Sat.Apr 08, 2023 - Fri.Apr 14, 2023

article thumbnail

Cybersecurity 'Doom Loop' at Crossroads

Data Breach Today

Google Funds Vulnerability Disclosure Policy Group and Legal Defense for White Hats Silicon Valley giant Google called on tech companies to be more robust in their approach to patching vulnerabilities in an afternoon marked by announcements designed to boost vulnerability research. Google money is supporting the Hacking Policy Council and the Security Research Legal Defense Fund.

article thumbnail

MY TAKE: Putin’s weaponizing of ransomware shows why network security needs an overhaul

The Last Watchdog

At 10 am PDT, next Wednesday, April 19 th , I’ll have the privilege of appearing as a special guest panelist and spotlight speaker on Virtual Guardian’s monthly Behind the Shield cybersecurity podcast. Related: The Golden Age of cyber spying is upon us You can RSVP – and be part of the live audience – by signing up here. The moderator, Marco Estrela, does a terrific job highlighting current cybersecurity topics ripped from the headlines.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How UPX Compression Is Used to Evade Detection Tools

eSecurity Planet

Ultimate Packer for Executables (UPX) is an open-source packer that can reduce the file size of an executable drastically (better than Zip files), and it is compatible with a large range of executable formats, like Windows DLLs, macOS apps, or Linux ELF. Vendors sometimes use packing to prevent basic reverse engineering or illegal redistribution. Packers basically take the original executable and add a small piece of code called a “stub” to the newly created executable.

article thumbnail

National Guardsman Arrested for Military, Intelligence Leaks

Data Breach Today

Jack Teixeira, 21, Accused of Sharing Classified National Defense Info on Discord A member of the Massachusetts Air National Guard has been arrested for leaking highly classified military and intelligence documents. The U.S. Department of Justice announced that Jack Teixeira, 21, was taken into custody by FBI agents following the leaking of more than 100 documents.

Military 257
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

GUEST ESSAY: Cyber hygiene need not be dreary — why engaging training is much more effective

The Last Watchdog

Instilling a culture of cyber security at your organization requires your people to maintain a high level of knowledge and awareness about cyber security risks—and that takes an effective, impactful, and ongoing security awareness program. Related: Deploying employees as human sensors However, a security awareness program is only as good as its content.

More Trending

article thumbnail

The Secret Value of AIIM: A True Story

AIIM

When Tony invited me to write a guest blog for AIIM, I planned to write a techie piece on the latest document AI news. I was even tempted to ask ChatGPT to write one in the style of Monty Python. You’ll be pleased to know that moment of temporary insanity quickly passed. Instead of techie talk, I would like to tell you a story about the secret value of AIIM and why I think it’s vital that we all pitch in and help Tori Miller Liu and the team to move AIIM forward.

ECM 150
article thumbnail

Apple Issues Emergency Fix for Spyware-Style Zero Days

Data Breach Today

Apple Recommends Immediate Updating Due to Extensive List of Affected Devices Apple issued security updates to address two zero-day vulnerabilities being actively exploited in the wild and targeting iPads, Macs and iPhones. Both vulnerabilities can lead to arbitrary code execution, but Apple said it found no exploits related to cybercrime or nation-state groups.

Security 351
article thumbnail

Post-Quantum Cryptography (PQC): Three Easy Ways to Prepare

Thales Cloud Protection & Licensing

Post-Quantum Cryptography (PQC): Three Easy Ways to Prepare madhav Fri, 04/14/2023 - 06:05 The infamous Y2K “disaster” was successfully averted because people paid heed and prepared well in advance. Likewise, many Post-Quantum Computing (PCQ) security concerns can be addressed ahead of time with proper planning. Organizations that rely on data security and protection need to start preparing and refining strategies immediately.

IoT 126
article thumbnail

Microsoft (& Apple) Patch Tuesday, April 2023 Edition

Krebs on Security

Microsoft today released software updates to plug 100 security holes in its Windows operating systems and other software, including a zero-day vulnerability that is already being used in active attacks. Not to be outdone, Apple has released a set of important updates addressing two zero-day vulnerabilities that are being used to attack iPhones , iPads and Macs.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

How to Define Tier-Zero Assets in Active Directory Security

Dark Reading

There are plenty of AD objects and groups that should be considered tier zero in every environment, but some will vary among organizations.

Security 143
article thumbnail

Suspected Apple iOS Zero-Day Used to Spread 'Reign' Spyware

Data Breach Today

The Spyware Can Record Audio, Take Pictures, Track Locations and Steal Passwords A low-profile Israeli advanced spyware firm used a suspected zero-day to surveil the lives of journalists, political opposition figures and a nongovernmental organization worker across multiple continents, say researchers from the Citizen Lab and Microsoft.

Passwords 292
article thumbnail

New U.S. FDA Draft Guidance Outlines Path To Faster Modification of AI/ML-Enabled Devices

Data Matters

The U.S. Food and Drug Administration (FDA or Agency) has issued new draft guidance on “Marketing Submission Recommendations for a Predetermined Change Control Plan for Artificial Intelligence/Machine Learning (AI/ML)-Enabled Device Software Functions” 1 that discusses a “science-based approach to ensuring that AI/ML-enabled devices can be safely, effectively, and rapidly modified, updated, and improved in response to new data.” 2 This approach should offer more certainty to industry as FDA’s

article thumbnail

Catches of the Month: Phishing Scams for April 2023

IT Governance

Welcome to our April 2023 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over personal data. This month, we look at a scam targeting YouTube content creators, the traditional tax-related phishing campaigns that occur at this time of year and a new report highlighting a surge in email-based scams attacks.

Phishing 114
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Attackers Hide RedLine Stealer Behind ChatGPT, Google Bard Facebook Ads

Dark Reading

The campaign shrouds the commodity infostealer in OpenAI files in a play that aims to take advantage of the growing public interest in AI-based chatbots.

124
124
article thumbnail

Microsoft Patches Zero-Day Bug Exploited by Ransomware Group

Data Breach Today

Attackers Drop Nokoyawa Ransomware; Experts See Increasing Criminal Sophistication Microsoft has issued fixes for 114 vulnerabilities, including patching a zero-day flaw being actively exploited by a ransomware group and updating guidance to block a vulnerability from 2013 that was recently exploited for the software supply chain attack on 3CX users, attributed to North Korea.

article thumbnail

FBI Advising People to Avoid Public Charging Stations

Schneier on Security

The FBI is warning people against using public phone-charging stations, worrying that the combination power-data port can be used to inject malware onto the devices: Avoid using free charging stations in airports, hotels, or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices that access these ports.

Risk 120
article thumbnail

Arkansas Enacts Legislation Restricting Social Media Accounts for Minors

Hunton Privacy

On April 12, 2023, Arkansas Governor Sarah Huckabee Sanders signed into law S.B. 396 creating the state’s Social Media Safety Act (the “Act”). The Act comes after Utah’s similar social media laws enacted in March. The Act prohibits social media companies from allowing Arkansas residents under 18 years of age from holding accounts on the companies’ social media platforms without parental consent, and requires the companies to verify the age of account holders.

Cloud 105
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Apps for Sale: Cybercriminals Sell Android Hacks for Up to $20K a Pop

Dark Reading

The marketplace for malicious Google Play applications and app-takeover tools is thriving, thanks to novel hacking techniques and lax enterprise security.

Sales 118
article thumbnail

Feds Describe Intelligence Leak Probe as Criminal Matter

Data Breach Today

National Guard Airman Jack Teixeira Charged With Mishandling Intelligence The arrest of a low-level U.S. military IT specialist, Jack Teixeira, on suspicion of leaking highly classified documents begs the question of why he had access to them in the first place. The national guard airman has been charged with inappropriately retaining and sharing intelligence.

Military 258
article thumbnail

Car Thieves Hacking the CAN Bus

Schneier on Security

Car thieves are injecting malicious software into a car’s network through wires in the headlights (or taillights) that fool the car into believing that the electronic key is nearby. News articles.

114
114
article thumbnail

Past, present and future in a digital transformation journey

OpenText Information Management

A digital transformation is the adoption of new business processes and practices to help an organization compete effectively in a modern and increasingly digital world. The objective is often tied to cost leadership, increased competitiveness or simply moving into a niche. According to Gartner, a digital transformation includes information technology modernization, adoption of cloud computing, … The post Past, present and future in a digital transformation journey appeared first on OpenTex

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Why the US Needs Quantum-Safe Cryptography Deployed Now

Dark Reading

Quantum computers might be a decade away, but guess how long it will take to switch systems over to post-quantum cryptography?

IT 131
article thumbnail

Russian APT Hackers Actively Targeting European NATO Allies

Data Breach Today

European Embassies and Diplomats at Most Risk, Warns Polish CERT A Russian hacking campaign is targeting European embassies and diplomats as part of an ongoing cyberespionage campaign aimed at stealing Western government intelligence on the war in Ukraine, according to a joint alert by the Polish CERT and Military Counterintelligence Service.

Military 264
article thumbnail

Western Digital Cyber Attack a ‘Wake Up Call for ASIC Vendors’

eSecurity Planet

A massive cyber attack targeting drive maker Western Digital Corp. (WDC) could potentially have serious and long-term implications. One of the hackers apparently disclosed the extent of the cyber attack to TechCrunch this week. Hackers accessed a range of company assets and stole about 10 terabytes of data, but the disclosure with the greatest potential for damage is that the hackers claim to have the ability to impersonate WDC code-signing certificates.

article thumbnail

Investing in the patient experience with mobile devices

Jamf

Healthcare mobile device initiatives surged during pandemic restrictions. Now even more healthcare organizations understand how thoughtful implementation of mobile devices can improve the patient experience in healthcare while at the same time providing better and more personalized care.

98
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Western Digital Hackers Demand 8-Figure Ransom Payment for Data

Dark Reading

Western Digital has yet to comment on claims that the breach reported earlier this month led to data being stolen.

136
136
article thumbnail

European Scrutiny of ChatGPT Grows as Probes Increase

Data Breach Today

Concerns Raised Over ChatGPT's Compliance With GDPR The French and Spanish data privacy watchdogs have launched separate probes into ChatGPT over potential data privacy violations. European scrutiny of the chatbot mounted after the Italian data protection agency announced a temporary ban on ChatGPT in March.

article thumbnail

The Mysterious Origin of Albert Ingalls from Little House on the Prairie

Information Governance Perspectives

My wife and I sometimes debate the term “untimely death.” She thinks death is, by nature, untimely, but I believe it’s especially awful when it happens to young people. My brother Albert was one of them, taken from our family at seventeen while crossing the street on a cold, windy night in 1975. I write about his passing and its devastating impact on our family and friends for the first time in my new memoir, The Bastard of Beverly Hills.

IT 98