August, 2024

article thumbnail

Global Cyber Agencies Unveil New Logging Standards

Data Breach Today

Logging Best Practices Guidance Aims to Enhance Global Detection and Response The Australian Signals Directorate's Australian Cyber Security Center released joint guidance with a cohort of international cyber agencies that aims to provide baseline standards for event logging and threat detection, amid a wave of high-profile attacks employing "living off the land" techniques.

Security 281
article thumbnail

National Public Data Published Its Own Passwords

Krebs on Security

New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today.

Passwords 356
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Black Hat Fireside Chat: User feedback, AI-infused email security are both required to deter phishing

The Last Watchdog

I recently learned all about the state-of-the art of phishing attacks – the hard way. Related: GenAI-powered attacks change the game An email arrived from the head of a PR firm whom I’ve known for 20 years asking me to click on a link to check out a proposal. Foolishly, I did so all too quickly. Within a few minutes, many of my contacts, and even strangers, were receiving a similar malicious email from me.

Phishing 289
article thumbnail

Make it Personal When People Slow Your InfoGov Roll

Weissman's World

You know as well as I that people-related issues – not those related to technology – tend to be the ones that stand most in the way of information governance success. Our problem is that we need them to understand, to make time for us, to change their thinking. To help them get there, we… Read More » Make it Personal When People Slow Your InfoGov Roll The post Make it Personal When People Slow Your InfoGov Roll appeared first on Holly Group.

IT 279
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

AI Readiness Assessment: Preparing Your Organization's Unstructured Data for the Future

AIIM

I recently had the pleasure of hosting a conversation with Rob Bogue, the core author of AIIM's new resource " Organizational Readiness for Generative AI: Leveraging Unstructured Data for Success." This assessment focuses on how to prepare unstructured data for AI implementation. In this blog post, I'll share key insights from our discussion and highlight the importance of this tool for information management professionals.

More Trending

article thumbnail

Suspected Ransom Cartel Operator Extradited to the US

Data Breach Today

Maksim Silnikau, aka 'J.P.Morgan,' Charged in New Jersey and Virginia Federal Court A pioneer of the ransomware-as-a-service model appeared in U.S. federal court Tuesday where he faces a slew of charges stemming from a nearly two-decade online career. Poland extradited Maksim Silnikau to the United States on Friday; authorities arrested him in a Spanish seaside town in 2023.

article thumbnail

NationalPublicData.com Hack Exposes a Nation’s Data

Krebs on Security

A great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named consumer data broker called NationalPublicData.com. This post examines what we know about a breach that has exposed hundreds of millions of consumer records.

article thumbnail

MY TAKE: Black Hat USA 2024’s big takeaway – GenAI factors into the quest for digital resiliency

The Last Watchdog

LAS VEGAS – Here’s what I discovered last week here at Black Hat USA 2024 : GenAI is very much in the mix as a potent X-factor in cybersecurity. Related: Prioritizing digital resiliency I spoke with over three dozen cybersecurity solution providers. Some of the more intriguing innovations had to do with leveraging GenAI/LLM-equipped chatbots as proprietary force multipliers.

article thumbnail

‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections

WIRED Threat Level

Researchers warn that a bug in AMD’s chips would allow attackers to root into some of the most privileged portions of a computer—and that it has persisted in the company’s processors for decades.

IT 145
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Overcoming Obstacles to Gen AI for Content Services

AIIM

While humans are critical to the success of AI initiatives, they may also present obstacles. In this blog post, we will walk through some of the challenges organizations face when implementing AI for content services.

article thumbnail

Hackers attempt to sell the personal data of 3 billion people resulting from an April data breach

Security Affairs

Jerico Pictures Inc., operating as National Public Data, exposed the personal information of nearly 3 billion individuals in an April data breach. A proposed class action claims that Jerico Pictures Inc., operating with the National Public Data, exposed the personal information of nearly 3 billion individuals in a data breach that occurred in April.

article thumbnail

Ransomware Hackers Steal Medical Insurance Data of 1M People

Data Breach Today

Young Consulting Says Health Data Exposed; Ransomware Group Leaked Stolen Data Young Consulting, which develops software for the stop-loss insurance market, is notifying 1 million individuals that their personal information was stolen earlier this year in a hack attack. The BlackSuit ransomware group, a rebrand of Royal, subsequently claimed credit and leaked stolen data.

Insurance 291
article thumbnail

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Krebs on Security

Malicious hackers are exploiting a zero-day vulnerability in Versa Director , a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon , a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United States and Asia during any future armed conflict with China.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Black Hat Fireside Chat: ‘Black Girls Hack’ emphasizes diversity as effective force multiplier

The Last Watchdog

When Tanisha Martin, a veteran software quality assurance analyst, sought to move over to a security team a few years ago, the doors should have been wide open, given the much-ballyhooed cybersecurity skills shortage. Related: Modernizing security training Instead, she ran into a rigid wall of shortsightedness. So, Martin taught herself ethical hacking skills and then founded Black Girls Hack to guide others down the trail she blazed.

article thumbnail

USPS Text Scammers Duped His Wife, So He Hacked Their Operation

WIRED Threat Level

The Smishing Triad network sends up to 100,000 scam texts per day globally. One of those messages went to Grant Smith, who infiltrated their systems and exposed them to US authorities.

Security 145
article thumbnail

How to Get Started with Gen AI for Information Management

AIIM

AIIM research shows that many organizations feel ready for AI, but encounter obstacles to implementation, especially a lack of available use cases. Where do organization start with Generative AI (Gen AI)?

article thumbnail

The Mad Liberator ransomware group uses social-engineering techniques

Security Affairs

New cybercrime group Mad Liberator is targeting AnyDesk users and runs a fake Microsoft Windows update screen to conceal data exfiltrating. The Sophos X-Ops Incident Response team warned that a new ransomware group called Mad Liberator is exploiting the remote-access application Anydesk for their attacks. The group was also spotted running a fake Microsoft Windows update screen to conceal data exfiltrating.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Credit Union Issues Belated MOVEit Data Breach Notification

Data Breach Today

Texas Credit Union Only Just Notifying 500,000 Members About May 2023 Data Theft Fifteen months after a massive supply-chain attack hit users of MOVEit secure file-transfer software, Texas Dow Employees Credit Union has issued a data breach notification pertaining to 500,474 victims, saying it only discovered last month their personally identifiable information got stolen.

article thumbnail

Local Networks Go Global When Domain Names Collide

Krebs on Security

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which are freely available for anyone to register.

article thumbnail

NEWS ANALYSIS Q&A: The early going of Generative AI and LLMs impacting cybersecurity

The Last Watchdog

The art of detecting subtle anomalies, predicting emergent vulnerabilities and remediating novel cyber-attacks is becoming more refined, day by day. Related: GenAI’s impact on elections It turns out that the vast datasets churned out by cybersecurity toolsets happen to be tailor-made for ingestion by Generative AI ( GenAI ) engines and Large Language Models ( LLMs.

article thumbnail

How Project 2025 Would Put US Elections at Risk

WIRED Threat Level

Experts say the “nonsensical” policy proposal, which largely aligns with Donald Trump’s agenda, would weaken the US agency tasked with protecting election integrity, critical infrastructure, and more.

Risk 28
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Embracing the Role of Educator: Guidance for Information Management Practitioners in the Era of AI

AIIM

As organizations explore the potential of AI, information management practitioners may face the challenge of being perceived as roadblocks rather than facilitators. However, by aligning Generative AI initiatives with business goals and promoting intentional adoption, these professionals can pivot into a critical educator role.

Education 145
article thumbnail

Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

Security Affairs

Many Google Pixel devices shipped since September 2017 have included a vulnerable app that could be exploited for malicious purposes. Many Google Pixel devices shipped since September 2017 have included dormant software that could be exploited by attackers to compromise them. Researchers form mobile security firm iVerify reported that the issue stems from a pre-installed Android app called “Showcase.apk,” which runs with excessive system privileges, allowing it to remotely execute co

Retail 143
article thumbnail

Breach Roundup: Ex-Verizon Worker Cops to Spying for China

Data Breach Today

Also: Turn in Volodymyr Kadariya, Get $2.5 Million from Uncle Sam This week, an ex-Verizon employee pleaded guilty, SonicWall fixed critical flaws,South Korean hackers exploited a zero-day, U.S. retailer Dick's Sporting Goods was breached, the U.S. government offered a big reward, Grok AI will send election queries to Vote.gov, and HIPAA is 28 years old.

Retail 289
article thumbnail

Six 0-Days Lead Microsoft’s August 2024 Patch Push

Krebs on Security

Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attackers. Image: Shutterstock. This month’s bundle of update joy from Redmond includes patches for security holes in Office ,NET , Visual Studio , Azure , Co-Pilot , Microsoft Dynamics , Teams , Secure Boot, and of course Windows itself.

Security 279
article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

Black Hat Fireside Chat: Why grasping the context of code is a recipe for keeping software secure

The Last Watchdog

President Biden’s call for the mainstreaming of Software Bill of Materials (SBOMs) is a major step forward. Related: Europe mandates resiliency Requiring a formal inventory of all components, libraries and modules in all business applications can help lock down software supply chains, especially in light of the SolarWinds and Colonial Pipeline attacks.

Security 173
article thumbnail

Nearly All Google Pixel Phones Exposed by Unpatched Flaw in Hidden Android App

WIRED Threat Level

A fix is coming, but data analytics giant Palantir says it’s ditching Android devices altogether because Google’s response to the vulnerability has been troubling.

Analytics 143
article thumbnail

What is the value of using Generative AI for Information Management?

AIIM

Information, or content, is nontabular, unstructured data. Sometimes called “dark data” it includes documents, emails, contracts, invoices, media, and other files that exist outside tabular data. Content is also the essential fuel for generative AI (Gen AI). Generative AI can also be used to better manage and find value in information. In this blog post, we’ll dive into the value of using generative AI to manage content.