Sat.Apr 22, 2023 - Fri.Apr 28, 2023

article thumbnail

ITRC: Lack of Details in Data Breach Notices on the Rise

Data Breach Today

James E. Lee Shares 2023 Q1 Data Breach Report Highlights According to findings from the Identity Theft Resource Center's 2023 Q1 Data Breach Report, the number of publicly reported data compromises decreased, but the number of data breaches with no actionable information about the root cause of the compromise grew.

article thumbnail

Many Public Salesforce Sites are Leaking Private Data

Krebs on Security

A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

UK Threatens End-to-End Encryption

Schneier on Security

In an open letter , seven secure messaging apps—including Signal and WhatsApp—point out that the UK’s Online Safety Bill could destroy end-to-end encryption: As currently drafted, the Bill could break end-to-end encryption,opening the door to routine, general and indiscriminate surveillance of personal messages of friends, family members, employees, executives, journalists, human rights activists and even politicians themselves, which would fundamentally undermine everyone’s ab

article thumbnail

The White House National Cybersecurity Strategy Has a Fatal Flaw

Dark Reading

The government needs to shift focus and reconsider how it thinks about securing our nation's digital and physical assets.

article thumbnail

Beware of Pixels & Trackers: A Client-Side Security Report

At the beginning of 2023, concern grew over pixels and trackers, which load into the browser as a part of the software supply chain, being used by data harvesting platforms to collect user data. The data is then transferred to the servers of the companies owning the pixels/trackers as a part of their advertising and marketing business. Aggressive data harvesting practices increase the likelihood and/or actual transfer of sensitive data, which may cause unintended consequences, including expensiv

article thumbnail

Brace Yourself for the 2024 Deepfake Election

WIRED Threat Level

No matter what happens with generative AI, its disruptive forces are already beginning to play a role in the fast-approaching US presidential race.

More Trending

article thumbnail

MY TAKE: RSAC 2023 roundup – evidence of ‘stronger together’ innovation takes shape

The Last Watchdog

“Stronger together” was the theme of RSA Conference 2023 , which returned to its pre-Covid grandeur under the California sunshine last week at San Francisco’s Moscone Center. Related: Demystifying ‘DSPM’ Rising from the din of 625 vendors, 700 speakers and 26,000 attendees came the clarion call for a new tier of overlapping, interoperable, highly automated security platforms needed to carry us forward.

article thumbnail

Cybersecurity Survival: Hide From Adversarial AI

Dark Reading

Consider adding some security-through-obscurity tactics to your organization's protection arsenal to boost protection. Mask your attack surface behind additional zero-trust layers to remove AI's predictive advantage.

article thumbnail

Announcing OpenText Cloud Editions (CE) 23.2

OpenText Information Management

As information expands exponentially, it is becoming more complex and extensive than ever before. To remain competitive, organizations must explore new ways of harnessing information – to not only power and protect it – but to innovate, ramp up growth, and increase speed to market. Since the acquisition of Micro Focus 90 days ago, OpenText … The post Announcing OpenText Cloud Editions (CE) 23.2 appeared first on OpenText Blogs.

Cloud 126
article thumbnail

ISMG Editors: Opening Day Overview of RSA Conference 2023

Data Breach Today

Emerging AI Tech, Identity Concerns and Latest Threats Are Among the Hot Topics ISMG editors are live at RSA Conference 2023 in San Francisco with an overview of opening-day speakers and hot topics including the emergence of AI, the latest intel on nation-state threats, security product innovation and deals, and ransomware trends. Join us for daily updates from RSA.

article thumbnail

Why You Need to Use Case Studies in Sales and Marketing (and How to Start Now)

Case studies are proof of successful client relations and a verifiable product or service. They persuade buyers by highlighting your customers' experiences with your company and its solution. In sales, case studies are crucial pieces of content that can be tailored to prospects' pain points and used throughout the buyer's journey. In marketing, case studies are versatile assets for generating business, providing reusable elements for ad and social media content, website material, and marketing c

article thumbnail

Guest essay: A roadmap for how — and why — all MSSPs should embrace live patching

The Last Watchdog

Patch management has always been time-consuming and arduous. But it gets done, at least to some degree, simply because patching is so crucial to a robust cybersecurity posture. Patch programs are rarely perfect though, and imperfect patching arguably enables successful cybersecurity breaches – it’s an ever-growing concern for countless IT teams. Related: MSSPs shift to deeper help Managed Security Service Providers (MSSPs) do their best to patch their client’s systems while also juggling a long

article thumbnail

Rethinking Safer AI: Can There Really Be a 'TruthGPT'?

Dark Reading

Is Elon Musk's "maximum truth-seeking AI" achievable? Overcoming bias in artificial technologies is crucial for cybersecurity, but doing it could be a challenge.

article thumbnail

DOJ Detected SolarWinds Breach Months Before Public Disclosure

WIRED Threat Level

In May 2020, the US Department of Justice noticed Russian hackers in its network but did not realize the significance of what it had found for six months.

IT 131
article thumbnail

The Best Cybersecurity Defense Is a Good Offense

Data Breach Today

AllegisCyber Capital's Bob Ackerman on the Need to Understand Offensive Playbooks Offense is what paces innovation in cybersecurity since threat actors constantly look for new ways to compromise systems, said AllegisCyber Capital's Bob Ackerman. Many offensive cyber capabilities developed by the national intelligence community make their way into the wild and become exploitable.

article thumbnail

Apache Cassandra® NoSQL for the Relational DBA

Unleash the power of NoSQL with "Apache Cassandra® NoSQL for the Relational DBA." Learn from Lewis DiFelice, an experienced Professional Services Consultant at Instaclustr, as he shares his journey transitioning from SQL to managing a 40-node Cassandra cluster. Gain insights into Cassandra's architecture, configuration strategies, and best practices.

article thumbnail

RSAC Fireside Chat: Turning full attention to locking down the security of ‘open source’

The Last Watchdog

Software composition analysis — SCA – is a layer of the security stack that, more so than ever, plays a prominent role in protecting modern business networks. Related: All you should know about open-source exposures This is especially true as software developers increasingly rely on generic open source and commercial components to innovate in hyperkinetic DevOps and CI/CD mode.

Security 154
article thumbnail

Firmware Looms as the Next Frontier for Cybersecurity

Dark Reading

Software bugs are ubiquitous, and we're familiar with hardware threats. But what about the gap in the middle? Two researchers at Black Hat Asia will attempt to focus our attention there.

article thumbnail

NSA Cybersecurity Director Says ‘Buckle Up’ for Generative AI

WIRED Threat Level

The security issues raised by ChatGPT and similar tech are just beginning to emerge, but Rob Joyce says it’s time to prepare for what comes next.

article thumbnail

Novel Technique Exploits Kubernetes RBAC to Create Backdoors

Data Breach Today

Attackers Deployed DaemonSets to Steal Resources From Victims Threat actors are exploiting Kubernetes Role-Based Access Control in the wild to create backdoors and to run cryptocurrency miners. Researchers observed a recent campaign that targeted at least 60 Kubernetes clusters by deploying DaemonSets to hijack and steal resources from the victims' clusters.

Access 200
article thumbnail

Finding The Application Modernization Strategy That Is Right For Your Business

As a business leader, you know it's important to update your apps, but it can be tough to figure out the best approach. This whitepaper helps you in upgrading your current applications using modernization strategies without any business disruptions.

article thumbnail

Security Risks of AI

Schneier on Security

Stanford and Georgetown have a new report on the security risks of AI—particularly adversarial machine learning—based on a workshop they held on the topic. Jim Dempsey, one of the workshop organizers, wrote a blog post on the report: As a first step, our report recommends the inclusion of AI security concerns within the cybersecurity programs of developers and users.

Risk 107
article thumbnail

Attackers Abuse PaperCut RCE Flaws to Take Over Enterprise Print Servers

Dark Reading

Customers should apply updates to the print management software used by more than 100 million organizations worldwide, with typical US customers found in the SLED sector.

130
130
article thumbnail

Intel Let Google Cloud Hack Its New Secure Chips and Found 10 Bugs

WIRED Threat Level

To protect its Confidential Computing cloud infrastructure and gain critical insights, Google leans on its relationships with chipmakers.

Cloud 127
article thumbnail

RTM Locker RaaS Group Turns to Linux, NAS and ESXi Hosts

Data Breach Today

Highly Structured Group Using Traces of Babuk Ransomware's Leaked Source Code RTM Locker ransomware-as-a-service operators have now turned their attention to Linux, network-attached storage devices and ESXi hosts. The highly structured group appears to be using a new ransomware strain that shows traces of Babuk ransomware's leaked source code.

article thumbnail

From Hadoop to Data Lakehouse

Getting off of Hadoop is a critical objective for organizations, with data executives well aware of the significant benefits of doing so. The problem is, there are few options available that minimize the risk to the business during the migration process and that’s one of the reasons why many organizations are still using Hadoop today. By migrating to the data lakehouse, you can get immediate benefits from day one using Dremio’s phased migration approach.

article thumbnail

Cyberweapons Manufacturer QuaDream Shuts Down

Schneier on Security

Following a report on its activities , the Israeli spyware company QuaDream has shut down. This was QuadDream: Key Findings Based on an analysis of samples shared with us by Microsoft Threat Intelligence , we developed indicators that enabled us to identify at least five civil society victims of QuaDream’s spyware and exploits in North America, Central Asia, Southeast Asia, Europe, and the Middle East.

article thumbnail

'Good' AI Is the Only Path to True Zero-Trust Architecture

Dark Reading

Ultimately AI will protect the enterprise, but it's up to the cybersecurity community to protect 'good' AI in order to get there, RSA's Rohit Ghai says.

article thumbnail

2023 Jamf Event Recap

Jamf

This was the second year of our Jamf Event, a follow-up to the Jamf Nation User Conference. Dean Hager, Jamf CEO, joined other key Jamf team members to provide an exclusive look at the progress we’ve made on product features announced at JNUC as well as some exciting new and planned capabilities that will help simplify work with Apple.

105
105
article thumbnail

Feds Urge 15-Month Sentence for Ex-Uber CISO Joe Sullivan

Data Breach Today

Sullivan Says Prison Sentence for Him Would Deter Others From Taking CISO Positions Prosecutors are urging a U.S. federal judge to sentence former Uber CISO Joe Sullivan to 15 months in prison for his role in impeding an investigation into the ride-hailing company's security practices. Sullivan exploited "his position to cover up a deeply embarrassing event," prosecutors wrote.

Security 162
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Scammers Impersonate Zelle via the Lure of “Getting Paid” to Get Paid Themselves

KnowBe4

A new impersonation scam targets users of the popular pay platform under the guise of the victim having money coming to them and with the goal to obtain Zelle credentials.

Phishing 103
article thumbnail

CISOs Rethink Data Security with Info-Centric Framework

Dark Reading

The Data Security Maturity Model ditches application, network, and device silos when it comes to architecting a data security strategy.

Security 137
article thumbnail

AI to Aid Democracy

Schneier on Security

There’s good reason to fear that A.I. systems like ChatGPT and GPT4 will harm democracy. Public debate may be overwhelmed by industrial quantities of autogenerated argument. People might fall down political rabbit holes, taken in by superficially convincing b t, or obsessed by folies à deux relationships with machine personalities that don’t really exist.