Juniper said it has since fixed the problem, and that the inadvertent data exposure stemmed from a recent upgrade to its support portal.

article thumbnail

As Elections Loom, So Do Adversaries' Influence Operations

Data Breach Today

US, UK, South Korea and India Most Targeted for Election Interference, Experts Warn With over 1 billion people across more than 50 countries - including the U.S., the U.K. and India - due to hold elections this year, one open question remains: How can nations combat adversaries who attempt to influence elections or otherwise interfere via physical, cyber or operational means?

242
242
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Mapping AI Readiness Content at AIIM Conference 2024

AIIM

Artificial Intelligence is a key focus of AIIM's new strategy , which the AIIM Board of Directors debuted in January 2024. So it's only fitting that AI take the lead at the AIIM Conference 2024 in San Antonio, Texas, April 3-5.

article thumbnail

Internet-Exposed Water PLCs Are Easy Targets for Iran

Data Breach Today

Researchers Find Unprotected Unitronics Devices Here's one reason why Iranian state hackers may have been able to target Israeli-made pressure-monitoring controllers used by American water systems: Nearly 150 of the controllers are exposed to the internet - and some still use the default password 1111.

Passwords 238
article thumbnail

The Tumultuous IT Landscape Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Black Basta ransomware gang hacked Hyundai Motor Europe

Security Affairs

Black Basta ransomware gang claims the hack of the car maker Hyundai Motor Europe and the theft of three terabytes of their data. BleepingComputer reported that the Car maker Hyundai Motor Europe was breached by the Black Basta ransomware gang. The threat actors claim to have stolen three terabytes of data from the company. In January the company experienced IT issues, the outage was likely caused by the ransomware attack, but the company did not disclose it.

More Trending

article thumbnail

New Know-Your-Customer and Reporting Rules Proposed for Cloud Providers: Five Key Takeaways

Data Matters

Last week, the U.S. Department of Commerce published a notice of proposed rulemaking ( NPRM ) implementing Executive Orders (EO) 13984 and 14110 to prevent “foreign malicious cyber actors” from accessing U.S. infrastructure as a service products 1 (IaaS Rule). The IaaS Rule seeks to strengthen the U.S. government’s ability to track “foreign malicious cyber actors” who have relied on U.S.

Cloud 156
article thumbnail

Large Language Models Won't Replace Hackers

Data Breach Today

UK AI Safety Institute Says LLMs Can't Give Novice Hackers Advanced Capabilities Large language models may boost the capabilities of novice hackers but are of little use to threat actors past their salad days, concludes a British governmental evaluation. "There may be a limited number of tasks in which use of currently deployed LLMs could increase the capability of a novice.

212
212
article thumbnail

No, Toothbrushes Were Not Used in a Massive DDoS Attack

Schneier on Security

The widely reported story last week that 1.5 million smart toothbrushes were hacked and used in a DDoS attack is false. Near as I can tell, a German reporter talking to someone at Fortinet got it wrong , and then everyone else ran with it without reading the German text. It was a hypothetical, which Fortinet eventually confirmed. Or maybe it was a stock-price hack.

IT 121
article thumbnail

HHS Rule Aligns Substance Disorder Privacy Regs With HIPAA

Data Breach Today

Final Rule for 42 CFR Part 2 Changes Aims to Improve Patient Care Coordination The Department of Health and Human Services has finalized regulations to better align federal requirements for the confidentiality of substance use disorder records with privacy protections afforded under HIPAA. The aim is to improve care coordination while enhancing sensitive data protections.

Privacy 204
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Exploiting a vulnerable Minifilter Driver to create a process killer

Security Affairs

Researcher demonstrated how to exploit a signed Minifilter Driver in a BYOVD attack to terminate a specific process from the kernel. Exploiting a signed Minifilter Driver that can be used to used the BYOVD attack technique to a program able to terminate a specific process from the kernel. Exploiting a vulnerable Minifilter Driver to create a process killer Bring Your Own Vulnerable Driver (BYOVD) is a technique that uses a vulnerable driver in order to achieve a specific goal.

article thumbnail

Authorities Take Down Seller of Widely Used RAT Malware

Data Breach Today

2 Men Arrested in Malta, Nigeria for Hawking Malware on Hacking Forums Since 2012 Federal authorities have seized internet domains and arrested two men in Malta and Nigeria who they say served as sales and customer service reps for a dark web business that sold RAT malware to cybercriminals over a 12-year period, leading to the "takeover and infection of computers worldwide.

Sales 202
article thumbnail

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

Security Affairs

Fortinet warns that the recently discovered critical remote code execution flaw in FortiOS SSL VPN, tracked CVE-2024-21762, is being actively exploited. Fortinet is warning that the recently discovered critical remote code execution vulnerability in FortiOS SSL VPN, tracked as CVE-2024-21762 (CVSS score 9.6), is actively exploited in attacks in the wild.

Military 101
article thumbnail

ISMG Editors: What CISOs Should Prepare for in 2024

Data Breach Today

Joe Sullivan Also Discusses Identity Management, AI, State of Information Sharing In the latest weekly update, Joe Sullivan, CEO of Ukraine Friends, joins three editors at ISMG to discuss the challenges of being a CISO in 2024, growing threats from disinformation, vulnerabilities in MFA, AI's role in cybersecurity, and the obstacles to public-private information sharing.

article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

article thumbnail

Ivanti warns of a new auth bypass flaw in its Connect Secure, Policy Secure, and ZTA gateway devices

Security Affairs

Ivanti warns customers of a new authentication bypass vulnerability in its Connect Secure, Policy Secure, and ZTA gateway devices. Ivanti has warned customers of a new high-severity security vulnerability, tracked as CVE-2024-22024 (CVSS score 8.3), in its Connect Secure, Policy Secure, and ZTA gateway devices that could allow attackers to bypass authentication.

article thumbnail

Your CVSS Questions Answered

IT Governance

What the Common Vulnerability Scoring System is, how to use it, limitations and alternatives, and key changes in CVSS v4.0 Our senior penetration tester Leon Teale has more than ten years’ experience performing penetration tests for clients in various industries all over the world. In addition, he’s won hackathon events in the UK and internationally, and is accredited for multiple bug bounties.

IoT 99
article thumbnail

Browser-Based Phishing Attacks Increase 198%, With Evasive Attacks Increasing 206%

KnowBe4

A new report shows massive increases in browser attacks in the second half of 2023, with over 31,000 threats specifically designed to bypass security solution detection.

article thumbnail

2054, Part V: From Tokyo With Love

WIRED Threat Level

“Had this all been contrived? Had his life become a game in which everyone knew the rules but him?” An exclusive excerpt from 2054: A Novel.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Patchwork Using Romance Scam Lures to Infect Android Devices with VajraSpy Malware via the Hacker News

IG Guru

Check out the story here. The post Patchwork Using Romance Scam Lures to Infect Android Devices with VajraSpy Malware via the Hacker News first appeared on IG GURU.

article thumbnail

Calculating Materiality for SEC Rule 1.05

KnowBe4

The U.S. Securities and Exchange Commission (SEC), through a new requirement of Item 1.05 of the 8-K, requires that all regulated companies report significant cybersecurity breaches within four business days of determining that the incident was “material”.

article thumbnail

CNIL Publishes 2024 Investigation Focus Plan

Hunton Privacy

On February 8, 2024, the French Data Protection Authority (the “CNIL”) announced the priority topics for its inspections in 2024. In 2024, the CNIL will focus its investigations on the following priority topics: Data Collection for the Olympic and Paralympic Games. As millions of individuals are expected to travel to France for the Olympic and Paralympic Games this year, the CNIL will focus on verifying the measures that are deployed for security purposes ( e.g. , the use of QR codes for restr

article thumbnail

Google’s On The Field Now. Is It Being Too Cautious?

John Battelle's Searchblog

Google’s Gemini launch. As hype escalated around the debut of ChatGPT more than a year ago, I predicted that OpenAI and Microsoft would rapidly develop consumer subscription service models for their nascent businesses. Later that year I wrote a piece speculating that Google would inevitably follow suit. If Google was smart, and careful, it had a chance to become “ the world’s largest subscription service.” From that piece: Google can’t afford to fall behind as its closest

IT 59
article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

What’s Next in Children’s Privacy: An Update on the FTC’s Proposed Changes to the COPPA Rule

Hunton Privacy

Hunton Andrews Kurth is hosting a webinar discussing the Federal Trade Commission’s proposed revisions to the Children’s Online Privacy Protection Rule ( i.e. , the COPPA Rule) on February 20, 2024, at 12:00 p.m. (ET). Hunton partners Phyllis Marcus and Lisa Sotto will discuss the FTC’s recent proposal to strengthen federal protections for children’s privacy and the implications of the new changes, if enacted, for organizations.

Privacy 67
article thumbnail

Acumatica Unveils New Features, Celebrates Customers at Annual Summit

Information Matters

Cloud ERP provider Acumatica showcased new capabilities and celebrated customer growth at its annual summit this week. The event highlighted Acumatica’s focus on customer feedback to drive product development. “Our Read more The post Acumatica Unveils New Features, Celebrates Customers at Annual Summit appeared first on Information Matters - Where AI Meets Knowledge Management.

Cloud 52
article thumbnail

Leadership 4.0: How to be an effective leader in a digitalized world

Docuware

Digitalization has fundamentally changed the leadership role. Authoritarian bosses, micromanagement and hierarchical thinking are a thing of the past. This is because traditional management structures can’t respond quickly to constantly changing market conditions and new customer demands. Instead, today’s leaders are called upon to exercise their emotional intelligence as well as business savvy and coach rather than give orders.

article thumbnail

GenAI Reshaping Europe’s Intelligent Automation Landscape

Information Matters

A new report by Information Services Group (ISG) finds that advancements in generative AI are starting to reshape the European market for intelligent automation, though hype remains high. The ISG Read more The post GenAI Reshaping Europe’s Intelligent Automation Landscape appeared first on Information Matters - Where AI Meets Knowledge Management.

article thumbnail

Launching LLM-Based Products: From Concept to Cash in 90 Days

Speaker: Christophe Louvion, Chief Product & Technology Officer of NRC Health and Tony Karrer, CTO at Aggregage

Christophe Louvion, Chief Product & Technology Officer of NRC Health, is here to take us through how he guided his company's recent experience of getting from concept to launch and sales of products within 90 days. In this exclusive webinar, Christophe will cover key aspects of his journey, including: LLM Development & Quick Wins 🤖 Understand how LLMs differ from traditional software, identifying opportunities for rapid development and deployment.

article thumbnail

What Is a Next-Generation Firewall?

eSecurity Planet

A next generation firewall (NGFW) performs deep packet inspection to check the contents of the data flowing through the firewall. Unlike more basic firewalls that only check the header of data packets, NGFWs examine and evaluate the payload data within the packet. This deep packet inspection provides the basis for the various NGFW features that improve malware blocking.

article thumbnail

Friday Squid Blogging: A Penguin Named “Squid”

Schneier on Security

Amusing story about a penguin named “Squid.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.

Security 110
article thumbnail

Vint Cerf: Maybe We Need an Internet Driver’s License

John Battelle's Searchblog

Vint Cerf is one of the most recognizable figures in the pantheon of Internet figures – and as he enters his ninth decade of a remarkable life, one of its most accomplished. I had the honor of interviewing Dr. Cerf last month as part of the “ Rebooting Democracy in the Age of AI” lecture series hosted by the Burnes Center for Social Change at Northeastern University.