November, 2023

article thumbnail

Researcher Claims to Crack RSA-2048 With Quantum Computer

Data Breach Today

As Ed Gerck Readies Research Paper, Security Experts Say They Want to See Proof A scientist claims to have developed an inexpensive system for using quantum computing to crack RSA, which is the world's most commonly used public key algorithm. If true, this would be a breakthrough that comes years before experts predicted. Now, they're asking for proof.

Paper 364
article thumbnail

It’s Still Easy for Anyone to Become You at Experian

Krebs on Security

In the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re-registered the accounts using a different email address. Sixteen months later, Experian clearly has not addressed this gaping lack of security. I know that because my account at Experian was recently hacked, and the only way I could recover access was by recreating the account.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST ESSAY: How the ‘Scattered Spiders’ youthful ring defeated MFA to plunder Vegas

The Last Watchdog

A hacking gang known as Scattered Spiders soundly defeated the cybersecurity defenses of MGM and Caesars casinos. Related: Russia puts the squeeze on US supply chain This cost the Las Vegas gambling meccas more than $100 million while damaging their reputations. As the companies face nine federal lawsuits for failing to protect customer data, it’s abundantly clear hackers have checkmated multi-factor authentication (MFA).

Passwords 310
article thumbnail

Denmark Hit With Largest Cyberattack on Record

Data Breach Today

Report Reveals How Hackers Targeted Danish Energy Infrastructure in Sweeping Attack Critical infrastructure operators across Denmark experienced the most extensive cybersecurity incident in Danish history earlier this year when hackers exploited zero-day vulnerabilities in firewalls meant to protect their networks from attacks, according to a new report published by SektorCERT.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Secretive White House Surveillance Program Gives Cops Access to Trillions of US Phone Records

WIRED Threat Level

A WIRED analysis of leaked police documents verifies that a secretive government program is allowing federal, state, and local law enforcement to access phone records of Americans who are not suspected of a crime.

Access 145

More Trending

article thumbnail

Thales Wins Big in 2023

Thales Cloud Protection & Licensing

Thales Wins Big in 2023 madhav Thu, 11/02/2023 - 05:09 Here at Thales, we are incredibly proud of what we do. Protecting our customers from cybersecurity threats brings us immense satisfaction, and being recognized for our efforts is both humbling and validating. 2023 has been a particularly good year for us; keep reading for a run-through of our most recent successes.

Cloud 139
article thumbnail

Managing AI risks and legal implications, effective cybersecurity, ensuring privacy and the integrity of organizational records

Data Protection Report

In a world where generative AI is driving innovation and technology is outpacing legislation, there’s a lot for companies to consider to maintain operational effectiveness and minimize risk. To help provide some guidance, Norton Rose Fulbright Canada hosted its 2023 technology, privacy and cybersecurity virtual summit. Our leading lawyers were joined by prominent industry leaders to discuss and explore the latest developments, challenges and opportunities in the technology, privacy, and cybersec

article thumbnail

10 cybersecurity questions for elected officials

CGI

Founded in 1976, CGI is among the largest IT and business consulting services firms in the world. We are insights-driven and outcomes-based to help accelerate returns on your investments.

article thumbnail

Security Firm COO Hacked Hospitals to Drum Up Business

Data Breach Today

Atlanta Man Pleads Guilty, Is Ordered to Pay $818,000 Restitution, May Avoid Prison The chief operating officer of an Atlanta-based cybersecurity firm has pleaded guilty and agreed to pay restitution of more than $818,000 in a federal criminal case in which he admitted hacking a Georgia medical center in 2018 in an effort to drum up business for his company.

Security 333
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

The CDC's Gun Violence Research Is in Danger

WIRED Threat Level

In a year pocked with fights over US government funding, Republicans are quietly trying to strip the Centers for Disease Control and Prevention of its ability to research gun violence.

article thumbnail

New SSH Vulnerability

Schneier on Security

This is interesting : For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the connection is being established. […] The vulnerability occurs when there are errors during the signature generation that takes place when a client and server are establishing a connection.

Paper 137
article thumbnail

DarkCasino joins the list of APT groups exploiting WinRAR zero-day

Security Affairs

The DarkCasino APT group leveraged a recently disclosed WinRAR zero-day vulnerability tracked as CVE-2023-38831. Researchers at cybersecurity firm NSFOCUS analyzed DarkCasino attack pattern exploiting the WinRAR zero-day vulnerability tracked as CVE-2023-38831. The economically motivated APT group used specially crafted archives in phishing attacks against forum users through online trading forum posts. “DarkCasino is an APT threat actor with strong technical and learning ability, who is g

Phishing 136
article thumbnail

Exploit for Critical Windows Defender Bypass Goes Public

Dark Reading

Threat actors were actively exploiting CVE-2023-36025 in Windows SmartScreen as a zero-day vulnerability before Microsoft patched it in November.

IT 145
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Top Four Security Tips for Cyber Safety on National Computer Security Day

KnowBe4

To celebrate National Computer Security Day , which is recognized on November 30 every year, KnowBe4 encourages all IT and security professionals to train their workforce how to stay safe from cybersecurity threats as the organization’s last line of defense.

Security 124
article thumbnail

Okta Breach Tied to Worker's Personal Google Account

Data Breach Today

Threat Actor Used Session Hijacking Technique to Access Files of 134 Okta Customers Days after announcing a security compromise, cloud-based Identity and authentication management provider Okta said that an unknown threat actor accessed files of 134 customers by after an employee signed in to a personal Google profile on the Chrome browser of an Okta-managed laptop.

article thumbnail

The Mirai Confessions: Three Young Hackers Who Built a Web-Killing Monster Finally Tell Their Story

WIRED Threat Level

Netflix, Spotify, Twitter, PayPal, Slack. All down for millions of people. How a group of teen friends plunged into an underworld of cybercrime and broke the internet—then went to work for the FBI.

Security 140
article thumbnail

AI assistants optimize automation with API-based agents

IBM Big Data Hub

Generative AI-powered assistants are transforming businesses through intelligent conversational interfaces. Capable of understanding and generating human-like responses and content, these assistants are revolutionizing the way humans and machines collaborate. Large Language Models (LLMs) are at the heart of this new disruption. LLMs are trained on vast amounts of data and can be used across endless applications.

IT 126
article thumbnail

The Big Payoff of Application Analytics

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

article thumbnail

Critical Zoom Room bug allowed to gain access to Zoom Tenants

Security Affairs

A critical vulnerability in Zoom Room allowed threat actors to take over meetings and steal sensitive data. Researchers at AppOms discovered a vulnerability in Zoom Room as part of the HackerOne live hacking event H1-4420. Zoom Rooms is a feature of the Zoom video conferencing platform designed to enhance collaboration in physical meeting spaces, such as conference rooms or huddle rooms.

Access 129
article thumbnail

Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice

Dark Reading

While China is already among the world's most formidable threat actors, a focus on exploiting public-facing appliances makes its state-sponsored APTs more dangerous than ever.

IT 130
article thumbnail

Australian Privacy Regulator Sues in Data Breach Case

Hunton Privacy

Patrick Gunning from King & Wood Mallesons reports that, on November 2, 2023, the Australian Information Commissioner filed proceedings in the Federal Court of Australia against Australian Clinical Labs Limited seeking a civil penalty ( i.e. , a fine) in connection with the company’s response to a data breach that occurred in February 2022. The case is significant because: (1) it is only the second time that the Australian regulator has brought court proceedings of this kind despite having t

article thumbnail

Ukraine Tracks a Record Number of Cyber Incidents During War

Data Breach Today

Hackers Steal CCTV Footage to Study Efficacy of Missile Strikes and Drone Attacks Ukraine's national computer emergency response team, CERT-UA, says it sees an increase in cyber incidents as Russia's invasion continues. While wiper attacks are ongoing, a rising Russian hacker tactic involves stealing private CCTV footage to study the efficacy of missile strikes and drone attacks.

IT 319
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

You Don’t Need to Turn Off Apple’s NameDrop Feature in iOS 17

WIRED Threat Level

Yes, your iPhone automatically turns on NameDrop with the latest software update. But you shouldn’t really be worried about it—regardless of what the police are saying.

IT 135
article thumbnail

Artificial Intelligence (Regulation) Bill: UK Private Members’ Bill underscores wide-spread regulatory concerns

Data Protection Report

A Private Members’ Bill, the Artificial Intelligence (Regulation) Bill (the Bill ), has been introduced into House of Lords (the UK’s upper House of the UK Parliament) and is currently at the second Parliamentary stage. The King’s Speech , which set out the agenda for the current Parliamentary session, did not contain any proposals from the Government for legislation on AI, a point that was highlighted by the House of Commons Science, Innovation and Technology Committee.

article thumbnail

Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure

Security Affairs

Google warns of multiple threat actors that are leveraging its Calendar service as a command-and-control (C2) infrastructure. Google warns of multiple threat actors sharing a public proof-of-concept (PoC) exploit, named Google Calendar RAT, that relies on Calendar service to host command-and-control (C2) infrastructure. Google Calendar RAT is a PoC of Command&Control (C2) over Google Calendar Events, it was developed red teaming activities. “To use GRC, only a Gmail account is require

article thumbnail

SEC Suit Ushers in New Era of Cyber Enforcement

Dark Reading

A federal push to enforce cybersecurity requirements is holding public companies and government contractors accountable as a matter of law and for national security.

article thumbnail

Use Cases for Apache Cassandra®

There’s a good reason why Apache Cassandra® is quickly becoming the NoSQL database of choice for organizations of all stripes. In this white paper, discover the key use cases that make Cassandra® such a compelling open source software – and learn the important pitfalls to avoid. From understanding its distributed architecture to unlocking its incredible power for industries like healthcare, finance, retail and more, experience how Cassandra® can transform your entire data operations.

article thumbnail

How to implement enterprise resource planning (ERP)

IBM Big Data Hub

Once your business has decided to switch to an enterprise resource planning (ERP) software system, the next step is to implement ERP. For a business to see the benefits of an ERP adoption it must first be deployed properly and efficiently by a team that typically includes a project manager and department managers as well. This process can be complicated and feel overwhelming, depending on the needs of your organization.

Cloud 123
article thumbnail

Info Stealers Thrive in Hot Market for Stolen Data

Data Breach Today

Browser Data, Crypto Wallets and Chat Apps Are Also Top Targets, Researchers Report Info-stealer malware built for stealing lucrative, sensitive data - including cryptocurrency wallet and remote access credentials - continues to remain popular for criminally inclined individuals. Researchers reports that RedLine, LokiBot, Mars and Aurora remain attackers' top info-stealer choices.

Marketing 319
article thumbnail

A Civil Rights Firestorm Erupts Around a Looming Surveillance Power Grab

WIRED Threat Level

Dozens of advocacy groups are pressuring the US Congress to abandon plans to ram through the renewal of a controversial surveillance program that they say poses an “alarming threat to civil rights.

Privacy 129