Sat.Apr 22, 2023 - Fri.Apr 28, 2023

article thumbnail

ITRC: Lack of Details in Data Breach Notices on the Rise

Data Breach Today

James E. Lee Shares 2023 Q1 Data Breach Report Highlights According to findings from the Identity Theft Resource Center's 2023 Q1 Data Breach Report, the number of publicly reported data compromises decreased, but the number of data breaches with no actionable information about the root cause of the compromise grew.

article thumbnail

Many Public Salesforce Sites are Leaking Private Data

Krebs on Security

A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in.

Access 276
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

UK Threatens End-to-End Encryption

Schneier on Security

In an open letter , seven secure messaging apps—including Signal and WhatsApp—point out that the UK’s Online Safety Bill could destroy end-to-end encryption: As currently drafted, the Bill could break end-to-end encryption,opening the door to routine, general and indiscriminate surveillance of personal messages of friends, family members, employees, executives, journalists, human rights activists and even politicians themselves, which would fundamentally undermine everyone’s ab

article thumbnail

The White House National Cybersecurity Strategy Has a Fatal Flaw

Dark Reading

The government needs to shift focus and reconsider how it thinks about securing our nation's digital and physical assets.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Brace Yourself for the 2024 Deepfake Election

WIRED Threat Level

No matter what happens with generative AI, its disruptive forces are already beginning to play a role in the fast-approaching US presidential race.

IT 144

More Trending

article thumbnail

Worried About AI? You Should Be, But Not For Why You Think

Weissman's World

Many of our fears about Artificial Intelligence (AI) are absolutely terrifying! So, no surprise, it’s becoming a major talking point in the information profession. And while there’s definitely something to be worried about here., it probably isn’t what you think it is. It’ll take just 3 minutes for me to tell you what it is.… Read More » Worried About AI?

article thumbnail

MY TAKE: RSAC 2023 roundup – evidence of ‘stronger together’ innovation takes shape

The Last Watchdog

“Stronger together” was the theme of RSA Conference 2023 , which returned to its pre-Covid grandeur under the California sunshine last week at San Francisco’s Moscone Center. Related: Demystifying ‘DSPM’ Rising from the din of 625 vendors, 700 speakers and 26,000 attendees came the clarion call for a new tier of overlapping, interoperable, highly automated security platforms needed to carry us forward.

article thumbnail

DOJ Detected SolarWinds Breach Months Before Public Disclosure

WIRED Threat Level

In May 2020, the US Department of Justice noticed Russian hackers in its network but did not realize the significance of what it had found for six months.

IT 136
article thumbnail

ISMG Editors: Opening Day Overview of RSA Conference 2023

Data Breach Today

Emerging AI Tech, Identity Concerns and Latest Threats Are Among the Hot Topics ISMG editors are live at RSA Conference 2023 in San Francisco with an overview of opening-day speakers and hot topics including the emergence of AI, the latest intel on nation-state threats, security product innovation and deals, and ransomware trends. Join us for daily updates from RSA.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Announcing OpenText Cloud Editions (CE) 23.2

OpenText Information Management

As information expands exponentially, it is becoming more complex and extensive than ever before. To remain competitive, organizations must explore new ways of harnessing information – to not only power and protect it – but to innovate, ramp up growth, and increase speed to market. Since the acquisition of Micro Focus 90 days ago, OpenText … The post Announcing OpenText Cloud Editions (CE) 23.2 appeared first on OpenText Blogs.

Cloud 126
article thumbnail

RSAC Fireside Chat: Turning full attention to locking down the security of ‘open source’

The Last Watchdog

Software composition analysis — SCA – is a layer of the security stack that, more so than ever, plays a prominent role in protecting modern business networks. Related: All you should know about open-source exposures This is especially true as software developers increasingly rely on generic open source and commercial components to innovate in hyperkinetic DevOps and CI/CD mode.

Security 163
article thumbnail

2023 Jamf Event Recap

Jamf

This was the second year of our Jamf Event, a follow-up to the Jamf Nation User Conference. Dean Hager, Jamf CEO, joined other key Jamf team members to provide an exclusive look at the progress we’ve made on product features announced at JNUC as well as some exciting new and planned capabilities that will help simplify work with Apple.

116
116
article thumbnail

The Best Cybersecurity Defense Is a Good Offense

Data Breach Today

AllegisCyber Capital's Bob Ackerman on the Need to Understand Offensive Playbooks Offense is what paces innovation in cybersecurity since threat actors constantly look for new ways to compromise systems, said AllegisCyber Capital's Bob Ackerman. Many offensive cyber capabilities developed by the national intelligence community make their way into the wild and become exploitable.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Patch Management vs Vulnerability Management: What’s the Difference?

eSecurity Planet

Vulnerability management improves the security posture of all IT systems by locating vulnerabilities, implementing security controls to fix or protect those vulnerabilities, and then testing the fixes to verify vulnerability resolution. Patch management is the subset of vulnerability management that applies to third-party vendors and updates third-party systems using vendor-issued patches.

IoT 103
article thumbnail

Cybersecurity Survival: Hide From Adversarial AI

Dark Reading

Consider adding some security-through-obscurity tactics to your organization's protection arsenal to boost protection. Mask your attack surface behind additional zero-trust layers to remove AI's predictive advantage.

article thumbnail

Does ChatGPT Have Cybersecurity Tells?

KnowBe4

Poker players and other human lie detectors look for “tells,” that is, a sign by which someone might unwittingly or involuntarily reveal what they know, or what they intend to do. A cardplayer yawns when he’s about to bluff, for example, or someone’s pupils dilate when they’ve successfully drawn to an insider straight.

article thumbnail

Novel Technique Exploits Kubernetes RBAC to Create Backdoors

Data Breach Today

Attackers Deployed DaemonSets to Steal Resources From Victims Threat actors are exploiting Kubernetes Role-Based Access Control in the wild to create backdoors and to run cryptocurrency miners. Researchers observed a recent campaign that targeted at least 60 Kubernetes clusters by deploying DaemonSets to hijack and steal resources from the victims' clusters.

Access 200
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

My top five moments from season one of The Data Download

Collibra

Over a year ago the marketing team came to me and asked if I wanted to be the host of Collibra’s first ever podcast. I was interested, but hesitant at first. I had never done something like this before and had no idea what to expect. But now, just two weeks out from launching season two , I couldn’t be more excited about what the future holds for The Data Download.

article thumbnail

Firmware Looms as the Next Frontier for Cybersecurity

Dark Reading

Software bugs are ubiquitous, and we're familiar with hardware threats. But what about the gap in the middle? Two researchers at Black Hat Asia will attempt to focus our attention there.

article thumbnail

World Economic Forum: Organisations Must Invest in Security as ‘Catastrophic Cyber Event’ Looms

IT Governance

The cost of living crisis is affecting us all. Energy bills are soaring, petrol prices have reached record highs and, as the BBC reported this week, even the humble cheese sandwich has been struck by inflation. Despite these rising costs, one area that remains unchanged is digital transformation. Organisations worldwide are investing in technologies at an unprecedented rate, with an IDC study published last year reporting that digital transformation spending is expected to hit $3.4 trillion (£2.

article thumbnail

RTM Locker RaaS Group Turns to Linux, NAS and ESXi Hosts

Data Breach Today

Highly Structured Group Using Traces of Babuk Ransomware's Leaked Source Code RTM Locker ransomware-as-a-service operators have now turned their attention to Linux, network-attached storage devices and ESXi hosts. The highly structured group appears to be using a new ransomware strain that shows traces of Babuk ransomware's leaked source code.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

The Downside of ESG: The Dangers of Greenwashing

Hanzo Learning Center

In recent years, there has been an increasing trend for companies to claim environmental sustainability, making public commitments to lower carbon emissions and other eco-friendly measures. However, this rise in environmental claims has also led to the concern of greenwashing, where companies make false or exaggerated statements about their environmental practices.

Risk 98
article thumbnail

CISOs Rethink Data Security with Info-Centric Framework

Dark Reading

The Data Security Maturity Model ditches application, network, and device silos when it comes to architecting a data security strategy.

Security 115
article thumbnail

Fake Meta Tech Support Profiles for Fraud

KnowBe4

Researchers at Group-IB have found an extensive campaign in which criminal operators have created a large number of fake Facebook profiles that repost messages in which the scammers misrepresent themselves as tech support personnel from Meta (Facebook’s corporate parent). Researchers discovered some 3200 bogus profiles in twenty-three languages. By far most of the profiles were created in English, more than 90%, followed by Mongolian (2.5%), Arabic (2.3%), Italian (0.8%), and Khmer (0.6%).

article thumbnail

Feds Urge 15-Month Sentence for Ex-Uber CISO Joe Sullivan

Data Breach Today

Sullivan Says Prison Sentence for Him Would Deter Others From Taking CISO Positions Prosecutors are urging a U.S. federal judge to sentence former Uber CISO Joe Sullivan to 15 months in prison for his role in impeding an investigation into the ride-hailing company's security practices. Sullivan exploited "his position to cover up a deeply embarrassing event," prosecutors wrote.

Security 162
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Everyone is using ChatGPT what does my organisation need to watch out for

Data Protection Report

In December 2022, OpenAI released ChatGPT, a powerful AI-powered chatbot that could handle users’ questions and requests for information or content in a convincing and confident manner. The number of users signing up to use the tool increased very rapidly, with users using the tool to write letters, edit text, generate lists, prepare presentations and generate code, among a myriad of other things.

Risk 97
article thumbnail

Rethinking Safer AI: Can There Really Be a 'TruthGPT'?

Dark Reading

Is Elon Musk's "maximum truth-seeking AI" achievable? Overcoming bias in artificial technologies is crucial for cybersecurity, but doing it could be a challenge.

article thumbnail

Another Perspective on ChatGPT's Social Engineering Potential

KnowBe4

We’ve had occasion to write about ChatGPT’s potential for malign use in social engineering , both in the generation of phishbait at scale and as a topical theme that can appear in lures. We continue to track concerns about the new technology as they surface in the literature.