June, 2023

article thumbnail

How Shady Chinese Encryption Chips Got Into the Navy, NATO, and NASA

WIRED Threat Level

The US government warns encryption chipmaker Hualan has suspicious ties to China’s military. Yet US agencies still use one of its subsidiary’s chips, raising fears of a backdoor.

article thumbnail

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

Krebs on Security

It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda Networks , as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely u

IT 309
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Feds Warn Health Sector of TimisoaraHackerTeam Threats

Data Breach Today

HHS Says 'Obscure' Group Has Resurfaced, Hitting a Cancer Center Federal authorities are warning healthcare and public health sector entities of an apparent resurgence of TimisoaraHackerTeam after an attack in recent weeks by the obscure ransomware group on a U.S. cancer center. HHS says the group was discovered by security researchers in 2018.

article thumbnail

US Aerospace Contractor Hacked With 'PowerDrop' Backdoor

Dark Reading

Hackers used a little to do a lot, cracking a high-value target with hardly more than the living-off-the-land tools (PowerShell especially) found on any standard Windows computer.

135
135
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

A Guide to Key Management as a Service

Thales Cloud Protection & Licensing

A Guide to Key Management as a Service madhav Thu, 06/15/2023 - 11:29 As companies adopt a cloud-first strategy and high-profile breaches hit the headlines, securing sensitive data has become a paramount business concern. The most effective way to ensure data security is through encryption and proper key management. Key Management as a Service (KMaaS) allows companies to manage encryption keys more effectively through a cloud-based solution instead of running the service on physical, on-premises

More Trending

article thumbnail

The US Is Openly Stockpiling Dirt on All Its Citizens

WIRED Threat Level

A newly declassified report from the Office of the Director of National Intelligence reveals that the federal government is buying troves of data about Americans.

IT 145
article thumbnail

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

Krebs on Security

The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. “smishing”) messages that spoofed UPS and other top brands. The missives addressed recipients by name, included details about recent orders, and warned that those orders wouldn’t be shipped unless the customer paid an added delivery fee.

Phishing 276
article thumbnail

Chinese Hackers Targeted G7 Summit Through MS Office Flaw

Data Breach Today

APT Group Masqueraded as Indonesia's Foreign Ministries in Emails to G7 Officials Suspected Chinese APT groups exploited a 17-year-old Microsoft Office vulnerability in May to launch malware attacks against foreign government officials who attended a G7 summit in Hiroshima, Japan. Threat actors targeted officials from France, the United Kingdom, India, Singapore and Australia.

article thumbnail

Killnet Threatens Imminent SWIFT, World Banking Attacks

Dark Reading

The DDoS collective claims to be teaming up with ReVIL and Anonymous Sudan for destructive financial attacks in retaliation for US aid in Ukraine, but the partnerships (and danger) are far from verified.

135
135
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Make the AI pivot

OpenText Information Management

“Artificial intelligence is as revolutionary as mobile phones and the Internet.” — Bill Gates Despite the hype that seems to accompany nearly every technology breakthrough, true revolutions are few and far between. In a March blog, Bill Gates said he’s witnessed two technology demonstrations in his life that have struck him as revolutionary.

article thumbnail

Snowden Ten Years Later

Schneier on Security

In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. But I had a more personal involvement as well. I wrote the essay below in September 2013. The New Yorker agreed to publish it, but the Guardian asked me not to. It was scared of UK law enforcement, and worried that this essay would reflect badly on it.

article thumbnail

Will Mandatory Generative AI Use Certifications Become the Norm in Legal Filings?

Hunton Privacy

On June 2, 2023, Judge Brantley Starr of the U.S. District Court for the Northern District of Texas released what appears to be the first standing order regulating use of generative artificial intelligence (“AI”)—which has recently emerged as a powerful tool on many fronts—in court filings. Generative AI provides capabilities for ease of research, drafting, image creation and more.

article thumbnail

Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks

Krebs on Security

Nikita Kislitsin , formerly the head of network security for one of Russia’s top cybersecurity firms, was arrested last week in Kazakhstan in response to 10-year-old hacking charges from the U.S. Department of Justice. Experts say Kislitsin’s prosecution could soon put the Kazakhstan government in a sticky diplomatic position, as the Kremlin is already signaling that it intends to block his extradition to the United States.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Microsoft Sets Aside $425M For Anticipated GDPR Fine

Data Breach Today

Targeted Advertising on LinkedIn May Violate Europeans' Privacy Microsoft is warning investors it may receive a fine from European privacy regulators adding up to at least hundreds of millions of dollars over targeted advertising on its LinkedIn social network. European authorities have shown increased willingness to use the GDPR to limit targeted advertising.

GDPR 309
article thumbnail

Chip Giant TSMC Blames $70M LockBit Breach on IT Hardware Supplier

Dark Reading

The group has given one of Apple's biggest semiconductor suppliers until Aug. 6 to pay $70 million or risk having its data and "points of entry" to its network publicly leaked.

IT 134
article thumbnail

IT Governance Podcast 16.6.23: MOVEit, LinkedIn, Spotify and Google Bard

IT Governance

This week, we discuss a data breach affecting users of Progress Software’s MOVEit file transfer app, GDPR fines for LinkedIn and Spotify, and the delay of Google Bard’s EU launch because of privacy concerns. Also available on Spotify , Amazon Music , Apple Podcasts and SoundCloud. The post IT Governance Podcast 16.6.23: MOVEit, LinkedIn, Spotify and Google Bard appeared first on IT Governance UK Blog.

article thumbnail

Court Dismisses IBM’s Breach of Contract Claim Against Micro Focus Finding the Claim to Lack Merit

OpenText Information Management

As I wrote earlier, IBM brought a lawsuit against Micro Focus alleging breach of contract and copyright infringement by Micro Focus Enterprise Suite products. Here is the blog I posted as to the technical aspects of the meritless claim. We confidently asserted then that IBM’s claims are legally and factually without merit. With respect to … The post Court Dismisses IBM’s Breach of Contract Claim Against Micro Focus Finding the Claim to Lack Merit appeared first on OpenText Blogs.

117
117
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

AI-Generated Steganography

Schneier on Security

New research suggests that AIs can produce perfectly secure steganographic images: Abstract: Steganography is the practice of encoding secret information into innocuous content in such a manner that an adversarial third party would not realize that there is hidden meaning. While this problem has classically been studied in security literature, recent advances in generative models have led to a shared interest among security and machine learning researchers in developing scalable steganography te

article thumbnail

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Both of these qualities make stolen or ill-gotten code-signing certificates attractive to cybercriminal groups, who prize their ability to add stealth and longevity to malicious software.

article thumbnail

50 US Agencies Using Unsecured Devices, Violating Policy

Data Breach Today

Researchers Say Routers, Access Points, Firewalls, VPNs Could Expose Federal Data Security researchers at Censys found hundreds of federally owned devices at 50 different agencies exposed to the internet, accessible through IPv4 addresses and loaded with potentially vulnerable MOVEit and Barracuda Networks' ESG software. The vulnerabilities violate new CISA policy, the firm said.

Access 273
article thumbnail

Third MOVEit Transfer Vulnerability Disclosed by Progress Software

Dark Reading

MOVEit has created a patch to fix the issue and urges customers to take action to protect their environments, as Cl0p attacks continue to mount, including on government targets.

article thumbnail

The Big Payoff of Application Analytics

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

article thumbnail

AI Is Being Used to ‘Turbocharge’ Scams

WIRED Threat Level

Plus: Amazon’s Ring was ordered to delete algorithms, North Korea’s failed spy satellite, and a rogue drone “attack” isn’t what it seems.

IT 131
article thumbnail

51 Must-Know Phishing Statistics for 2023

IT Governance

Phishing is one of the most common and dangerous forms of cyber crime. For years, the deceptively simple attack method has tricked organisations and individuals into handing over sensitive information or downloading malware. All it takes is a well-crafted email, social media post or phone message, and an employee who is too negligent or unaware to spot that its true nature.

Phishing 111
article thumbnail

On the Catastrophic Risk of AI

Schneier on Security

Earlier this week, I signed on to a short group statement , coordinated by the Center for AI Safety: Mitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war. The press coverage has been extensive, and surprising to me. The New York Times headline is “A.I. Poses ‘Risk of Extinction,’ Industry Leaders Warn.” BBC : “Artificial intelligence could lead to extinction, experts warn.”

Risk 113
article thumbnail

Come With Me on a Spin Through the Hellscape of AI-Generated News Sites

John Battelle's Searchblog

Welcome to the hellscape of “Made for Advertising” sites This past Monday NewsGuard , a journalism rating platform that also analyzes and identifies AI-driven misinformation, announced it had identified hundreds of junk news sites powered by generative AI. The focus of NewsGuard’s release was how major brands were funding these spam sites through the indifference of programmatic advertising, but what I found interesting was how low that number was – 250 or so sites.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Russian Hackers Using USB Malware to Target Ukraine

Data Breach Today

Gamaredon Spreads Custom Backdoor Through Thumb Drives A Russian government-linked threat group is using USB drives to spread a custom backdoor in a possible bid to reach air-gapped machines, said security researchers. The Security Service of Ukraine has identified the group, which it tracks as Armageddon, as a unit of the Russian FSB.

article thumbnail

ChatGPT Hallucinations Open Developers to Supply Chain Malware Attacks

Dark Reading

Attackers could exploit a common AI experience — false recommendations — to spread malicious code via developers that use ChatGPT to create software.

136
136
article thumbnail

UK ICO Reminds Businesses of Privacy Risks in AI

Hunton Privacy

On June 15, 2023, the UK Information Commissioner’s Office (“ICO”) called for businesses to address the privacy risks posed by generative artificial intelligence (“AI”) before “rushing to adopt the technology.” Stephen Almond, the ICO’s Executive Director of Regulatory Risk, said: “Businesses are right to see the opportunity that generative AI offers.

Risk 109