Sat.Nov 04, 2023 - Fri.Nov 10, 2023

article thumbnail

Who’s Behind the SWAT USA Reshipping Service?

Krebs on Security

Last week, KrebsOnSecurity broke the news that one of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. In today’s Part II, we’ll examine clues about the real-life identity of “ Fearlless ,” the nickname chosen by the proprietor of the SWAT USA Drops service.

Passwords 238
article thumbnail

GUEST ESSAY: How to mitigate the latest, greatest phishing variant — spoofed QR codes

The Last Watchdog

QR code phishing attacks started landing in inboxes around the world about six months ago. Related: ‘BEC’ bilking on the rise These attacks prompt the target to scan a QR code and trick them into downloading malware or sharing sensitive information. In June, we started seeing these types of attacks amongst our customer base. Since June, there has been a fourfold increase in the search volume around keywords associated with these types of attacks.

Phishing 202
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

FTC Alleges Data Broker Sells Vast Amounts of Sensitive Data

Data Breach Today

Agency Details Accusations Against Idaho Firm in Unsealed Amended Complaint The Federal Trade Commission in an amended lawsuit complaint unsealed Friday details how Idaho-based data broker Kochava allegedly violated federal law by collecting and disclosing to third parties "enormous" amounts of geolocation and other sensitive information about consumers.

272
272
article thumbnail

Beyond AI: Advice and Takeaways from AIIM Solutions Showcase & Strategy Summit

AIIM

In early October 2023, AIIM partnered with the AIIM Florida Chapter to host the AIIM Solutions Showcase & Strategy Summit in Tampa, Florida. This new event concept highlighted a local chapter and community while creating greater accessibility to AIIM's leadership and strategy. This terrific event was well attended and featured some great education.

Education 158
article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

article thumbnail

BlueNoroff strikes again with new macOS malware

Jamf

Jamf Threat Labs discovered a new later-stage malware variant from BlueNoroff that shares characteristics with their RustBucket campaign. Read this blog to learn more about this malware and view the indicators of compromise.

145
145

More Trending

article thumbnail

Okta Breach Tied to Worker's Personal Google Account

Data Breach Today

Threat Actor Used Session Hijacking Technique to Access Files of 134 Okta Customers Days after announcing a security compromise, cloud-based Identity and authentication management provider Okta said that an unknown threat actor accessed files of 134 customers by after an employee signed in to a personal Google profile on the Chrome browser of an Okta-managed laptop.

article thumbnail

President Biden Signs Sweeping Artificial Intelligence Executive Order

Data Matters

On October 30, 2023, President Joe Biden issued an executive order (EO or the Order) on Safe, Secure, and Trustworthy Artificial Intelligence (AI) to advance a coordinated, federal governmentwide approach toward the safe and responsible development of AI. It sets forth a wide range of federal regulatory principles and priorities, directs myriad federal agencies to promulgate standards and technical guidelines, and invokes statutory authority — the Defense Production Act — that has historically

article thumbnail

Government Surveillance Reform Act of 2023 Seeks to End Warrantless Police and FBI Spying

WIRED Threat Level

The Government Surveillance Reform Act of 2023 pulls from past privacy bills to overhaul how police and the feds access Americans’ data and communications.

article thumbnail

News alert: AppMap launches ‘Runtime Code Review’ — GitHub integration innovation

The Last Watchdog

Boston, Mass., Nov. 7, 2023 — AppMap today announces its innovative Runtime Code Review solution that will transform software quality and the developer experience. AppMap’s mission is to deliver actionable insights to developers where they work, and AppMap continues to deliver on the promise with its latest release for the GitHub Marketplace. Unexpected runtime defects account for a staggering 40% of performance problems and 50% of security defects.

Marketing 113
article thumbnail

Navigating the Future: Generative AI, Application Analytics, and Data

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

article thumbnail

State of Maine Confirms Impact in Global MOVEit Cyberattack

Data Breach Today

Approximately 1.3 Million Maine Residents Affected in Sweeping Cyberattack Nearly the entire population of Maine has been affected in a global cyberattack the Russian ransomware gang Clop launched earlier this year that targeted Progress Software's popular MOVEit file transfer service. The state is just one of thousands of high-profile victims swept up in the attack.

article thumbnail

Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure

Security Affairs

Google warns of multiple threat actors that are leveraging its Calendar service as a command-and-control (C2) infrastructure. Google warns of multiple threat actors sharing a public proof-of-concept (PoC) exploit, named Google Calendar RAT, that relies on Calendar service to host command-and-control (C2) infrastructure. Google Calendar RAT is a PoC of Command&Control (C2) over Google Calendar Events, it was developed red teaming activities. “To use GRC, only a Gmail account is require

article thumbnail

How to implement enterprise resource planning (ERP)

IBM Big Data Hub

Once your business has decided to switch to an enterprise resource planning (ERP) software system, the next step is to implement ERP. For a business to see the benefits of an ERP adoption it must first be deployed properly and efficiently by a team that typically includes a project manager and department managers as well. This process can be complicated and feel overwhelming, depending on the needs of your organization.

Cloud 120
article thumbnail

European Data Protection Supervisor and UK ICO Sign Memorandum of Understanding

Hunton Privacy

On November 8, 2023, the UK Information Commissioner’s Office (“ICO”) and the European Data Protection Supervisor (“EDPS”) announced they have signed a Memorandum of Understanding (“MOU”) intended to reinforce their “common mission to uphold individuals’ data protection and privacy rights, and cooperate internationally to achieve this goal”. The MOU sets out broad principles of collaboration between the ICO and EDPS and the legal framework governing the sharing of relevant information and intell

article thumbnail

Get Better Network Graphs & Save Analysts Time

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

article thumbnail

CISA's New SBOM Guidance Faces Implementation Challenges

Data Breach Today

Many Organizations Lack Resources to Develop Adequate SBOM Consumption Processes The U.S. Cybersecurity and Infrastructure Security Agency published guidance that offers best practices in developing consumption processes for software bills of materials, but experts told ISMG the document lacks technical specifics and warned that most organizations face SBOM resourcing issues.

article thumbnail

After ChatGPT, Anonymous Sudan took down the Cloudflare website

Security Affairs

After ChatGPT, Anonymous Sudan took down the Cloudflare website with a distributed denial-of-service (DDoS) attack. The hacktivist group Anonymous Sudan claimed responsibility for the massive distributed denial-of-service (DDoS) attack that took down the website of Cloudflare. Cloudflare confirmed that a DDoS attack took down its website for a few minutes and ponited out that it did not impact other products or services. “ To be clear, there was no Cloudflare breach.

Mining 128
article thumbnail

Intel Faces 'Downfall' Bug Lawsuit, Seeking $10K per Plaintiff

Dark Reading

A class action suit claims Intel knowingly sold billions of faulty chips for years. The outcome could help define where poor vulnerability remediation becomes outright negligence.

115
115
article thumbnail

Here’s How Violent Extremists Are Exploiting Generative AI Tools

WIRED Threat Level

Experts are finding thousands of examples of AI-created content every week that could allow terrorist groups and other violent extremists to bypass automated detection systems.

Security 117
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Cyberattack Forces San Diego Hospital to Divert Patients

Data Breach Today

Tri-City Medical Center Is Latest Regional Entity Facing Disruption to Patient Care A San Diego public hospital is diverting ambulances and patients to other facilities as it is dealing with a cyberattack this week. The medical center is the latest on a growing list of regional hospitals forced to suddenly shift patients to neighboring entities due to a cybersecurity crisis.

article thumbnail

QNAP fixed two critical vulnerabilities in QTS OS and apps

Security Affairs

Taiwanese vendor QNAP warns of two critical command injection flaws in the QTS operating system and applications on its NAS devices. Taiwanese vendor QNAP Systems addressed two critical command injection vulnerabilities, tracked as CVE-2023-23368 and CVE-2023-23369 , that impact the QTS operating system and applications on its network-attached storage (NAS) devices.

IT 117
article thumbnail

Meet Your New Cybersecurity Auditor: Your Insurer

Dark Reading

As cyber insurance gets more expensive and competitive, security decision-makers have actionable opportunities to strengthen their cyber defenses.

Insurance 126
article thumbnail

YouTube's Ad Blocker Detection Believed to Break EU Privacy Law

WIRED Threat Level

A complaint filed with the EU’s independent data regulator accuses YouTube of failing to get explicit user permission for its ad blocker detection system, potentially violating the ePrivacy Directive.

Privacy 116
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Medical Transcription Hack Affects 1.2 Million Chicagoans

Data Breach Today

Cook County Health Says It Is Among the Vendor's 'Many' Clients Affected by Hack A major healthcare provider in Chicago that targets underserved populations is notifying 1.2 million patients that their information was compromised in a data theft incident at a medical transcription vendor. The county said it is among "many" entities affected.

IT 298
article thumbnail

Veeam fixed multiple flaws in Veeam ONE, including critical issues

Security Affairs

Veeam addressed multiple vulnerabilities in its Veeam ONE IT infrastructure monitoring and analytics platform, including two critical issues. Veeam addressed four vulnerabilities (CVE-2023-38547, CVE-2023-38548, CVE-2023-38549, CVE-2023-41723) in the Veeam ONE IT infrastructure monitoring and analytics platform. The vulnerability CVE-2023-38547 (CVSS score 9.9) can be exploited by an unauthenticated attacker to gain information about the SQL server connection Veeam ONE uses to access its configu

Analytics 115
article thumbnail

FDA FSMA: Providing value beyond compliance

IBM Big Data Hub

The supply chain plays a pivotal role in delivering goods and services to both businesses and consumers, serving as the connective thread between industries, nations, communities and all components of the value chain. Our dependence on supply chains is most pronounced in ensuring food supply. However, over the decades, the supply chain has grown longer and increasingly intricate, which means consumers may find themselves more distant from the origin of the products they consume.

article thumbnail

Sandworm Hackers Caused Another Blackout in Ukraine—During a Missile Strike

WIRED Threat Level

Russia's most notorious military hackers successfully sabotaged Ukraine's power grid for the third time last year. And in this case, the blackout coincided with a physical attack.

Military 113
article thumbnail

How Embedded Analytics Gets You to Market Faster with a SAAS Offering

Start-ups & SMBs launching products quickly must bundle dashboards, reports, & self-service analytics into apps. Customers expect rapid value from your product (time-to-value), data security, and access to advanced capabilities. Traditional Business Intelligence (BI) tools can provide valuable data analysis capabilities, but they have a barrier to entry that can stop small and midsize businesses from capitalizing on them.

article thumbnail

Experts Urge Congress to Combat Deepfake Technology Threats

Data Breach Today

Digitally Manipulated Media Already Poses National Security and Privacy Concerns A panel of legal experts and technologists warned lawmakers that deepfake technologies were already causing security and privacy concerns across the country, particularly for women and minority communities, as research shows that current detection systems contain biases and high error rates.

Privacy 293
article thumbnail

Marina Bay Sands Luxury Hotel in Singapore Suffers a Data Breach

Security Affairs

The iconic integrated resort Marina Bay Sands in Singapore has disclosed a data breach that impacted 665,000 customers. The Marina Bay Sands (MBS) luxury resort in Singapore has suffered a data breach that impacted 665,000 customers. Marina Bay Sands discovered the security breach on 20 October 2023, an unauthorized third party gained access to some of our customers’ loyalty programme membership data on 19 and 20 October 2023.

article thumbnail

Atlassian Bug Escalated to 10, All Unpatched Instances Vulnerable

Dark Reading

Active ransomware attacks against vulnerable Atlassian Confluence Data Center and Servers ratchets up risk to enterprises, now reflected in the bug's revised CVSS score of 10.