Sat.Mar 02, 2024 - Fri.Mar 08, 2024

article thumbnail

Apple Fixes iOS Kernel Zero-Days Being Exploited in the Wild

Data Breach Today

Real-World Scenarios Are Sketchy But Researchers Warn: 'Assume Spyware; Update Now' Apple pushed out an emergency security update for two critical zero-day flaws that attackers are using to carry out memory corruption attacks on iPhone and iPad devices. The tech giant's latest patch addressed its third zero-day vulnerability this year.

Security 301
article thumbnail

Polishing Rough Diamonds: How Information Governance Boosts AI-Driven Innovation

AIIM

With AI-centric use cases expanding to extract value from both physical and digital assets, it’s time to see information governance as a way to accelerate innovation.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Privacy Danger Lurking in Push Notifications

WIRED Threat Level

Plus: Apple warns about sideloading apps, a court orders NSO group to turn over the code of its Pegasus spyware, and an investigation finds widely available security cams are wildly insecure.

Privacy 110
article thumbnail

GUEST ESSAY: Essential cyber hygiene practices all charities must embrace to protect their donors

The Last Watchdog

Charities and nonprofits are particularly vulnerable to cybersecurity threats, primarily because they maintain personal and financial data, which are highly valuable to criminals. Related: Hackers target UK charities Here are six tips for establishing robust nonprofit cybersecurity measures to protect sensitive donor information and build a resilient organization.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Russian State Hackers Penetrated Microsoft Code Repositories

Data Breach Today

Russian Foreign Intelligence Service Hack Gets Worse for Computing Giant A Russian state hack against Microsoft was more serious than initially supposed, Microsoft acknowledged in a Friday disclosure to federal regulators. Microsoft said a Moscow threat actor obtained access to "source code repositories and internal systems.

Access 321

More Trending

article thumbnail

Linux Malware targets misconfigured misconfigured Apache Hadoop, Confluence, Docker, and Redis servers

Security Affairs

A new Linux malware campaign campaign is targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances. Researchers from Cado Security observed a new Linux malware campaign targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances. The threat actors behind this campaign employed previously undetected payloads, including four Golang binaries that are used to automate the discovery and infection of hosts running the above services.

Honeypots 135
article thumbnail

Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment

WIRED Threat Level

The transaction, visible on Bitcoin's blockchain, suggests the victim of one of the worst ransomware attacks in years may have paid a very large ransom.

article thumbnail

Banning Ransom Payments: Calls Grow to 'Figure Out' Approach

Data Breach Today

As Ransomware Disruption Mounts, More Experts Seek Path to Banning Payments As ransomware groups are causing massive damage and disruption and showing no signs of stopping, cybersecurity policy expert Ciaran Martin said it's time for governments to start asking tough questions and "figure out how to make a ransomware payments ban work.

article thumbnail

Welcoming the German Government to Have I Been Pwned

Troy Hunt

Back in 2018, we started making Have I Been Pwned domain searches freely available to national government cybersecurity agencies responsible for protecting their nations' online infrastructure. Today, we're very happy to welcome Germany as the 35th country to use this service, courtesy of their CERTBund department. This access now provides them with complete access to the exposure of their government domains in data breaches.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Snake, a new Info Stealer spreads through Facebook messages

Security Affairs

Threat actors are using Facebook messages to spread a Python-based information stealer dubbed Snake, researchers warn. Cybereason researchers warn that threat actors are utilizing Facebook messages to spread the Snake malware, a Python-based information stealer. The researchers noticed that the threat actors are maintaining three different Python Infostealer variants.

Archiving 125
article thumbnail

Meta Abandons Hacking Victims, Draining Law Enforcement Resources, Officials Say

WIRED Threat Level

A coalition of 41 state attorneys general says Meta is failing to assist Facebook and Instagram users whose accounts have been hacked—and they want the company to take “immediate action.

Security 129
article thumbnail

Sam Altman Reinstated to OpenAI Board

Data Breach Today

Company Concludes His Ouster Stemmed from 'Breakdown In Trust' Generative artificial intelligence leader OpenAI returned Sam Altman to its board of directors Friday in a bid to put to rest a leadership crisis that rocked the San Francisco company during the last months of 2023. Fallout from incident may yet reverberate for OpenAI.

article thumbnail

LLM Prompt Injection Worm

Schneier on Security

Researchers have demonstrated a worm that spreads through prompt injection. Details : In one instance, the researchers, acting as attackers, wrote an email including the adversarial text prompt, which “poisons” the database of an email assistant using retrieval-augmented generation (RAG) , a way for LLMs to pull in extra data from outside its system.

Paper 118
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

New GTPDOOR backdoor is designed to target telecom carrier networks

Security Affairs

Researcher HaxRob discovered a previously undetected Linux backdoor named GTPDOOR, designed to target telecom carrier networks. Security researcher HaxRob discovered a previously undetected Linux backdoor dubbed GTPDOOR, which is specifically crafted to carry out stealth cyber operations within mobile carrier networks. I recently found two very interesting Linux binaries uploaded to Virustotal.

article thumbnail

How the European Union’s Digital Markets Act impacts your iOS estate

Jamf

Launching alongside iOS 17.4, Apple will be making changes to adhere to the European Union’s Digital Markets Act, which could have massive implications for your organization’s end users and the security of their devices.

Marketing 111
article thumbnail

DPRK Hackers Breach South Korean Chipmakers, Steal Designs

Data Breach Today

Investigators Say North Korean Groups Are Seeking Advanced Chips for Military Use South Korean intelligence service officials have blamed North Korean hackers for targeting the country's semiconductor manufacturing companies. Hackers who gain access to chip-making technology and product designs could hurt South Korea’s leadership in the semiconductor industry.

Military 307
article thumbnail

Surveillance through Push Notifications

Schneier on Security

The Washington Post is reporting on the FBI’s increasing use of push notification data—”push tokens”—to identify people. The police can request this data from companies like Apple and Google without a warrant. The investigative technique goes back years. Court orders that were issued in 2019 to Apple and Google demanded that the companies hand over information on accounts identified by push tokens linked to alleged supporters of the Islamic State terrorist group.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Apple emergency security updates fix two new iOS zero-days

Security Affairs

Apple released emergency security updates to address two new iOS zero-day vulnerabilities actively exploited in the wild against iPhone users. Apple released emergency security updates to address two iOS zero-day vulnerabilities, respectively tracked as CVE-2024-23225 and CVE-2024-23296, that were exploited in attacks against iPhone devices. CVE-2024-23225 is a Kernel memory corruption flaw, the company addressed it with improved validation. “An attacker with arbitrary kernel read and writ

Security 120
article thumbnail

Inside Registered Agents Inc., the Shadowy Firm Pushing the Limits of Business Privacy

WIRED Threat Level

Registered Agents Inc. has for years allowed businesses to register under a cloak of anonymity. A WIRED investigation has found that its secretive founder has taken the practice to an extreme.

Privacy 109
article thumbnail

Ex-Google Exec Charged With AI Trade Secret Theft

Data Breach Today

Ding Accused of Stealing Data on 'Brain' of Google's Supercomputing Data Centers Federal authorities have accused a Chinese national who worked as a CTO in a Google supercomputer data center of stealing the company's proprietary artificial intelligence secrets and sharing them with Chinese companies, according to an indictment unsealed on Wednesday.

article thumbnail

The Insecurity of Video Doorbells

Schneier on Security

Consumer Reports has analyzed a bunch of popular Internet-connected video doorbells. Their security is terrible. First, these doorbells expose your home IP address and WiFi network name to the internet without encryption, potentially opening your home network to online criminals. […] Anyone who can physically access one of the doorbells can take over the device—no tools or fancy hacking skills needed.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

QNAP fixed three flaws in its NAS devices, including an authentication bypass

Security Affairs

QNAP addressed three vulnerabilities in its NAS products that can be exploited to access devices. QNAP addressed three vulnerabilities in Network Attached Storage (NAS) devices that can be exploited to access the devices. The three flaws fixed are: CVE-2024-21899 : an improper authentication vulnerability could allow users to compromise the security of the system via a network.

article thumbnail

ICO launches a call for views on the “pay or okay” model

Data Protection Report

Earlier this week the ICO launched a call for views on the “pay or okay” business model. By way of recap, this model gives users of online services the choice to either consent to personalised advertising using their data or to pay a fee to access an ad-free version of the service. In its blog post launching the call for views, the ICO also provided an update on its wider cookie compliance work.

article thumbnail

Biden Calls for Ban of AI Voice Impersonations During SOTU

Data Breach Today

US President Urges Congress to Harness AI While Protecting ‘From its Peril’ U.S. President Joe Biden used part of his highly-anticipated State of the Union address on Thursday night to call on lawmakers to pass bipartisan privacy legislation, and to harness the powers of artificial intelligence while protecting the nation "from its peril.

article thumbnail

5G use cases that are transforming the world

IBM Big Data Hub

In the tech world and beyond, new 5G applications are being discovered every day. From driverless cars to smarter cities, farms, and even shopping experiences, the latest standard in wireless networks is poised to transform the way we interact with information, devices and each other. What better time to take a closer look at how humans are putting 5G to use to transform their world.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Ukraine’s GUR hacked the Russian Ministry of Defense

Security Affairs

The Main Intelligence Directorate (GUR) of Ukraine’s Ministry of Defense claims that it hacked the Russian Ministry of Defense. The Main Intelligence Directorate (GUR) of Ukraine’s Ministry of Defense announced it had breached the Russian Ministry of Defense servers as part of a special operation, and exfiltrated confidential documents. Stolen documents include: confidential documents, including orders and reports circulated among over 2000 structural units of the Russian military se

Military 117
article thumbnail

Making healthcare more accessible with VidaTalk

Jamf

Understanding your patient is key to equitable and adequate healthcare. Jamf and VidaTalk help healthcare professionals overcome language, speech and hearing barriers by giving patients access to language tools and interpreters. Read this blog to learn more!

Access 102
article thumbnail

White House Advisory Team Backs Cybersecurity Tax Incentives

Data Breach Today

NSTAC Report Calls for Federal Cybersecurity Tax Deductions and Financial Grants The National Security Telecommunications Advisory Committee is recommending the administration work to establish financial incentives, such as tax deductions and federal grants, for critical infrastructure owners and operators that implement enhanced cybersecurity standards.