Sat.Mar 16, 2024 - Fri.Mar 22, 2024

article thumbnail

After 70M Individuals' Data Leaks, AT&T Denies Being Source

Data Breach Today

Dataset Leaked for Free; ShinyHunters Cybercrime Gang First Advertised It in 2021 Data breach blast from the past: Data pertaining to 70 million individuals that the ShinyHunters gang claimed were AT&T customers has been leaked via a hacking forum, three years after criminals first offered it for sale. AT&T said the information didn't appear to have been stolen from its systems.

Sales 308
article thumbnail

EU Formally Adopts World’s First AI Law

Data Matters

On March 13, 2024, the European Parliament formally adopted the EU Artificial Intelligence Act (“ AI Act ”) with a large majority of 523-46 votes in favor of the legislation. The AI Act is the world’s first horizontal and standalone law governing AI, and a landmark piece of legislation for the EU. The post EU Formally Adopts World’s First AI Law appeared first on Data Matters Privacy Blog.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Navigating the complex world of IT security: how unified security simplifies protection

Jamf

Securing your organization is a difficult task. Choosing the right software solutions can help. Learn how a unified security platform makes security easier.

Security 103
article thumbnail

Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

Krebs on Security

The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep , an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by KrebsOnSecurity forced Onerep’s CEO to admit that he has founded dozens of people-search networks over the years.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Tactics for Battling Attacks by Russia's Midnight Blizzard

Data Breach Today

As Nation-State Group Hacks Big Targets, Trellix's John Fokker Details Defenses Major technology vendors keep being hacked by the nation-state hacking group Midnight Blizzard. Essential defenses to combat such attacks begin with implementing log monitoring across multiple platforms to find red flags, said John Fokker, head of threat intelligence at Trellix.

313
313

More Trending

article thumbnail

Threat actors leaked 70,000,000+ records allegedly stolen from AT&T

Security Affairs

Researchers at vx-underground first noticed that more than 70,000,000 records from AT&T were leaked on the Breached hacking forum. More than 70,000,000 records from an unspecified division of AT&T were leaked onto Breached, vx-underground researchers reported. Today 70,000,000+ records from an unspecified division of AT&T were leaked onto Breached.

article thumbnail

The Not-so-True People-Search Network from China

Krebs on Security

It’s not unusual for the data brokers behind people-search websites to use pseudonyms in their day-to-day lives (you would, too). Some of these personal data purveyors even try to reinvent their online identities in a bid to hide their conflicts of interest. But it’s not every day you run across a US-focused people-search network based in China whose principal owners all appear to be completely fabricated identities.

Marketing 239
article thumbnail

Russian Nation-State Hacker Targets German Political Parties

Data Breach Today

Latest APT29 Campaign Uses a Previously Unseen Malware Backdoor A Russian hacking group is targeting German political parties as part of a Moscow-backed espionage campaign. The latest APT29 campaign marks the first time the group has been seen targeting political organizations, according to researchers at Mandiant.

305
305
article thumbnail

5 reasons to attend OpenText World Europe 2024

OpenText Information Management

AI changes everything—every role, every organization, and every industry. Those who make the most of it will be poised to lead their industries. Are you ready to put this game-changing technology to work for you? Join us at OpenText™ World Europe 2024 to learn how you can reimagine work with AI. Our complimentary event will be held in three locations: London (Queen Elizabeth II Centre, April 15), Munich (MOC—Event Center Messe München, April 16 & 17), and Paris (Maison de la Chimie, April 18

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Pwn2Own Vancouver 2024: participants earned $1,132,500 for 29 unique 0-days

Security Affairs

Pwn2Own Vancouver 2024 hacking competition has ended, and participants earned $1,132,500 for demonstrating 29 unique zero-days. Trend Micro’s Zero Day Initiative (ZDI) announced that participants earned $1,132,500 on the Pwn2Own Vancouver 2024 hacking competition for demonstrating 29 unique zero-days. On day one , the Team Synacktiv successfully demonstrated exploits against a Tesla car.

article thumbnail

Some of the Most Popular Websites Share Your Data With Over 1,500 Companies

WIRED Threat Level

Cookie pop-ups now show the number of “partners” that websites may share data with. Here's how many of these third-party companies may get your data from some of the most popular sites online.

Privacy 118
article thumbnail

Nursing Home Declares Bankruptcy, Blames Recent Cyberattacks

Data Breach Today

Also, Senate Bill Proposes Payment Relief for Firms Meeting Cyber 'Standards' A nursing home operator is seeking bankruptcy protection, citing the effects of a ransomware attack last fall and fallout from the recent Change Healthcare outage as factors that contributed to its financial woes. Also, a Senate bill aims to address cash flows for some health firms hit by an attack.

article thumbnail

The False Economy of Deprioritising Security

IT Governance

In the UK, cyber security has been dropping down the board’s list of priorities. A 2022 Proofpoint study found that 76% of UK board members believed their organisation to be at risk of a material cyber attack in the next 12 months – higher than the global average of 65%. However, the 2023 edition of that study found that this had dropped to 44% in the UK, whereas the global average had climbed to 73%.

Security 116
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Critical flaw in Atlassian Bamboo Data Center and Server must be fixed immediately

Security Affairs

Atlassian fixed tens of vulnerabilities in Bamboo, Bitbucket, Confluence, and Jira products, including a critical flaw that can be very dangerous. Atlassian addressed multiple vulnerabilities in its Bamboo, Bitbucket, Confluence, and Jira products. The most severe vulnerability, tracked as CVE-2024-1597 (CVSS score of 10), is a SQL injection flaw that impacts the org.postgresql:postgresql third-party dependency of Bamboo Data Center and Server. “This org.postgresql:postgresql Dependency

IT 121
article thumbnail

Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds

WIRED Threat Level

The company behind the Saflok-brand door locks is offering a fix, but it may take months or years to reach some hotels.

IT 144
article thumbnail

US Sanctions 'Key Actors' in Russian Disinformation Campaign

Data Breach Today

Treasury Department Sanctions Heads of Russian 'Influence-for-Hire' Firms The U.S. Department of the Treasury sanctioned the heads of Russian-based companies for spearheading disinformation campaigns that impersonated legitimate media outlets and government organizations across the globe. The firms coordinated an information manipulation campaign targeting Latin America.

article thumbnail

Introducing privilege elevation in Jamf Connect

Jamf

Learn about how privilege elevation, a new feature of Jamf Connect, helps organizations balance the end user’s needs with administrative oversight without compromising device or credential security while permitting IT and Security teams to “ work smarter, not harder ”.

Security 116
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Pwn2Own Vancouver 2024 Day 1 – team Synacktiv hacked a Tesla

Security Affairs

Participants earned $732,500 on the first day of the Pwn2Own Vancouver 2024 hacking competition, a team demonstrated a Tesla hack. Participants earned $732,000 on the first day of the Pwn2Own Vancouver 2024 hacking competition for demonstrating 19 unique zero-days, announced Trend Micro’s Zero Day Initiative (ZDI). The experts successfully demonstrated exploits against a Tesla car, Linux and Windows operating systems, and more.

Security 117
article thumbnail

The Mainframe Turns 60: A Milestone in Computing History  

OpenText Information Management

60 years can really fly by! On April 7, 2024, the Mainframe will turn 60. At this milestone, we should all reflect on what the mainframe has done to the computing industry. What would the world look like without it? What is the current state of the mainframe? And what is its future? This post will touch on these points and give us all a chance to celebrate the mainframe at 60 years.

Cloud 111
article thumbnail

Email Bomb Attacks: Filling Up Inboxes and Servers Near You

Data Breach Today

HHS: Bot-Driven Attacks Can Overwhelm Email Servers, Networks and Disrupt Workflow Federal authorities are warning healthcare and public health sector entities of email bomb attacks, a type of denial-of-service attack that can overwhelm email systems and networks and distract victims from other nefarious activities. The incidents can also disrupt clinical and business workflow.

300
300
article thumbnail

A guide to privacy modes in Jamf Safe Internet

Jamf

Privacy Modes recently came to Jamf Safe Internet. Take a deep dive into these settings and learn how to configure your Jamf School Instance with the right privacy settings for your school.

Privacy 105
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

PoC exploit for critical RCE flaw in Fortra FileCatalyst transfer tool released

Security Affairs

Fortra addressed a critical remote code execution vulnerability impacting its FileCatalyst file transfer product. Fortra has released updates to address a critical vulnerability, tracked as CVE-2024-25153 (CVSS score 9.8) impacting its FileCatalyst file transfer solution. A remote, unauthenticated attacker can exploit their vulnerability to execute arbitrary code on impacted servers. “A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be

article thumbnail

Ransomware Group “RA World” Changes Its’ Name and Begins Targeting Countries Around the Globe

KnowBe4

The threat group "RA World" (formerly RA Group) has shifted from country-specific ransomware attacks to include specific industries via a new - not previously seen - method of extortion.

article thumbnail

Water Sector Lacks Support to Meet White House Cyber Demands

Data Breach Today

Experts Say Water Sector Lacks Technical Resources to Comply With Federal Requests The White House convened state environmental, health and homeland security agencies Thursday as experts told ISMG water utilities across the country - particularly those in small, under-resourced communities - lack the funding and technical skills to implement federal cybersecurity recommendations.

article thumbnail

Cheating Automatic Toll Booths by Obscuring License Plates

Schneier on Security

The Wall Street Journal is reporting on a variety of techniques drivers are using to obscure their license plates so that automatic readers can’t identify them and charge tolls properly. Some drivers have power-washed paint off their plates or covered them with a range of household items such as leaf-shaped magnets, Bramwell-Stewart said. The Port Authority says officers in 2023 roughly doubled the number of summonses issued for obstructed, missing or fictitious license plates compared wit

IT 99
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Threat actors actively exploit JetBrains TeamCity flaws to deliver malware

Security Affairs

Multiple threat actors are exploiting the recently disclosed JetBrains TeamCity flaw CVE-2024-27198 in attacks in the wild. Trend Micro researchers are exploiting the recently disclosed vulnerabilities CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score 7.3) security flaws in JetBrains TeamCity to deploy multiple malware families and gain administrative control over impacted systems.

article thumbnail

CISA Recommends Continuous Cybersecurity Training

KnowBe4

In an age when 70% - 90% of successful data breaches involve social engineering (which gets past all other defenses), sufficient training is needed to best reduce human-side cybersecurity risk. Everyone should be trained in how to recognize social engineering attempts, how to mitigate (i.e., delete, ignore, etc.) them, and how to appropriately report them if in a business scenario.

article thumbnail

US House Passes Bill Curbing Data Sales to Foreign Foes

Data Breach Today

The Vote to Restrict the Sale of Americans' Sensitive Personal Data Is Unanimous The House voted Wednesday to pass the Protecting Americans' Data from Foreign Adversaries Act, a bill that would provide the FCC with enhanced authorities to seek up to $50,000 in civil penalties against data brokers that sell Americans' sensitive information to countries such as Russia and China.

Sales 292