September, 2024

article thumbnail

AI and Cyber Security: Innovations & Challenges

eSecurity Planet

As cyber threats become increasingly sophisticated, integrating artificial intelligence (AI) into cybersecurity is more than a passing trend — it’s a groundbreaking shift in protecting our digital assets. As cyber-attacks grow increasingly complex, leveraging AI becomes crucial for staying ahead of emerging threats. Let’s dive into how AI and cybersecurity are transforming in today’s highly modern and complex times, explore their benefits and challenges, and see how they shape the fu

Security 135
article thumbnail

US Pushes Ban on Chinese, Russian Tech in Connected Vehicles

Data Breach Today

Commerce Department Moves to Regulate Foreign Vehicle Tech Amid Security Fears The White House is proposing new regulations on connected vehicles that would prohibit manufacturers from importing software or hardware from the People's Republic of China and Russia, citing an ever-increasing threat landscape and heightened national security risks.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

This Windows PowerShell Phish Has Scary Potential

Krebs on Security

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While it’s unlikely that many programmers fell for this scam, it’s notable because less targeted versions of it are likely to be far more successful against the average Windows use

Phishing 292
article thumbnail

News alert: Seventh Sense unveils a revolutionary privacy solution — face-based PKI and ‘eID’

The Last Watchdog

Singapore, Sept. 10, 2024, CyberNewsWire — Seventh Sense , a pioneer in advanced cybersecurity solutions, announces the launch of SenseCrypt , a revolutionary new platform that sets a new standard in secure, privacy-preserving identity verification. SenseCrypt introduces a first-of-its-kind face-based public key infrastructure (PKI) and electronic identity (eID) solution.

Privacy 278
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug

WIRED Threat Level

Researchers found a flaw in a Kia web portal that let them track millions of cars, unlock doors, and start engines at will—the latest in a plague of web bugs that’s affected a dozen carmakers.

Privacy 145

More Trending

article thumbnail

Microsoft Is Adding New Cryptography Algorithms

Schneier on Security

Microsoft is updating SymCrypt , its core cryptographic library, with new quantum-secure algorithms. Microsoft’s details are here. From a news article : The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum standards formalized last month by the National Institute of Standards and Technology (NIST).

Libraries 129
article thumbnail

Redefining the Supply Chain in the Post-AI Era

Data Breach Today

How to Navigate the New Challenges and Opportunities AI has enabled supply chains to become more proactive and predictive. Through machine learning algorithms, natural language processing and advanced analytics, organizations can now forecast demand with greater accuracy, anticipate potential disruptions and optimize inventory management in real time.

Analytics 306
article thumbnail

The Dark Nexus Between Harm Groups and ‘The Com’

Krebs on Security

A cyberattack that shut down two of the top casinos in Las Vegas last year quickly became one of the most riveting security stories of 2023: It was the first known case of native English-speaking hackers in the United States and Britain teaming up with ransomware gangs based in Russia. But that made-for-Hollywood narrative has eclipsed a far more hideous trend: Many of these young, Western cybercriminals are also members of fast-growing online groups that exist solely to bully, stalk, harass and

Passwords 272
article thumbnail

2024 Cybersecurity Laws & Regulations

eSecurity Planet

Understanding and adhering to cybersecurity regulations is crucial for any organization as cyber threats evolve and become more sophisticated. The landscape of cybersecurity laws and regulations today is set to undergo significant changes, impacting businesses, government entities, and individuals alike. Let’s explore what to expect from the upcoming regulations, provide insights into critical federal and state laws, and offer practical compliance and risk management strategies.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

The Mystery of Hezbollah’s Deadly Exploding Pagers

WIRED Threat Level

At least eight people have been killed and more than 2,700 people have been injured in Lebanon by exploding pagers. Experts say the blasts point toward a supply chain compromise, not a cyberattack.

Security 136
article thumbnail

Tor Project responded to claims that law enforcement can de-anonymize Tor users

Security Affairs

The maintainers of the Tor Project have responded to claims that German police have devised a technique to deanonymize users. The maintainers of the Tor Project have responded to claims that German law enforcement has devised a technique to deanonymize its users. According to German media, law enforcement has infiltrated the anonymizing network and in at least one case they unmasked a criminal.

Privacy 136
article thumbnail

NIST Recommends Some Common-Sense Password Rules

Schneier on Security

NIST’s second draft of its “ SP 800-63-4 “—its digital identify guidelines—finally contains some really good rules about passwords: The following requirements apply to passwords: lVerifiers and CSPs SHALL require passwords to be a minimum of eight characters in length and SHOULD require passwords to be a minimum of 15 characters in length.

Passwords 122
article thumbnail

California Gov. Newsom Vetoes Hotly-Debated AI Safety Bill

Data Breach Today

Newsom Says Bill Not 'Flexible' Solution to Curb Catastrophic Risks California Gov. Gavin Newsom on Sunday vetoed a hotly-debated AI safety bill that would have pushed developers to implement measures to prevent "critical harms." The bill "falls short of providing a flexible, comprehensive solution to curbing the potential catastrophic risks," Newsom said.

Risk 305
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Crooked Cops, Stolen Laptops & the Ghost of UGNazi

Krebs on Security

A California man accused of failing to pay taxes on tens of millions of dollars allegedly earned from cybercrime also paid local police officers hundreds of thousands of dollars to help him extort, intimidate and silence rivals and former business partners, the government alleges. KrebsOnSecurity has learned that many of the man’s alleged targets were members of UGNazi , a hacker group behind multiple high-profile breaches and cyberattacks back in 2012.

article thumbnail

Tracelo Data Breach: 1.4 Million Records Exposed

eSecurity Planet

Data is the new gold, and breaches have become an unfortunate reality. A recent incident involving Tracelo, a popular smartphone geolocation tracking service, has exposed the personal information of over 1.4 million users. This breach, orchestrated by a hacker known as “Satanic,” highlights the vulnerability of even seemingly secure online platforms.

article thumbnail

Russia’s Most Notorious Special Forces Unit Now Has Its Own Cyber Warfare Team

WIRED Threat Level

Unit 29155 of Russia’s GRU military intelligence agency—a team responsible for coup attempts, assassinations, and bombings—has branched out into brazen hacking operations with targets across the world.

Military 135
article thumbnail

Hackers stole over $44 million from Asian crypto platform BingX

Security Affairs

Cybercriminals stole more than $44 million worth of cryptocurrency from the Singaporean crypto platform BingX. Singaporean crypto platform BingX reported a cyberattack on Friday. Threat actors stole over $44 million worth of cryptocurrency. The crypto platform discovered unauthorized transfers of funds on Thursday night, shortly before BingX announced a shutdown for “wallet maintenance” on social media. [ Temporary Wallet Maintenance Notice] ■ Schedule: ~24 hours ■ When maintenance i

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Australia Threatens to Force Companies to Break Encryption

Schneier on Security

In 2018, Australia passed the Assistance and Access Act, which—among other things—gave the government the power to force companies to break their own encryption. The Assistance and Access Act includes key components that outline investigatory powers between government and industry. These components include: Technical Assistance Requests (TARs): TARs are voluntary requests for assistance accessing encrypted data from law enforcement to teleco and technology companies.

article thumbnail

After CrowdStrike Outage: Time to Rebuild Microsoft Windows?

Data Breach Today

Global Outage Triggers Calls for 'Less-Invasive Access' to Essential Functions The global disruption caused by a faulty CrowdStrike software triggering a kernel panic and computer meltdowns has led government agencies, experts and vendors to call for rethinking Windows operating system resiliency, including the deep-level OS access security tools now require.

article thumbnail

Timeshare Owner? The Mexican Drug Cartels Want You

Krebs on Security

The FBI is warning timeshare owners to be wary of a prevalent telemarketing scam involving a violent Mexican drug cartel that tries to trick people into believing someone wants to buy their property. This is the story of a couple who recently lost more than $50,000 to an ongoing timeshare scam that spans at least two dozen phony escrow, title and realty firms.

Sales 258
article thumbnail

The Data Breach Disclosure Conundrum

Troy Hunt

The conundrum I refer to in the title of this post is the one faced by a breached organisation: disclose or suppress? And let me be even more specific: should they disclose to impacted individuals, or simply never let them know? I'm writing this after many recent such discussions with breached organisations where I've found myself wishing I had this blog post to point them to, so, here it is.

article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

Therapy Sessions Exposed by Mental Health Care Firm’s Unsecured Database

WIRED Threat Level

Video and audio of therapy sessions, transcripts, and other patient records were accidentally exposed in a publicly accessible database operated by the virtual medical company Confidant Health.

Access 129
article thumbnail

Critical RCE vulnerability found in OpenPLC

Security Affairs

Cisco’s Talos reported critical and high-severity flaws in OpenPLC that could lead to DoS condition and remote code execution. Cisco’s Talos threat intelligence unit has disclosed details of five newly patched vulnerabilities in OpenPLC, an open-source programmable logic controller. These vulnerabilities can be exploited to trigger a denial-of-service (DoS) condition or execute remote code.

article thumbnail

List of Old NSA Training Videos

Schneier on Security

The NSA’s “ National Cryptographic School Television Catalogue ” from 1991 lists about 600 COMSEC and SIGINT training videos. There are a bunch explaining the operations of various cryptographic equipment, and a few code words I have never heard of before.

FOIA 119
article thumbnail

What's Next for Secure Communication After Exploding Pagers?

Data Breach Today

No OpSec Measure Is Bulletproof to the Effects of a Corrupted Supply Chain Secure communications in an age of network insecurity has focused mostly on encryption and fears of surveillance tracking. But as this week revealed to the dismay of terrorists and criminals alike, no OpSec measure is bulletproof to the effects of a corrupted supply chain.

article thumbnail

How Top Tech CFOs Solve Annual Planning’s Biggest Challenges

Gearing up for 2025 annual planning? Our latest eBook from the Operators Guild is your ultimate guide. Discover real-world solutions and best practices shared by top CFOs, drawn directly from discussions within OG’s vibrant online community. Learn from senior executives at high-growth tech startups as they outline financial planning strategies, align CEO and board goals, and coordinate budgets across departments.

article thumbnail

What Is EDR in Cyber Security: Overview & Capabilities

eSecurity Planet

Endpoint detection and response (EDR) is an advanced safety system for detecting, investigating, and resolving cyber attacks on endpoints. It examines incidents, inspects behavior, and restores systems to their pre-attack state. EDR uses artificial intelligence, machine learning, and threat intelligence to dodge recurrences, allowing IT teams to neutralize attacks through threat hunting, behavioral analytics, and containment.

Security 109
article thumbnail

The Number of Ransomware Attacks Around the World Increased by 73% in 2023

KnowBe4

The number of ransomware attacks around the world increased by 73% in 2023, according to a new report by the Institute for Security and Technology’s Ransomware Task Force (RTF). These attacks opportunistically target organizations across all industries, but the hardest-hit sectors over the past two years have been construction, hospitals and health care, government, IT services and consulting, and financial services.

article thumbnail

The US Navy Is Going All In on Starlink

WIRED Threat Level

The Navy is testing out the Elon Musk–owned satellite constellation to provide high-speed internet access to sailors at sea. It’s part of a bigger project that’s about more than just getting online.

Access 129