Thu.May 25, 2023

article thumbnail

OAuth Flaw Exposed Social Media Logins to Account Takeover

Data Breach Today

Now-Fixed Expo Framework API Vulnerability Posed Credential, Identity Theft Risks A new OAuth-related vulnerability in an open-source application development framework could expose Facebook, Google, Apple and Twitter users to account takeover, personal data leakage, identity theft, financial fraud and unauthorized actions on other online platforms, security researchers said.

article thumbnail

Information Management in Brazil

AIIM

I was in Brazil recently to keynote the Information Show in Sao Paulo. Traveling to and speaking at Information Management conferences is endlessly fascinating. One might think that, except for language and location, Brazilian information management professional would be similar to their counterparts in North America and Europe, and in some regards, they are, but the differences can be surprising.

ECM 104
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Mass Exploitation of Zyxel Network Appliances Underway

Data Breach Today

Mirai Botnet Targets Now-Patched Zyxel Flaw Versions of the Mirai botnet are targeting a vulnerability present in numerous Zyxel network devices. Zyxel patched the vulnerability in April but it's not clear how many users have applied the fix. Security experts warn the flaw appears to be exploited at a massive scale.

Security 152
article thumbnail

Russia's War in Ukraine Shows Cyberattacks Can Be War Crimes

Dark Reading

Ukraine's head of cybersecurity Victor Zhora says the world needs "efficient legal instruments to confront cyber terrorism.

article thumbnail

10 Rules for Managing Apache Cassandra

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

article thumbnail

Mitigating OT Security Risks: Focusing on Solutions, not Products

Data Breach Today

Michelle Balderson of OTORIO on How OT Security Is Now Perceived as a Business Risk OT security is being discussed in the board room as attackers adopt the use of AI and automation. Many organizations never fully implement the frameworks that define OT security maturity, and we need holistic solutions and platform approaches that address the operator's needs.

Risk 141

More Trending

article thumbnail

German Prosecutors Indict FinFisher Spyware Executives

Data Breach Today

Executives Accused of Selling Tool to Turkish Intel Via a Bulgarian Front Company German prosecutors on Monday indicted four executives of insolvent commercial spyware firm FinFisher for illegally exporting their hacking tool to Turkey. The indictment comes as a European Parliament committee concluded an investigation of bloc members' use of commercial spyware.

130
130
article thumbnail

Recipe For Disaster: The Year Tony Roma Married My Mom

Information Governance Perspectives

In T he Bastard of Beverly Hills , I tell a crazy story about the time my mother was married to restaurateur Tony Roma, and though it’s true to the best of my recollection, people shouldn’t get the wrong impression about him. Tony was a fine man. He was driven, charismatic, funny, and, like me, a bit of a romantic. You can read more about exactly what happened between us in the book, but the bottom line is that the chef didn’t deserve the hell I put him through during the short

IT 105
article thumbnail

Iranian Hackers Deploy New Ransomware Against Israeli Firms

Data Breach Today

Researchers Discover Moneybird Ransomware Strain, Warn of Growing Sophistication Security researchers discovered an Iran-linked APT group carrying out a new chain of ransomware attacks against Israeli organizations. Check Point said attackers surprisingly carried out most of the activity manually over RDP but warned they are growing better at coding malware and using tools.

article thumbnail

On the Poisoning of LLMs

Schneier on Security

Interesting essay on the poisoning of LLMs—ChatGPT in particular: Given that we’ve known about model poisoning for years, and given the strong incentives the black-hat SEO crowd has to manipulate results, it’s entirely possible that bad actors have been poisoning ChatGPT for months. We don’t know because OpenAI doesn’t talk about their processes, how they validate the prompts they use for training, how they vet their training data set, or how they fine-tune ChatGPT.

Paper 104
article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

article thumbnail

Breach Roundup: Patch Barracuda ESG Appliances ASAP

Data Breach Today

Also: Franklin Templeton, Teen DraftKings Hacker, Black Basta Claims Rheinmetall In the days between May 19 and May 25, the spotlight was on flaws in Barracuda Networks Email Security Gateway appliances, another GoAnywhere data breach that affected Franklin Templeton Canada and an American teenager out on bail and facing federal charges for hacking DraftKings accounts.

article thumbnail

Digitizing Records: Documentation

National Archives Records Express

Digitization project at Archives 1. National Archives Identifier: 184341402 This is the third in a series of posts supporting the publication of 36 CFR section 1236 subpart E – Digitizing Permanent Records. All of the posts have been collected under the 36 CFR Section 1236 category. Digitization has become a crucial component of record-keeping for government agencies.

article thumbnail

Cryptohack Roundup: Tornado Cash Hack

Data Breach Today

Also: Tornado Cash Lawsuit Heats Up, Inferno Drainer, Trezor and Celer Between May 19 and 25, a hacker took control of Tornado Cash and stole $1 million, plaintiffs in a Coinbase-bankrolled lawsuit pressed for summary judgment, attackers used crypto phishing as a service to steal $6 million, Trezor hot wallet was found to possibly be buggy and Celer patched a bug.

Phishing 130
article thumbnail

Changing Attitudes Towards GDPR Enforcement and Compliance: 2018 – 2023

IT Governance

Monday’s €1.2 billion fine for Meta – by far the biggest fine issued under the GDPR since it took effect five years ago – has been taken by many as a sign that the Regulation is at last beginning to be enforced with sufficient vigour. However, the Meta decision illustrates the ongoing difficult of applying a consistent approach to GDPR enforcement, particularly when it comes to cross-border and international data transfers.

GDPR 96
article thumbnail

10 Rules for Managing Apache Kafka

Without proper guidance, it’s easy to miss out on Kafka’s full capabilities. While not the easiest technology to optimize, Kafka rewards those willing to explore its depths. Under the hood, it is an elegant system for stream processing, event sourcing, and data integration. Download this white paper to learn the 10 critical rules that will help you optimize your Kafka system and unlock its full potential.

article thumbnail

AHA Tells HHS to 'Amend or Suspend' Web Tracking Guidance

Data Breach Today

Group Calls IP Addresses Under HIPAA 'Too Broad,' Posing Hardships on Hospitals The American Hospital Association is urging federal regulators to back off from recent guidance that treats patient IP addresses as protected health information, saying that the new rules would "reduce public access to credible health information" and create hardships for doctors and hospitals.

Access 130
article thumbnail

The industry observes OpenText

OpenText Information Management

It’s been a busy 2023 so far for OpenText. The first few months of the year have featured a major acquisition, significant technology innovations, new accolades and exciting in-person and virtual events. One important measure of this activity is how we are being discussed and described by the wider industry. In case you missed some … The post The industry observes OpenText appeared first on OpenText Blogs.

IT 94
article thumbnail

Zyxel firewall and VPN devices affected by critical flaws

Security Affairs

Zyxel fixed two critical flaws in multiple firewall and VPN products that can lead to remote code execution or cause a DoS condition. Zyxel addressed two critical buffer overflow vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010 , that affect several of its firewall and VPN products. A remote, unauthenticated attacker can can trigger the flaws to cause a denial-of-service (DoS) condition and remote code execution on vulnerable devices.

article thumbnail

CosmicEnergy Malware Emerges, Capable of Electric Grid Shutdown

Dark Reading

Russian code that could tamper with industrial machines and toggle RTUs on and off was floating around VirusTotal for years before being noticed. It raises new questions about the state of OT security.

article thumbnail

Navigating the Future: Generative AI, Application Analytics, and Data

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

article thumbnail

D-Link fixes two critical flaws in D-View 8 network management suite

Security Affairs

D-Link fixed two critical flaws in its D-View 8 network management suite that could lead to authentication bypass and arbitrary code execution. D-Link has addressed two critical vulnerabilities (CVSS score: 9.8) in its D-View 8 network management suite that could be exploited by remote attackers to bypass authentication and execute arbitrary code. The D-View network management suite allows customers to monitor performance, configure devices, and manage the network in an efficient way.

article thumbnail

UK ICO Publishes New Guidance on Subject Access Requests

Hunton Privacy

On May 24, 2023, the UK Information Commissioner’s Office (“ICO”) announced it published new guidance for businesses and employers on responding to subject access requests (“SARs”). The right of access, commonly referred to as a subject access request, gives someone the right to request a copy of their personal information from organizations. The ICO received over 15,000 complaints related to SARs during April 2022 and March 2023.

Access 92
article thumbnail

Google Cloud Bug Allows Server Takeover From CloudSQL Service

Dark Reading

Researchers could access sensitive data and steal secrets by exploiting a vulnerability in GCP's security layer, eventually running rampant in the environment.

Cloud 96
article thumbnail

Verizon Sends New Smishing Warning

KnowBe4

Verizon has renewed its warnings to customers about the threat of smishing, a social engineering approach that relies upon texts as opposed to other communication channels like the email used in phishing. The smishing problem may be smaller than the phishing problem, or the robocall nuisance, but it represents a comparable threat that organizations should address in their risk management process.

article thumbnail

Get Better Network Graphs & Save Analysts Time

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

article thumbnail

Lazarus Group Striking Vulnerable Windows IIS Web Servers

Dark Reading

The infamous North Korean APT group is using Log4Shell, the 3CX supply chain attack, and other known vectors to breach Microsoft Web servers.

97
article thumbnail

North Korea-linked Lazarus APT targets Microsoft IIS servers to deploy malware

Security Affairs

North Korea-linked APT group Lazarus actor has been targeting vulnerable Microsoft IIS servers to deploy malware. AhnLab Security Emergency response Center (ASEC) researchers reported that the Lazarus APT Group is targeting vulnerable versions of Microsoft IIS servers in a recent wave of malware-based attacks. Once discovered a vulnerable ISS server, the attackers leverage the DLL side-loading ( T1574.002 ) technique to execute a malicious DLL (msvcr100.dll) that they have placed in the same fol

article thumbnail

Red Hat Tackles Software Supply Chain Security

Dark Reading

The new Red Hat Trusted Software Supply Chain services help developers take a secure-by-design approach to build, deploy, and monitor software.

article thumbnail

5 things you need to know about BYOD security

Jamf

Considering a BYOD program? In this blog, we’ll discuss a few ways BYOD affects your organization's security posture.

article thumbnail

How Embedded Analytics Gets You to Market Faster with a SAAS Offering

Start-ups & SMBs launching products quickly must bundle dashboards, reports, & self-service analytics into apps. Customers expect rapid value from your product (time-to-value), data security, and access to advanced capabilities. Traditional Business Intelligence (BI) tools can provide valuable data analysis capabilities, but they have a barrier to entry that can stop small and midsize businesses from capitalizing on them.

article thumbnail

'Volt Typhoon' Breaks Fresh Ground for China-Backed Cyber Campaigns

Dark Reading

This is the first incident where a threat actor from the country appears to be laying the groundwork for disruptive attacks in the future, researchers say.

88
article thumbnail

China-linked APT Volt Typhoon targets critical infrastructure organizations

Security Affairs

A China-linked APT group, tracked as Volt Typhoon, breached critical infrastructure organizations in the U.S. and Guam without being detected. China-linked APT cyber espionage group Volt Typhoon infiltrated critical infrastructure organizations in the U.S. and Guam without being detected. The group managed to maintain access without being detected for as long as possible.

article thumbnail

Dangerous Regions: Isolating Branch Offices in High-Risk Countries

Dark Reading

Organizations must be cautious about how they interact with other regions around the world in order to operate safely in an at-times adversarial landscape.

Risk 86