Sat.Mar 23, 2024 - Fri.Mar 29, 2024

article thumbnail

Data Privacy in the Age of AI

AIIM

Data privacy and Artificial Intelligence (AI) are two of biggest issues in the information spaces today. However, despite the enormous amount of coverage they receive in the trade and general media, what is not yet well understood is how tightly intertwined they are, and how risky it can be to address them without a proper foundation. Here are a few points to ponder to help you avoid the most common risks.

article thumbnail

Migrating data to the cloud? Don’t neglect change management

Collibra

Did you know 72% of companies identify data as their biggest challenge to achieving AI goals by 2025? 1 For data professionals embarking on a data cloud migration , the stakes couldn’t be any higher. It’s why effective change management is not just a luxury; it’s a necessity for unlocking the full power of cloud capabilities and ensuring adoption.

Cloud 110
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

It’s Official: Cyber Insurance is No Longer Seen as a 'Safety Net'

KnowBe4

A new report on the state of email security sheds some light on how organizations are viewing and approaching cyber insurance as they shift strategy toward being cyber resilient.

Insurance 105
article thumbnail

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

Krebs on Security

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. In this scenario, a target’s Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds “Allow” or “Don’t Allow” to each prompt.

Passwords 361
article thumbnail

5 Ways You Can Win Faster with Gen AI in Sales

Incorporating generative AI (gen AI) into your sales process can speed up your wins through improved efficiency, personalized customer interactions, and better informed decision- making. Gen AI is a game changer for busy salespeople and can reduce time-consuming tasks, such as customer research, note-taking, and writing emails, and provide insightful data analysis and recommendations.

article thumbnail

UK Nuclear Cleanup Site Faces Criminal Cybersecurity Charges

Data Breach Today

Probe Finds 'Largest and Most Hazardous Nuclear Site' Violated Security Laws Britain's nuclear power watchdog said it plans to prosecute the country's "largest and most hazardous nuclear site," Sellafield, for violating nuclear industry cybersecurity regulations from 2019 to 2023. Both Russian and Chinese nation-state hackers reportedly infiltrated the site's networks.

Cleanup 320

More Trending

article thumbnail

Infostealers continue to pose threat to macOS users

Jamf

Jamf Threat Labs dissects ongoing infostealer attacks targeting macOS users. Each with different means of compromising victim’s Macs but with similar aims: to steal sensitive user data.

143
143
article thumbnail

Large-scale Sign1 malware campaign already infected 39,000+ WordPress sites

Security Affairs

A large-scale malware campaign, tracked as Sign1, has already compromised 39,000 WordPress sites in the last six months. Sucurity researchers at Sucuri spotted a malware campaign, tracked as Sign1, which has already compromised 39,000 WordPress sites in the last six months. The experts discovered that threat actors compromised the websites implanting malicious JavaScript injections that redirect visitors to malicious websites.

IT 142
article thumbnail

Alert: Hackers Hit High-Risk Individuals' Personal Accounts

Data Breach Today

Cybersecurity Experts Recommend Defenses to Counter Surge in Such Attacks Calling all high-risk individuals: Ensure you're taking adequate steps to secure your personal devices and accounts, as criminals and nation-state hackers increasingly target them instead of grappling with corporate defenses, warned the U.K.'s National Cyber Security Center.

Risk 318
article thumbnail

Data Security Trends: 2024 Report Analysis

Thales Cloud Protection & Licensing

Data Security Trends: 2024 Report Analysis madhav Mon, 03/25/2024 - 05:08 Amid ongoing economic uncertainty and a progressively complex threat landscape, businesses are trying to navigate increasingly stringent regulatory requirements while bolstering their security posture. The 2024 Thales Global Data Threat Report , conducted by S&P Global Market Intelligence, which surveyed almost 3,000 respondents from 18 countries and 37 industries, revealed how decision-makers navigate new threats while tr

Security 139
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Lessons from a Ransomware Attack against the British Library

Schneier on Security

You might think that libraries are kind of boring, but this self-analysis of a 2023 ransomware and extortion attack against the British Library is anything but.

Libraries 124
article thumbnail

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Security Affairs

Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. Google’s Threat Analysis Group (TAG) and its subsidiary Mandiant reported that in 2023 97 zero-day vulnerabilities were exploited in attacks, while in 2022 the actively exploited zero-day flaws were 62.

article thumbnail

Breach Roundup: Russian Organizations Losing Microsoft Cloud

Data Breach Today

Also: Hackers Target Apple Password Reset Flaw This week, Russian organizations are losing Microsoft Cloud, hackers targeted an Apple flaw, Germany warned of critical flaws in Microsoft Exchange, an info stealer targeted Indian government agencies and the energy sector, and Finland confirmed APT31's role in a 2020 breach of Parliament.

Cloud 310
article thumbnail

New Phishing-as-a-Service Kit Attempts to Bypass MFA

KnowBe4

A Phishing-as-a-Service (PhaaS) platform called “Tycoon 2FA” has surged in popularity over the past several months, according to researchers at Sekoia. The phishing kit is notable for its focus on bypassing victims’ multi-factor authentication measures.

Phishing 119
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Hardware Vulnerability in Apple’s M-Series Chips

Schneier on Security

It’s yet another hardware side-channel attack: The threat resides in the chips’ data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CPU cache before it’s actually needed, the DMP, as the feature is abbreviated, reduces latency between the main memory and the CPU, a common bottleneck in modern computing.

article thumbnail

TheMoon bot infected 40,000 devices in January and February

Security Affairs

A new variant of TheMoon malware infected thousands of outdated small office and home office (SOHO) routers and IoT devices worldwide. The Black Lotus Labs team at Lumen Technologies uncovered an updated version of “ TheMoon ” bot targeting end-of-life (EoL) small home/small office (SOHO) routers and IoT devices. The new version of the bot has been spotted infecting thousands of outdated devices in 88 countries.

IoT 138
article thumbnail

Tycoon 2FA - The Criminals' Favorite Platform for MFA Theft

Data Breach Today

Phishing-as-a-Service Platform Lets Hackers Impersonate More Than 1,100 Domains A phishing-as-a-service platform that allows cybercriminals to impersonate more than 1,100 domains has over the past half year become one of the most widespread adversary-in-the-middle platforms. Attackers are meeting the rise of multifactor authentication by using tools such as Tycoon 2FA.

Phishing 306
article thumbnail

A Simple 'Payment is Underway' Phishing Email Downloads RATs from AWS, GitHub

KnowBe4

Analysis of a new initial access malware attack shows how simple these attacks can be while also proving that malware can reside on legitimate repositories.

Phishing 116
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Security Vulnerability in Saflok’s RFID-Based Keycard Locks

Schneier on Security

It’s pretty devastating : Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba.

Security 118
article thumbnail

Iran-Linked APT TA450 embeds malicious links in PDF attachments

Security Affairs

In recent campaigns, Iran-linked APT group MuddyWater used a legitimate Remote Monitoring and Management (RMM) solution called Atera. Proofpoint researchers observed the Iran-linked APT group MuddyWater (aka SeedWorm , TEMP.Zagros , TA450, and Static Kitten ) was behind a new phishing campaign in March 2024 that attempted to drop a legitimate Remote Monitoring and Management (RMM) solution called Atera on the target systems.

Phishing 138
article thumbnail

Hackers Developing Malicious LLMs After WormGPT Falls Flat

Data Breach Today

Crooks Are Recruiting AI Experts to Jailbreak Existing LLM Guardrails Cybercrooks are exploring ways to develop custom, malicious large language models after existing tools such as WormGPT failed to cater to their demands for advanced intrusion capabilities, security researchers say. Undergrounds forums teem with hackers' discussions about how to exploit guardrails.

Security 306
article thumbnail

Narwhal Spider Threat Group Behind New Phishing Campaign Impersonating Reputable Law Firms

KnowBe4

Using little more than a well-known business name and a invoice-related PDF, the “NaurLegal” phishing campaign aims at installing malware trojans.

Phishing 115
article thumbnail

10 Ways to Leverage Buyer Signals and Drive Revenue

In today’s ultra-competitive markets, it’s no longer enough to wait for buyers to show obvious signs of interest. Instead, sales teams must be proactive, identifying and acting on nuanced buyer behaviors — often before prospects are fully ready to make a purchase. In this eBook from ZoomInfo & Sell Better, learn 10 actionable ways to use these buyer signals to transform your sales strategy and close deals faster.

article thumbnail

On Secure Voting Systems

Schneier on Security

Andrew Appel shepherded a public comment —signed by twenty election cybersecurity experts, including myself—on best practices for ballot marking devices and vote tabulation. It was written for the Pennsylvania legislature, but it’s general in nature. From the executive summary: We believe that no system is perfect, with each having trade-offs.

Security 115
article thumbnail

Finnish police linked APT31 to the 2021 parliament attack

Security Affairs

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to the China-linked group APT31. The Finnish Police attributed the March 2021 attack on the parliament to the China-linked group APT31. The Finnish authorities investigated multiple offenses, including aggravated espionage, aggravated unlawful access to an information system, and aggravated violation of the secrecy of communications.

article thumbnail

US Indicts Accused APT31 Chinese Hackers for Hire

Data Breach Today

Prosecutors Say China Set Up a Wuhan Front Company for Geopolitical Hacks U.S. federal prosecutors indicted seven Chinese nationals they accuse of hacking for a Beijing economic and intelligence espionage group whose operations reacted to geopolitical trends. The suspects allegedly were contractors for a front company set up by an arm of the Ministry of State Security.

Security 304
article thumbnail

Cloud-Conscious Cyber Attacks Spike 110% as Threat Groups Sharpen their Attack Skills

KnowBe4

Cybercriminals are catching up to all the digital transformation done over the last decade, as new data shows increased expertise in leveraging and.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

AI and Trust

Schneier on Security

Watch the Video on YouTube.com A 15-minute talk by Bruce Schneier.

114
114
article thumbnail

StrelaStealer targeted over 100 organizations across the EU and US

Security Affairs

Researchers reported that over 100 organizations in Europe and US were targeted by a wave of large-scale StrelaStealer campaigns Palo Alto Networks’ Unit42 spotted a wave of large-scale StrelaStealer campaigns impacting over 100 organizations across the EU and US. The threat actors sent out spam emails with attachments that eventually launched the StrelaStealer malware.

article thumbnail

Feds Seek Secure-by-Design Armageddon for SQL Injection Bugs

Data Breach Today

Hackers Continue to Abuse Easily Preventable Vulnerability to Cause Massive Damage What will it take to rid the world of SQL injection vulnerabilities, which remain too easily exploitable by attackers for ransacking databases and worse, despite having been classified as "unforgivable" for nearly two decades? U.S. government cybersecurity officials have thoughts.

Security 299