Wed.Sep 11, 2024

article thumbnail

French Cyber Agency Warns of APT28 Hacks Against Think Tanks

Data Breach Today

Report: North Korean, Russian, Chinese, Iranian Actors Are Targeting Research Orgs Russian state hackers are targeting think tanks studying strategic interests and the defense sector, warned the French cyber agency. A hacking group that officially is Unit 26165 of the Russian Main Intelligence Directorate appears to be Russia's most prolific targeter of think tanks.

171
171
article thumbnail

News alert: Opus Security’s new ‘Advanced Multi-Layered Prioritization Engine’ elevates VM

The Last Watchdog

Palo Alto, Calif., Sept.11, 2024, CyberNewsWire — Opus Security , the leader in unified cloud-native remediation, today announced the launch of its Advanced Multi-Layered Prioritization Engine , designed to revolutionize how organizations manage, prioritize and remediate security vulnerabilities. Leveraging AI-driven intelligence, deep contextual data and automated decision-making capabilities, this innovative engine helps organizations prioritize the most critical vulnerabilities, enhanci

Risk 100
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Why Hellman & Friedman Wants to Unload Checkmarx for $2.5B

Data Breach Today

More Competition, Ownership Turnover Among Peers Create an Appealing Time to Sell Hellman & Friedman has met with several investments banks in recent weeks and will choose one to run the sale process for Paramus, New Jersey-based Checkmarx, in which it hopes to get at least $2.5 billion, Calcalist reported. The private equity firm bought Checkmarx for $1.15 billion in April 2020.

Sales 164
article thumbnail

RansomHub ransomware gang relies on Kaspersky TDSKiller tool to disable EDR

Security Affairs

Researchers observed the RansomHub ransomware group using the TDSSKiller tool to disable endpoint detection and response (EDR) systems. The RansomHub ransomware gang is using the TDSSKiller tool to disable endpoint detection and response (EDR) systems, Malwarebytes ThreatDown Managed Detection and Response (MDR) team observed. TDSSKiller a legitimate tool developed by the cybersecurity firm Kaspersky to remove rootkits, the software could also disable EDR solutions through a command line script

article thumbnail

The Tumultuous IT Landscape is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Election Experts Still Demanding More Federal Cyber Support

Data Breach Today

State Officials, Security Experts Warn of Increased Cyberthreats Ahead of Vote Election security experts told Information Security Media Group the United States continues to lack adequate federal funding and resources to support state and local election information technology security efforts amid heightened global tensions and an ever-expanding threat landscape.

More Trending

article thumbnail

NoName Apparently Allies With RansomHub Operation

Data Breach Today

NoName Specializes in Long-Tail Exploits Up-and-coming online criminal extortion group RansomHub appears to have a new affiliate - NoName, a midtier actor whose main claim to fame so far has been impersonating the LockBit ransomware-as-a-service operation. NoName is known for exploiting years-old vulnerabilities.

article thumbnail

Adobe Patch Tuesday security updates fixed multiple critical issues in the company’s products

Security Affairs

Adobe addressed tens of vulnerabilities, including critical issues that could allow attackers to execute arbitrary code on Windows and macOS. Adobe Patch Tuesday security updates addressed multiple vulnerabilities in its products, including critical flaws that could allow attackers to execute arbitrary code on Windows and macOS systems. The most severe vulnerabilities are two critical memory corruption flaws in Acrobat and PDF Reader, tracked as CVE-2024-41869 (CVSS score of 7.8) and CVE-2024-45

Security 117
article thumbnail

Mental Health Records Database Found Exposed on Web

Data Breach Today

Cyber Researcher Reported Findings to Virtual Care Provider; Data Now Secured An AI-powered virtual care provider's unsecured database allegedly exposed thousands of sensitive mental health and substance abuse treatment records between patients and their counselors on the internet - where they were available to anyone, said the security researcher who discovered the trove.

Security 164
article thumbnail

Evaluating the Effectiveness of Reward Modeling of Generative AI Systems

Schneier on Security

New research evaluating the effectiveness of reward modeling during Reinforcement Learning from Human Feedback (RLHF): “ SEAL: Systematic Error Analysis for Value ALignment.” The paper introduces quantitative metrics for evaluating the effectiveness of modeling and aligning human values: Abstract : Reinforcement Learning from Human Feedback (RLHF) aims to align language models (LMs) with human values by training reward models (RMs) on binary preferences and using these RMs to fine-tu

Paper 117
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Geopolitical Tensions Fuel Growth in Cross-Border Fraud

Data Breach Today

ACAMS' Shilpa Arora on Global Financial Vulnerabilities and Regulatory Challenges Geopolitical tensions have heightened cross-border fraud, with criminals exploiting technological advances and regulatory gaps between countries. Shilpa Arora, head of anti-financial crime products at ACAMS, discusses ways banks can tackle cross-border fraud schemes.

156
156
article thumbnail

Legal Firms Increasingly Targeted by Phishing Attacks, Ransomware

KnowBe4

Researchers at Bitdefender warn that law firms are high-value targets for ransomware gangs and other criminal threat actors. Attackers frequently use phishing to gain initial access to an organization’s networks.

Phishing 106
article thumbnail

Bashing Windows Bugs, Take 2: Microsoft Restores Nixed Fixes

Data Breach Today

A Confused Update Process Reinstalled Old, Exploitable Windows 10 Components Microsoft has issued a slew of software updates to patch numerous flaws, including three zero-day vulnerabilities that are already being exploited via in-the-wild attacks. Another fix addresses a prior update that inadvertently reintroduced vulnerable components to Windows 10.

156
156
article thumbnail

Microsoft Patch Tuesday security updates for September 2024 addressed four actively exploited zero-days

Security Affairs

Microsoft Patch Tuesday security updates for September 2024 addressed 79 flaws, including four actively exploited zero-day flaws. Microsoft Patch Tuesday security updates for September 2024 addressed 79 vulnerabilities in Windows and Windows Components; Office and Office Components; Azure; Dynamics Business Central; SQL Server; Windows Hyper-V; Mark of the Web (MOTW); and the Remote Desktop Licensing Service.

Security 101
article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

article thumbnail

ColorTokens Strengthens Zero Trust With PureID Acquisition

Data Breach Today

PureID Passwordless Authentication Tool Will Boost ColorTokens Microsegmentation ColorTokens purchased PureID, expanding its zero trust framework with identity-based segmentation for cloud and hybrid environments. The acquisition focuses on securing cloud applications, microservices and APIs through advanced identity-based authentication.

article thumbnail

Forget the Talent Gap – It’s an Experience Gap

KnowBe4

South Africa’s cybersecurity workforce shortage mirrors global trends, but also faces local factors like underinvestment in basic education, underserved communities, digital literacy gaps and challenges with data access.

Education 101
article thumbnail

Buy 3 months of Xbox Game Pass Ultimate for $36 right now

Collaboration 2.0

Try or gift Xbox Game Pass for three months for 28% off and play over 100 games including Starfield, Forza Motorsport, and Football Manager 2024 on your Xbox, PC, or mobile device.

98
article thumbnail

Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM)

Security Affairs

Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM) that can let attackers achieve remote code execution on the core server Ivanti Endpoint Management (EPM) software is a comprehensive solution designed to help organizations manage and secure their endpoint devices across various platforms, including Windows, macOS, Chrome OS, and IoT systems.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Sony unveils PlayStation 5 Pro: Best features, pricing, release date, and everything else to know

Collaboration 2.0

Sony's new console sports a more powerful graphics card and a Super Resolution feature to improve visual fidelity greatly. Here's what else we know for now.

98
article thumbnail

Highline Public Schools school district suspended its activities following a cyberattack

Security Affairs

Highline Public Schools, a school district in Washington state, remains closed following a cyberattack that occurred two days ago. Two days ago Highline Public Schools (HPS), a school district in Washington state, suffered a cyber attack that caused a significant disruption of its activities. Highline Public Schools (HPS) is a public school district in King County, headquartered in Burien, Washington, it serves more than 18,000 students.

IT 89
article thumbnail

Lessons on international transfers to the US to organisations caught by the GDPR

Data Protection Report

The Dutch data protection authority, the Autoriteit Persoonsgegevens (AP) announced a fine of €290 million on Uber Technologies Inc. (UTI) and Uber B.V.,(UBV) (together Uber) with press releases in Dutch and English. The fine relates to the transfer of drivers’ personal data to the US. Uber has announced that it will appeal the fine. In 2024, with the EU-US Data Privacy Framework (DPF) in place, regulatory focus appears to have shifted from international transfers to other topics, such as artifi

GDPR 92
article thumbnail

Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM)

Security Affairs

Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM) that can let attackers achieve remote code execution on the core server Ivanti Endpoint Management (EPM) software is a comprehensive solution designed to help organizations manage and secure their endpoint devices across various platforms, including Windows, macOS, Chrome OS, and IoT systems.

article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

Apple Watch Series 10 vs. Apple Watch Series 9: Should you upgrade to the latest model?

Collaboration 2.0

The Apple Watch Series 10 has fresh features and a fresher design, but is it worth your money? Here's how it compares to last year's model.

IT 98
article thumbnail

Losses From Investment Scams have Increased Six-Fold Since 2021

KnowBe4

The Better Business Bureau (BBB) has observed a six-fold increase in losses from investment scams over the past three years. The BBB has received more than 4,000 reports of investment scams since 2020, with the median reported loss rising from $1,000 in 2021 to almost $6,000 in 2024.

article thumbnail

The AirPods Pro 3 may be your new fitness coach with a built-in heart rate sensor

Collaboration 2.0

A leak reveals that future Apple earbuds may help you keep better track of your health; however, the pair won't be out for a while.

98
article thumbnail

The Importance of IAM in Critical Infrastructure

Thales Cloud Protection & Licensing

The Importance of IAM in Critical Infrastructure madhav Thu, 09/12/2024 - 06:23 Over the past year, the world's critical infrastructure (CI) - including energy, healthcare, finance, communications, manufacturing, and transport - has suffered a constant barrage of attacks. The 2024 Thales Data Threat Report, Critical Infrastructure Edition , revealed that almost 93% of CI respondents reported increased attacks.

article thumbnail

Launching LLM-Based Products: From Concept to Cash in 90 Days

Speaker: Christophe Louvion, Chief Product & Technology Officer of NRC Health and Tony Karrer, CTO at Aggregage

Christophe Louvion, Chief Product & Technology Officer of NRC Health, is here to take us through how he guided his company's recent experience of getting from concept to launch and sales of products within 90 days. In this exclusive webinar, Christophe will cover key aspects of his journey, including: LLM Development & Quick Wins 🤖 Understand how LLMs differ from traditional software, identifying opportunities for rapid development and deployment.

article thumbnail

This change to Android notifications might not be popular with everyone

Collaboration 2.0

Google might change how you access notifications and Quick Settings in a way that could be divisive.

Access 98
article thumbnail

OpenText Named a Leader in the IDC MarketScape for Intelligent Content Services

OpenText Information Management

Every organization must be prepared for the next era of productivity in which knowledge work is fueled by automation and AI. But while you may be feeling pressured to get started and secure some quick wins to drive growth and differentiation, the best GenAI experiences must be built on top of quality data and a great enterprise content management strategy to realize GenAI’s full potential and value.

article thumbnail

Windows 11 21H2 and 22H2 reach end of support: Update now, or else

Collaboration 2.0

The last two versions of Windows 11 are no longer supported by Microsoft, so you'll need the latest edition to stay fully protected. Here's how to find out which version you're running.

98