Tue.Oct 01, 2024

article thumbnail

Europe Begins Drafting AI Code of Practice

Data Breach Today

AI Act General Purpose AI Rules to be Enforced in 2025 The European Commission appointed a 13 member team to draft the general purpose artificial intelligence code of practice mandated by the AI Act. The commission on Monday announced four working groups that will oversee drafting of the rules.

article thumbnail

News alert: Introducing Mayhem Security — ForAllSecure unveils name change, fresh focus

The Last Watchdog

Pittsburgh, PA, Oct. 1, 2024 — ForAllSecure , the world’s most advanced application security testing company, today announced it is changing its corporate name to Mayhem Security (“Mayhem”), signaling a new era of growth and opportunity aligned with its award-winning Mayhem Application Security platform. Founded by a team of researchers from Carnegie Mellon, the company’s focus has evolved from research, development, and education to a product company centered arou

Security 113
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Third Party Zero-Day Bug Exploited in Rackspace Systems

Data Breach Today

Rackspace Scrambles to Patch Zero Day Dashboard Bug Rackspace confirmed that criminals exploited a zero day vulnerability in a ScienceLogic third-party application, forcing the cloud-hosting provider to take monitoring dashboards offline. ScienceLogic confirmed it issued a patch for the zero-day remote code execution vulnerability.

Cloud 177
article thumbnail

North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence

Security Affairs

North Korea-linked APT Kimsuky has been linked to a cyberattack on Diehl Defence, a German manufacturer of advanced military systems. North Korea-linked APT group Kimsuky has been linked to a cyberattack on Diehl Defence, a defense firm specializing in the production of advanced military systems. Diehl Defence GmbH & Co. KG is a German weapon manufacturer headquartered in Überlingen.

Military 105
article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

article thumbnail

Jana Partners Increases Stake in Rapid7, Eyes Potential Sale

Data Breach Today

Activist Investor Pressures Cybersecurity Firm to Pursue Operational Changes, Sale Jana Partners has raised its stake in cybersecurity vendor Rapid7 to 13% and is pushing for the company to consider selling itself. The activist investor teamed up with Cannae Holdings and is engaged in discussions with Rapid7's management to explore operational improvements and board restructuring.

Sales 177

More Trending

article thumbnail

Dragos Boosts OT Defense with Network Perception Acquisition

Data Breach Today

Network Configuration Startup Adds Visualization Expertise to Dragos’ OT Platform Dragos' acquisition of Network Perception will enrich its real-time network monitoring with robust visualization and configuration analysis tools. This transaction aims to bolster the security of operational technology networks and support customers in building more defensible architectures.

Security 177
article thumbnail

Threat Actors Behind MFA Bypass Service ‘OTP Agency’ Plead Guilty to Fraud

KnowBe4

The criminal prosecution of the threat actors behind the "OTP Agency" has highlighted an ingenious new tactic that cybercriminals can use to bypass multi-factor authentication.

article thumbnail

Experts Warn CISA’s Threat Sharing is in a 'Death Spiral'

Data Breach Today

US Cyber Defense Agency’s Flagship Threat Sharing Initiative Facing Major Hurdles Experts told Information Security Media Group the Cybersecurity and Infrastructure Security Agency’s flagship threat sharing initiative faces major logistical hurdles and may need to be replaced with a more mature approach to automated threat analysis following a damning Inspector General report.

article thumbnail

U.S. CISA adds D-Link DIR-820 Router, DrayTek Multiple Vigor Router, Motion Spell GPAC, SAP Commerce Cloud bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds D-Link DIR-820 Router, DrayTek Multiple Vigor Router, Motion Spell GPAC, SAP Commerce Cloud bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS, ImageMagick and Linux Kernel vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

Cloud 100
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

LockBit and Evil Corp Targeted In Anti-Ransomware Crackdown

Data Breach Today

UK Police Say Evil Corp 'Right-Hand Man' Was Also a LockBit Affiliate Law enforcement from the United States, United Kingdom, France and Spain made a coordinated announcement Tuesday of further arrests, indictments, sanctions and server takedowns targeting the Russian cybercriminal underground including strikes against the LockBit ransomware-as-a-service operation.

article thumbnail

I tried a blood-pressure monitoring watch, and it was surprisingly accurate (when it worked)

Collaboration 2.0

Regular measurement is one way to accurately gauge your level of hypertension. Wrist-based blood pressure monitoring remains elusive, but YHE offers a method that appears better than the rest.

IT 98
article thumbnail

Will AI Middle Managers Be the Next Big Disruption?

Data Breach Today

Autonomous AI Is Transforming the Workforce. Here's What Managers Can Expect With its advanced - and evolving - capabilities, AI is integrated into most business processes and tasks, becoming nearly indispensable across industries. Its impact on the workforce is, thus, unsurprising and raises a familiar question: Can the technology take over jobs?

IT 169
article thumbnail

Vulnerability Recap 10/01/24 – NVIDIA, Ivanti & Newcomer Kia See Issues

eSecurity Planet

This week was relatively quiet regarding new vulnerabilities, but we’re seeing a few issues, like flaws in WhatsApp Gold and NVIDIA. Additionally, researchers published a report on a Kia dealer portal vulnerability that’s since been fixed but affected millions of vehicles. The flaw could have allowed RCE on vehicles, including unlocking the car, tracking its travel patterns, and causing it to honk.

article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

Logpoint Strengthens SIEM by Acquiring Muninn AI-Powered NDR

Data Breach Today

Purchase Adds Advanced AI Network Detection to Logpoint's Threat Response Toolbox Logpoint acquires Muninn to integrate its AI-based NDR technology, enhancing threat detection and response capabilities in its SIEM platform. This move supports Logpoint's mission to defend OT and ICS systems against ransomware attacks by combining visibility from networks and applications.

article thumbnail

Hacking ChatGPT by Planting False Memories into Its Data

Schneier on Security

This vulnerability hacks a feature that allows ChatGPT to have long-term memory, where it uses information from past conversations to inform future conversations with that same user. A researcher found that he could use that feature to plant “false memories” into that context window that could subvert the model. A month later, the researcher submitted a new disclosure statement.

IT 97
article thumbnail

White House Pledges Major Deliverables at Ransomware Summit

Data Breach Today

International Counter Ransomware Initiative to Unveil New Efforts to Combat Threats The International Counter Ransomware Initiative is kicking off a four-day summit Monday in Washington that aims to coordinate the group’s 68 member nations around a series of global efforts designed to enhance information sharing and develop strategies to deter ransomware attacks.

article thumbnail

New Survey Shows 40% of Respondents Never Received Cybersecurity Training From Their Employer

KnowBe4

Yubico has published a survey of 20,000 people from 10 countries around the world, finding that 40% of respondents have never received cybersecurity training from their employer.

article thumbnail

Launching LLM-Based Products: From Concept to Cash in 90 Days

Speaker: Christophe Louvion, Chief Product & Technology Officer of NRC Health and Tony Karrer, CTO at Aggregage

Christophe Louvion, Chief Product & Technology Officer of NRC Health, is here to take us through how he guided his company's recent experience of getting from concept to launch and sales of products within 90 days. In this exclusive webinar, Christophe will cover key aspects of his journey, including: LLM Development & Quick Wins 🤖 Understand how LLMs differ from traditional software, identifying opportunities for rapid development and deployment.

article thumbnail

Evil Corp Protected by High-Ranking FSB Official, Police Say

Data Breach Today

UK National Crime Agency Details Kremlin-Cybercrime Connection Russian intelligence agencies tasked the notorious Russian-speaking cybercrime syndicate Evil Corp with conducting cyberattacks and cyberespionage operations on behalf of the Russian government, British police said Tuesday. Evil Corp has stolen at least $100 million from victims.

article thumbnail

The Rise of Deepfake Scams: A Wake-Up Call After US Senator Becomes Latest Victim

KnowBe4

In an era where technology continues to blur the lines between reality and fiction, a recent incident involving U.S. Senator Ben Cardin serves as a stark reminder of the growing threat posed by deepfake scams.

94
article thumbnail

Practical Steps to Securing Your OT Environment

Data Breach Today

Operational Technology (OT) security requires specialized strategies beyond traditional IT approaches.

Security 152
article thumbnail

[Cybersecurity Awareness Month] Responding to Cyber Incidents the ‘Inside Man’ Way: Fiona's Approach

KnowBe4

In a world where cybersecurity incidents are no longer a matter of if they will happen, but when, having a solid incident response plan is a critical component of cyber resilience and business continuity.

article thumbnail

How Top Tech CFOs Solve Annual Planning’s Biggest Challenges

Gearing up for 2025 annual planning? Our latest eBook from the Operators Guild is your ultimate guide. Discover real-world solutions and best practices shared by top CFOs, drawn directly from discussions within OG’s vibrant online community. Learn from senior executives at high-growth tech startups as they outline financial planning strategies, align CEO and board goals, and coordinate budgets across departments.

article thumbnail

Above the storms: How satellite tech can be a lifesaver during natural disasters

Collaboration 2.0

Hurricane Helene's devastation highlights a need for more people to have easier access to satellite messaging. Here are your options right now.

Access 98
article thumbnail

UMC Health System diverted patients following a ransomware attack

Security Affairs

US healthcare provider UMC Health System had to divert patients due to a network outage caused by a ransomware attack. On September 27, 2024, US healthcare provider UMC Health System announced an investigation into an IT outage across its network. UMC diverted patients for several days after taking IT systems offline following a ransomware attack. “However, out of an abundance of caution, we will continue to temporarily divert incoming emergency and non-emergency patients via ambulance to

article thumbnail

My favorite Garmin sports watch ever just got a new version, and it costs $200 less

Collaboration 2.0

The Enduro 2 was the battery champ a couple of years ago. The Enduro 3 now takes the title while launching for $200 less than its predecessor.

IT 97
article thumbnail

Notorious Evil Corp Hackers Targeted NATO Allies for Russian Intelligence

WIRED Threat Level

UK law enforcement and international partners have released new details about the cybercriminal gang Evil Corp, including its use of the Lockbit ransomware platform and ties to Russian intelligence.

article thumbnail

An Architect’s Guide for Selecting Scalable, Data-Layer Technologies

There’s no getting around it: selecting the right foundational data-layer components is crucial for long-term application success. That’s why we developed this white paper to give you insights into four key open-source technologies – Apache Cassandra®, Apache Kafka®, Apache Spark™, and OpenSearch® – and how to leverage them for lasting success. Discover everything you’ll want to know about scalable, data-layer technologies: Learn when to choose these technologies and when to avoid them Explore h

article thumbnail

Sick of ads on Android? Change these 5 settings for more privacy - fast

Collaboration 2.0

If you care about your phone privacy, consider tweaking these settings to prevent Android from targeting you with ads. Here's how.

Privacy 98
article thumbnail

7 Steps to Prepare for PCI DSS Audit Success

IT Governance

Organisations that process, transmit and/or store cardholder data or SAD (sensitive authentication data), or can affect their security, must comply with the PCI DSS (Payment Card Industry Data Security Standard). This is an international information security standard designed to: Enhance account data (cardholder data and SAD) security; and Facilitate the adoption of consistent data security measures globally.

article thumbnail

My favorite bone conduction headphones have 3 invaluable safety features

Collaboration 2.0

The Suunto Wing headphones are my new go-to for maintaining awareness of my surroundings while enjoying hours of motivating music.

98