Sat.Feb 10, 2024 - Fri.Feb 16, 2024

article thumbnail

GUEST ESSAY: Why internal IT teams are ill-equipped to adequately address cyber risks

The Last Watchdog

Every industry is dealing with a myriad of cyber threats in 2024. It seems every day we hear of another breach, another scam, another attack on anything from a small business to a critical aspect of our nation’s infrastructure. Related: The case for augmented reality training Because of this, cybersecurity investments and regulatory oversight are increasing at an astounding rate , especially for those in the financial services industry, bringing an overwhelming feeling to chief compliance office

Risk 200
article thumbnail

Generative AI and the Brave New World of Work

Data Breach Today

CyberEd.io's Steve King on How Gen AI Will Disrupt and Transform Careers Generative AI is both the villain in the tale of job displacement and the hero ushering in a new era of enhanced job roles and opportunities. Steve King of CyberEd.io discusses how gen AI will make your career an uncertain journey that demands lifelong learning, skepticism, humor and adaptability.

304
304
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Data Insights Are Key to Fighting Synthetic ID Fraud

Data Breach Today

Steve Lenderman on the Shift From Synthetic Identity to Synthetic Entity Fraud Synthetic IDs remain a problem not because of a lack of data but because of failure to identify the right data and establish correlations, said Steve Lenderman, co-chair of the Industry Working Groups for the International Association of Financial Crimes Investigators.

273
273
article thumbnail

U.S. Internet Leaked Years of Internal, Customer Emails

Krebs on Security

The Minnesota-based Internet provider U.S. Internet Corp. has a business unit called Securence , which specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide. But until it was notified last week, U.S. Internet was publishing more than a decade’s worth of its internal email — and that of thousands of Securence clients — in plain text out on the Internet and just a click away for anyone with a Web browser

Education 329
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

How to Push Back Against Infogov Push-Back

Weissman's World

We’ve all been there – You know what you want to do to fix your information quality and process issues You talked it up for months, up and down the org chart, and you got what you thought was a clear go-ahead But when you actually starting doing things, you got so much push-back –… Read More » How to Push Back Against Infogov Push-Back The post How to Push Back Against Infogov Push-Back appeared first on Holly Group.

IT 156

More Trending

article thumbnail

Hack at Software Services Firm Affects 57,000 BoA Customers

Data Breach Today

InfoSys McCamish Says Incident Involved BoA's Deferred Compensation Plan Customers Bank of America is notifying more than 57,000 customers that their information, including Social Security numbers, was potentially compromised in a hacking incident last November at Atlanta, Georgia-based insurance software firm InfoSys McCamish. BoA says none of its systems were affected.

Insurance 313
article thumbnail

Fat Patch Tuesday, February 2024 Edition

Krebs on Security

Microsoft Corp. today pushed software updates to plug more than 70 security holes in its Windows operating systems and related products, including two zero-day vulnerabilities that are already being exploited in active attacks. Top of the heap on this Fat Patch Tuesday is CVE-2024-21412 , a “security feature bypass” in the way Windows handles Internet Shortcut Files that Microsoft says is being targeted in active exploits.

Phishing 210
article thumbnail

RETVec: Resilient and Efficient Text Vectorizer

Elie

This research study presented at NeurIPS 2024 introduces RETVec, a robust and multilingual text vectorizer that provides efficiency and resilience against typos and adversarial attacks for neural-based text processing.

137
137
article thumbnail

Leak of Russian ‘Threat’ Part of a Bid to Kill US Surveillance Reform, Sources Say

WIRED Threat Level

A surprise disclosure of a national security threat by the House Intelligence chair was part of an effort to block legislation that aimed to limit cops and spies from buying Americans' private data.

Security 137
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Account Takeover Campaign Hits Execs in Microsoft Azure

Data Breach Today

Attackers Downloaded Files Containing Financial, Security and User Information A still-active phishing campaign using individualized phishing lures is targeting senior corporate accounts in Microsoft Azure environments, said researchers from Proofpoint. They said the hackers have compromised hundreds of user accounts spread across dozens of Microsoft Azure environments.

Phishing 306
article thumbnail

U.S. CISA: hackers breached a state government organization

Security Affairs

U.S. CISA revealed that threat actors breached an unnamed state government organization via an administrator account belonging to a former employee. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed that a threat actor gained access to an unnamed state government organization’s network environment via an administrator account belonging to a former employee.

article thumbnail

News alert: Harter Secrest & Emery announces designation as NetDiligence-authorized Breach Coac

The Last Watchdog

Rochester, N.Y. Feb. 15, 2024 – Harter Secrest & Emery LLP , a full-service business law firm with offices throughout New York, is pleased to announce that it has been selected as a NetDiligence-authorized Breach Coach ® , a designation only extended to law firms that demonstrate competency and sophistication in data breach response. Through its Breach Coach ® designation, NetDiligence recognizes Harter Secrest & Emery as an industry leader and enhances the firm’s reputation as a trusted

article thumbnail

China Plans to Accelerate Cross-Border Data Transfers by Implementing Trial Rules in Shanghai Pilot Free Trade Zone

Hunton Privacy

Recent developments in the Shanghai Pilot Free Trade Zone to facilitate cross-border data transfers are expected to provide greater flexibility in exporting data from China, which has been stymied by the Cyberspace Administration of China (“CAC”)’s strict cross-border data transfer regulations proposed in December 2023. In recent years, the legal framework and practical enforcement for cross-border data transfers in China have undergone significant developments, especially with respect to the CA

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Europe's AI Act Poised To Become Law After Committees Vote

Data Breach Today

ACt Will Require Developers to Allows A Copyright Holder Opt Out Two key European Parliament committees accepted a political compromise set to govern how trading bloc countries develop and deploy artificial intelligence. The regulation is set to become the globe's first comprehensive AI regulation.

article thumbnail

Zoom fixed critical flaw CVE-2024-24691 in Windows software

Security Affairs

Zoom addressed seven vulnerabilities in its desktop and mobile applications, including a critical flaw (CVE-2024-24691) affecting the Windows software. The popular Video messaging giant Zoom released security updates to address seven vulnerabilities in its desktop and mobile applications, including a critical issue, tracked as CVE-2024-24691 (CVSS score of 9.6), in Windows software.

article thumbnail

News alert: DigiCert taps tenured tech execs Jugnu Bhatia as its new CFO, Dave Packer as CRO

The Last Watchdog

Lehi, Utah – Feb. 14, 2024 – DigiCert, a leading global provider of digital trust, today announced new additions to its executive leadership team with the appointments of Jugnu Bhatia as Chief Financial Officer (CFO) and Dave Packer as Chief Revenue Officer (CRO). “DigiCert just closed its largest quarterly bookings in the company history, and I am thrilled to have such exceptional leaders joining our executive team at an important stage in our growth,” said Amit Sinha, CEO of DigiCert.

IT 100
article thumbnail

‘AI Girlfriends’ Are a Privacy Nightmare

WIRED Threat Level

Romantic chatbots collect huge amounts of data, provide vague information about how they use it, use weak password protections, and aren’t transparent, new research from Mozilla says.

Privacy 119
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Ivanti Uses End-of-Life Operating Systems, Software Packages

Data Breach Today

Outdated Software, Exploited Flaws, Security Loopholes Expose Ivanti's Devices Supply chain security firm Eclypsium found corporate VPN maker Ivanti's Pulse Secure devices - which underwent much emergency patching amid a likely Chinese espionage zero-day hacking campaign - operate on an 11-year old version of Linux and use many obsolete software packages.

Security 287
article thumbnail

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

Exploring the Risks: Unveiling 9 Potential Techniques Hackers Employ to Exploit Public Wi-Fi and Compromise Your Sensitive Data We’ve all used public Wi-Fi: it’s convenient, saves our data, and speeds up browsing. But while we enjoy its benefits, hackers do too. Here, we’ll explore how cybercriminals exploit public Wi-Fi to access your private data and possibly steal your identity.

article thumbnail

News alert: Kiteworks named as a founding member of NIST’s new AI safety consortium – ‘AISIC’

The Last Watchdog

San Mateo, Calif., Feb. 13, 2023 – The U.S. White House announced groundbreaking collaboration between OpenPolicy and leading innovation companies, including Kiteworks , which delivers data privacy and compliance for sensitive content communications through its Private Content Network. The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) Artificial Intelligence Safety Institute Consortium (AISIC) will act as a collaborative platform where both public sector and

article thumbnail

Generative AI use cases for the enterprise

IBM Big Data Hub

Remember how cool it felt when you first held a smartphone in your hand? The compact design and touch-based interactivity seemed like a leap into the future. Before long, smartphones became a way of life for organizations worldwide because of all they offer for business productivity and communication. Generative AI ( artificial intelligence ) promises a similar leap in productivity and the emergence of new modes of working and creating.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Is Ransomware Finally in Decline? Groups Are 'Struggling'

Data Breach Today

Researchers See Waning Mystique, Use of Ghost Groups, Breach Tricks, Trauma of War While overall ransomware profits might remain high, many of the remaining or rebooted top-tier groups are "really struggling" with scarce talent, trauma from the Russia-Ukraine war and repeated disruptions by law enforcement, say researchers from threat intelligence firm RedSense.

article thumbnail

Maintaining GDPR and Data Privacy Compliance in 2024

IT Governance

Expert tips from Alan Calder Alan is the Group CEO of GRC International Group PLC, the parent company of IT Governance, and is an acknowledged international security guru. He’s also an award-winning author, and has been involved in developing a wide range of information security and data privacy training courses, has consulted for clients across the globe, and is a regular media commentator and speaker.

article thumbnail

Adobe Patch Tuesday fixed critical vulnerabilities in Magento, Acrobat and Reader

Security Affairs

Adobe Patch Tuesday security updates for February 2024 addressed more than 30 vulnerabilities in multiple products, including critical issues. Adobe Patch Tuesday security updates released by Adobe addressed over 30 vulnerabilities across various products, including critical issues. The software maker warned of critical flaws in popular products such as Adobe Acrobat and Reader, Adobe Commerce and Magento Open Source, Substance 3D Painter, and FrameMaker.

article thumbnail

A Backroom Deal Looms Over Section 702 Surveillance Fight

WIRED Threat Level

Top congressional lawmakers are meeting in private to discuss the future of a widely unpopular surveillance program, worrying members devoted to reforming Section 702.

Privacy 117
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Bugcrowd Attains $102M Strategic Growth Funding Round

Data Breach Today

Company Will Use Investment to Expand Services, says CEO Dave Gerry Bugcrowd received a $102 million venture capital investment to fuel strategic growth, the company announced Monday. "Our customers are outgunned and outmatched. They need to tap into all this creativity that exists within the hacker community," said company CEO Dave Gerry.

284
284
article thumbnail

OpenText Elevates Data Intelligence with Aviator Platform at TDWI Transform 2024 

OpenText Information Management

In just a few days, OpenText will make its mark at the TDWI Transform 2024 conference in Las Vegas as a Platinum Level Sponsor! As a global leader in data intelligence, we are excited to connect with a select group of professionals and unveil our latest innovations. Can’t attend in person? You can also check out … The post OpenText Elevates Data Intelligence with Aviator Platform at TDWI Transform 2024 appeared first on OpenText Blogs.

IT 112
article thumbnail

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

Security Affairs

Bitdefender Researchers linked a new macOS backdoor, named RustDoor, to the Black Basta and Alphv/BlackCat ransomware operations. Researchers from Bitdefender discovered a new macOS backdoor, dubbed RustDoor, which appears to be linked to ransomware operations Black Basta and Alphv/BlackCat. RustDoor is written in Rust language and supports multiple features.