Sat.Jan 13, 2024 - Fri.Jan 19, 2024

article thumbnail

News alert: Incogni study reveals overwhelming majority of spam calls originate locally

The Last Watchdog

Los Angeles, Calif., Jan. 17, 2024 – Spam calls continue to be a major nuisance in the US, and advice on how to avoid them abound. Incogni’s latest research challenges prevalent assumptions about spam calls, revealing that traditional advice on avoiding specific area codes is largely ineffective. The study, based on the latest data from the Federal Trade Commission (FTC), demonstrates that, contrary to popular belief, a staggering 59.81% of all unwanted calls originate from local num

article thumbnail

Exclusive: Cloud Vendor Returns Stolen Hospital Data

Data Breach Today

Alliance Had Sued LockBit Gang to Force Cloud Firm to Release Affected Patient Data A cloud services firm has turned over to a New York hospital alliance the patient data stolen in a ransomware attack by LockBit. The hospital group had filed a lawsuit against LockBit as a legal maneuver to force the storage firm to return data the cybercriminals had stashed on the vendor's servers.

Cloud 315
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Code Written with AI Assistants Is Less Secure

Schneier on Security

Interesting research: “ Do Users Write More Insecure Code with AI Assistants? “: Abstract: We conduct the first large-scale user study examining how users interact with an AI Code assistant to solve a variety of security related tasks across different programming languages. Overall, we find that participants who had access to an AI assistant based on OpenAI’s codex-davinci-002 model wrote significantly less secure code than those without access.

Security 125
article thumbnail

Cryptohack Roundup: SEC Still Probing X Account Hack

Data Breach Today

Also: $3.3M Socket Hack; Do Kwon and Alex Mashinsky Trials This week, the U.S. SEC assessed its X account hack, attackers stole $3.3M from Socket, Do Kwon got a new trial date, Alex Mashinsky sought to dismiss charges, Google Play Store removed crypto apps for India users, IRS clarified crypto asset reporting and South Korea mulled crypto mixer legislation.

IT 288
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Canadian Man Stuck in Triangle of E-Commerce Fraud

Krebs on Security

A Canadian man who says he's been falsely charged with orchestrating a complex e-commerce scam is seeking to clear his name.

257
257

More Trending

article thumbnail

Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack

Security Affairs

Researchers from Bishop Fox found over 178,000 SonicWall next-generation firewalls (NGFW) publicly exploitable. SonicWall next-generation firewall (NGFW) series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities, tracked as CVE-2022-22274 and CVE-2023-0656 , that could potentially lead to remote code execution. Despite a proof-of-concept exploit for the flaw CVE-2023-0656 was publicly released, the vendor is not aware of attack in the wild exploiting the vulner

IT 132
article thumbnail

Popular GPUs Used AI Systems Vulnerable to Memory Leak Flaw

Data Breach Today

LeftoverLocals Affects Apple, AMD and Qualcomm Devices Researchers uncovered a critical vulnerability in graphic processing units of popular devices that could allow attackers to access data from large language models. They dubbed the vulnerability LeftoverLocals and said it affects the GPU frameworks of Apple, AMD and Qualcomm devices.

Access 314
article thumbnail

Jamf Threat Labs discovers new malware embedded in pirated applications

Jamf

In this blog, Jamf Threat Labs researchers analyze malware they discovered in pirated macOS applications. These apps, appearing similar to ZuRu malware, download and execute multiple payloads to compromise machines in the background.

129
129
article thumbnail

How Secure Is Cloud Storage? Features, Risks, & Protection

eSecurity Planet

Cloud storage is a cloud computing model that allows data storage on remote servers operated by a service provider, accessible via internet connections. It’s a scalable and cost-effective storage solution for businesses offered through a subscription service. When assessing the overall security of cloud storage and choosing a solution tailored to your business, it helps to determine its features, potential risks, security measures, and other considerations.

Cloud 124
article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

iShutdown lightweight method allows to discover spyware infections on iPhones

Security Affairs

Researchers devised a “lightweight method,” called iShutdown, to determine whether Apple iOS devices have been infected with spyware. Cybersecurity researchers from Kaspersky have identified a “lightweight method,” called iShutdown, to identify the presence of spyware on Apple iOS devices. The method allow to discover stealthy and poweful surveillance software like NSO Group ‘s Pegasus , Intellexa ‘s Predator , QuaDream ‘s Reign.

Archiving 129
article thumbnail

Researchers Spot Critical Security Flaw in Bosch Thermostats

Data Breach Today

Bitdefender Finds Vulnerability in Popular IoT Device Thermostats sold across the globe by German multinational engineering company Bosch contained a flaw allowing hackers to cut power to the heating system and override the firmware, warn researchers from cybersecurity firm Bitdefender. Bosch pushed an over-the-air update in October.

IoT 310
article thumbnail

‘Stablecoins’ Enabled $40 Billion in Crypto Crime Since 2022

WIRED Threat Level

A new report from Chainalysis finds that stablecoins like Tether, tied to the value of the US dollar, were used in the vast majority of crypto-based scam transactions and sanctions evasion in 2023.

Privacy 123
article thumbnail

Facebook Work-From-Home “Job” Posting Scam Goes the Extra Mile to Trick Victims

KnowBe4

A new job posting scam found by IT security company Qualysys is focused on capturing victim’s identity details, accessing victim’s Facebook accounts, and committing fraud. In this new scam, legitimate Facebook advertising is used to post fake work-from-home job ads from several companies. As with most of these scams, victims are directed to a third-party messaging app and are asked to sign a realistic-looking employment contract.

Access 113
article thumbnail

Launching LLM-Based Products: From Concept to Cash in 90 Days

Speaker: Christophe Louvion, Chief Product & Technology Officer of NRC Health and Tony Karrer, CTO at Aggregage

Christophe Louvion, Chief Product & Technology Officer of NRC Health, is here to take us through how he guided his company's recent experience of getting from concept to launch and sales of products within 90 days. In this exclusive webinar, Christophe will cover key aspects of his journey, including: LLM Development & Quick Wins 🤖 Understand how LLMs differ from traditional software, identifying opportunities for rapid development and deployment.

article thumbnail

Ransomware attacks break records in 2023: the number of victims rose by 128%

Security Affairs

Ransomware groups claimed that they successfully targeted 4191 victims in 2023, Cybernews researchers report. According to the Ransomlooker tool, the number of ransomware attack victims increased by 128.17% compared to the previous year (2022), with 1837 additional incidents. Based on Ransomlooker, a free Cybernews tool for monitoring the dark web and other hidden areas of the internet, more ransomware attacks occurred in spring and summer, with 1253 and 1275 victims, compared to winter and autu

article thumbnail

White House Official Warns of AI Risks in 2024 Elections

Data Breach Today

No 'Magic Solution' to Prevent Malicious Use of AI in Elections, OSTP Chief Says Arati Prabhakar, director of the White House's Office of Science and Technology Policy, said during an event at the 2024 World Economic Forum that generative artificial intelligence has the potential to "dramatically accelerate and amplify the erosion of information integrity.

article thumbnail

$8 million penalty to NYDFS – and another case of over-retention

Data Protection Report

2024 was not a happy new year for Genesis Global Trading, Inc. (“GGT”). On January 3, 2024, the New York Department of Financial Services announced a consent order with GGT, where GGT agreed to pay NYDFS $8 million and to surrender its BitLicense (for cryptocurrency trading), due to alleged violations of NYDFS’ cybersecurity and its virtual currency regulations.

article thumbnail

‘Swatting’ Becomes the Latest Extortion Tactic in Ransomware Attacks

KnowBe4

Rather than stick to traditional ransomware extortion methods that revolve around the attack itself, a new form of extortion known as Swatting puts the focus on the victim organization’s customers.

article thumbnail

An Architect’s Guide for Selecting Scalable, Data-Layer Technologies

There’s no getting around it: selecting the right foundational data-layer components is crucial for long-term application success. That’s why we developed this white paper to give you insights into four key open-source technologies – Apache Cassandra®, Apache Kafka®, Apache Spark™, and OpenSearch® – and how to leverage them for lasting success. Discover everything you’ll want to know about scalable, data-layer technologies: Learn when to choose these technologies and when to avoid them Explore h

article thumbnail

Apple fixed a bug in Magic Keyboard that allows to monitor Bluetooth traffic

Security Affairs

Apple addressed a recently disclosed Bluetooth keyboard injection vulnerability with the release of Magic Keyboard firmware. Apple released Magic Keyboard Firmware Update 2.0.6 to address a recently disclosed Bluetooth keyboard injection issue tracked as CVE-2024-0230. The flaw is a session management issue that can be exploited by an attacker with physical access to the accessory to extract its Bluetooth pairing key and spy on the Bluetooth traffic.

Access 122
article thumbnail

NetScaler, Atlassian, VMWare Disclose Critical Flaws

Data Breach Today

Citrix NetScaler ADC and Gateway Bugs Exploited in the Wild IT infrastructure mainstays including Netscaler, Atlassain and VMWare on Tuesday released fixes for vulnerabilities including some allowing malicious takeover of appliances. NetScaler warned customers Tuesday of two zero day vulnerabilities that researchers say are being exploited in the wild.

IT 301
article thumbnail

A Flaw in Millions of Apple, AMD, and Qualcomm GPUs Could Expose AI Data

WIRED Threat Level

Patching every device affected by the LeftoverLocals vulnerability—which includes some iPhones, iPads, and Macs—may prove difficult.

Security 130
article thumbnail

Zelle Is Using My Name and Voice without My Consent

Schneier on Security

Okay, so this is weird. Zelle has been using my name, and my voice, in audio podcast ads—without my permission. At least, I think it is without my permission. It’s possible that I gave some sort of blanket permission when speaking at an event. It’s not likely, but it is possible. I wrote to Zelle about it. Or, at least, I wrote to a company called Early Warning that owns Zelle about it.

IT 111
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

article thumbnail

VMware fixed a critical flaw in Aria Automation. Patch it now!

Security Affairs

VMware warns customers of a critical vulnerability impacting its Aria Automation multi-cloud infrastructure automation platform. VMware Aria Automation (formerly vRealize Automation ) is a modern cloud automation platform that simplifies and streamlines the deployment, management, and governance of cloud infrastructure and applications. It provides a unified platform for automating tasks across multiple cloud environments, including VMware Cloud on AWS, VMware Cloud on Azure, and VMware Cloud Fo

IT 122
article thumbnail

Breach Roundup: Microsoft's Effort to Store EU Data Locally

Data Breach Today

Also: FBI Warning About Androxgh0st; eBay Pays a $3 Million Fine for Cyberstalking This week, Microsoft expanded plans to store EU citizens' data locally, shipping-themed phishing spam is a threat, the British Library overcame a ransomware setback, the FBI warned of Androxgh0st malware, Remcos RAT targeted South Korea, and eBay was fined $3 million for a cyberstalking campaign.

Libraries 300
article thumbnail

VulnRecap 1/16/24 – Major Firewall Issues Persist

eSecurity Planet

The past week and the long weekend have had plenty of vulnerabilities to keep your IT and security teams busy. Both SonicWall and Juniper Networks have seen vulnerabilities that allow remote code execution and denial-of service attacks. Keep an eye out for security announcements from your firewall vendors; it’s possible additional similar vulnerabilities will come to light.

IoT 106
article thumbnail

Speaking to the CIA’s Creative Writing Group

Schneier on Security

This is a fascinating story. Last spring, a friend of a friend visited my office and invited me to Langley to speak to Invisible Ink, the CIA’s creative writing group. I asked Vivian (not her real name) what she wanted me to talk about. She said that the topic of the talk was entirely up to me. I asked what level the writers in the group were.

106
106
article thumbnail

What Is Entity Resolution? How It Works & Why It Matters

Entity Resolution Sometimes referred to as data matching or fuzzy matching, entity resolution, is critical for data quality, analytics, graph visualization and AI. Learn what entity resolution is, why it matters, how it works and its benefits. Advanced entity resolution using AI is crucial because it efficiently and easily solves many of today’s data quality and analytics problems.

article thumbnail

CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Chrome and Citrix flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2023-6548 – Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability.

IT 121
article thumbnail

OpenAI Combats Election Misinformation Amid Growing Concerns

Data Breach Today

ChatGPT Maker Wants to Deter Use of AI in Online Election Misinformation Campaigns OpenAI announced a series of steps it was taking to prevent the use of its models in online influence operations throughout the 2024 election season, amid growing concerns that the election could face significant security concerns from the use of AI in online influence operations.

Security 297
article thumbnail

Analysis of Phishing Emails Shows High Likelihood They Were Written By AI

KnowBe4

It’s no longer theoretical; phishing attacks and email scams are leveraging AI-generated content based on testing with anti-AI content solutions.

Phishing 115