Wed.Nov 15, 2023

article thumbnail

Medical Transcriber's Hack Breach Affects at Least 9 Million

Data Breach Today

Northwell Health Among Perry Johnson & Associates' Healthcare Clients Affected The number of healthcare organizations and patients affected by a recent data theft at medical transcription firm Perry Johnson & Associates is expanding: The company now says the breach affected the sensitive information of about 9 million people.

296
296
article thumbnail

Thank you and farewell

Data Protector

After a period of silence it's now time to close this blog. I've lost the motivation I once had to put my head above the data protection parapet. I'm no longer deeply engaged in issues that filled my working life and these days am much more interested in providing a decent home for my puppy. Others can engage in endless battles with people whose views are so very different to my own.

IT 120
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

FBI Says Enhanced Partnerships Help Combat Ransomware Surge

Data Breach Today

Bureau Touts ‘All-Time High’ Public-Private Coordination Despite Rise in Attacks FBI officials said Wednesday that the federal government is preventing advanced ransomware attacks targeting a range of institutions with the help of new information-sharing and victim engagement initiatives with organizations across the public and private sectors.

article thumbnail

New SSH Vulnerability

Schneier on Security

This is interesting : For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the connection is being established. […] The vulnerability occurs when there are errors during the signature generation that takes place when a client and server are establishing a connection.

Paper 133
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

European Telecom Body to Open-Source Radio Encryption System

Data Breach Today

ETSI Will Publicize Its Encrypted Protocol TETRA Used in Radio Systems The European telecom standards body behind a widely used radio encryption system will soon open-source its encryption protocols. The European Telecommunications Standards Institute on Tuesday said it will soon publish Terrestrial Trunked Radio, or TETRA, a European standard for radio communication.

More Trending

article thumbnail

EU's LIBE Rejects Mass Content Scanning in CSAM Proposal

Data Breach Today

Committee Amends Bill to State It Doesn't Prohibit or Weaken End-to-End Encryption A key European parliamentary committee on Tuesday voted to carve off encrypted communications from a legislative proposal directing online providers to diminish the risk of child sexual abuse material. The European Parliament's LIBE Committee emphatically rejected weakening end-to-end encryption.

article thumbnail

The QAnon Shaman Isn’t Even the Most Extreme Candidate in His Race for Congress

WIRED Threat Level

Jacob Chansley, the January 6 rioter known as the QAnon Shaman, will run for Congress in Arizona. The most remarkable thing about his campaign so far is how unremarkable it is in a state that’s embraced election conspiracies.

IT 119
article thumbnail

'AlphaLock' Hackers Launch 'Pen-Testing Training' Group

Dark Reading

With a two-pronged approach, the group trains its hackers in penetration testing, only to set them free to build a marketplace for pen-testing services.

IT 121
article thumbnail

Social Media Sleuths, Armed With AI, Are Identifying Dead Bodies

WIRED Threat Level

Poverty, fentanyl, and lack of public funding mean morgues are overloaded with unidentified bodies. TikTok and Facebook pages are filling the gap—with AI proving a powerful and controversial new tool.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Rackspace Ransomware Costs Soar to Nearly $12M

Dark Reading

Rackspace's 2022 ransomware attack costs only continue to mount, with lawsuits in the offing — and show the long-tail costs of a cyberattack.

article thumbnail

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

The FBI and CISA warn of attacks carried out by the Rhysida ransomware group against organizations across multiple industry sectors. FBI and CISA published a joint Cybersecurity Advisory (CSA) to warn of Rhysida ransomware attacks against organizations across multiple industry sectors. The report is part of the ongoing #StopRansomware effort that disseminates advisories about tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with ransomware groups.

article thumbnail

New ASD Cyber Threats Report Shows A Cybercrime Incident Is Reported in Australia Every Six Minutes

KnowBe4

The annual Cyber Threat Report by the Australian Signals Directorate (ASD) was released this week, containing insights that every Australian business and citizen should read. The ASD received 94,000 reports of cybercrimes over the past year, 23 percent more than the previous financial year.

article thumbnail

Critical flaw fixed in SAP Business One product

Security Affairs

Enterprise software giant SAP addressed a critical improper access control vulnerability in its Business One product. SAP November 2023 Security Patch Day includes three new and three updated security notes. The most severe “hot news” is an improper access control vulnerability, tracked as CVE-2023-31403 (CVSS score of 9.6), that impacts SAP Business One product installation. “SAP Business One installation – version 10.0, does not perform proper authentication and authori

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

AI-Manipulated Media Through Deepfakes and Voice Clones: Their Potential for Deception

KnowBe4

A report looking at consumer interactions with AI-manipulated media finds consumers are most likely to encounter deepfakes and voice clones on social media

article thumbnail

Google’s New Titan Security Key Adds Another Piece to the Password-Killing Puzzle

WIRED Threat Level

The new generation of hardware authentication key includes support for cryptographic passkeys as Google pushes adoption of the more secure login alternative.

Passwords 104
article thumbnail

Ready for Take-off: Rising Above Airport Cybersecurity Challenges

Thales Cloud Protection & Licensing

Ready for Take-off: Rising Above Airport Cybersecurity Challenges sparsh Thu, 11/16/2023 - 04:52 Aviation is a fast-paced world, with airports around the globe serving billions of passengers annually. These bustling hubs require robust security systems to ensure the safety of passengers, staff, and infrastructure. The entire passenger process, from check-in to boarding, involves multiple stakeholders, including government regulators, airport management, airline personnel, and on-premise security

article thumbnail

It’s Official: Scams Via Email and Text are Inescapable as Nearly Every American Receives Fake Messages Daily

KnowBe4

New findings show that not only are the overwhelming majority of people having to sort through scam messages and texts, but are finding it.

IT 106
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

EU Tightens Cybersecurity Requirements for Critical Infrastructure and Services

Dark Reading

Organizations in "essential" sectors have until October 2024 to comply with the Network and Information Systems Directive 2022 (NIS2).

article thumbnail

Watsonx: a game changer for embedding generative AI into commercial solutions

IBM Big Data Hub

IBM watsonx is changing the game for enterprises of all shapes and sizes, making it easy for them to embed generative AI into their operations. This week, the CEO of WellnessWits, an IBM Business Partner, announced they embed watsonx in their app to help patients ask questions about chronic disease and more easily schedule appointments with physicians.

Sales 90
article thumbnail

Oil Giant Aramco Drills Down on Saudi ICS Security

Dark Reading

Saudi Arabia's national oil and gas company is investing in an operational technology security training academy for organizations across the Kingdom.

article thumbnail

When Email Security Meets SaaS Security: Uncovering Risky Auto-Forwarding Rules via The Hacker News

IG Guru

Check out the article here. The post When Email Security Meets SaaS Security: Uncovering Risky Auto-Forwarding Rules via The Hacker News first appeared on IG GURU.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Combining Agentless and Agent-Based Cloud Security in CNAPPs

Dark Reading

Combining both approaches using a cloud-native application protection platform helps organizations make their cybersecurity holistic by tapping into richer automation and prioritization features.

Cloud 81
article thumbnail

Gamblers’ data compromised after casino giant Strendus fails to set password

Security Affairs

Mexican online casino Strendus has exposed sensitive user data, including home addresses and the amounts of money they spent on gambling. Strendus, one of the biggest online casinos in Mexico has exposed sensitive user data, including home addresses and the amounts of money they spent on gambling. The data was likely compromised by unauthorized actors.

article thumbnail

After Critical Bug Disclosures, TETRA Emergency Comms Code Goes Public

Dark Reading

After the encryption algorithm used by public safety, military, and governments globally was found to allow eavesdropping, standard maintainers are making TETRA open source.

article thumbnail

OpenText Cybersecurity 2023 Global Ransomware Survey: The risk perception gap

OpenText Information Management

The cyber landscape continues to evolve at lightning speed; attacks are more frequent and increasingly sophisticated. And while the use of large language models and generative AI in cybersecurity are still in the early stages, they open the door for attackers with lower skillsets to achieve new capabilities through the generation of malicious code, as … The post OpenText Cybersecurity 2023 Global Ransomware Survey: The risk perception gap appeared first on OpenText Blogs.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Defending Against Attacks on Vulnerable IoT Devices

Dark Reading

Organizations must approach cybersecurity as if they are defending themselves in a cyberwar.

IoT 103
article thumbnail

Law enforcement agencies dismantled the illegal botnet proxy service IPStorm

Security Affairs

The Federal Bureau of Investigation (FBI) dismantled the infrastructure behind the illegal botnet proxy service IPStorm. The IPStorm botnet was first uncovered in May 2019 while targeting Windows systems, not experts from Intezer reported that the bot evolved to infect other platforms, including Android, Linux, and Mac devices. IPStorm botnet continues to infect systems across the world, its size passed from around 3,000 infected systems in May 2019 to more than 13,500 devices in October 2020.

article thumbnail

Cyber Resilience Requires Maturity, Persistence & Board Engagement

Dark Reading

Women in Cyber Security Middle East highlight a requirement for resilience in the face of increased business and cyber challenges.