Data Breach Today
MARCH 30, 2023
M&T Bank's Karen Boyer on Why First-Party Fraud Is Hard for Banks to Detect The U.S. Consumer Financial Protection Bureau is mulling over whether to reimburse consumers for online scams and fraud, but this regulatory change could lead to an increase in first-party fraud, cautioned Karen Boyer, senior vice president of financial crimes at M&T Bank.
AIIM
MARCH 30, 2023
Then you better start swimmin' Or you'll sink like a stone For the times they are a - changin'. When Bob Dylan wrote his famous song “The Times They Are a - Changin” in 1963, it was an anthem for the era and the civil rights movement. Dylan’s ageless lyrics still resonate today as we navigate political, economic, societal, and technological changes.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Data Breach Today
MARCH 30, 2023
Buhti and IceFire Ransom Groups Tied to Attacks Targeting Vulnerable Servers Security experts are urging users of IBM's Aspera Faspex file-exchange application to take it offline immediately unless they've patched a flaw being actively exploited by ransomware groups, including Buhti and IceFire. Separately, QNAP is warning customers to prepare for emergency security fixes.
Jamf
MARCH 30, 2023
MacStealer has been discovered and linked to a threat actor distributing it in the wild. The malicious code extracts a variety of files, browser cookies, and login information from a victim's system. Also, it collects end-user privacy and sensitive data, like credit card information from popular web browsers. Learn more about this new macOS malware variant and how Jamf Protect safeguards your devices, users and data from this emerging threat.
Advertisement
Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.
Data Breach Today
MARCH 30, 2023
Also: A Failed Hack, Self-Funding APT Group and Adaptable Crypto Criminals Every week, Information Security Media Group rounds up cybersecurity incidents in the world of digital assets. In focus between March 24 and 30: SafeMoon, an update on Euler Finance, crypto-stealing Clipper malware, BitKeep, theft fail at Swerve Finance, THORChain, APT43 and an update on ParaSpace.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Data Breach Today
MARCH 30, 2023
Plus: There's a New Mac Info Stealer Out There; More Breaches in Australia In this week's data breach spotlight: Telecom giant Lumen reports incidents, Taiwanese hardware vendor QNAP discloses vulnerabilities, debt collector NCB suffers a data breach and more data breaches occur in Australia. Also, there's a new Mac info stealer, and Toyota Italy exposed customer data.
Schneier on Security
MARCH 30, 2023
Now this is interesting: Thousands of pages of secret documents reveal how Vulkan’s engineers have worked for Russian military and intelligence agencies to support hacking operations, train operatives before attacks on national infrastructure, spread disinformation and control sections of the internet. The company’s work is linked to the federal security service or FSB, the domestic spy agency; the operational and intelligence divisions of the armed forces, known as the GOU and GRU;
Data Breach Today
MARCH 30, 2023
US and European Officials Among the Targets of TA473/Winter Vivern, Researchers Say A hacking group with apparent ties to Russia or Belarus has been using "simple yet effective attack techniques and tools" to gain access to multiple governments' email systems, as part of apparent cyberespionage operations in support of Russia's invasion of Ukraine, researchers warn.
KnowBe4
MARCH 30, 2023
Cybersecurity experts continue to warn that advanced chatbots like ChatGPT are making it easier for cybercriminals to craft phishing emails with pristine spelling and grammar, the Guardian reports.
Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage
Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.
Data Breach Today
MARCH 30, 2023
North Korean Hackers Poisoned User Interface Library File Suspected North Korean hackers trojanized installers of a voice and video calling desktop client made by 3CX and used by major multinational companies. The vulnerability traces to a poisoned Electron software library file, an open-source framework for user interfaces.
IT Governance
MARCH 30, 2023
Article 17 of the GDPR (General Data Protection Regulation) plays a distinctive yet essential role in data protection law. It enshrines “the right to erasure” (sometimes referred to as “the right to be forgotten”), which allows people to request that an organisation deletes any personal data related to them. There are several reasons why someone might make such a request, and in almost all instances, the organisation must comply.
Data Breach Today
MARCH 30, 2023
Legal Saga Has Included Many Ups and Downs for Plaintiffs and Company Since 2015 A U.S. federal court ruling this week is the latest setback for plaintiffs in an 8-year-old proposed class action litigation against health insurer CareFirst BlueCross BlueShield in the aftermath of a 2014 cyberattack that affected more than 1.1 million individuals.
Dark Reading
MARCH 30, 2023
The vulnerability would have allowed an unauthenticated attacker to execute code on a container hosted on one of the platform's nodes.
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
Data Breach Today
MARCH 30, 2023
Google Identifies 'Highly Targeted' Campaigns in Italy, Malaysia, Kazakhstan & UAE Google says it spotted two "highly targeted" advanced spyware campaigns using zero-days in the Android and iOS operating systems and vulnerabilities in the Samsung Internet Browser. The U.S. Cybersecurity and Infrastructure Security Agency ordered agencies to patch many of the vulnerabilities.
Security Affairs
MARCH 30, 2023
AlienFox is a novel comprehensive toolset for harvesting credentials for multiple cloud service providers, SentinelLabs reported. AlienFox is a new modular toolkit that allows threat actors to harvest credentials for multiple cloud service providers. AlienFox is available for sale and is primarily distributed on Telegram in the form of source code archives.
Micro Focus
MARCH 30, 2023
In a deal that closed on February 1st, OpenText, a $3.5 billion provider of information management software and services, acquired software vendor Micro Focus, which generated $2.7 billion in revenues in FY2022, for $5.8 billion. The post The Value of Micro Focus to OpenText – Analysts Weigh In first appeared on Micro Focus Blog.
Security Affairs
MARCH 30, 2023
Researchers shared details about a flaw, dubbed Super FabriXss, in Azure Service Fabric Explorer ( SFX ) that could lead to unauthenticated remote code execution. Researchers from Orca Security shared details about a new vulnerability, dubbed Super FabriXss ( CVE-2023-23383 – CVSS score: 8.2), in Azure. The experts demonstrated how to escalate a reflected XSS vulnerability in Azure Service Fabric Explorer to an unauthenticated Remote Code Execution.
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
Dark Reading
MARCH 30, 2023
Risk reassessment is shaking up the cybersecurity insurance market, leading some organizations to consider their options, including self-insurance.
Security Affairs
MARCH 30, 2023
Popular voice and video conferencing software 3CX was the victim of a supply chain attack, SentinelOne researchers reported. As of Mar 22, 2023, SentinelOne observed a spike in behavioral detections of the 3CXDesktopApp, which is a popular voice and video conferencing software product. The products from multiple cybersecurity vendors started detecting the popular software as malware suggesting that the company has suffered a supply chain attack.
Dark Reading
MARCH 30, 2023
In a Solar Winds-like attack, compromised, digitally signed versions of 3CX DesktopApp are landing on user systems via the vendor's update mechanism.
Data Matters
MARCH 30, 2023
On 8 March 2023, the newly created Department of Science, Innovation and Technology (“ DSIT ”) introduced the Data Protection and Digital Information (No. 2) Bill. The “ Bill ” is in substance a re-introduction of the previous Data Protection and Digital Information Bill which was withdrawn from Parliament on the same day as the new Bill was published.
Advertisement
“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.
Dark Reading
MARCH 30, 2023
Don't count on securing end users for system security. Instead, focus on better securing the systems — make them closed by default and build with a security-first approach.
WIRED Threat Level
MARCH 30, 2023
A Manhattan grand jury has issued the first-ever indictment of a former US president. Buckle up for whatever happens next.
OpenText Information Management
MARCH 30, 2023
IcedID, also known as BokDot, is a banking trojan that was first discovered in 2017. It targets a victim’s financial information and it is also capable of dropping other malware, most commonly CobaltStrike. OpenText™ Cybersecurity Services observed a recent malspam campaign where IcedID was delivered via an archived zip file containing a Visual Basic script. … The post <strong>Dissecting IcedID behavior on an infected endpoint</strong> appeared first on OpenText Blogs.
Hunton Privacy
MARCH 30, 2023
On March 30, 2023, the California Privacy Protection Agency (“CPPA”) announced that California’s Office of Administrative Law (“OAL”) approved the CPPA’s substantive rulemaking package to implement the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CPRA”). The CPPA previously released the draft proposed final CPRA regulations and draft final statement of reasons.
Advertisement
If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.
Outpost24
MARCH 30, 2023
Everything you need to know about the LummaC2 stealer: Leveraging IDA Python and Unicorn to deobfuscate Windows API Hashing 05.Apr.2023 Florian Barre Thu, 03/30/2023 - 02:23 Alberto Marín, KrakenLabs Malware Sandbox Lead Threat Intelligence Teaser In this blog post, the KrakenLabs team will take a deep dive into a malware sample classified as LummaC2, an information stealer written in C language that has been sold in underground forums since December 2022.
Dark Reading
MARCH 30, 2023
Business email compromise scams are moving beyond just stealing cash, with some threat actors fooling companies into sending goods and materials on credit, and then skipping out on payment.
Hunton Privacy
MARCH 30, 2023
On March 28, 2023, the French Data Protection Authority (the “CNIL” or “French DPA”) announced a €125,000 fine on the e-scooter rental company Cityscoot for breaching EU and French data protection rules, in particular in the context of geolocation and use of Google reCAPTCHA. The fine was imposed on March 16, 2023. The fine comes as part of the CNIL’s efforts to prioritize investigation and enforcement in areas related to French citizens’ everyday lives.
Expert insights. Personalized for you.
252 
Let's personalize your content