Dark Reading
APRIL 20, 2023
A bug in how Google Cloud Platform handles OAuth tokens opened the door to Trojan apps that could access anything in users' personal or business Google Drives, Photos, Gmail, and more.
Data Breach Today
APRIL 8, 2023
Apple Recommends Immediate Updating Due to Extensive List of Affected Devices Apple issued security updates to address two zero-day vulnerabilities being actively exploited in the wild and targeting iPads, Macs and iPhones. Both vulnerabilities can lead to arbitrary code execution, but Apple said it found no exploits related to cybercrime or nation-state groups.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
APRIL 4, 2023
Several domain names tied to Genesis Market , a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. Sources tell KrebsOnsecurity the domain seizures coincided with “dozens” of arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly
Data Breach Today
APRIL 24, 2023
James E. Lee Shares 2023 Q1 Data Breach Report Highlights According to findings from the Identity Theft Resource Center's 2023 Q1 Data Breach Report, the number of publicly reported data compromises decreased, but the number of data breaches with no actionable information about the root cause of the compromise grew.
Speaker: Travis Addair, Co-Founder and CTO at Predibase
Large Language Models (LLMs) such as ChatGPT offer unprecedented potential for complex enterprise applications. However, productionzing LLMs comes with a unique set of challenges such as model brittleness, total cost of ownership, data governance and privacy, and the need for consistent, accurate outputs. Putting the right LLMOps process in place today will pay dividends tomorrow, enabling you to leverage the part of AI that constitutes your IP – your data – to build a defensible AI strategy for
Dark Reading
APRIL 13, 2023
There are plenty of AD objects and groups that should be considered tier zero in every environment, but some will vary among organizations.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
AIIM
APRIL 11, 2023
When Tony invited me to write a guest blog for AIIM, I planned to write a techie piece on the latest document AI news. I was even tempted to ask ChatGPT to write one in the style of Monty Python. You’ll be pleased to know that moment of temporary insanity quickly passed. Instead of techie talk, I would like to tell you a story about the secret value of AIIM and why I think it’s vital that we all pitch in and help Tori Miller Liu and the team to move AIIM forward.
Jamf
APRIL 21, 2023
Learn about the macOS malware variant discovered by Jamf Threat Labs named 'RustBucket' What it does, how it works to compromise macOS devices, where it comes from and what administrators can do to protect their Apple fleet.
Krebs on Security
APRIL 27, 2023
A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in.
Data Breach Today
APRIL 11, 2023
The Spyware Can Record Audio, Take Pictures, Track Locations and Steal Passwords A low-profile Israeli advanced spyware firm used a suspected zero-day to surveil the lives of journalists, political opposition figures and a nongovernmental organization worker across multiple continents, say researchers from the Citizen Lab and Microsoft.
Speaker: Keith Kmett, Principal CX Advisor at Medallia
Join Keith Kmett, Principal CX Advisor, in this new webinar that will focus on: Understanding CX Orchestration Fundamentals: Gain a solid understanding of what CX orchestration is, its significance in the customer experience landscape, and how it plays a crucial role in shaping customer journeys. This includes the key concepts, strategies, and best practices involved in CX orchestration. 🔑 Connection to Customer Journey Maps: How to effectively integrate customer journey mapping into the
Dark Reading
APRIL 5, 2023
Using only ChatGPT prompts, a Forcepoint researcher convinced the AI to create malware for finding and exfiltrating specific documents, despite its directive to refuse malicious requests.
IT Governance
APRIL 18, 2023
Data minimisation is a key part of information security and the GDPR (General Data Protection Regulation) in particular. Its principles are at the heart of effective data protection practices, and are intended to prevent privacy breaches and minimise the damage when security incidents occur. What is data minimisation? Data minimisation requires organisations to process personal data only if it serves a specific purpose, and to retain it for only as long as it’s needed to meet that purpose.
Thales Cloud Protection & Licensing
APRIL 13, 2023
Post-Quantum Cryptography (PQC): Three Easy Ways to Prepare madhav Fri, 04/14/2023 - 06:05 The infamous Y2K “disaster” was successfully averted because people paid heed and prepared well in advance. Likewise, many Post-Quantum Computing (PCQ) security concerns can be addressed ahead of time with proper planning. Organizations that rely on data security and protection need to start preparing and refining strategies immediately.
Jamf
APRIL 17, 2023
Jamf Threat Labs examines two sophisticated spyware attacks and provides recommendations for organizations to defend users from increasingly complex threats.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Krebs on Security
APRIL 20, 2023
We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. The lengthy, complex intrusion has all the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks.
Data Breach Today
APRIL 20, 2023
Mandiant Concludes 3CX Hack Was Result of Earlier Hack on Trading Software Maker North Korean hackers' software supply chain attack on desktop phone developer 3CX was the fruit of a separate and previously undisclosed supply chain attack on a financial trading software maker, is the conclusion of the Mandiant forensics team brought in to investigate.
WIRED Threat Level
APRIL 27, 2023
No matter what happens with generative AI, its disruptive forces are already beginning to play a role in the fast-approaching US presidential race.
IT Governance
APRIL 20, 2023
The fallout from Capita’s so-called “cyber incident” last month has been slow and damning. After weeks of insisting that criminal hackers had merely disrupted internal systems, the outsourcing giant has confirmed this week that the damage was more than just an ‘incident’. It was, in fact, ransomware. Capita is one of the largest public-sector service providers in the UK, with £6.5 billion in contracts managing systems such as the BBC licence fee and the London congestion charge.
Advertisement
There’s a good reason why Apache Cassandra® is quickly becoming the NoSQL database of choice for organizations of all stripes. In this white paper, discover the key use cases that make Cassandra® such a compelling open source software – and learn the important pitfalls to avoid. From understanding its distributed architecture to unlocking its incredible power for industries like healthcare, finance, retail and more, experience how Cassandra® can transform your entire data operations.
Dark Reading
APRIL 18, 2023
Researchers warn about a dangerous wave of unwiped, secondhand core-routers found containing corporate network configurations, credentials, and application and customer data.
Hunton Privacy
APRIL 18, 2023
On April 13, 2023, the Indiana Senate concurred to the Indiana House’s amendments of Senate Bill 5 (“SB 5”) a day after the House returned the bill to the Senate with amendments, and a couple days after the Indiana House unanimously voted to approve SB 5. SB 5 now will head to Governor Eric Holcomb for a final signature, where he will have seven days upon transmission to sign SB 5 into law or veto it.
Krebs on Security
APRIL 14, 2023
KrebsOnSecurity received a nice bump in traffic this week thanks to tweets from the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) about “ juice jacking ,” a term first coined here in 2011 to describe a potential threat of data theft when one plugs their mobile device into a public charging kiosk. It remains unclear what may have prompted the alerts, but the good news is that there are some fairly basic things you can do to avoid having to worry
Data Breach Today
APRIL 3, 2023
Online Services Are Offline Hard disk drive maker Western Digital disclosed a hacking incident the company says likely resulted in data theft. Online services offered by the California company - including personal and enterprise cloud storage and email and push notifications - are down as of publication.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
WIRED Threat Level
APRIL 19, 2023
The breach of the right-wing provocateur was simply a way of “stirring up some drama,” the attacker tells WIRED. But the damage could have been much worse.
OpenText Information Management
APRIL 24, 2023
As information expands exponentially, it is becoming more complex and extensive than ever before. To remain competitive, organizations must explore new ways of harnessing information – to not only power and protect it – but to innovate, ramp up growth, and increase speed to market. Since the acquisition of Micro Focus 90 days ago, OpenText … The post Announcing OpenText Cloud Editions (CE) 23.2 appeared first on OpenText Blogs.
Dark Reading
APRIL 19, 2023
Unsophisticated attackers can pinpoint where a person lives by lifting metadata from Strava and other apps, even if they're using a feature specifically aimed at protecting their location information.
eSecurity Planet
APRIL 7, 2023
Kali Linux turns 10 this year, and to celebrate, the Linux penetration testing distribution has added defensive security tools to its arsenal of open-source security tools. It remains to be seen if Kali Purple will do for defensive open source security tools what Kali Linux has done for open source pentesting, but the addition of more than 100 open source tools for SIEM , incident response , intrusion detection and more should raise the profile of those defensive tools.
Advertisement
Are you thinking of adding enhanced data matching and relationship detection to your product or service? Do you need to know more about what to look for when assessing your options? The Senzing Entity Resolution Buyer’s Guide gives you step-by-step details about everything you should consider when evaluating entity resolution technologies. You’ll learn about use cases, technology and deployment options, top ten evaluation criteria and more.
Krebs on Security
APRIL 18, 2023
For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service. In this post we’ll examine clues left behind over the past decade by the proprietor of Faceless, including some that may help put a face to the name.
Data Breach Today
APRIL 12, 2023
Attackers Drop Nokoyawa Ransomware; Experts See Increasing Criminal Sophistication Microsoft has issued fixes for 114 vulnerabilities, including patching a zero-day flaw being actively exploited by a ransomware group and updating guidance to block a vulnerability from 2013 that was recently exploited for the software supply chain attack on 3CX users, attributed to North Korea.
WIRED Threat Level
APRIL 3, 2023
An agency database WIRED obtained reveals widespread use of so-called 1509 summonses that experts say raises the specter of potential abuse.
Expert insights. Personalized for you.
144 
Let's personalize your content