Sat.Jan 27, 2024 - Fri.Feb 02, 2024

article thumbnail

Facebook’s Extensive Surveillance Network

Schneier on Security

Consumer Reports is reporting that Facebook has built a massive surveillance network: Using a panel of 709 volunteers who shared archives of their Facebook data, Consumer Reports found that a total of 186,892 companies sent data about them to the social network. On average, each participant in the study had their data sent to Facebook by 2,230 companies.

Archiving 128
article thumbnail

Top Tips to Avoid Corporate Social Media Account Hijacking

Data Breach Today

Not a Good Look: Hijacked @SECgov Social Media Account Spews Bitcoin Rumors Social media accounts - especially those tied to government agencies, big-name companies and high-profile individuals - continue to be a top target for takeover by fraudsters and scammers, especially when it comes to X, formerly known as Twitter. What's the best way to keep these accounts secure?

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Arrests in $400M SIM-Swap Tied to Heist at FTX?

Krebs on Security

Three Americans were charged this week with stealing more than $400 million in a November 2022 SIM-swapping attack. The U.S. government did not name the victim organization, but there is every indication that the money was stolen from the now-defunct cryptocurrency exchange FTX , which had just filed for bankruptcy on that same day. A graphic illustrating the flow of more than $400 million in cryptocurrencies stolen from FTX on Nov. 11-12, 2022.

article thumbnail

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

The Last Watchdog

To sell us more goods and services, the algorithms of Google, Facebook and Amazon exhaustively parse our digital footprints. Related: The role of ‘attribute based encryption’ There’s nothing intrinsically wrong with companies seeking to better understand their customers. However, over the past 20 years the practice of analyzing user data hasn’t advanced much beyond serving the business models of these tech giants.

Privacy 263
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Empowering Progress: How AIIM's Certification Transformed IsDB's Approach to Intelligent Information Management

AIIM

I am so honored that nine of my colleagues at Islamic Development Bank (IsDB) have successfully been Certified as “Certified Information Professional” (CIPs) by AIIM.

183
183

More Trending

article thumbnail

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

On Jan. 9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. technology companies during the summer of 2022.

Passwords 323
article thumbnail

News alert: Aembit, Crowdstrike partner to help companies tighten security of IAM workload access

The Last Watchdog

Silver Spring, Maryland, Jan. 30, 2024 — Aembit , the Workload Identity and Access Management (IAM) platform that enables DevOps and security teams to discover, manage, enforce and audit access between workloads, today announced the availability of a new integration with the industry-leading CrowdStrike Falcon® platform to give enterprises the ability to dynamically manage and enforce conditional access policies based on the real-time security posture of their applications and services.

Access 130
article thumbnail

Telling a Story with Keynotes at AIIM Conference 2024

AIIM

Storytelling has been a trending tactic for event planners for the past couple years. And with good reason. Stories enrich experiences and make education and messaging more memorable. Here's how we are incorporating storytelling at the AIIM Conference 2024 in San Antonio, Texas, April 3-5 and some tips for how you can incorporate storytelling tactics when planning your own meetings and events.

Education 104
article thumbnail

Ransomware Attack Hits Schneider Electric Sustainability Unit

Data Breach Today

Manufacturer Confirms Systems Down, Data on Energy Consumption, Emission Accessed Schneider Electric confirmed a ransomware attack has locked up corporate systems of its Schneider Electric Sustainability Business division and accessed data. The company said it plans to resume operations in two business days after remediation is complete.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Pro-Ukraine hackers wiped 2 petabytes of data from Russian research center

Security Affairs

The Main Intelligence Directorate of Ukraine’s Ministry of Defense states that pro-Ukraine hackers wiped 2 petabytes of data from a Russian research center. The Main Directorate of Intelligence of the Ministry of Defense of Ukraine revealed that pro-Ukraine hackers group “BO Team” wiped the database of the Far Eastern Scientific Research Center of Space Hydrometeorology “Planet.” The Russian center processes data received from satellites and also provides relevant p

IT 130
article thumbnail

GUEST ESSAY: Leveraging real-time visibility to quell persistent ‘take-a-USB-stick-home’ attacks

The Last Watchdog

Each of us has probably sat through some level of cybersecurity awareness training during our professional lives. Related: Dangers of spoofed QR codes Stop and think before you click on a link within an email from an unexpected source. Don’t re-use a password across multiple sites. Beware over-sharing personal information online, especially on social media platforms.

Passwords 140
article thumbnail

FBI Cyber Alert: Tech Support Scams Steal Cash or Precious Metals

KnowBe4

The US Federal Bureau of Investigation (FBI) has issued an alert warning that scammers are tricking victims into converting their savings into cash or precious metals, then sending couriers to pick up the items for safekeeping.

Security 115
article thumbnail

Ivanti Discloses Additional Zero-Day That Is Being Exploited

Data Breach Today

Company Starts Patch Rollout for Flaws Exploited by Likely Chinese Intelligence Op Corporate VPN maker Ivanti on Wednesday began a belated patch rollout for zero-day flaws that many cybersecurity firms say paved the way for an espionage hacking operation likely conducted by China. Ivanti also disclosed two more zero-days and told customers that hackers are exploiting one of them.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Cactus ransomware gang claims the Schneider Electric hack

Security Affairs

Energy management and industrial automation firm Schneider Electric suffered a data breach after a Cactus ransomware attack. Schneider Electric is a multinational company that specializes in energy management, industrial automation, and digital transformation. BleepingComputer first reported the attack that hit the Sustainability Business division of the company on January 17th.

article thumbnail

News alert: Reken raises $10M from Greycroft to protect against generative AI-enabled fraud

The Last Watchdog

San Francisco, Calif., Jan. 31, 2024 – Reken, an AI & cybersecurity company, today announced the close of its $10M oversubscribed seed round, led by Greycroft and FPV Ventures. Other investors in the round include Firebolt Ventures, Fika Ventures, Omega Venture Partners, Homebrew, and JAZZ Venture Partners. The funding will be used for core research and development to build new AI technology and products to protect against generative AI threats, such as deepfake social engineering and autono

article thumbnail

A Startup Allegedly ‘Hacked the World.’ Then Came the Censorship—and Now the Backlash

WIRED Threat Level

A loose coalition of anti-censorship voices is working to highlight reports of one Indian company’s hacker-for-hire past—and the legal threats aimed at making them disappear.

Security 114
article thumbnail

Weaponized Lying: Unraveling RansomedVC's Business Strategy

Data Breach Today

Group Fakes Stolen Data, Has Ties to Ragnar Locker, Says Researcher Jon DiMaggio While ransomware groups rightly have a reputation for being morally and ethically bankrupt, many do play things straight with their victims. But RansomedVC is a notable exception. In some ways, it is "more dangerous" because of its expert ability to lie, according to researcher Jon DiMaggio.

article thumbnail

The Big Payoff of Application Analytics

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

article thumbnail

Iranian hackers breached Albania’s Institute of Statistics (INSTAT)

Security Affairs

Albania’s Institute of Statistics (INSTAT) announced that it was targeted by a sophisticated cyberattack that affected some of its systems. A sophisticated cyberattack on Wednesday hit Albania’s Institute of Statistics (INSTAT). The institute confirmed that the attack affected some of its systems. Albania’s Institute of Statistics (INSTAT) promptly activated emergency protocols to respond to the incident.

article thumbnail

David Kahn

Schneier on Security

David Kahn has died. His groundbreaking book, The Codebreakers was the first serious book I read about codebreaking, and one of the primary reasons I entered this field. He will be missed.

111
111
article thumbnail

Final Draft of EU AI Act Leaked

Hunton Privacy

On January 22, 2024, a draft of the final text of the EU Artificial Intelligence Act (“AI Act”) was leaked to the public. The leaked text substantially diverges from the original proposal by the European Commission, which dates back to 2021. The AI Act includes elements from both the European Pa r liament’s and the Council’s proposals. Key Definitions “AI system” is defined as “a machine-based system designed to operate with varying levels of autonomy and that may exhibit adaptiveness after depl

Risk 110
article thumbnail

More Ransomware Victims Are Declining to Pay Extortionists

Data Breach Today

While Average Falls Below 30%, We're Still Far From Seeing Criminal Profits Dry Up The number of victims who opt to pay a ransom appears to have declined to a record low. During the last three months of 2023, an average of 29% of organizations hit by ransomware paid a ransom - a notable shift from what ransomware watchers saw in recent years.

article thumbnail

A Tale of Two Case Studies: Using LLMs in Production

Speaker: Tony Karrer, Ryan Barker, Grant Wiles, Zach Asman, & Mark Pace

Join our exclusive webinar with top industry visionaries, where we'll explore the latest innovations in Artificial Intelligence and the incredible potential of LLMs. We'll walk through two compelling case studies that showcase how AI is reimagining industries and revolutionizing the way we interact with technology. Some takeaways include: How to test and evaluate results 📊 Why confidence scoring matters 🔐 How to assess cost and quality 🤖 Cross-platform cost vs. quality tr

article thumbnail

Multiple PoC exploits released for Jenkins flaw CVE-2024-23897

Security Affairs

Multiple proof-of-concept (PoC) exploits for recently disclosed critical Jenkins vulnerability CVE-2024-23897 have been released. Researchers warn that several proof-of-concept (PoC) exploits targeting the recently disclosed critical Jenkins vulnerability, CVE-2024-23897 , have been made public. Jenkins is the most popular open source automation server, it is maintained by CloudBees and the Jenkins community.

Libraries 126
article thumbnail

YouTube, Discord, and ‘Lord of the Rings’ Led Police to a Teen Accused of a US Swatting Spree

WIRED Threat Level

For nearly two years, police have been tracking down the culprit behind a wave of hoax threats. A digital trail took them to the door of a 17-year-old in California.

Security 113
article thumbnail

Ransomware Payments On The Decline As Cyber Attackers Focus on The Smallest, And Largest, Organizations

KnowBe4

New data for Q4 of 2023 reveals a sizable shift in the cyber threat landscape, with serious implications regarding ransomware and social engineering attacks targeting both the largest and smallest organizations worldwide.

article thumbnail

Palo Alto Told to Pay Centripetal $150M for Patent Theft

Data Breach Today

Federal Court Says Palo Alto Networks Violated Centripetal's Patent Rights A federal jury said Wednesday that Palo Alto Networks directly violated another cybersecurity firm's patent rights for a "threat intelligence gateway" network security technology and awarded Centripetal Networks more than $150 million in the verdict.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Hundreds of network operators’ credentials found circulating in Dark Web

Security Affairs

Hundreds of compromised credentials of customers of RIPE, APNIC, AFRINIC, and LACNIC are available on the dark web, Resecurity warns. Resecurity conducted a thorough scan of the Dark Web and identified over 1,572 compromised customers of RIPE, Asia-Pacific Network Information Centre (APNIC), the African Network Information Centre (AFRINIC), and the Latin America and Caribbean Network Information Center (LACNIC), resulting from infostealer infections.

Passwords 121
article thumbnail

US Lawmakers Tell DOJ to Quit Blindly Funding ‘Predictive’ Police Tools

WIRED Threat Level

Members of Congress say the DOJ is funding the use of AI tools that further discriminatory policing practices. They're demanding higher standards for federal grants.

article thumbnail

Forget Deepfake Audio and Video. Now There’s AI-Based Handwriting!

KnowBe4

Researchers have developed AI technology that can mimic someone’s handwriting with only a few paragraphs of written content. Experts worry about the possibility of misuse.

Security 111