Sat.Jun 29, 2024 - Fri.Jul 05, 2024

article thumbnail

Evolve Ransomware Hack Affects Affirm and Fintech Companies

Data Breach Today

Startups and Evolve Client Are Monitoring the Situation for Potential Fallout A ransomware attack against Evolve Bank & Trust triggered a small cascade of secondary breach notifications by current and past clients of the banking-as-a-service company. Russian-speaking ransomware-as-a-service operation LockBit attacked the Tennessee company in May.

article thumbnail

Evaluating GenAI on Forms Management: The Ongoing Need for Human Insight

AIIM

The age of artificial intelligence (AI) has advanced rapidly with the release of tools like ChatGPT becoming available to the end user. These tools can compile information from various sources to answer questions on a wide range of topics. But how accurately can they comprehend truly complex disciplines that require years of specialized expertise?

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The State of Data Breaches, Part 2: The Trilogy of Players

Troy Hunt

Last week, I wrote about The State of Data Breaches and got loads of feedback. It was predominantly sympathetic to the position I find myself in running HIBP, and that post was mostly one of frustration: lack of disclosure, standoffish organisations, downplaying breaches and the individual breach victims themselves making it worse by going to town on the corporate victims.

article thumbnail

New Tech Q&A: Adaptiva – CrowdStrike alliance highlights trend of blending IT and security systems

The Last Watchdog

The coalescing of the next-gen security platforms that will carry us forward continues. Related: Jump starting vulnerability management Adaptiva, a leader in autonomous endpoint management, recently announced the launch of OneSite Patch for CrowdStrike. This new solution integrates with CrowdStrike’s Falcon XDR platform to improve the efficiency and speed of patching critical vulnerabilities in enterprise systems.

IT 278
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Millions Affected by Prudential Ransomware Hack in February

Data Breach Today

Insurance Giant Says Hackers Stole Data of 2.5 Million Individuals A February ransomware attack against Prudential Financial affected 2.5 million customers, the financial giant disclosed after initially calculating the totally as 36,000. In an emailed statement, Prudential said the tally shouldn't increase a second time.

More Trending

article thumbnail

How Apple Intelligence’s Privacy Stacks Up Against Android’s ‘Hybrid AI’

WIRED Threat Level

Generative AI is seeping into the core of your phone, but what does that mean for privacy? Here’s how Apple’s unique AI architecture compares to the “hybrid” approach adopted by Samsung and Google.

Privacy 123
article thumbnail

RSAC Fireside Chat: Amplifier Security taps LLMs to help organizations foster a security culture

The Last Watchdog

Security teams rely on an ever-growing stack of cybersecurity tools to keep their organization safe. Related: The worst year ever for breaches Yet there remains a glaring disconnect between security systems and employees. Now comes a start-up, Amplifier Security , with a bold new approach to orchestrate security actions. Just after RSAC 2024 , I spoke with Thomas Donnelly , Amplifier’s co-founder and CTO, about how that they’re utilizing large language models (LLMs) and to emphasize continual em

Security 130
article thumbnail

OpenAI Did Not Disclose 2023 Breach to Feds, Public: Report

Data Breach Today

Hacker had Unauthorized Access to Data on Designs for New AI Use Cases A hacker reportedly stole information on OpenAI's new technologies last year by breaking into the company's internal messaging systems. The messages comprised details of designs for new AI technologies, the New York Times said. The hacker did not access systems housing or building its applications.

Access 298
article thumbnail

Prudential Financial data breach impacted over 2.5 million individuals

Security Affairs

Prudential Financial confirmed that more than 2.5 million individuals were affected by the data breach it suffered in February 2024. The insurance company Prudential Financial confirmed that the data breach it suffered in February 2024 affected over 2.5 million individuals. The incident occurred on February 4, 2024, and was discovered on February 5, 2024.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Sextortion Epidemic Targeting Teenagers Calls for Urgent Action

KnowBe4

A few weeks ago I was privileged to visit the 8th grade of a high-school here in Cape Town and talk to the students about cybersecurity, social media, and emerging technology. It was a very rewarding experience but also an eye-opener with regards to the level of cyber awareness amongst adolescents.

article thumbnail

New Open SSH Vulnerability

Schneier on Security

It’s a serious one : The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration. […] This vulnerability, if exploited, could lead to full system compromise where an attacker can execute arbitrary code with the highest privileges, resulting in a complete syste

article thumbnail

Breach Roundup: FBI Warns of US Renewable Energy Sector Threats

Data Breach Today

Google Offers $250,000 Reward for KVM Vulns; CocoaPods Flaws Expose Apple Apps This week: FBI warns of cyberthreats to U.S. renewable energy sector; Indonesia data center hacker apologizes; Google Pixel 6 series devices bricked, critical vulnerability in EoL D-Link routers, Google offers $250,000 reward for KVM vulnerabilities, NCA disrupts global Cobalt Strike supply chain.

297
297
article thumbnail

Hackers compromised Ethereum mailing list and launched a crypto draining attack

Security Affairs

Hackers compromised Ethereum ‘s mailing list provider and sent phishing messages to the members attempting to drain their crypto funds. Hackers compromised Ethereum’s mailing list provider and on the night of June 23, they sent an email to the 35,794 addresses. The email was sent from the address ‘updates@blog.ethereum.org’ and included a link to a malicious site running a crypto drainer. “This website had a crypto drainer running in the background, and if a user initiate

Phishing 136
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

The Tech Crash Course That Trains US Diplomats to Spot Threats

WIRED Threat Level

The US State Department is training diplomats in cybersecurity, privacy, telecommunications, and other technology issues, allowing them to advance US policy abroad.

Privacy 120
article thumbnail

Ransomware Attack on U.K. Health Service Laboratory Disrupts Major London Hospital Services

KnowBe4

What likely started as a quick ransomware “smash and grab” has turned into a headline case resulting in responses from both U.K. and U.S. law enforcement.

article thumbnail

Purple Teaming: Evaluate the Efficacy of Security Controls

Data Breach Today

Red teaming is not effective for evaluating the efficacy of preventative or detective security controls, said Jared Atkinson of Specter Ops, but purple teaming is. Purple teaming as "the evaluation of security control efficacy through atomic testing, using deliberately selected test cases.

Security 267
article thumbnail

Russia-linked group APT29 likely breached TeamViewer’s corporate network

Security Affairs

Russia-linked APT group, reportedly APT29, is suspected to be behind a hack of TeamViewer ‘s corporate network. TeamViewer discovered that a threat actor has breached its corporate network and some reports attribute the intrusion to the Russia-linked APT group APT29 (aka SVR group , BlueBravo , Cozy Bear , Nobelium , Midnight Blizzard , and The Dukes ).

Access 137
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

The US Wants to Integrate the Commercial Space Industry With Its Military to Prevent Cyber Attacks

WIRED Threat Level

As more and more infrastructure is deployed in space, the risk of cyber attacks increases. The US military wants to team up with the private sector to protect assets everyone relies on.

Military 104
article thumbnail

Phishing Attacks Themed Around Popular Weight Loss Drugs Increase 183%

KnowBe4

As popularity grows for these proven methods of weight loss, scammers have taken note and have placed a significant focus on separating victims from their money.

Phishing 111
article thumbnail

Meta and YouTube Update Their AI Content Policies

Data Breach Today

Meta Changes AI Content Labeling; YouTube Updates Privacy Guidelines Meta and YouTube updated their artificial intelligence policies to address the altered content appearing on their platforms. The changes come as part of industry efforts to distinguish real content from fake content, especially in the middle of a global election year.

article thumbnail

Critical unauthenticated remote code execution flaw in OpenSSH server

Security Affairs

A critical flaw in the OpenSSH server can be exploited to achieve unauthenticated remote code execution with root privileges in glibc-based Linux systems. OpenSSH maintainers addressed a critical vulnerability, tracked as CVE-2024-6387, that can lead to unauthenticated remote code execution with root privileges in glibc-based Linux systems. OpenSSH maintained have addressed the vulnerability with the release of version 9.8 on July 01, 2024. “A critical vulnerability in sshd(8) was present

Risk 134
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

The Problem the US TikTok Crackdown and Kaspersky Ban Have in Common

WIRED Threat Level

While Kaspersky and TikTok make very different kinds of software, the US has targeted both over national security concerns. But the looming bans have larger implications for internet freedom.

Security 104
article thumbnail

Hacked Customer Support Portal Being Used to Send Phishing Emails

KnowBe4

A hacked customer support portal belonging to router manufacturer Mercku is being used to respond to customer queries with phishing emails, BleepingComputer reports.

Phishing 108
article thumbnail

How Cyber Insurers Evaluate Security Measures

Data Breach Today

Tokio Marine HCC's Keith Bergin on Cybersecurity Measures for Insurance Eligibility Keith Bergin, vice president of corporate claims at Tokio Marine HCC, explains how cyber insurers evaluate security measures such as MFA and administrative access control, and describes the integration of threat intelligence and pre-breach services to enhance policyholder security.

Insurance 253
article thumbnail

China-linked APT exploited Cisco NX-OS zero-day to deploy custom malware

Security Affairs

Cisco fixed an actively exploited NX-OS zero-day, the flaw was exploited to install previously unknown malware as root on vulnerable switches. Cisco addressed an NX-OS zero-day, tracked as CVE-2024-20399 (CVSS score of 6.0), that the China-linked group Velvet Ant exploited to deploy previously unknown malware as root on vulnerable switches. The flaw resides in the CLI of Cisco NX-OS Software, an authenticated, local attacker can exploit the flaw to execute arbitrary commands as root on the und

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Collibra AI Governance and de-risking unstructured data at Ohalo

Collibra

It seems like a day doesn’t pass without some AI-powered innovation making headlines, rousing markets and occasionally causing public worry. Make no mistake: Whether hype-driven or otherwise, this is the age of AI, and everyone wants a piece of the action. But as most businesses recognize, innovation is nothing without the right governance to ensure that risks don’t get out of hand.

article thumbnail

Chrome to Block Entrust Certificates in November 2024

eSecurity Planet

Millions of websites could be displaying security warnings in Google Chrome starting this November. The cause? A recent announcement by Google Chrome regarding its trust in certificates issued by a major certificate authority (CA), Entrust. Website security is paramount in today’s digital age. That little lock icon in your browser address bar signifies a secure connection, protected by an SSL/TLS certificate.

article thumbnail

Meta, YouTube Update AI Content Policies

Data Breach Today

Meta Changes AI Content Labelling, YouTube Updates Privacy Guidelines Meta and YouTube updated their artificial intelligence policies to address the altered content appearing on their platform. The changes come as part of industry effort to distinguish real content from fake, especially in the middle of a global election year.