Mon.Jan 09, 2023

article thumbnail

Identity Thieves Bypassed Experian Security to View Credit Reports

Krebs on Security

Identity thieves have been exploiting a glaring security weakness in the website of Experian , one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history. But until the end of 2022, Experian’s website allowed anyone to bypass these questions and go straight to the consumer’s report.

Security 324
article thumbnail

ChatGPT Showcases Promise of AI in Developing Malware

Data Breach Today

Check Point Spotted Hacking Forum Posters Probing AI Tool's Malware Capabilities Low-level hackers are probing the capacity of ChatGPT to generate scripts that could be used toward criminal ends, such as for stealing files or malicious encryption. One poster on a hacking forum described the process as writing pseudo-code. More sophisticated cases are likely a matter of time.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST ESSAY: How ‘DPIAs” — data privacy impact assessments — can lead SMBs to compliance

The Last Watchdog

As the world becomes more digital and connected, it is no surprise that data privacy and security is a growing concern for small to medium sized businesses — SMBs. Related: GDPR sets new course for data privacy. Large corporations tend to have the resources to deal with compliance issues. However, SMBs have can struggle with the expense and execution of complying with data security laws in many countries.

article thumbnail

Steps to Strengthen Cloud Security

Data Breach Today

Troy Leach on Cloud Security Skills, Challenges and Trends "If we look at all of the types of issues with cloud breaches, it always comes down to misconfiguration," says Troy Leach of Cloud Security Alliance. "The challenge is: People try to treat cloud environments the same as they've always done on-premises, and that is unfair for both environments.

Cloud 167
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Data Breaches and Cyber Attacks in 2022: 408 Million Breached Records

IT Governance

Welcome to our review of security incidents for 2022, in which we take a closer look at the information gathered in our monthly lists of data breaches and cyber attacks. Here, you’ll find an overview of the cyber security landscape in 2022, including the total number of publicly disclosed security incidents, the number of compromised records and the sectors most susceptible to data breaches.

More Trending

article thumbnail

A Look Back On Five Key Developments in Cybersecurity and Data Protection in Southeast Asia in 2022

Data Protection Report

With the year 2022 firmly in the rear view, and as we look to start the new year in 2023, Norton Rose Fulbright’s Regulatory Compliance and Investigations team looks back and rounds up the five key cyber and data protection developments that took place in Southeast Asia in 2022. . Privacy developments in Singapore – enhanced financial penalties under Personal Data Protection Act 2012 (Singapore PDPA), Singapore Court of Appeal clarifies right to private action under PDPA and Singapore High Cou

article thumbnail

Colonoscopy Prep Retail Website Breach Festered for Years

Data Breach Today

Personal Data of 244,000 in Flux After Malware Probe of Gastroenterologist Vendor A Kansas-based vendor is notifying nearly 250,000 patients that their payment card and other personal information may have been compromised in a hacking incident that dates back to 2019 and involves its colonoscopy prep kit online retail business.

Retail 144
article thumbnail

'Copyright Infringement' Lure Used for Facebook Credential Harvesting

Dark Reading

Business users receive a message from Facebook warning their accounts will be permanently suspended for using photos illegally if they don't appeal within 24 hours, leading victims to a credential-harvesting page instead.

106
106
article thumbnail

Regulator Eyes Revamped Data Breach Reporting Requirements

Data Breach Today

Update Would Be First Revision of Rules for Telecommunications Sector Since 2007 Modernizing data breach notification requirements for the telecommunications sector is the focus of a newly announced Federal Communications Commission proceeding. The rules, last updated in 2007, would push for faster consumer notification and require the reporting of accidental data breaches.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Identifying People Using Cell Phone Location Data

Schneier on Security

The two people who shut down four Washington power stations in December were arrested. This is the interesting part: Investigators identified Greenwood and Crahan almost immediately after the attacks took place by using cell phone data that allegedly showed both men in the vicinity of all four substations, according to court documents. Nowadays, it seems like an obvious thing to do—although the search is probably unconstitutional.

Archiving 110
article thumbnail

Attackers Are Already Exploiting ChatGPT to Write Malicious Code

Dark Reading

The AI-based chatbot is allowing bad actors with absolutely no coding experience to develop malware.

139
139
article thumbnail

Mastering the Art of Attack Surface Management

Data Breach Today

View this webinar to learn how to improve your attack surface management visibility with continuous penetration testing.

100
100
article thumbnail

Versant: Decoding the OpenVerse™

OpenText Information Management

“If you wish to build a ship, do not divide people into teams and send them to the forest to cut wood. Instead, teach them to long for the vast and endless sea.” The Little Prince, Antoine de Saint-Exupéry I am very pleased to present my new book, Versant: Decoding the OpenVerse™. Versant is about … The post Versant: Decoding the OpenVerse™ appeared first on OpenText Blogs.

99
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Resecurity Released a Status Report on Drug Trafficking in the Dark Web (2022-2023)

Security Affairs

Cybersecurity firm Resecurity published report on drug trafficking marketplaces currently operating in the Dark Web. Resecurity, a Los Angeles-based cybersecurity and risk management provider has released an eye-opening report on drug trafficking marketplaces currently operating in the Dark Web. The report highlights a rapidly growing shadow economy, and new communication methods such as proprietary Android-based mobile apps criminals developed allowing them to migrate from traditional communica

article thumbnail

Latest Firmware Flaws in Qualcomm Snapdragon Need Attention

Dark Reading

The issue concerns the boot layer of ARM chips, which are driving a low-power mobile ecosystem that includes 5G smartphones and base stations.

107
107
article thumbnail

Kinsing malware targets Kubernetes environments via misconfigured PostgreSQL

Security Affairs

Kinsing cryptojacking operators are exploiting misconfigured and exposed PostgreSQL servers to access Kubernetes environments. Researchers at Microsoft Defender for Cloud observed threat actors behind the Kinsing cryptojacking operation using two methods to gain initial access in Kubernetes environments: exploitation of weakly configured PostgreSQL containers and exploiting vulnerable images.

Mining 93
article thumbnail

Rackspace Ransomware Incident Highlights Risks of Relying on Mitigation Alone

Dark Reading

Organizations often defer patching because of business disruption fears — but that didn't work out very well for Rackspace's Hosted Exchange service.

Risk 103
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Madison Square Garden Uses Facial Recognition to Ban Its Owner’s Enemies via NYT

IG Guru

MSG Entertainment, the owner of the arena and Radio City Music Hall, has put lawyers who represent people suing it on an “exclusion list” to keep them out of concerts and sporting events.

IT 89
article thumbnail

inSicurezzaDigitale launches the Dashboard Ransomware Monitor

Security Affairs

The cybersecurity blog inSicurezzaDigitale has launched the Italian Dashboard Ransomware Monitor to analyze the principal RaaSs’ activities. Here it comes, inSicurezzaDigitale announced the Dashboard Ransomware Monitor, it is the second project after the recent presentation of the project Mastodon. The Dashboard is very easy to use and it is available via this link: ransom.insicurezzadigitale.com.

article thumbnail

Phishing in the Service of Espionage

KnowBe4

Reuters describes a cyberespionage campaign carried out by the hitherto little-known threat group researchers track as "Cold River." The group is circumstantially but convincingly linked to Russian intelligence services (possibly the FSB, although that's unclear) through its Russophone operations and the location of at least one of its personnel in the northern city of Syktyvkar, capital of the Komi region.

article thumbnail

Airline company Air France-KLM discloses security breach

Security Affairs

Airline company Air France-KLM is notifying the customers of its loyalty program Flying Blue of a data breach. Airline company Air France-KLM announced it has suffered a data breach, data belonging to customers of its loyalty program Flying Blue were exposed. The Flying Blue loyalty program is used by other airlines, including Aircalin, Kenya Airways, TAROM, and Transavia.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

JsonWebToken Security Bug Opens Servers to RCE

Dark Reading

The JsonWebToken package plays a big role in the authentication and authorization functionality for many applications.

article thumbnail

Phishing campaign targets government institution in Moldova

Security Affairs

The government institutions of Moldova have been hit by a wave of phishing attacks since the country offered support to Ukraine. The government institutions of Moldova have been hit by a wave of phishing attacks, threat actors sent more than 1,330 emails to accounts belonging to the country’s state services. “The Information Technology and Cyber ​​Security Service (STISC) warns of scam and phishing cyber attack campaigns targeting government institutions.

article thumbnail

US supreme court lets WhatsApp pursue Pegasus spyware lawsuit

The Guardian Data Protection

Court rejects NSO claim it could not be sued because it was acting as agent for unidentified foreign governments The US supreme court has let Meta Platforms Inc’s WhatsApp pursue a lawsuit accusing Israel’s NSO Group of exploiting a bug in its WhatsApp messaging app to install spy software allowing the surveillance of 1,400 people, including journalists, human rights activists and dissidents.

article thumbnail

Qualcomm Snapdragon flaws impact Lenovo, Microsoft, Lenovo, and Samsung devices

Security Affairs

Tens of software vulnerabilities affected Qualcomm firmware and impacted the devices of Microsoft, Lenovo, and Samsung. Qualcomm January 2023 security bulletin addressed 22 software vulnerabilities in its Snapdragon suite. Some of the flaws were reported by the efiXplorer Team at the firmware protection firm Binarly, Zinuo Han of OPPO Amber Security Lab, Gengjia Chen from IceSword Lab, the researchers nicolas (nicolas1993), Seonung Jang of STEALIEN, and Le Wu of Baidu Security.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Serbia Slammed With DDoS Attacks

Dark Reading

The Serbian government reports that it staved off five attacks aimed at crippling Serbian infrastructure.

article thumbnail

Russia-linked Cold River APT targeted US nuclear research laboratories

Security Affairs

Russia-linked Cold River APT targeted three nuclear research laboratories in the United States in 2022 summer, Reuters reported. Reuters reported that the Russia-linked APT group Cold River (aka Calisto) targeted three nuclear research laboratories in the United States between August and September 2022. The Cold River APT group targeted the Brookhaven (BNL), Argonne (ANL), and Lawrence Livermore National Laboratories (LLNL).

article thumbnail

The Five Biggest Trends Driving Software Licensing and Entitlement Management

Thales Cloud Protection & Licensing

The Five Biggest Trends Driving Software Licensing and Entitlement Management. divya. Tue, 01/10/2023 - 06:00. As the tech world changes through natural growth, consumer trends, and global developments, more companies are relying on commercial Software Licensing Management (SLM) and Entitlement Management Systems (EMS) solutions such as the Sentinel Platform offered by Thales Software Monetization.