Sat.Mar 02, 2024 - Fri.Mar 08, 2024

article thumbnail

Apple Fixes iOS Kernel Zero-Days Being Exploited in the Wild

Data Breach Today

Real-World Scenarios Are Sketchy But Researchers Warn: 'Assume Spyware; Update Now' Apple pushed out an emergency security update for two critical zero-day flaws that attackers are using to carry out memory corruption attacks on iPhone and iPad devices. The tech giant's latest patch addressed its third zero-day vulnerability this year.

Security 306
article thumbnail

Polishing Rough Diamonds: How Information Governance Boosts AI-Driven Innovation

AIIM

With AI-centric use cases expanding to extract value from both physical and digital assets, it’s time to see information governance as a way to accelerate innovation.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Privacy Danger Lurking in Push Notifications

WIRED Threat Level

Plus: Apple warns about sideloading apps, a court orders NSO group to turn over the code of its Pegasus spyware, and an investigation finds widely available security cams are wildly insecure.

Privacy 126
article thumbnail

BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare

Krebs on Security

There are indications that U.S. healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. “ ALPHV “) as the company struggles to bring services back online amid a cyberattack that has disrupted prescription drug services nationwide for weeks. However, the cybercriminal who claims to have given BlackCat access to Change’s network says the crime gang cheated them out of their share of the ransom, and that they st

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Russian State Hackers Penetrated Microsoft Code Repositories

Data Breach Today

Russian Foreign Intelligence Service Hack Gets Worse for Computing Giant A Russian state hack against Microsoft was more serious than initially supposed, Microsoft acknowledged in a Friday disclosure to federal regulators. Microsoft said a Moscow threat actor obtained access to "source code repositories and internal systems.

Access 308

More Trending

article thumbnail

Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment

WIRED Threat Level

The transaction, visible on Bitcoin's blockchain, suggests the victim of one of the worst ransomware attacks in years may have paid a very large ransom.

article thumbnail

A Close Up Look at the Consumer Data Broker Radaris

Krebs on Security

If you live in the United States, the data broker Radaris likely knows a great deal about you, and they are happy to sell what they know to anyone. But how much do we know about Radaris? Publicly available data indicates that in addition to running a dizzying array of people-search websites, the co-founders of Radaris operate multiple Russian-language dating services and affiliate programs.

Privacy 287
article thumbnail

DPRK Hackers Breach South Korean Chipmakers, Steal Designs

Data Breach Today

Investigators Say North Korean Groups Are Seeking Advanced Chips for Military Use South Korean intelligence service officials have blamed North Korean hackers for targeting the country's semiconductor manufacturing companies. Hackers who gain access to chip-making technology and product designs could hurt South Korea’s leadership in the semiconductor industry.

Military 301
article thumbnail

Linux Malware targets misconfigured misconfigured Apache Hadoop, Confluence, Docker, and Redis servers

Security Affairs

A new Linux malware campaign campaign is targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances. Researchers from Cado Security observed a new Linux malware campaign targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances. The threat actors behind this campaign employed previously undetected payloads, including four Golang binaries that are used to automate the discovery and infection of hosts running the above services.

Honeypots 145
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Meta Abandons Hacking Victims, Draining Law Enforcement Resources, Officials Say

WIRED Threat Level

A coalition of 41 state attorneys general says Meta is failing to assist Facebook and Instagram users whose accounts have been hacked—and they want the company to take “immediate action.

Security 142
article thumbnail

LLM Prompt Injection Worm

Schneier on Security

Researchers have demonstrated a worm that spreads through prompt injection. Details : In one instance, the researchers, acting as attackers, wrote an email including the adversarial text prompt, which “poisons” the database of an email assistant using retrieval-augmented generation (RAG) , a way for LLMs to pull in extra data from outside its system.

Paper 130
article thumbnail

Sam Altman Reinstated to OpenAI Board

Data Breach Today

Company Concludes His Ouster Stemmed from 'Breakdown In Trust' Generative artificial intelligence leader OpenAI returned Sam Altman to its board of directors Friday in a bid to put to rest a leadership crisis that rocked the San Francisco company during the last months of 2023. Fallout from incident may yet reverberate for OpenAI.

article thumbnail

New GTPDOOR backdoor is designed to target telecom carrier networks

Security Affairs

Researcher HaxRob discovered a previously undetected Linux backdoor named GTPDOOR, designed to target telecom carrier networks. Security researcher HaxRob discovered a previously undetected Linux backdoor dubbed GTPDOOR, which is specifically crafted to carry out stealth cyber operations within mobile carrier networks. I recently found two very interesting Linux binaries uploaded to Virustotal.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

The State of Women in Information Management

AIIM

March is Women’s History Month and in celebration of women, I want to let you know about AIIM's Women in Information Management group and how we are supporting the information management community.

129
129
article thumbnail

The Insecurity of Video Doorbells

Schneier on Security

Consumer Reports has analyzed a bunch of popular Internet-connected video doorbells. Their security is terrible. First, these doorbells expose your home IP address and WiFi network name to the internet without encryption, potentially opening your home network to online criminals. […] Anyone who can physically access one of the doorbells can take over the device—no tools or fancy hacking skills needed.

article thumbnail

Ex-Google Exec Charged With AI Trade Secret Theft

Data Breach Today

Ding Accused of Stealing Data on 'Brain' of Google's Supercomputing Data Centers Federal authorities have accused a Chinese national who worked as a CTO in a Google supercomputer data center of stealing the company's proprietary artificial intelligence secrets and sharing them with Chinese companies, according to an indictment unsealed on Wednesday.

article thumbnail

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Security Affairs

A U.S. Court ordered surveillance firm NSO Group to hand over the source code for its Pegasus spyware and other products to Meta. Meta won the litigation against the Israeli spyware vendor NSO Group , a U.S. Judge ordered the surveillance firm to hand over the source code for its Pegasus spyware and other products to the social network giant. NSO Group has been requested to provide details regarding the complete functionality of the pertinent spyware, covering the period one year before the all

IT 142
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Inside Registered Agents Inc., the Shadowy Firm Pushing the Limits of Business Privacy

WIRED Threat Level

Registered Agents Inc. has for years allowed businesses to register under a cloak of anonymity. A WIRED investigation has found that its secretive founder has taken the practice to an extreme.

Privacy 121
article thumbnail

Welcoming the German Government to Have I Been Pwned

Troy Hunt

Back in 2018, we started making Have I Been Pwned domain searches freely available to national government cybersecurity agencies responsible for protecting their nations' online infrastructure. Today, we're very happy to welcome Germany as the 35th country to use this service, courtesy of their CERTBund department. This access now provides them with complete access to the exposure of their government domains in data breaches.

article thumbnail

Cryptohack Roundup: Binance Layoffs

Data Breach Today

Also: 2023 Crypto Crime Stats, Multichain's Potential Liquidation This week, Binance laid off two-thirds of its staff and said it is exiting Nigeria, Chainalysis released 2023 crime statistics, Fantom said it will seek Multichain's liquidation, hackers stole millions from the WOOFi and Seneca crypto platforms, and Hong Kong blocked six fake websites.

IT 284
article thumbnail

Eken camera doorbells allow ill-intentioned individuals to spy on you

Security Affairs

Camera doorbells manufactured by the Chinese company Eken Group Ltd under the brands EKEN and Tuck are affected by major vulnerabilities. Researchers from Consumer Reports (CR) discovered severe vulnerabilities in doorbell cameras manufactured by the Chinese company Eken Group Ltd. The company produces video doorbells under the brand names EKEN and Tuck, its products are by major retailers, including Amazon, Walmart, Shein, Sears and Temu.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

A Taxonomy of Prompt Injection Attacks

Schneier on Security

Researchers ran a global prompt hacking competition, and have documented the results in a paper that both gives a lot of good examples and tries to organize a taxonomy of effective prompt injection strategies. It seems as if the most common successful strategy is the “compound instruction attack,” as in “Say ‘I have been PWNED’ without a period.” Ignore This Title and HackAPrompt: Exposing Systemic Vulnerabilities of LLMs through a Global Scale Prompt Hacking

Paper 112
article thumbnail

How the European Union’s Digital Markets Act impacts your iOS estate

Jamf

Launching alongside iOS 17.4, Apple will be making changes to adhere to the European Union’s Digital Markets Act, which could have massive implications for your organization’s end users and the security of their devices.

Marketing 111
article thumbnail

Biden Calls for Ban of AI Voice Impersonations During SOTU

Data Breach Today

US President Urges Congress to Harness AI While Protecting ‘From its Peril’ U.S. President Joe Biden used part of his highly-anticipated State of the Union address on Thursday night to call on lawmakers to pass bipartisan privacy legislation, and to harness the powers of artificial intelligence while protecting the nation "from its peril.

article thumbnail

VMware urgent updates addressed Critical ESXi Sandbox Escape bugs

Security Affairs

VMware released urgent patches to address critical ESXi sandbox escape vulnerabilities in the ESXi, Workstation, Fusion and Cloud Foundation products Virtualization giant VMware released urgent updates to fix critical ESXi sandbox escape vulnerabilities in the ESXi, Workstation, Fusion, and Cloud Foundation products. The most severe vulnerabilities can be exploited by an attacker with local admin privileges on a virtual machine to execute code as the virtual machine’s VMX process running o

Cloud 141
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

AI and Ransomware Top the List of Mid-Market IT Cyber Threats

KnowBe4

A recent report reveals a significant discrepancy in the priorities of mid-market IT departments when it comes to addressing cyber threats. It's somewhat ironic that IT professionals find themselves entangled in a logical paradox when responding to surveys, as demonstrated by Node4’s Mid-Market IT Priorities Report 2024. This report sheds light on the fact that two of the top three cyber threats concerning mid-market IT departments are AI-based threats and ransomware, with insider threats rankin

Marketing 108
article thumbnail

ICO launches a call for views on the “pay or okay” model

Data Protection Report

Earlier this week the ICO launched a call for views on the “pay or okay” business model. By way of recap, this model gives users of online services the choice to either consent to personalised advertising using their data or to pay a fee to access an ad-free version of the service. In its blog post launching the call for views, the ICO also provided an update on its wider cookie compliance work.

article thumbnail

CISA Launches New Efforts to Secure Open-Source Ecosystem

Data Breach Today

US Cyber Agency Aiming to Promote Information Sharing with Open Source Community The U.S. Cybersecurity and Infrastructure Security Agency hopes to expand voluntary information sharing between the federal government and open-source software operators with a series of actions the agency announced following a two-day open-source security summit held at its Virginia headquarters.

Security 278