Sat.Jan 21, 2023 - Fri.Jan 27, 2023

article thumbnail

Ransomware Profits Dip as Fewer Victims Pay Extortion

Data Breach Today

As Funding From Ransoms Goes Down, Gangs Embrace Re-Extortion, Researchers Warn Bad news for ransomware groups: Experts find it's getting tougher to earn a crypto-locking payday at the expense of others. The bad guys can blame a move by law enforcement to better support victims, and more organizations having robust defenses in place, which makes them tougher to take down.

article thumbnail

Experian Glitch Exposing Credit Files Lasted 47 Days

Krebs on Security

On Dec. 23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how to bypass its security and access any consumer’s full credit report — armed with nothing more than a person’s name, address, date of birth, and Social Security number. Experian fixed the glitch, but remained silent about the incident for a month.

Mining 274
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Microsoft to Block Excel Add-ins to Stop Office Exploits

Dark Reading

The company will block the configuration files, which interact with Web applications — since threat actors increasingly use the capability to install malicious code.

129
129
article thumbnail

North Korean Crypto Hackers Keep Nose to the Grindstone

Data Breach Today

TA444 Is Adaptable and Hard-Working, Say Proofpoint Researchers A North Korean hacking group tracked by cybersecurity firm Proofpoint as TA444 in December unleashed a torrent of spam in a bid to harvest credentials - evidence of a hacking group that mirrors "startup culture in its devotion to the dollar and to the grind.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

Denis Emelyantsev , a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, “America is looking for me because I have enormous information and they need it.

IoT 205

More Trending

article thumbnail

Unpacking ChatGPT for the Information Management Industry

AIIM

Take a deep breath. This is another article about ChatGPT and Generative AI. I'll be honest. I am the type of person that struggles to resist a good hype cycle. In 2021, I couldn't stop talking about the metaverse. I even organized a half-day workshop on the metaverse, with part of the event held in the metaverse. It was very meta. I have learned to temper my enthusiasm with analysis, though.

Marketing 104
article thumbnail

Reported Data Breaches in US Reach Near-Record Highs

Data Breach Today

1,802 Breach Notifications Issued in 2022; Over 440 Million Individuals Affected Data breaches in 2022 hit near-record levels as U.S. organizations issued 1,802 data breach notifications and more than 400 million individuals were affected. But only 34% of breach notifications included actionable information for consumers whose information was exposed.

article thumbnail

ChatGPT Doesn’t Get Writer’s Block. Discuss.

John Battelle's Searchblog

Photo by Florian Klauer on Unsplash How long have I been staring at a blank screen, this accusing white box, struggling to compose the first sentence of a post I know will be difficult to write? About two minutes, actually, but that’s at least ten times longer than ChatGPT takes to compose a full page. And it’s those two minutes – and the several days I struggled with this post afterwards – that convince me that ChatGPT will not destroy writing.

Education 114
article thumbnail

What Are You Doing for Data Protection Day?

IT Governance

Data protection is something that affects almost everything that we do. From checking our phones first thing in the morning to logging in at work, from high-street shopping to monitoring our biometric data at the gym, we are constantly handing over our personal information. Although many of us are broadly aware of the risks involved when sharing this data, we don’t fully grasp the ramifications – nor do we realise there are ways we can better protect our personal information.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Kevin Mitnick Hacked California Law in 1983

Schneier on Security

Early in his career, Kevin Mitnick successfully hacked California law. He told me the story when he heard about my new book , which he partially recounts his 2012 book, Ghost in the Wires. The setup is that he just discovered that there’s warrant for his arrest by the California Youth Authority, and he’s trying to figure out if there’s any way out of it.

Libraries 119
article thumbnail

FBI Seizes Hive Ransomware Servers in Multinational Takedown

Data Breach Today

Agents Infiltrated Hive in July 2022: 'We Hacked the Hackers,' Says DOJ Official The FBI penetrated the network of the Hive ransomware group, which has a history of attacking hospitals. A multinational operation seized the ransomware-as-a-service group's leak site and two servers located in Los Angeles. U.S. law enforcement said an investigation is ongoing.

article thumbnail

EDPB Publishes Report of Outcome of the Cookie Banner Taskforce

Hunton Privacy

On January 18, 2023, the European Data Protection Board (“EDPB”) published its Report on the work undertaken by the Cookie Banner Taskforce (the “Report”). The positions reflected in the Report result from the coordinated response of EU data protection authorities (“DPAs”) to the complaints filed by the non-governmental organization co-founded by privacy activist Max Schrems, None of Your Business (“NOYB”), that related to the requirements of cookie banners in the EU.

GDPR 111
article thumbnail

How Noob Website Hackers Can Become Persistent Threats

Dark Reading

An academic analysis of website defacement behavior by 241 new hackers shows there are four clear trajectories they can take in future, researchers say.

118
118
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

IT Governance Podcast 2023-2: Mailchimp, fast food, T-Mobile, ice rinks, iOS update and ISO 27001

IT Governance

This week, we discuss the fallout from the latest Mailchimp breach, a ransomware attack on KFC, Pizza Hut and Taco Bell’s parent company, another T-Mobile data breach, an incident affecting Planet Ice, and an update for older Apple devices. We also talk to the ISO 27001 expert Steve Watkins about his new pocket guide to the Standard. Now available on Spotify , Amazon Music , Apple Podcasts and SoundCloud.

article thumbnail

North Korean Hackers Attacked Horizon, Confirms FBI

Data Breach Today

Lazarus Group, APT38 Stole $100M From the Blockchain Bridge in June North Korea's Lazarus Group was behind the $100 million theft from the Horizon blockchain bridge, the U.S. federal government confirmed. The FBI vowed "to expose and combat North Korea's use of illicit activities - including cybercrime and virtual currency theft - to generate revenue.

article thumbnail

CNIL Fines TikTok 5 Million Euros Over Cookie Infringements

Hunton Privacy

On January 12, 2023, the French Data Protection Authority (the “CNIL”) announced a €5,000,000 fine for the social network TikTok for violations of applicable cookie rules. The fine was imposed at the end of 2022. Background The CNIL carried out several investigations of TikTok’s website (but not its mobile app) between May 2020 and June 2022. Following these investigations, the CNIL concluded that TikTok Information Technologies UK Limited and TikTok Technology Limited had failed to comply with

article thumbnail

7 Insights From a Ransomware Negotiator

Dark Reading

The rapid maturation and rebranding of ransomware groups calls for relentless preparation and flexibility in response, according to one view from the trenches.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Cybercriminals Use VSCode Extensions as New Attack Vector

eSecurity Planet

Microsoft’s Visual Studio Code integrated development environment (IDE) is used by as much as 75% of developers, so any security issue has widespread implications. And Aqua Nautilus researchers have discovered a big one. The researchers reported earlier this month that the VSCode editor could be vulnerable to attacks targeting its extensions. The free open source and cross-platform IDE is very easy to use, and there are literally thousands of free extensions developers can install in one c

article thumbnail

Microsoft Security Sales Hit $20B as Consolidation Increases

Data Breach Today

Growing Empire: Microsoft's Security Revenue Up 33% Since 2021, 100% Since 2020 The world's largest cybersecurity vendor continues to pull away from the competition, with Microsoft's security sales surpassing $20 billion in 2022 after 33% annual growth. The cloud computing and software giant continues to reap the rewards of security tool consolidation.

Sales 205
article thumbnail

Beware: Images, Video Shared on Signal Hang Around

The Security Ledger

A researcher is warning that photos and video files shared in Signal chats may be hanging around on devices, even when they deleted the messages in which the images were shared. The post Beware: Images, Video Shared on Signal Hang Around appeared first on The Security Ledger with Paul F. Roberts. Related Stories IoCs vs. EoCs: What’s the difference and why should you care?

article thumbnail

TSA No-Fly List Snafu Highlights Risk of Keeping Sensitive Data in Dev Environments

Dark Reading

A Swiss hacker poking around in an unprotected Jenkins development server belonging to CommuteAir accessed the names and birthdates of some 1.5 million people on a TSA no-fly list from 2019.

Risk 106
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Frictionless Ediscovery: Reducing Context Switching in Your Workflow

Hanzo Learning Center

Let’s face it, if litigation is imminent and you’re preparing for the discovery process, friction has already taken place between opposing parties. But that’s not what I mean when I’m talking about “frictionless ediscovery.

IT 98
article thumbnail

North Korean Crypto Hackers Keep Nose to the Grind

Data Breach Today

TA444 Is Adaptable and Hard Working Say Proofpoint Researchers A North Korean hacking group tracked by cybersecurity firm Proofpoint as TA444 unleashed in December a torrent of spam in a bid to harvest credentials - evidence of a hacking group that mirrors "startup culture in its devotion to the dollar and to the grind.

article thumbnail

How you can drive data health with data observability

Collibra

Your organization may have invested heavily in analytical tools. But analytical insights can be only as good as the quality of the input data. Many organizations struggle with the challenges of data quality and the way it affects their decisions. As a data engineer, you typically work on the raw data with missing, duplicate, and inconsistent records and deliver high-quality data.

Paper 98
article thumbnail

FanDuel Sportsbook Bettors Exposed in Mailchimp Breach

Dark Reading

Amid all the NFL playoff action, FanDuel has sent an email warning to gamblers that their data was exposed in its third-party breach, putting them at risk for phishing attacks.

Phishing 100
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

No-Fly List Exposed

Schneier on Security

I can’t remember the last time I thought about the US no-fly list: the list of people so dangerous they should never be allowed to fly on an airplane, yet so innocent that we can’t arrest them. Back when I thought about it a lot, I realized that the TSA’s practice of giving it to every airline meant that it was not well protected, and it certainly ended up in the hands of every major government that wanted it.

article thumbnail

What Makes Sumo Logic an Appealing Target for Private Equity

Data Breach Today

Sumo Logic Is a Well-Regarded SIEM Provider, But Profitability Remains Elusive Thoma Bravo, Vista Equity Partners and rival Francisco Partners have set their sights on a new target: Sumo Logic. Each of the three private equity firms has approached the Silicon Valley-based data analytics software vendor expressing interest in a possible acquisition, The Information reports.

Analytics 176
article thumbnail

Patch management is crucial to protect Exchange servers, Microsoft warns

Security Affairs

Microsoft warns customers to patch their Exchange servers because attackers always look to exploit unpatched installs. Microsoft published a post to urge its customers to protect their Exchange servers because threat actors actively attempt to exploit vulnerabilities in unpatched installs. The IT giant recommends installing the latest available Cumulative Update (CU) and Security Update (SU) on Exchange servers “There are too many aspects of unpatched on-premises Exchange environments that

Cloud 97