Sat.Jan 20, 2024 - Fri.Jan 26, 2024

article thumbnail

5379 GitLab servers vulnerable to zero-click account takeover attacks

Security Affairs

Thousands of GitLab servers are vulnerable to zero-click account takeover attacks exploiting the flaw CVE-2023-7028. GitLab has recently released security updates to address two critical vulnerabilities impacting both the Community and Enterprise Edition. The most critical vulnerability, tracked as CVE-2023-7028 (CVSS score 10), is an account takeover via Password Reset.

Passwords 128
article thumbnail

Mother of all breaches – a historic data leak reveals 26 billion records: check what’s exposed

Security Affairs

Cybersecurity researcher Bob Dyachenko and CyberNews researchers discovered the largest data leak ever discovered. The supermassive leak contains data from numerous previous breaches, comprising an astounding 12 terabytes of information, spanning over a mind-boggling 26 billion records. The leak is almost certainly the largest ever discovered. There are data leaks, and then there’s this.

Phishing 127
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

LoanDepot Ransomware Attack: 16.6 Million Customers Affected

Data Breach Today

Customers 'Sensitive Personal Information' Stolen, Large Mortgage Lender Reports Non-bank mortgage lending giant LoanDepot says hackers stole "sensitive personal information" pertaining to 16.6 million customers when they breached its systems earlier this month as part of a ransomware attack. The company said it will directly notify all affected customers.

article thumbnail

Using Google Search to Find Software Can Be Risky

Krebs on Security

Google continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications. The malicious ads, which appear above organic search results and often precede links to legitimate sources of the same software, can make searching for software on Google a dicey affair.

IT 265
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Data Privacy: Why It Matters To The Rest Of Us

Thales Cloud Protection & Licensing

Data Privacy: Why It Matters To The Rest Of Us madhav Mon, 01/22/2024 - 04:47 It seems that there are no limits to the number of data breaches. Company size is not a determinant of victimization, nor is industry or sector. All are equally viable targets. Some of the events are newsworthy, while others stay below the public’s awareness or attention. Most companies must grapple with difficult questions of how to recover from a breach; however, when the typical person hears about a data breach, the

More Trending

article thumbnail

Microsoft Says Test Account Gave Hackers Keys to the Kingdom

Data Breach Today

Postmortem: Multiple Customers Also Targeted by Russian Nation-State Attackers A nation-state hacking group run by Russian intelligence gained access to a Microsoft "legacy, non-production test tenant account" and used it to authorize malicious Office 365 OAuth applications, access Outlook, and steal Microsoft and customers' emails and attachments, Microsoft said.

Access 338
article thumbnail

Police Arrest Teen Said to Be Linked to Hundreds of Swatting Attacks

WIRED Threat Level

A California teenager who allegedly used the handle Torswats to carry out a nationwide swatting campaign is being extradited to Florida to face felony charges, WIRED has learned.

Security 145
article thumbnail

‘Mother of All Breaches’: 26 BILLION Records Leaked

IT Governance

Expert insight from Leon Teale into the implications of this historic data breach The security researcher Bob Diachenko and investigators from Cybernews have discovered an open instance with more than 26 billion data records, mostly compiled from previous breaches – although it likely also includes new data. Organisations associated with these data records include: Tencent QQ – 1.4 billion records; Weibo – 504 million records; Myspace – 360 million records; X/Twitter – 281 million records; Deeze

Passwords 139
article thumbnail

Watch out, experts warn of a critical flaw in Jenkins

Security Affairs

Jenkins maintainers addressed several security vulnerabilities, including a critical remote code execution (RCE) flaw. Jenkins is the most popular open source automation server, it is maintained by CloudBees and the Jenkins community. The automation server supports developers build, test and deploy their applications, it has hundreds of thousands of active installations worldwide with more than 1 million users.

Libraries 127
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Microsoft: Russian Hackers Had Access to Executives' Emails

Data Breach Today

Computing Giant Says Hackers Did Not Access Customer Data or Production Systems Russian state hackers obtained access to the inboxes of senior Microsoft executives for at least six weeks, the computing giant disclosed late Friday afternoon. "There is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems.

Access 343
article thumbnail

Cops Used DNA to Predict a Suspect’s Face—and Tried to Run Facial Recognition on It

WIRED Threat Level

Leaked records reveal what appears to be the first known instance of a police department attempting to use facial recognition on a face generated from crime-scene DNA. It likely won’t be the last.

IT 145
article thumbnail

Facebook Phishing Scams Target Concerned Friends and Family

KnowBe4

BleepingComputer describes a phishing scam that’s been running rampant on Facebook for the past several months, in which threat actors use hacked accounts to post links to phony articles implying that someone has been killed in an accident.

Phishing 127
article thumbnail

LockBit ransomware gang claims the attack on the sandwich chain Subway

Security Affairs

The LockBit ransomware gang claimed to have hacked Subway, the American multinational fast food restaurant franchise. Subway IP LLC is an American multinational fast-food restaurant franchise that specializes in submarine sandwiches (subs), wraps, salads, and drinks. The Lockbit ransomware group added Subway to the list of victims on its Tor data leak site and threatened to leak the stolen data on February 02, 2024 at 21:44:16 UTC.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

North Korean Hackers Using AI in Advanced Cyberattacks

Data Breach Today

U.S.-Led Sanctions Do Little to Curtail North Korea's Development of AI South Korea's intelligence agency has reported that North Korean hackers are using generative AI to conduct cyberattacks and search for hacking targets. Experts believe North Korea's AI capabilities are robust enough for more precise attacks on South Korea.

318
318
article thumbnail

News alert: NCA’s Data Privacy Week webinars highlight data protection for consumers, businesses

The Last Watchdog

Washington D.C. Jan. 22, 2024 – Today, the National Cybersecurity Alliance (NCA) , announced the program for its third annual Data Privacy Week campaign, which will take place from January 22nd to January 27th. Throughout the week, NCA will emphasize the critical significance of digital privacy for both consumers and businesses through a series of educational webinars featuring experts from various industries. “Knowing how to safeguard your personal information has never been more i

article thumbnail

The Pentagon Tried to Hide That It Bought Americans' Data Without a Warrant

WIRED Threat Level

US spy agencies purchased Americans' phone location data and internet metadata without a warrant but only admitted it after a US senator blocked the appointment of a new NSA director.

Metadata 118
article thumbnail

Backdoored pirated applications targets Apple macOS users

Security Affairs

Researchers warned that pirated applications have been employed to deliver a backdoor to Apple macOS users. Jamf Threat Labs researchers warned that pirated applications have been utilized to distribute a backdoor to Apple macOS users. The researchers noticed that the apps appear similar to ZuRu malware, they allow operators to download and execute multiple payloads to compromise machines in the background.

Libraries 124
article thumbnail

The Big Payoff of Application Analytics

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

article thumbnail

ITRC Report: Breaches Up 78% in 2023, Breaking 2021 Record

Data Breach Today

Identity Theft Resource Center's James E. Lee Calls for Uniform Breach Reporting Supply chain attacks and zero-day exploits surged in 2023, helping to set yet another record for data breaches tracked by the Identity Theft Resource Center. James E. Lee, COO of the group, explained why the number of compromises grew so dramatically - from 1,801 incidents in 2022 to 3,205 in 2023.

article thumbnail

How Indigenous perspectives can guide climate innovation for a just transition: IBM teams up with Net Zero Atlantic in Canada

IBM Big Data Hub

The windswept province of Nova Scotia lies on Canada’s Atlantic coast, and comprises part of Mi’kma’ki, the traditional districts of the Mi’kmaq First Nations people. In recent years, Nova Scotia has become a promising site for the clean energy transition, with some of the world’s fastest offshore wind speeds and potential for hydrogen development.

article thumbnail

What Should Be on Your AI Wishlist for eDiscovery: Insights from Dave Ruel, VP of Product at Hanzo

Hanzo Learning Center

In the rapidly evolving world of Artificial Intelligence (AI), it's crucial for enterprises to adopt technologies that integrate seamlessly into mission-critical workflows. Understanding the practicalities of this integration, especially in the legal domain, is key. To delve deeper into this topic, I had the opportunity to speak with Dave Ruel, VP of Product at Hanzo.

article thumbnail

Threat actors exploit Apache ActiveMQ flaw to deliver the Godzilla Web Shell

Security Affairs

Researchers warn of a spike in attacks exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell. Trustwave researchers observed a surge in attacks exploiting a now-patched flaw in Apache ActiveMQ, in many cases aimed at delivering a malicious code that borrows the code from the open-source web shell Godzilla. Threat actors conceal the web shell within an unknown binary format evading security and signature-based scanners.

article thumbnail

A Tale of Two Case Studies: Using LLMs in Production

Speaker: Tony Karrer, Ryan Barker, Grant Wiles, Zach Asman, & Mark Pace

Join our exclusive webinar with top industry visionaries, where we'll explore the latest innovations in Artificial Intelligence and the incredible potential of LLMs. We'll walk through two compelling case studies that showcase how AI is reimagining industries and revolutionizing the way we interact with technology. Some takeaways include: How to test and evaluate results 📊 Why confidence scoring matters 🔐 How to assess cost and quality 🤖 Cross-platform cost vs. quality tr

article thumbnail

BreachForums Admin Avoids Prison Term

Data Breach Today

'Pompompurin' Sentenced to Supervised Release, Banned From Internet for 1 Year A federal judge sentenced "Pompompurin," the administrator of a now-defunct data breach marketplace, to 20 years of supervised release. The Peekskill, N.Y. man avoided a recommended 15-year prison sentence for his role in BreachForums, once considered the largest English-language data breach forum of its kind.

article thumbnail

Apple iOS 17.3: How to Turn on iPhone's New Stolen Device Protection

WIRED Threat Level

Apple’s iOS 17.3 introduces Stolen Device Protection to iPhones, which could stop phone thieves from taking over your accounts. Here’s how to enable it right now.

IT 123
article thumbnail

New Deepfake Video Scam has “Taylor Swift” Offering Free French Cookware

KnowBe4

A new wave of ads utilizing video of well-known celebrities seemingly promoting video games, fake giveaways, and more are starting to popup, and fans are falling for this trap.

article thumbnail

Cisco warns of a critical bug in Unified Communications products, patch it now!

Security Affairs

Cisco addressed a critical flaw in its Unified Communications and Contact Center Solutions products that could lead to remote code execution. Cisco released security patches to address a critical vulnerability, tracked as CVE-2024-20253 (CVSS score of 9.9), impacting multiple Unified Communications and Contact Center Solutions products. An unauthenticated, remote attacker can exploit the flaw to execute arbitrary code on an affected device.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Russian Hacker Sentenced to Over 5 Years in US Prison

Data Breach Today

Vladimir Dunaev Acknowledged Acting 'Recklessly' in Working for Cybercriminal Group A U.S. federal judge sentenced a Russian national to five years and four months in prison for his role in developing TrickBot malware. Vladimir Dunaev, 40, pleaded guilty in December. Dunaev helped develop the malware "while hiding behind his computer," U.S. Attorney Rebecca Lutzko said.

298
298
article thumbnail

Three ways to stay on top of evolving AI and data privacy rules

CGI

Every January 28, organizations around the world celebrate Data Privacy Day (also known as Data Protection Day). Data Privacy Day commemorates the first international treaty governing data privacy, signed on January 28, 1981. Back then, legal requirements encouraging businesses to respect privacy were limited. Over the next decades, we experienced across the globe many regulatory developments and advances in how organizations safeguard data to better protect individuals.

article thumbnail

The Number of Ransomware Attack Victims Surge in 2023 to over 4000

KnowBe4

The surge in Ransomware -as-a-Service affiliates is likely the reason behind the dramatic increase in the number of victimized organizations, with all indicators suggesting that this trend will persist into 2024.