Wed.Sep 20, 2023

article thumbnail

Don't Let AI Frenzy Lead to Overlooking Security Risks

Data Breach Today

Successful AI Implementation Requires a Secure Foundation, Attention to Regulations The private sector's frenzy to incorporate generative AI into products is leading companies to overlook basic security practices, a Google executive warned Tuesday. "Most people are still struggling with the basics," said John Stone, whose title at Google Cloud is "chaos coordinator.

Risk 316
article thumbnail

Black Hat Fireside Chat: Flexxon introduces hardened SSD drives as a last line defense

The Last Watchdog

Creating ever smarter security software to defend embattled company networks pretty much sums up the cybersecurity industry. Related: The security role of semiconductors Cutting against the grain, Flexxon , a Singapore-based supplier of NAND memory drives and storage devices, arrived at Black Hat USA 2023 calling for a distinctive hardware approach to repelling cyber attacks.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Why Palo Alto Is Eyeing Secure Browser Firm Talon for $600M

Data Breach Today

Talon Is in Line for a 9-Figure Deal Just 29 Months After Emerging From Stealth Last year's winner of RSA Conference's prestigious Innovation Sandbox contest could soon be acquired by Palo Alto Networks, according to Calcalist. The platform security behemoth is in advanced negotiations to purchase enterprise browser startup Talon Cyber Security for $600 million, Calcalist said.

Security 289
article thumbnail

Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions

Security Affairs

Pro-Russia hacker group NoName is suspected to have launched a cyberattack that caused border checkpoint outages at several Canadian airports. A massive DDoS cyber attack, likely carried out by Pro-Russia hacker group NoName , severely impacted operations at several Canadian airports last week, reported Recorded Future News. Canada Border Services Agency (CBSA) was able to mitigate the attack after a few hours.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Feds Warn Health Sector of Lazarus Group Attacks

Data Breach Today

HHS: North Korean-Sponsored Group Is Exploiting Critical Zoho ManageEngine Flaw Federal authorities are warning of "significant risk" for potential attacks on healthcare and public health sector entities by the North Korean state-sponsored Lazarus Group involving exploitation of a critical vulnerability in 24 Zoho ManageEngine products.

Risk 288

More Trending

article thumbnail

ISMG Editors: London Summit - AI Tech and Incident Response

Data Breach Today

Also: The CISO's Role in AI Rollouts; Responding to Ransomware; Liability Concerns This week, ISMG editors covered the hot topics at ISMG's London Cybersecurity Summit 2023, including the technical landscape of AI, executive liability, incident response strategies in the face of a global ransomware attack and how to build personal resilience to avoid burnout.

article thumbnail

Experts found critical flaws in Nagios XI network monitoring software

Security Affairs

Researchers discovered multiple vulnerabilities in the Nagios XI network and IT infrastructure monitoring and management solution. Researchers discovered four vulnerabilities (CVE-2023-40931, CVE-2023-40932, CVE-2023-40933, CVE-2023-40934) in the Nagios XI network and IT infrastructure monitoring solution that could lead to information disclosure and privilege escalation.

Passwords 133
article thumbnail

UK Parliament Approves Online Safety Bill

Data Breach Today

Cabinet Ministers Call on Facebook to Stop Rollout of Encrypted Messaging A day after the British Parliament approved a bill intended to eradicate child abuse content, cabinet officials called on social media giant Meta to halt a rollout of end-to-end encryption. Meta hasn't provided assurances that it will safeguard users, charged Home Secretary Suella Braverman.

article thumbnail

On the Cybersecurity Jobs Shortage

Schneier on Security

In April, Cybersecurity Ventures reported on extreme cybersecurity job shortage: Global cybersecurity job vacancies grew by 350 percent, from one million openings in 2013 to 3.5 million in 2021, according to Cybersecurity Ventures. The number of unfilled jobs leveled off in 2022, and remains at 3.5 million in 2023, with more than 750,000 of those positions in the U.S.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Financially Motivated Hacks by Chinese-Speaking Actors Surge

Data Breach Today

These Hackers May Equal or Surpass Threat Posed by Russian Hackers, Researchers Say Chinese-speaking hackers associated with criminal activity have redoubled efforts to target compatriots with malware to remotely control victim computers, pointing to a worrying surge in financially driven activity in the Sino cyber underworld, say researchers at Proofpoint.

270
270
article thumbnail

The dark web drug marketplace PIILOPUOTI was dismantled by Finnish Customs

Security Affairs

Finnish police announced the takedown of the dark web marketplace PIILOPUOTI which focuses on the sale of illegal narcotics. Finnish Customs announced the seizure of the dark web marketplace Piilopuoti as part of an international law enforcement operation. The dark web marketplace PIILOPUOTI has been active since May 18, 2022. “The site operated as a hidden service in the encrypted Tor network.

Sales 122
article thumbnail

WatchGuard Buys CyGlass to Bring NDR to Midmarket Customers

Data Breach Today

M&A Gives WatchGuard Clients More Visibility Into East-West Traffic, Cloud Activity WatchGuard purchased a Massachusetts company to extend network detection and response capabilities traditionally reserved for high-end enterprises to the midmarket through MSPs. The deal gives WatchGuard clients more visibility into east-west network traffic and activity taking place on the cloud.

Cloud 173
article thumbnail

GitLab addressed critical vulnerability CVE-2023-5009

Security Affairs

GitLab rolled out security patches to address a critical vulnerability, tracked as CVE-2023-5009, that can be exploited to run pipelines as another user. GitLab has released security patches to address a critical vulnerability, tracked as CVE-2023-5009 (CVSS score: 9.6), that allows an attacker to run pipelines as another user. The issue resides in GitLab EE and affects all versions starting from 13.12 and prior to 16.2.7, all versions starting from 16.3 before 16.3.4. “An issue has been

Access 120
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Fake WinRAR PoC Exploit Conceals VenomRAT Malware

Dark Reading

A supposed exploit for a notable RCE vulnerability in the popular Windows file-archiving utility delivers a big sting for unwitting researchers and cybercriminals.

Archiving 122
article thumbnail

International Criminal Court hit with a cyber attack

Security Affairs

A cyberattack hit the International Criminal Court (ICC) disclosed a cyberattack this week, its systems were compromised last week. The International Criminal Court (ICC) announced that threat actors have breached its systems last week. The experts at the International Criminal Court discovered the intrusion after having detected anomalous activity affecting its information systems.

article thumbnail

FBI, CISA Issue Joint Warning on 'Snatch' Ransomware-as-a-Service

Dark Reading

The group's use of malware that forces Windows computers to reboot into Safe Mode before encrypting files is noteworthy, advisory says.

article thumbnail

Data Breach Costs Rise, But Cybersecurity Pros Still Take Risks

KnowBe4

The latest data from IBM shows that the average cost of a data breach has gone up by 2% to a whopping $4.45 million. You would think that in the cybersecurity industry, people would be all about safety and security, right? I mean, it's literally in the name.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Changing Role of the CISO: A Holistic Approach Drives the Future

Dark Reading

The CISO's role has grown far beyond supervising Patch Tuesday to focus on prevention and response and to cover people, processes, and technology.

109
109
article thumbnail

TikTok Impersonations of Elon Musk Scam Victims of Their Bitcoin

KnowBe4

There’s been a surge of Elon Musk-themed cryptocurrency scams on TikTok, BleepingComputer reports. The scammers inform the victims that they can claim their reward after spending a small amount of bitcoin (about $132) to activate their account.

article thumbnail

What can AI and generative AI do for governments?

IBM Big Data Hub

Few technologies have taken the world by storm the way artificial intelligence (AI) has over the past few years. AI and its many use cases have become a topic of public discussion no longer relegated to tech experts. AI—generative AI, in particular—has tremendous potential to transform society as we know it for good, boost productivity and unlock trillions in economic value in the coming years.

article thumbnail

Scam-as-a-Service Classiscam Expands Impersonation in Attacks to Include Over 250 Brands

KnowBe4

Now entering its third year in business, the phishing platform, Classicam, represents the highest evolution of an “as a service” cybercrime, aiding more than 1000 attack groups worldwide.

Phishing 113
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Spear phishing vs. phishing: what’s the difference?

IBM Big Data Hub

The simple answer: spear phishing is a special type of phishing attack. Phishing is any cyberattack that uses malicious email messages, text messages, or voice calls to trick people into sharing sensitive data (e.g., credit card numbers or social security numbers), downloading malware, visiting malicious websites, sending money to the wrong people, or otherwise themselves, their associates or their employers.

article thumbnail

Tighter Policies Mixed with Higher Costs Are Creating a Cyber Insurance Gap

KnowBe4

New data on the state of cyber insurance shows that it’s becoming more difficult to get a policy, and the organizations obtaining one share that circumstances could cause denial of claims.

Insurance 109
article thumbnail

Pro-Iranian Attackers Target Israeli Railroad Network

Dark Reading

The group known as "Cyber Avengers" has targeted other Israeli services in the past and often publishes technical details of its hits.

IT 104
article thumbnail

USPS Customers Become the Latest Target of the Chinese Smishing Group Called “Smishing Triad”

KnowBe4

New SMS-based phishing attack uses a new smishing kit-as-a-service to impersonate the U.S. Postal Service intent on trick victims into giving up credit.

Phishing 117
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

'Culturestreak' Malware Lurks Inside GitLab Python Package

Dark Reading

The GitLab code hijacks computer resources to mine Dero cryptocurrency as part of a larger cryptomining operation.

Mining 110
article thumbnail

Foundational models at the edge

IBM Big Data Hub

Foundational models (FMs) are marking the beginning of a new era in machine learning (ML) and artificial intelligence (AI) , which is leading to faster development of AI that can be adapted to a wide range of downstream tasks and fine-tuned for an array of applications. With the increasing importance of processing data where work is being performed, serving AI models at the enterprise edge enables near-real-time predictions, while abiding by data sovereignty and privacy requirements.

Cloud 83
article thumbnail

GitLab Users Advised to Update Against Critical Flaw Immediately

Dark Reading

The bug has a CVSS score of 9.6 and allows unauthorized users to compromise private repositories.

116
116