Sat.Apr 01, 2023 - Fri.Apr 07, 2023

article thumbnail

eFile Tax Return Software Found Serving Up Malware

Dark Reading

In the height of tax-return season, a popular tax prep software service leaves a malicious JavaScript file online for weeks.

140
140
article thumbnail

ICE Is Grabbing Data From Schools and Abortion Clinics

WIRED Threat Level

An agency database WIRED obtained reveals widespread use of so-called 1509 summonses that experts say raises the specter of potential abuse.

Privacy 141
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How to Prevent Malware Attacks: 8 Tips for 2023

IT Governance

Malware is one of the most common cyber security threats that organisations and individuals face. Whenever someone talks about their computer being infected, encountering bots or even falling victim to a scam email, malware is normally involved. It’s why anti-malware software is usually considered a top priority for staying safe online. However, those tools are not flawless.

article thumbnail

Fake Data Theft Proof Leads to Royal Ransomware Outbreak

Data Breach Today

Tranche of Stolen Data Is Disguised Royal Ransomware Installer, Researchers Warn The Royal ransomware group has been running a social engineering campaign designed to trick targets into thinking they've fallen victim to a crypto-locking and data exfiltration attack by giving them a purported list of what was stolen that, if opened, installs Royal ransomware, researchers warn.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers

Krebs on Security

Several domain names tied to Genesis Market , a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. Sources tell KrebsOnsecurity the domain seizures coincided with “dozens” of arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly

Marketing 330

More Trending

article thumbnail

Researcher Tricks ChatGPT into Building Undetectable Steganography Malware

Dark Reading

Using only ChatGPT prompts, a Forcepoint researcher convinced the AI to create malware for finding and exfiltrating specific documents, despite its directive to refuse malicious requests.

IT 140
article thumbnail

Florida Hospital Begins Breach Notification Post-Attack

Data Breach Today

Tallahassee Memorial Says Patient Data 'Obtained' in February Security Incident A Florida-based community healthcare system has begun notifying about 20,000 individuals whose information was compromised in a data security incident that prompted the organization to operate under its IT downtime procedures, including diverting some emergency patients, for two weeks in February.

Security 267
article thumbnail

A Serial Tech Investment Scammer Takes Up Coding?

Krebs on Security

John Clifton Davies , a 60-year-old con man from the United Kingdom who fled the country in 2015 before being sentenced to 12 years in prison for fraud, has enjoyed a successful life abroad swindling technology startups by pretending to be a billionaire investor. Davies’ newest invention appears to be “ CodesToYou ,” which purports to be a “full cycle software development company” based in the U.K.

article thumbnail

Kali Linux Penetration Testing Tutorial: Step-By-Step Process

eSecurity Planet

Kali Linux turns 10 this year, and to celebrate, the Linux penetration testing distribution has added defensive security tools to its arsenal of open-source security tools. It remains to be seen if Kali Purple will do for defensive open source security tools what Kali Linux has done for open source pentesting, but the addition of more than 100 open source tools for SIEM , incident response , intrusion detection and more should raise the profile of those defensive tools.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

List of Data Breaches and Cyber Attacks in March 2023 – 41.9 Million Records Breached

IT Governance

Welcome to our March 2023 list of data breaches and cyber attacks. Our research identified exactly 100 publicly disclosed incidents during the month, accounting for 41,970,182 breached records. You can find the full list of data breaches and cyber attacks below, including our new feature in which we delve into the month’s biggest incidents in a little more detail.

article thumbnail

Western Digital Discloses Breach a Day After My Cloud Outage

Data Breach Today

Online Services Are Offline Hard disk drive maker Western Digital disclosed a hacking incident the company says likely resulted in data theft. Online services offered by the California company - including personal and enterprise cloud storage and email and push notifications - are down as of publication.

Cloud 233
article thumbnail

Italian Garante bans Chat GPT from processing personal data of Italian data subjects

Data Protection Report

Introduction By way of an interim measure adopted on 30 March 2023, the Italian Data Protection Authority ( Garante per la protezione dei dati personali ) (the Garante ) ordered the US company Open AI LLC to temporarily stop ChatGPT’s processing of personal data relating to individuals located in Italy, pending the outcome of the Garante’s investigation into the privacy practices of ChatGPT.

article thumbnail

Smarter with OpenText: The information advantage at work

OpenText Information Management

Every day at OpenText we elevate people to achieve superhuman impact by working smarter and making information their superpower. Our customers face a relentless digital landscape with overwhelming depths of data – we provide the information advantage that enables better results faster and gives them a competitive advantage. We help our customers do this by … The post Smarter with OpenText: The information advantage at work appeared first on OpenText Blogs.

108
108
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Chambers 2023 Global Practice Guides for Data Protection & Privacy and Cybersecurity Available

Data Matters

The updated 2023 Chambers Global Practice Guides for Data Protection & Privacy and Cybersecurity, edited by Alan Charles Raul , are available now, covering important developments across the globe and offering insightful legal commentary for businesses. The post Chambers 2023 Global Practice Guides for Data Protection & Privacy and Cybersecurity Available appeared first on Data Matters Privacy Blog.

Privacy 104
article thumbnail

TikTok Fined in UK for Children's Privacy Violation

Data Breach Today

Chinese-Owned App Will Pay 12.7 Million Pounds A British government agency added to TikTok's reputational woes by finding it failed to protect children's privacy. TikTok is playing defense in multiple Western countries against concerns it collects massive amounts of data it could use for surveillance or information operations.

Privacy 283
article thumbnail

Mysterious 'Rorschach' Ransomware Doubles Known Encryption Speeds

Dark Reading

The malware is one of the most sophisticated ransomwares ever seen in the wild, and marks a leap ahead for cybercrime.

article thumbnail

My Sephardic Roots: From the Isle of Rhodes to Rodeo Drive

Information Governance Perspectives

I am Ashkenazi and German by birth, but as a baby, I was adopted by a hot-blooded Sephardic family that migrated to the United States from the Isle of Rhodes. They were eccentric and whimsical, and growing up with them was mostly wonderful. Culturally, the Sephardim are a distinct ethnic group that many around the world are unfamiliar with. Their native language, a blend of Hebrew, Turkish, and Spanish called Ladino , is beautiful and romantic.

Archiving 105
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

The UK Data Protection Regulator Fines TikTok £12.7 Million

Hunton Privacy

On April 4, 2023, the data protection regulator of the UK, the Information Commissioner’s Office (ICO), issued a fine of a £12.7 million to TikTok Information Technologies UK Limited and TikTok Inc (together, “TikTok”) for a number of breaches of UK data protection law, including failing to use children’s personal data lawfully. In summary, the ICO found that TikTok breached the UK GDPR between May 2018 and July 2020 by: providing its services (i.e., an information society service) to UK childr

article thumbnail

Spanish Police Arrest 'Dangerous' Teenage Hacker

Data Breach Today

19-Year-Old José Huerta Allegedly Hacked A Government File Transfer System Spanish National Police arrested Friday a teenager hacker who allegedly stole the sensitive data of more than half a million taxpayers from the national revenue service and boasted in an online podcast about having access to personal data of 90 percent of the population.

article thumbnail

Twitter 'Shadow Ban' Bug Gets Official CVE

Dark Reading

A flaw in Twitter code allows bot abuse to trick the algorithm into suppressing certain accounts.

142
142
article thumbnail

The Great eDiscovery Reset 

OpenText Information Management

Legal teams are looking for ways to improve their prospects and transform their litigation support practices. To understand how pre-existing trends and the pandemic have affected how in-house legal professionals approach eDiscovery, OpenText engaged Ari Kaplan Advisors to anonymously survey corporate legal leaders online and through interviews about their immediate challenges, long-term opportunities and impressions … The post <strong>The Great eDiscovery Reset</strong> ap

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

IT Governance Podcast 2023-7: Capita, ChatGPT and TikTok (yet again)

IT Governance

This week, we discuss a cyber attack on the outsourcing giant Capita, Italy’s ban on OpenAI’s ChatGPT chatbot and further bad news for TikTok: a £12.7 million fine from the ICO for breaching UK data protection law. Now available on Spotify , Amazon Music , Apple Podcasts and SoundCloud. The post IT Governance Podcast 2023-7: Capita, ChatGPT and TikTok (yet again) appeared first on IT Governance UK Blog.

article thumbnail

US Trauma Centers Hit by KillNet's Recent DDoS Barrage

Data Breach Today

Russian Group Targets Patient Care and Evolves Its Tactics, HHS HC3 Report Warns Most of the healthcare organizations hit by distributed denial-of-service attacks by pro-Russia hacktivists in January have one or more level 1 trauma centers, indicating that the attackers aimed to disrupt care for the most critically ill and injured patients, according to a new government report.

article thumbnail

Garage Door Openers Open to Hijacking, Thanks to Unpatched Security Vulns

Dark Reading

CISA is advising Nexx customers to unplug impacted devices until the security issues are addressed — but so far, it's crickets as to patch timeline.

Security 111
article thumbnail

Over 15 Million Systems Exposed to Known Exploited Vulnerabilities

eSecurity Planet

Effective vulnerability management is about knowing what you own and prioritizing what you need to fix. A new research report shows that millions of organizations are failing at those critical cybersecurity practices. Researchers at cybersecurity firm Rezilion found more than 15 million instances in which systems are vulnerable to the 896 flaws listed in the U.S.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Jamf After Dark: An update on Jamf in Healthcare

Jamf

Our Jamf After Dark co-hosts Kat Garbis and Sean Rabbitt welcome the Jamf Healthcare team to the podcast to discuss Jamf’s growth in the space, the need for innovative solutions, emerging security efforts, and what to expect at HIMSS 2023.

article thumbnail

OpenText, Google, Varonis Lead Data Security Forrester Wave

Data Breach Today

OpenText, Varonis, Forcepoint Enter Leaders Category While Trellix, Broadcom Fall OpenText, Varonis and Forcepoint joined Google and Microsoft atop Forrester's data security rankings, while Trellix and Broadcom fell from the leaders category. Data protection historically focused on delivering security controls, but firms are increasingly looking to address adjacent use cases.

Security 200
article thumbnail

'Proxyjacking' Cybercriminals Exploit Log4J in Emerging, Lucrative Cloud Attacks

Dark Reading

Proxyjacking is an emerging, low-effort and high-reward attack for threat actors, with the potential for far-reaching implications.

Cloud 118