June, 2024

article thumbnail

On the Future of Cybersecurity in Hybrid Cloud Environments

Data Breach Today

An Interview with Gigamon's Chief Security Officer, Chaim Mazal Chief Information Security Officers (CISOs) face unprecedented challenges in their efforts to protect their organizations against a rising tide of increasingly sophisticated cyberthreats.

Cloud 254
article thumbnail

RSAC Fireside Chat: Seclore advances ‘EDRM’ by aligning granular controls onto sensitive data

The Last Watchdog

Digital rights management ( DRM ) has come a long way since Hollywood first recognized in the 1990s that it needed to rigorously protect digital music and movies. By the mid-2000s a branch called enterprise digital rights management ( EDRM ) cropped up to similarly protect sensitive business information. Today, businesses amass vast amounts of business-critical data – at a pace that’s quickening as GenAI takes hold.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. The Spanish daily Murcia Today reports the suspect was wanted by the FBI and arrested in Palma de Mallorca as he tried to board a flight to Italy.

Phishing 275
article thumbnail

Assessing Information Management Programs for Mergers & Acquisitions

AIIM

I was curious about how organizations cope with information management during a merger and acquisition process. What I discovered when I asked our members in AIIM’s Online Community, is that it’s common during the aftermath of a merger and acquisition to be presented with a dilemma of what to do with the two different information management programs of the merging organizations.

176
176
article thumbnail

The Tumultuous IT Landscape Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

LockBit claims the hack of the US Federal Reserve

Security Affairs

The Lockbit ransomware group announced that it had breached the US Federal Reserve and exfiltrated 33 TB of sensitive data. The Lockbit ransomware group announced that it had breached the systems of Federal Reserve of the United States and exfiltrated 33 TB of sensitive data, including “Americans’ banking secrets.” The Lockbit ransomware group added the Federal Reserve to the list of victims on its Tor data leak site and threatened to leak the stolen data on 25 June, 2024 20:27

More Trending

article thumbnail

Researchers Uncover Chinese Hacking Cyberespionage Campaign

Data Breach Today

Chinese Threat Actor 'Velvet Ant' Evaded Detection for Years in Victim Network A Chinese threat actor used state-sponsored techniques to carry out a cyberespionage campaign targeting a major organization's networks after exploiting legacy technology to gain multiple footholds across the enterprise infrastructure, researchers said in a Monday blog post.

259
259
article thumbnail

RSAC Fireside Chat: Jscrambler levels-up JavaScript security, slows GenAI-fueled privacy loss

The Last Watchdog

Could we be on the verge of Privacy Destruction 2.0, thanks to GenAI? Related: Next-level browser security That’s a question that spilled out of a thought-provoking conversation I had with Pedro Fortuna , co-founder and CTO of Jscrambler , at RSAC 2024. Jscrambler provides granular visibility and monitoring of JavaScript coding thus enabling companies to set and enforce security rules and privacy policies.

Privacy 261
article thumbnail

Patch Tuesday, June 2024 “Recall” Edition

Krebs on Security

Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows users. The software giant also responded to a torrent of negative feedback on a new feature of Redmond’s flagship operating system that constantly takes screenshots of whatever users are doing on their computers, saying the feature would no longer be enabled by default.

Mining 215
article thumbnail

Leveraging Virtual Reality to Enhance Diversity and Inclusion training at Google

Elie

This case-study explores the effectiveness of virtual reality (VR) for diversity, equity, and inclusion (DEI) training through the lens of a custom VR application developped to train Google employees.

138
138
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

AI Will Increase the Quantity—and Quality—of Phishing Scams

Schneier on Security

A piece I coauthored with Fredrik Heiding and Arun Vishwanath in the Harvard Business Review : Summary. Gen AI tools are rapidly making these emails more advanced, harder to spot, and significantly more dangerous. Recent research showed that 60% of participants fell victim to artificial intelligence (AI)-automated phishing, which is comparable to the success rates of non-AI-phishing messages created by human experts.

Phishing 131
article thumbnail

Microsoft's Recall Feature Is Even More Hackable Than You Thought

WIRED Threat Level

A new discovery that the AI-enabled feature's historical data can be accessed even by hackers without administrator privileges only contributes to the growing sense that the feature is a “dumpster fire.

Access 145
article thumbnail

Spanish Police Bust Alleged Leader of Scattered Spider

Data Breach Today

US International Arrest Warrant Accuses Suspect of Cryptocurrency-Theft Campaigns Spanish National Police have arrested a 22-year-old British national based on an International Arrest Warrant from the U.S. that accuses him of stealing bitcoins worth $27 million. Reports suggest the suspect is a key member of the Scattered Spider cybercrime group that hacked MGM and Clorox.

259
259
article thumbnail

An unpatched bug allows anyone to impersonate Microsoft corporate email accounts

Security Affairs

A researcher discovered a flaw that allows attackers to impersonate Microsoft corporate email accounts and launch phishing attacks. The security researcher Vsevolod Kokorin (@Slonser) discovered a bug that allows anyone to impersonate Microsoft corporate email accounts. An attacker can trigger the vulnerability to launch phishing attacks. I want to share my recent case: > I found a vulnerability that allows sending a message from any user@domain > We cannot reproduce it > I send a v

Phishing 125
article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

article thumbnail

Bouncing Back: How to Investigate and Recover After a Ransomware Attack

Thales Cloud Protection & Licensing

Bouncing Back: How to Investigate and Recover After a Ransomware Attack madhav Thu, 06/13/2024 - 05:49 You've likely seen the headlines about ransomware attacks and the monumental challenges they pose for organizations. But what should you do when an attack occurs, even if you have a ransomware protection solution in place? In this post, we will delve into the forensics of a ransomware attack, showing you how to classify the attack and recover from it if a ransomware protection solution is in pl

article thumbnail

5 WordPress Plugins Compromised; Millions of Websites at Risk

eSecurity Planet

Millions of WordPress websites are under threat after a critical security breach involving several popular plugins. Security researchers discovered malicious code injected into these plugins, granting hackers the ability to create unauthorized administrator accounts. This compromise can lead to severe consequences for website owners, including data breaches and total website takeovers.

Risk 110
article thumbnail

Breaking a Password Manager

Schneier on Security

Interesting story of breaking the security of the RoboForm password manager in order to recover a cryptocurrency wallet password. Grand and Bruno spent months reverse engineering the version of the RoboForm program that they thought Michael had used in 2013 and found that the pseudo-random number generator used to generate passwords in that version­and subsequent versions until 2015­did indeed have a significant flaw that made the random number generator not so random.

Passwords 130
article thumbnail

Microsoft Will Switch Off Recall by Default After Security Backlash

WIRED Threat Level

After weeks of withering criticism and exposed security flaws, Microsoft has vastly scaled back its ambitions for Recall, its AI-enabled silent recording feature, and added new privacy features.

Security 144
article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

Australia Optus 2022 Data Breach 'Not Highly Sophisticated'

Data Breach Today

Hackers Exploited Coding Error, Says Australian Communications and Media Authority Hackers behind the leak of 10 million records from Australia's second-largest telecommunications carrier Optus exploited a vulnerability the company unwittingly inserted four years earlier into a web portal access control, said the Australian Communications and Media Authority.

article thumbnail

London hospitals canceled over 800 operations in the week after Synnovis ransomware attack

Security Affairs

NHS England confirmed that multiple London hospitals impacted by the ransomware attack at Synnovis were forced to cancel planned operations. NHS England confirmed that the recent ransomware attack on Synnovis had a severe impact of multiple London hospitals, forcing them to cancel more than hundreds of scheduled operations. Synnovis is a pathology partnership between Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospitals NHS Trust, and SYNLAB, Europe’s largest provider of medical

article thumbnail

Are you ready for a cyberattack?

OpenText Information Management

In today's digital age, cybersecurity threats are an ever-present danger for organizations of all sizes. While sophisticated technology solutions are critical in defending against cyber threats, they are only part of the equation. Cybersecurity is not just about having the right tools; it's also about having the right people and processes in place. This is where Tabletop Exercises (or incident response simulations), come into play.

article thumbnail

How to Write Good Incident Response Reports

Lenny Zeltser

Creating an informative and readable report is among the many challenges of responding to cybersecurity incidents. A good report not only answers its reader's questions but also instills confidence in the response and enables the organization to learn from the incident. This blog highlights my advice on writing such incident reports. It's based on the presentation I delivered at the RSA Conference , which offers more details and is available to you on YouTube.

article thumbnail

How Top Tech CFOs Solve Annual Planning’s Biggest Challenges

Gearing up for 2025 annual planning? Our latest eBook from the Operators Guild is your ultimate guide. Discover real-world solutions and best practices shared by top CFOs, drawn directly from discussions within OG’s vibrant online community. Learn from senior executives at high-growth tech startups as they outline financial planning strategies, align CEO and board goals, and coordinate budgets across departments.

article thumbnail

LLMs Acting Deceptively

Schneier on Security

New research: “ Deception abilities emerged in large language models “: Abstract: Large language models (LLMs) are currently at the forefront of intertwining AI systems with human communication and everyday life. Thus, aligning them with human values is of great importance. However, given the steady increase in reasoning abilities, future LLMs are under suspicion of becoming able to deceive human operators and utilizing this ability to bypass monitoring efforts.

article thumbnail

The Age of the Drone Police Is Here

WIRED Threat Level

A WIRED investigation, based on more than 22 million flight coordinates, reveals the complicated truth about the first full-blown police drone program in the US—and why your city could be next.

Privacy 143
article thumbnail

Hacker Sells Apparent Santander Bank Customer Data

Data Breach Today

ShinyHunters Advertises Data Set of '30 Million Customers' for $2 Million A hacker is selling the purported data of 30 million customers of Spanish multinational bank Santander for $2 million on a criminal online forum the FBI recently attempted to shut down. Sample data posted online suggests the data set is genuine.

259
259
article thumbnail

Google Chrome 126 update addresses multiple high-severity flaws

Security Affairs

Google released Chrome 126 update that addresses a high-severity vulnerability demonstrated at the TyphoonPWN 2024 hacking competition. Google has issued a Chrome 126 security update, addressing six vulnerabilities, including a flaw, tracked as CVE-2024-6100 which was demonstrated during the SSD Secure Disclosure’s TyphoonPWN 2024. TyphoonPWN is a live hacking competition held annually at TyphoonCon, an Offensive Security Conference in Seoul, South Korea.

Security 120
article thumbnail

An Architect’s Guide for Selecting Scalable, Data-Layer Technologies

There’s no getting around it: selecting the right foundational data-layer components is crucial for long-term application success. That’s why we developed this white paper to give you insights into four key open-source technologies – Apache Cassandra®, Apache Kafka®, Apache Spark™, and OpenSearch® – and how to leverage them for lasting success. Discover everything you’ll want to know about scalable, data-layer technologies: Learn when to choose these technologies and when to avoid them Explore h

article thumbnail

Vulnerability Recap 6/18/24 – Patch Tuesday, Plus More Ivanti Issues

eSecurity Planet

The remote code execution vulnerabilities from last week’s recap continue, and Microsoft Patch Tuesday identifies plenty of issues to patch — but fortunately, most of them aren’t critical vulnerabilities. PHP’s Windows flaw is now being exploited by ransomware, almost immediately after researchers publicized the issue. Google also has an elevation of privilege vulnerability in its Pixel phones, among others; Android has published fixes for all the device issues.

article thumbnail

Sinister "More_eggs" Malware Cracks Into Companies by Targeting Hiring Managers

KnowBe4

Job seekers, beware - cybercriminals have a nasty new way to slide their malicious code on corporate networks. Researchers have uncovered a devious phishing campaign that's distributing the powerful More_eggs backdoor by disguising it as resume submissions for open roles.

Phishing 105
article thumbnail

Using LLMs to Exploit Vulnerabilities

Schneier on Security

Interesting research: “ Teams of LLM Agents can Exploit Zero-Day Vulnerabilities.” Abstract: LLM agents have become increasingly sophisticated, especially in the realm of cybersecurity. Researchers have shown that LLM agents can exploit real-world vulnerabilities when given a description of the vulnerability and toy capture-the-flag problems.