Sat.May 27, 2023 - Fri.Jun 02, 2023

article thumbnail

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Both of these qualities make stolen or ill-gotten code-signing certificates attractive to cybercriminal groups, who prize their ability to add stealth and longevity to malicious software.

article thumbnail

Gouda Hacker: Charges Tie to Ransomware Hit Affecting Cheese

Data Breach Today

Mikhail Matveev Indictment Shows Police Tracking Top Alleged Ransomware Affiliates How many hackers can claim to have caused a national cheese shortage, not least in the Gouda-loving Netherlands? Enter Mikhail Matveev, a Russian national who's been indicted for wielding not one but three strains of ransomware, in what experts say is a needed focus on ransomware affiliates.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

AI Voice-Based Scams Rise as One-Third of Victims Can’t Tell if the Voice is Real or Not

KnowBe4

As audio deepfake technology continues to go mainstream as part of the evolution in AI-based tools, new data shows there are plenty of victims and they aren’t prepared for such an attack.

article thumbnail

Salesforce 'Ghost Sites' Expose Sensitive Corporate Data

Dark Reading

Some companies have moved on from using Salesforce. But without remembering to fully deactivate their clouds, Salesforce won't move on from them.

Cloud 96
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Dental Health Insurer Hack Affects Nearly 9 Million

Data Breach Today

More than 100 Agencies, Health Entities Impacted by Data Breach Discovered in March An insurance provider that services many state Medicaid agencies and the Children's Health Insurance Program told regulators that hackers compromised the personal and protected health information of nearly 9 million patients in an incident discovered in March.

Insurance 222

More Trending

article thumbnail

RSAC Fireside Chat: Reinforcing ‘Identity and Access Management’ to expose ‘shadow access’

The Last Watchdog

The world of Identity and Access Management ( IAM ) is rapidly evolving. Related: Stopping IAM threats IAM began 25 years ago as a method to systematically grant human users access to company IT assets. Today, a “user” most often is a snippet of code seeking access at the cloud edge. At the RSAC Conference 2023 , I sat down with Venkat Raghavan , founder and CEO of start-up Stack Identity.

Access 211
article thumbnail

Pending Updates to Regulations of Archives in Colombia

AIIM

This article was written by AIIM Florida Chapter Board Member Alvaro Arias Cruz , District Director of Archives of Bogotá. It was originally published in the AIIM Florida Chapter Newsletter in April 2023. Learn more about the AIIM Florida Chapter at [link]. Colombia has one of the most robust and comprehensive archives laws in the Latin American region, identified as the General Archives Law (Law 594 of 2000).

Archiving 141
article thumbnail

Hackers Using MOVEit Flaw to Deploy Web Shells, Steal Data

Data Breach Today

Mandiant Said TTPs of Threat Group Behind Exploiting MOVEit Appear Similar to FIN11 Adversaries have taken advantage of a zero-day vulnerability in Progress Software's managed file transfer product to deploy web shells and steal data, Mandiant found. An unknown threat actor began exploiting the critical SQL injection vulnerability in MOVEit Transfer on May 27.

273
273
article thumbnail

9M Dental Patients Affected by LockBit Attack on MCNA

Dark Reading

The government-sponsored dental and oral healthcare provider warned its customers that a March attack exposed sensitive data, some of which was leaked online by the ransomware group.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Author Q&A: Former privacy officer urges leaders to prioritize security as part of cloud migration

The Last Watchdog

Cyber threats have steadily intensified each year since I began writing about privacy and cybersecurity for USA TODAY in 2004. Related: What China’s spy balloons portend A stark reminder of this relentless malaise: the global cyber security market is on a steady path to swell to $376 billion by 2029 up from $ 156 billion in 2022, according to Fortune Business Insights.

Cloud 174
article thumbnail

Attracting and Retaining the Next Generation of Information Management Leaders

AIIM

AIIM has been discussing the next generation of information management leaders and how the industry can better attract and retain young professionals quite a lot in 2023, and with good reason. The demographics of the workforce are changing. Generation Z (people born between 1997-2012) will account for 30 percent of the U.S. civilian labor force by 2030, according to the U.S.

Insurance 104
article thumbnail

Dark Pink Ramps Up Cyberespionage Attacks, Hits New Targets

Data Breach Today

Threat Actor's Targets This Year Include Government Agencies in Brunei, Indonesia A recently emerged threat actor dubbed Dark Pink is updating its custom tool set in a bid to evade detection while expanding its operations to new Southeast Asian targets. Threat intel firm Group-IB counts 13 total victims of Dark Pink, which first became active in mid-2021.

article thumbnail

'Picture-in-Picture' Obfuscation Spoofs Delta, Kohl's for Credential Harvesting

Dark Reading

A recent campaign tricks victims into visiting credential harvesting sites by hiding malicious URLs behind photos advertising deals from trusted brands.

135
135
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

AI’s “Oppenheimer Moment” Is B t.

John Battelle's Searchblog

Well that was something. Yesterday the Center for AI Safety, which didn’t exist last year, released a powerful 22-word statement that sent the world’s journalists into a predictable paroxysm of hand-wringing: “Mitigating the risk of extinction from A.I. should be a global priority alongside other societal-scale risks, such as pandemics and nuclear war.

Risk 121
article thumbnail

How Generative AI Will Remake Cybersecurity

eSecurity Planet

In March, Microsoft announced its Security Copilot service. The software giant built the technology on cutting-edge generative AI – such as large language models (LLMs) – that power applications like ChatGPT. In a blog post , Microsoft boasted that the Security Copilot was the “first security product to enable defenders to move at the speed and scale of AI.

article thumbnail

Invoice and CEO Scams Dominate Fraud Impacting Businesses

Data Breach Today

UK Financial Services Firms Record $1.5 Billion in Losses Last Year Due to Fraud Losses to fraud reported by Britain's financial services sector exceeded $1.5 billion in 2022, declining by 8% from 2021, says trade association UK Finance. About 40% of losses tied to authorized push payment fraud, in which victims get tricked into transferring funds to attackers.

article thumbnail

Yet Another Toyota Cloud Data Breach Jeopardizes Thousands of Customers

Dark Reading

The newly found misconfigured cloud services are discovered just two weeks after an initial data breach affecting millions came to light.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

On the Catastrophic Risk of AI

Schneier on Security

Earlier this week, I signed on to a short group statement , coordinated by the Center for AI Safety: Mitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war. The press coverage has been extensive, and surprising to me. The New York Times headline is “A.I. Poses ‘Risk of Extinction,’ Industry Leaders Warn.” BBC : “Artificial intelligence could lead to extinction, experts warn.”

Risk 113
article thumbnail

FTC Asserts COPPA Does Not Preempt State Laws

Hunton Privacy

On May 22, 2023, the Federal Trade Commission filed an amicus brief in support of a ruling by the United States Court of Appeals for the Ninth Circuit that COPPA does not preempt state laws claims that are consistent with COPPA. The brief was filed in the case of Jones v. Google. The lawsuit, which was brought by parents on behalf of their children, alleges that video sharing platform YouTube, which is owned by Google, and specific YouTube channel owners violated state laws by collecting persona

Privacy 106
article thumbnail

Hackers Exploited Zero-Day Bug for 8 Months, Barracuda Warns

Data Breach Today

Attackers Exploited Now-Fixed Flaw in ESG Appliances to Install Malware, Steal Data Barracuda Networks is warning that a zero-day vulnerability that it recently discovered and patched in its Email Security Gateway appliances appears to have been exploited since October 2022. Attackers used the flaw to gain persistent remote access to networks and exfiltrate data, it said.

Access 241
article thumbnail

Apple Zero-Days, iMessage Used in 4-Year, Ongoing Spying Effort

Dark Reading

Russia's FSB intelligence agency says the zero-click attacks range far beyond Kaspersky, and it has blamed them on the United States' NSA. Those allegations are thus far uncorroborated.

IT 108
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Ediscovery Best Practices for Slack and MS Teams from Information Governance Through Litigation

Hanzo Learning Center

Workplace collaboration tools like Slack and MS Teams have become ubiquitous in many organizations. However, they also present unique challenges for data governance and ediscovery in the event of litigation. To avoid potential legal issues and fines, it is crucial to have a tailored retention policy, acceptable use policy, and employee training in place.

article thumbnail

Digitizing Records: Quality Management

National Archives Records Express

Digitization project at Archives 1 (Room 18W2) National Archives Identifier: 184341402 This is our fourth blog post taking a deep dive into 36 CFR 1236 Subpart E–Digitizing Permanent Records , which takes effect next week. In this post, we address quality management (QM) which includes the quality assurance (QA) and quality control (QC) requirements provided in the regulation.

Metadata 101
article thumbnail

Ring Settles FTC Allegations of Poor Cybersecurity, Privacy

Data Breach Today

Amazon-Owned Ring Will Pay $5.8 Million to Settle FTC Investigation Amazon agreed to pay $5.8 million to settle a Federal Trade Commission investigation into allegedly poor cybersecurity practices by its Ring home surveillance device subsidiary. The company is also poised to come under two decades' worth of outside reviews of a mandated data and security program.

article thumbnail

421M Spyware Apps Downloaded Through Google Play

Dark Reading

A Trojan SDK snuck past Google Play protections to infest 101 Android applications, bent on exfiltrating infected device data.

128
128
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Operational Excellence Through Management of Corporate Legal Departments

Hanzo Learning Center

The legal department of an organization is responsible for providing crucial legal support and advice to the company's various business operations. However, to operate efficiently, the legal department requires effective management in several areas, including project and program management, firm and vendor management, and financial management. Without proper management, the legal department may lack clarity, predictability, and accountability, leading to unexpected shortfalls and tensions within

98
article thumbnail

Digitizing Records: The Importance of Validation

National Archives Records Express

Lancaster, Pennsylvania – Hamilton Watch. Operation – burring – skilled inspection work National Archives Identifier: 51843 0 This is the fifth in a series of posts supporting the publication of 36 CFR section 1236 subpart E – Digitizing Permanent Records. All of the posts have been collected under the 36 CFR Section 1236 category.

article thumbnail

Sports Warehouse Fined $300,000 Over Payment Card Data Theft

Data Breach Today

Data Breach Exposed Nearly 20 Years of 'Indefinitely' Stored Payment Card Data Online sports retailer Sports Warehouse has agreed overhaul its security program and pay a $300,000 fine to New York State after hackers stole 20 years' worth of payment card data and customer information the company was storing in plaintext on its e-commerce server.

Retail 250