Mon.Sep 16, 2024

article thumbnail

More US Sanctions Against Predator Spyware Maker Intellexa

Data Breach Today

Intellexa Poised for a Comeback, Warn Researchers The U.S. Department of the Treasury ramped up pressure on makers and sellers of Predator commercial spyware through sanctions on five individuals and a Caribbean company accused of enabling tens of millions of dollars of surveillance malware transactions.

231
231
article thumbnail

AI and Cyber Security: Innovations & Challenges

eSecurity Planet

As cyber threats become increasingly sophisticated, integrating artificial intelligence (AI) into cybersecurity is more than a passing trend — it’s a groundbreaking shift in protecting our digital assets. As cyber-attacks grow increasingly complex, leveraging AI becomes crucial for staying ahead of emerging threats. Let’s dive into how AI and cybersecurity are transforming in today’s highly modern and complex times, explore their benefits and challenges, and see how they shape the fu

Security 127
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Ivanti Vulnerability Again Forces Emergency Patches

Data Breach Today

Cloud Service Appliance Admin Panels Exposed a Pathway to the Internet for Hackers Customers of internet appliance maker Ivanti face yet another hackable vulnerability. The Utah company warned customers Friday about exploitation of a Cloud Service Appliance detected in the wild. Ivanti said the vulnerability doesn't affect version 5; it released a patch on Sept. 10.

Cloud 206
article thumbnail

Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024

Security Affairs

Microsoft warns that a recently patched Windows flaw, tracked as CVE-2024-43461, was actively exploited as a zero-day before July 2024. Microsoft warns that attackers actively exploited the Windows vulnerability CVE-2024-43461 as a zero-day before July 2024. The vulnerability CVE-2024-43461 is a Windows MSHTML platform spoofing issue. MSHTML is a platform used by Internet Explorer.

Archiving 117
article thumbnail

The Tumultuous IT Landscape is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Clinical Considerations When Recovering From Ransomware

Data Breach Today

Preparing healthcare organizations to respond to and rebound from a disruptive ransomware attack is akin to implementing a "12-step program," said Dr. Eric Liederman, CEO of consultancy CyberSolutionsMD and recently retired long-serving director of medical informatics at Kaiser Permanente.

More Trending

article thumbnail

US Indicts Chinese National for Phishing for NASA Tech

Data Breach Today

At-Large Wu Song, 39, Faces 28-Count Criminal Indictment U.S. federal prosecutors indicted a Chinese national employed by a state-owned aerospace and defense conglomerate with a yearslong phishing campaign aimed at extracting software developed for NASA. Prosecutors said Song began sending out targeted emails in 2017.

Phishing 156
article thumbnail

Legacy Ivanti Cloud Service Appliance Being Exploited

Schneier on Security

CISA wants everyone—and government agencies in particular—to remove or upgrade an Ivanti Cloud Service Appliance (CSA) that is no longer being supported. Welcome to the security nightmare that is the Internet of Things.

Cloud 114
article thumbnail

Why Thoma Bravo Is Considering Taking SailPoint Public Again

Data Breach Today

Repeat IPOs Have Been Very Rare in Security. Don't Expect SailPoint to Change That. Thoma Bravo has begun interviewing underwriters as it explores an initial public offering for SailPoint, Bloomberg reported last week. The private equity firm hasn't finalized details, including the timing of a potential listing for the identity governance and administration vendor.

article thumbnail

Hacker tricked ChatGPT into providing detailed instructions to make a homemade bomb

Security Affairs

A hacker tricked ChatGPT into providing instructions to make homemade bombs demonstrating how to bypass the chatbot safety guidelines. A hacker and artist, who goes online as Amadon, tricked ChatGPT into providing instructions to make homemade bombs bypassing the safety guidelines implemented by the chatbot. Initially, the expert asked for detailed instructions to create a fertilizer bomb similar to the one used in the 1995 Oklahoma City bombing, but the chatbot refused due to ethical responsibi

Mining 99
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

China Using Powerful Hacking Firms to Run Its Espionage War

Data Breach Today

5 Cybersecurity Firms Provide Large Pool of Government-Funded Espionage Resources China's cyberespionage campaigns, viewed as an extension of the communist regime's wider geopolitical moves, rely on civilian hackers from domestic security firms for much of their success. Researchers say these groups face off in intense rivalries for lucrative government contracts.

IT 148
article thumbnail

Apple Watch gets FDA approval for new sleep apnea detection

Collaboration 2.0

This new WatchOS 11 feature will detect if you have abnormal breathing patterns while you sleep. Here's why this metric matters and which models will have it.

IT 98
article thumbnail

Breach-Weary Snowflake Moves to MFA, 14-Character Passwords

Data Breach Today

New Security Measures Follow High-Profile Hacks of Snowflake Customers Data warehousing platform Snowflake rolled out default MFA - as well as a 14-character password minimum - to shore up security in the wake of a series of cyberattacks in June that hit high-profile customers including Santander Bank, Advance Auto Parts, LA Unified School District and Neiman Marcus.

Passwords 148
article thumbnail

Vulnerability Recap 9/16/24 – Critical Endpoint Flaws Emerged

eSecurity Planet

Recent vulnerability news disclosed significant endpoint vulnerabilities, including side-channel attacks, command injection, remote code execution (RCE), SQL injection, and keystroke interference. Notable events last week include the RAMBO attack, command injection problems in Progress Software’s LoadMaster, and several zero-day vulnerabilities in Microsoft products that may cause privilege escalation and RCE.

article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

article thumbnail

CloudImposer RCE Vulnerability Targets Google Cloud Platform

Data Breach Today

Attackers Could Exploit Flaw to Run Malicious Code on Google' s, Customers' Servers Google patched a critical remote execution vulnerability in its cloud platform Cloud Composer service, "CloudImposer," which could have allowed attackers to compromise millions of servers, say researchers from Tenable. The CloudImposer vulnerability could lead to the Jenga Tower effect.

Cloud 148
article thumbnail

D-Link addressed three critical RCE in wireless router models

Security Affairs

D-Link fixed multiple critical flaws in its WiFi 6 routers that allow remote attackers to execute arbitrary code or gain hardcoded credentials. D-Link has addressed three critical vulnerabilities, tracked as CVE-2024-45694 , CVE-2024-45695 , CVE-2024-45697 , impacting three wireless router models. The flaws can allow attackers to remotely execute arbitrary code or access the devices using hardcoded credentials.

article thumbnail

Digital twins reimagined at scale for energy and resources 

OpenText Information Management

As a global society we rely on machines so much that it’s easy to take them for granted. We rely on machines to ensure water comes out of our faucets, heat our homes and businesses, fill our cars with petrol or electricity, construct and maintain roads, transport people and goods, provide medical images, and manufacturing more machines. Businesses and consumers rely on machines so much that exponentially more will be built, and their designs and operational performance will need to last longer w

article thumbnail

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

Security Affairs

Apple drops its lawsuit against commercial spyware vendor NSO Group, due to the risk of “threat intelligence” information exposure. Apple is seeking to drop its lawsuit against Israeli spyware company NSO Group , citing the risk of “threat intelligence” information exposure. Apple wants to dismiss its lawsuit against NSO Group due to three key developments.

Risk 87
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

The 5 best Linux distributions for students - from middle school to college

Collaboration 2.0

Linux distros are ideal operating systems for educational environments for multiple reasons. A big one is that they're 100% free to download.

article thumbnail

[4-Minute Survey] Share Your Thoughts on AI in InfoSec With Me?

KnowBe4

Can you help me with your input? I'd love your thoughts about AI in InfoSec. This is a super short survey that asks about any AI tools you use or would like, how you feel about AI effectiveness, how it may change your headcount, and how confident you are to address AI-related security risks. The most important thing I'm dying to hear about is your biggest concerns about AI in cybersecurity in your own words.

article thumbnail

Amazon Alexa can now be controlled by thought alone - thanks to this brain implant

Collaboration 2.0

With this new accessibility innovation from Synchron, the entire Amazon smart home ecosystem can be controlled hands-free and voice-free.

Access 98
article thumbnail

Authorized Push Payment Fraud Responsible for Over Half of U.K. Frauds and Scams

KnowBe4

Research from The Financial Ombudsman Service, a U.K. based organization dedicated to helping citizens with free financial advice, has found an increase in Authorized Pushed Payment (APP) scams. These attacks are rising both in number and sophistication.

article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

The best iOS 18 features that will make updating your iPhone worthwhile

Collaboration 2.0

Here are the best new features coming with Apple's latest software version, available for the iPhone 16 and older models.

98
article thumbnail

BEC Scams Have Caused $55 Billion in Losses Over the Past Ten Years

KnowBe4

Business email compromise (BEC) attacks have caused more than $55 billion in losses between 2013 and 2023, according to an advisory from the U.S. Federal Bureau of Investigation (FBI).

article thumbnail

Apple’s New Passwords App May Solve Your Login Nightmares

WIRED Threat Level

Apple is launching its first stand-alone password manager app in iOS 18. Here’s what you need to know.

Passwords 103
article thumbnail

New Ransomware Threat Group, RansomHub, is so Effective, the NSA is Already Warning You About Them

KnowBe4

The latest evolution of the ransomware service model, RansomHub, has only been around since February of this year, but its affiliates are already successfully exfiltrating data.

article thumbnail

Launching LLM-Based Products: From Concept to Cash in 90 Days

Speaker: Christophe Louvion, Chief Product & Technology Officer of NRC Health and Tony Karrer, CTO at Aggregage

Christophe Louvion, Chief Product & Technology Officer of NRC Health, is here to take us through how he guided his company's recent experience of getting from concept to launch and sales of products within 90 days. In this exclusive webinar, Christophe will cover key aspects of his journey, including: LLM Development & Quick Wins 🤖 Understand how LLMs differ from traditional software, identifying opportunities for rapid development and deployment.

article thumbnail

Is your Windows license legal? Should you even care?

Collaboration 2.0

Microsoft has made Windows licensing and activation ridiculously complex. Here's what you need to know.

98
article thumbnail

Make the Shift to Legal 3.0: The Future is Today. Unleash Your AI Potential 

OpenText Information Management

Legal innovation requires a growth mindset: seeking new ways to solve problems and effectively deliver impact, value, and improve outcomes. Technology continues to evolve, giving legal practitioners new opportunities to up their game and leverage innovation to increase efficiency and efficacy. Over the past decade, to keep pace with digital transformation, legal leaders have embraced automation and machine learning to optimize operations and improve business outcomes.

article thumbnail

Is Microsoft really going to cut off security updates for your 'unsupported' Windows 11 PC?

Collaboration 2.0

Microsoft's stern warnings are designed to scare you into thinking you'll be punished for installing Windows 11 on a PC that doesn't meet its strict compatibility standards. Here's why that's unlikely to happen.