Mon.Mar 13, 2023

article thumbnail

GUEST ESSAY: Could CISOs be on the verge of disproving the ‘security-as-a-cost-center’ fallacy?

The Last Watchdog

This year has kicked off with a string of high-profile layoffs — particularly in high tech — prompting organizations across all sectors to both consider costs and plan for yet another uncertain 12 or more months. Related: Attack surface management takes center stage. So how will this affect chief information security officers (CISOs) and security programs?

Security 204
article thumbnail

Heart Device Maker Says Hack Affected 1 Million Patients

Data Breach Today

PHI of Former and Current Patients Using Wearable Cardiac Defibrillator Compromised Emergency medical device provider Zoll Medical Corp. is notifying more than 1 million individuals, including employees, as well as patients and former patients who used its LifeVest wearable cardioverter defibrillator, of a hacking incident that compromised their personal information.

IT 130
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

EDPB Guidelines on international transfers: 6 key takeways

Data Protection Report

EDPB Guidelines on the interplay between Article 3 and the provisions in Chapter V of the General Data Protection Regulation on international data transfers On 14 February 2023, the European Data Protection Board ( EDPB ) published its Guidelines on the interplay between Article 3 and the provisions in Chapter V of the General Data Protection Regulation ( GDPR ) on international data transfers (the Guidelines ).

GDPR 142
article thumbnail

Dark Pink APT Group 'Very Likely' Back in Action

Data Breach Today

Recently-Emerged Threat Actor Focuses on Asia Pacific Cybersecurity researchers say they've almost certainly spotted traces of the recently-emerged advanced persistent threat group Dark Pink, now apparently attacking victims with a newly improved obfuscation routine to evade anti-malware measures.

article thumbnail

LLMOps for Your Data: Best Practices to Ensure Safety, Quality, and Cost

Speaker: Travis Addair, Co-Founder and CTO at Predibase

Large Language Models (LLMs) such as ChatGPT offer unprecedented potential for complex enterprise applications. However, productionzing LLMs comes with a unique set of challenges such as model brittleness, total cost of ownership, data governance and privacy, and the need for consistent, accurate outputs. Putting the right LLMOps process in place today will pay dividends tomorrow, enabling you to leverage the part of AI that constitutes your IP – your data – to build a defensible AI strategy for

article thumbnail

Key Points from the US National Cybersecurity Strategy 2023

Thales Cloud Protection & Licensing

Key Points from the US National Cybersecurity Strategy 2023 divya Mon, 03/13/2023 - 15:39 On March 2, the Biden administration released its 2023 National Cybersecurity Strategy, an attempt “ to secure the full benefits of a safe and secure digital ecosystem for all Americans.” The Strategy recognizes that the US government must use all tools of national power in a coordinated manner to protect national security, public safety, and economic prosperity.

More Trending

article thumbnail

SEC Brings Cyber Disclosure Enforcement Action

Hunton Privacy

On March 9, 2023, the U.S. Securities and Exchange Commission (SEC) announced settled administrative charges against Blackbaud Inc. The case stems from disclosures Blackbaud made to investors regarding a 2020 ransomware attack that targeted donor data management software the company provides to non-profit organizations. The SEC’s order alleges that Blackbaud initially announced details of the incident on the company’s website and notified impacted customers in July 2020.

article thumbnail

SVB Dominoes Fall: HSBC Buys UK Arm; Feds Grab Canadian Arm

Data Breach Today

2 More Regional Banks Showing Signs of Liquidity Issues; Feds Reassure Depositors Europe's largest bank, HSBC, agreed on Monday to buy the United Kingdom subsidiary of Silicon Valley Bank, and Canada's government took control of SVB's Canadian branch late Sunday. Regulators have stepped in to reassure depositors, and at least two other regional banks are facing liquidity issues.

article thumbnail

Microsoft Warns of Business Email Compromise Attacks Taking Hours

KnowBe4

According to Microsoft's Security Intelligence team, a recent business email compromise attack (BEC) has shown that threat actors are quickening the pace of these attacks, with certain elements only taking a few minutes.

Security 106
article thumbnail

Ukraine Tracks Increased Russian Focus on Cyberespionage

Data Breach Today

Military Stalemate Has Driven Moscow to Also Pursue Data Theft, Psychological Ops As Russia's full-scale invasion of Ukraine last year stalled, Russian hacking teams increasingly shifted from causing all-out disruption to cyberespionage, data theft and psychological operations, Ukraine's cybersecurity establishment says in a new lessons learned report.

Military 130
article thumbnail

Your Expert Guide to CX Orchestration & Enhancing Customer Journeys

Speaker: Keith Kmett, Principal CX Advisor at Medallia

Join Keith Kmett, Principal CX Advisor, in this new webinar that will focus on: Understanding CX Orchestration Fundamentals: Gain a solid understanding of what CX orchestration is, its significance in the customer experience landscape, and how it plays a crucial role in shaping customer journeys. This includes the key concepts, strategies, and best practices involved in CX orchestration. 🔑 Connection to Customer Journey Maps: How to effectively integrate customer journey mapping into the

article thumbnail

If These Walls Could Talk: A Century of Scandals and Secrets Behind the Oldest House in Beverly Hills

Information Governance Perspectives

The home I grew up in, Beverly Hills, California, figures prominently in my new memoir, The Bastard of Beverly Hills. I can't reveal too much because the setting is part of the book's mystery, but I can share some other odd facts about the home's history and it's owners that might blow your mind. The post If These Walls Could Talk: A Century of Scandals and Secrets Behind the Oldest House in Beverly Hills appeared first on The Bastard's Blog.

Archiving 105
article thumbnail

North Korean Hackers Find Value in LinkedIn

Data Breach Today

Group Lures Victims Into Opening Phishing Payload Disguised as Job-Related Info Business social media platform LinkedIn continues to pay dividends for North Korean hackers, including one group historically concentrated on South Korean targets that has expanded into pursuing security researchers and media industry workers in the West.

Phishing 130
article thumbnail

Threat Actors are Using FINRA Impersonation For Their Attacks

KnowBe4

DomainTools warns that a sophisticated West Africa-based fraud group is impersonating the Financial Industry Regulatory Authority (FINRA) to target users in the United States, according to researchers at DomainTools. The threat actors are attempting to trick investors into providing sensitive documents in order to verify their identities. Users can avoid falling for these attacks if they’re familiar with FINRA’s legitimate roles.

article thumbnail

Golang-Based Botnet GoBruteforcer targets web servers

Security Affairs

A recently discovered Golang-based botnet, dubbed GoBruteforcer, is targeting web servers running FTP, MySQL, phpMyAdmin, and Postgres services Researchers from Palo Alto Networks Unit 42 recently discovered a Golang-based botnet, tracked as GoBruteforcer, which is targeting web servers running FTP, MySQL, phpMyAdmin, and Postgres services. In order to compromise a target system, the samples require special conditions on it, such as the use of specific arguments and targeted services already bei

article thumbnail

LLMs in Production: Tooling, Process, and Team Structure

Speaker: Dr. Greg Loughnane and Chris Alexiuk

Technology professionals developing generative AI applications are finding that there are big leaps from POCs and MVPs to production-ready applications. They're often developing using prompting, Retrieval Augmented Generation (RAG), and fine-tuning (up to and including Reinforcement Learning with Human Feedback (RLHF)), typically in that order. However, during development – and even more so once deployed to production – best practices for operating and improving generative AI applications are le

article thumbnail

Webinar: IG/RIM Principles with Aviation Applications on March 14th, 2023 at 11:45am via ARMA Dallas

IG Guru

Registration closes Monday March 13th at 4:00pm IG/RIM Principles with Aviation Applications How to write a strategic plan for records management/information governance at an organization. Speaker: Carissa Bourdon, IGP Carissa Bourdon is the Information Governance Unit (IGU) Manager for Washington State Department of Fish and Wildlife.

article thumbnail

5 Lessons Learned From Hundreds of Penetration Tests

Dark Reading

Developers must balance creativity with security frameworks to keep applications safe. Correlating business logic with security logic will pay in safety dividends.

article thumbnail

CISA adds Plex Media Server bug, exploited in LastPass attack, to Known Exploited Vulnerabilities Catalog

Security Affairs

US CISA added remote code execution vulnerability in Plex Media Server to its Known Exploited Vulnerabilities Catalog. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a remote code execution (RCE) vulnerability in the Plex Media Server, tracked as CVE-2020-5741 (CVSS score: 7.2), to its Known Exploited Vulnerabilities Catalog.

article thumbnail

SVB Meltdown: What It Means for Cybersecurity Startups' Access to Capital

Dark Reading

The implosion of Silicon Valley Bank will impact investors, startups, and enterprise customers as they become more cautious over the near term, security experts say.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Dark Pink APT targets Govt entities in South Asia

Security Affairs

Researchers reported that Dark Pink APT employed a malware dubbed KamiKakaBot against Southeast Asian targets. In February 2023, EclecticIQ researchers spotted multiple KamiKakaBot malware samples that were employed by the Dark Pink APT group (aka Saaiwc) in attacks against government entities in Southeast Asia countries. The activity of the group was first detailed by Group-IB in January 2023, the group used custom malware such as KamiKakaBot and TelePowerBot.

article thumbnail

AI-Created YouTube Videos Spread Around Malware

Dark Reading

AI-generated videos pose as tutorials on how to get cracked versions of Photoshop, Premiere Pro, and more.

99
article thumbnail

Ransomware Attacks Have Entered a ‘Heinous’ New Phase

WIRED Threat Level

With victims refusing to pay, cybercriminal gangs are now releasing stolen photos of cancer patients and sensitive student records.

article thumbnail

Orgs Have a Long Way to Go in Securing Remote Workforce

Dark Reading

Organizations recognize that they are responsible for protecting remote workers from cyber threats, but they have a long way to go in deploying the necessary security technologies.

article thumbnail

Use Cases for Apache Cassandra®

There’s a good reason why Apache Cassandra® is quickly becoming the NoSQL database of choice for organizations of all stripes. In this white paper, discover the key use cases that make Cassandra® such a compelling open source software – and learn the important pitfalls to avoid. From understanding its distributed architecture to unlocking its incredible power for industries like healthcare, finance, retail and more, experience how Cassandra® can transform your entire data operations.

article thumbnail

Quality is at the heart of Life Sciences organizations

OpenText Information Management

Quality is at the heart of the highly regulated Life Sciences industry. Ever changing regulations and technology are improving the quality of people’s lives, although often at the cost of increased complexity in managing business processes. In this blog we will discuss the value of the integration of a Quality Management System (QMS) with OpenText™ … The post <strong>Quality is at the heart of Life Sciences organizations</strong> appeared first on OpenText Blogs.

59
article thumbnail

Brand Names in Finance, Telecom, Tech Lead Successful Phishing Lures

Dark Reading

AT&T, PayPal, and Microsoft top the list of domains that victims visit following a link in a phishing email, as firms fight to prevent fraud and credential harvesting.

article thumbnail

Europe: Applicability of the GDPR in civil proceedings

DLA Piper Privacy Matters

By Jan Pohle, Dr. Philipp Adelberg In its judgment of 2 March 2023, the European Court of Justice ( ECJ ) (C-268/21) issued a preliminary ruling on whether and to what extent provisions of the General Data Protection Regulation ( GDPR ) are applicable in the context of national civil procedural law of the EU member states. Specifically, the question was whether third party personal data, which were originally collected for tax purposes, can be used as evidence in civil court proceedings –

GDPR 52
article thumbnail

Hackers Lure Cybersecurity Researchers With Fake LinkedIn Recruiter Profiles

Dark Reading

Campaign demonstrates the DPRK-backed cyberattackers are gaining tools to avoid EDR tools.

article thumbnail

Reimagining CX: How to Implement Effective AI-Driven Transformations

Speaker: Steve Pappas

As businesses strive for success in an increasingly digitized world, delivering an exceptional customer experience has become paramount. To meet this demand, enterprises are embracing innovative approaches that captivate customers and fuel their loyalty. 💥 Enter conversational AI - an absolute game-changer (if done right) in redefining CX norms.

article thumbnail

NIS2 Directive: What does it mean to senior managers and their cybersecurity strategy?

Jamf

In this concluding blog of the series that analyzes the changes to the Network and Information Security regulations by the European Union, we focus on what the changes mean to top-level executives and the factors to consider when building cybersecurity strategies going forward.

article thumbnail

200-300% Increase in AI-Generated YouTube Videos to Spread Stealer Malware

Dark Reading

84