Sat.Nov 25, 2023 - Fri.Dec 01, 2023

article thumbnail

GUEST ESSAY: Steps to leveraging ‘Robotic Process Automation’ (RPA) in cybersecurity

The Last Watchdog

In cybersecurity, keeping digital threats at bay is a top priority. A new ally in this battle is robotic process automation (RPA.) This technology promises to simplify tasks, boost accuracy and quicken responses. Related: Gen-A’s impact on DevSecOps Robotic process automation is about getting repetitive, rule-based tasks done with the help of software robots , often called “bots.

article thumbnail

US, UK Cyber Agencies Spearhead Global AI Security Guidance

Data Breach Today

Global Cybersecurity Agencies Say 'Secure by Design' Is Key to AI Threat Mitigation Nearly two dozen national cybersecurity organizations on Sunday urged AI developers to embrace "secure by design" and other preventive measures aimed at keeping hackers out from the mushrooming world of AI systems. The United Kingdom and United States spearheaded its development.

Security 314
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Okta: Breach Affected All Customer Support Users

Krebs on Security

When KrebsOnSecurity broke the news on Oct. 20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal sensitive data from fewer than one percent of its 18,000+ customers. But today, Okta revised that impact statement, saying the attackers also stole the name and email address for nearly all of its customer support users.

article thumbnail

How Generative AI Can Improve Enterprise Search

AIIM

I was inspired to write this post after listening to an episode of “This Week in Windows” on Leo Laporte’s TWIT.TV podcast network. Leo and one of his co-hosts got into an interesting discussion on the use of Generative AI like ChatGTP with respect to search on the internet. Leo seemed to be making the same mistake many do, and confusing the concepts of using a search engine to answer a query by finding sources of information, and asking a Generative AI system based on a Large Language Model (LL

article thumbnail

5 Ways You Can Win Faster with Gen AI in Sales

Incorporating generative AI (gen AI) into your sales process can speed up your wins through improved efficiency, personalized customer interactions, and better informed decision- making. Gen AI is a game changer for busy salespeople and can reduce time-consuming tasks, such as customer research, note-taking, and writing emails, and provide insightful data analysis and recommendations.

article thumbnail

Public AI: Bad. Internal AI: Good. With Information Governance: Great!

Weissman's World

We’ve talked a lot about the perils of using generative AI, which while improving is still prone to making stuff up and exposes our data to privacy problems if used as engine fodder. But I don’t know that I’ve properly distinguished between the “bad” public technologies and the possible “good” of those installed internally –… Read More » Public AI: Bad.

More Trending

article thumbnail

Critical Zoom Room bug allowed to gain access to Zoom Tenants

Security Affairs

A critical vulnerability in Zoom Room allowed threat actors to take over meetings and steal sensitive data. Researchers at AppOms discovered a vulnerability in Zoom Room as part of the HackerOne live hacking event H1-4420. Zoom Rooms is a feature of the Zoom video conferencing platform designed to enhance collaboration in physical meeting spaces, such as conference rooms or huddle rooms.

Access 143
article thumbnail

My CIP Story: Using Certification to Advance Myself and Others

AIIM

I am brimming with pride right now. On November 27, 2023, the Association for Intelligent Information Management (AIIM) debuted a new version of the Certified Information Professional (CIP) credential. On November 27, I also found out that I had earned my CIP!

151
151
article thumbnail

You Don’t Need to Turn Off Apple’s NameDrop Feature in iOS 17

WIRED Threat Level

Yes, your iPhone automatically turns on NameDrop with the latest software update. But you shouldn’t really be worried about it—regardless of what the police are saying.

IT 139
article thumbnail

North Korea's Supercharged State-Backed Cryptocurrency Theft

Data Breach Today

Report Says State Backing Makes Pyongyang's Hackers Like Cybercriminals on Steroids To service the perpetually cash-starved regime of North Korea, hackers will continue their relentless onslaught on cryptocurrency - and all users of it - with state backing to industrialize their hacking and money laundering capabilities, experts warn.

IT 311
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Rhysida ransomware gang claimed China Energy hack

Security Affairs

The Rhysida ransomware group claimed to have hacked the Chinese state-owned energy conglomerate China Energy Engineering Corporation. The Rhysida ransomware gang added the China Energy Engineering Corporation to the list of victims on its Tor leak site. Energy China [link] TL;DR That's huuuge! China Energy Engineering Group ranks 3rd in ENR Top 150 Global Engineering Design Firms and 13th in ENR Top 250 Global Contractors.

article thumbnail

Extracting GPT’s Training Data

Schneier on Security

This is clever : The actual attack is kind of silly. We prompt the model with the command “Repeat the word ‘poem’ forever” and sit back and watch as the model responds ( complete transcript here ). In the (abridged) example above, the model emits a real email address and phone number of some unsuspecting entity. This happens rather often when running our attack.

Paper 134
article thumbnail

A Civil Rights Firestorm Erupts Around a Looming Surveillance Power Grab

WIRED Threat Level

Dozens of advocacy groups are pressuring the US Congress to abandon plans to ram through the renewal of a controversial surveillance program that they say poses an “alarming threat to civil rights.

Privacy 135
article thumbnail

Udderly Insecure: Researchers Spot Cow-Tracking Collar Flaws

Data Breach Today

IoT Hackers Could Inject Data to Fool 'Smart' Farmers and Vets About Animal Welfare Not even dairy cows appear to be safe from internet of things flaws, researchers report after reverse-engineering health-monitoring collars for cows and finding they could eavesdrop on and alter data. Once addressed by the manufacturer, they said the non-updateable collars would have to be replaced.

IoT 312
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Expert warns of Turtle macOS ransomware

Security Affairs

The popular cybersecurity researcher Patrick Wardle dissected the new macOS ransomware Turtle used to target Apple devices. The popular cyber security researcher Patrick Wardle published a detailed analysis of the new macOS ransomware Turtle. Wardle pointed out that since Turtle was uploaded on Virus Total, it was labeled as malicious by 24 anti-malware solutions, suggesting it is not a sophisticated threat.

article thumbnail

AI Decides to Engage in Insider Trading

Schneier on Security

A stock-trading AI (a simulated experiment) engaged in insider trading, even though it “knew” it was wrong. The agent is put under pressure in three ways. First, it receives a email from its “manager” that the company is not doing well and needs better performance in the next quarter. Second, the agent attempts and fails to find promising low- and medium-risk trades.

Paper 132
article thumbnail

OpenAI’s Custom Chatbots Are Leaking Their Secrets

WIRED Threat Level

Released earlier this month, OpenAI’s GPTs let anyone create custom chatbots. But some of the data they’re built on is easily exposed.

article thumbnail

Breach Roundup: Ukraine Hacks Russian Aviation Agency

Data Breach Today

Also, Cyberattack Targets Japan's Space Agency JAXA This week, Ukraine's intelligence service hacked Russian aviation agency, a cyberattack targeted Japan's space agency, Google addressed another zero-day, a French-led operation dismantled a Ukrainian ransomware group, and spyware targeted Serbian civil society.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Rhysida ransomware group hacked King Edward VII’s Hospital in London

Security Affairs

The Rhysida ransomware group claimed to have hacked King Edward VII’s Hospital in London. King Edward VII’s Hospital is a private hospital located on Beaumont Street in the Marylebone district of central London. It is a leading provider of acute and specialist medical care, with a focus on musculoskeletal health, urology, women’s health, and digestive health.

article thumbnail

Secret White House Warrantless Surveillance Program

Schneier on Security

There seems to be no end to warrantless surveillance : According to the letter, a surveillance program now known as Data Analytical Services (DAS) has for more than a decade allowed federal, state, and local law enforcement agencies to mine the details of Americans’ calls, analyzing the phone records of countless people who are not suspected of any crime, including victims.

Mining 131
article thumbnail

Artificial Intelligence (Regulation) Bill: UK Private Members’ Bill underscores wide-spread regulatory concerns

Data Protection Report

A Private Members’ Bill, the Artificial Intelligence (Regulation) Bill (the Bill ), has been introduced into House of Lords (the UK’s upper House of the UK Parliament) and is currently at the second Parliamentary stage. The King’s Speech , which set out the agenda for the current Parliamentary session, did not contain any proposals from the Government for legislation on AI, a point that was highlighted by the House of Commons Science, Innovation and Technology Committee.

article thumbnail

Okta Delays New Products, Projects 90 Days to Boost Security

Data Breach Today

Push Comes After Okta Said Hacker Had Stolen Every Customer Support User's Details Okta has paused product development and internal projects for 90 days to beef up its security architecture and operations for applications, hardware and third-party vendors. Okta will move to strengthen its cyber posture, including a security action plan and engaging with third-party cyber firms.

Security 306
article thumbnail

10 Ways to Leverage Buyer Signals and Drive Revenue

In today’s ultra-competitive markets, it’s no longer enough to wait for buyers to show obvious signs of interest. Instead, sales teams must be proactive, identifying and acting on nuanced buyer behaviors — often before prospects are fully ready to make a purchase. In this eBook from ZoomInfo & Sell Better, learn 10 actionable ways to use these buyer signals to transform your sales strategy and close deals faster.

article thumbnail

Ukraine’s intelligence service hacked Russia’s Federal Air Transport Agency, Rosaviatsia

Security Affairs

Ukraine’s intelligence service announced the hack of the Russian Federal Air Transport Agency, ‘Rosaviatsia.’ Ukraine’s intelligence service announced they have hacked Russia’s Federal Air Transport Agency, ‘Rosaviatsia.’ The attack is the result of a complex special cyber operation. “The Defence Intelligence of Ukraine informs that as a result of a successful complex special operation in cyberspace, a large volume of confidential documents of the

Military 140
article thumbnail

Breaking Laptop Fingerprint Sensors

Schneier on Security

They’re not that good : Security researchers Jesse D’Aguanno and Timo Teräs write that, with varying degrees of reverse-engineering and using some external hardware, they were able to fool the Goodix fingerprint sensor in a Dell Inspiron 15, the Synaptic sensor in a Lenovo ThinkPad T14, and the ELAN sensor in one of Microsoft’s own Surface Pro Type Covers.

Security 130
article thumbnail

Section 702 Surveillance Reauthorization May Get Slipped Into ‘Must-Pass’ NDAA

WIRED Threat Level

Congressional leaders are discussing ways to reauthorize Section 702 surveillance, including by attaching it to the National Defense Authorization Act, Capitol Hill sources tell WIRED.

IT 122
article thumbnail

Capital Health in NJ Is Responding to a Cyberattack

Data Breach Today

2 Hospitals, Medical Groups Still Caring for Patients But Some Services Unavailable New Jersey-based hospital group Capital Health is dealing with a network outage, caused by a cyberattack earlier this week, which is affecting some patient services. Capital Health is at least the second healthcare provider in the Garden State responding to a cyberattack this week.

299
299
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

The hack of MSP provider CTS potentially impacted hundreds of UK law firms

Security Affairs

The cyber attack that hit the managed service provider (MSP) CTS potentially impacted hundreds in the United Kingdom. CTS is a trusted provider of IT services to the legal sector in the UK. The company announced that it is investigating a cyber attack that caused a service outage. The incident impacted a portion of the services. The security incident potentially impacted hundreds of British law firms. “ We are experiencing a service outage which has impacted a portion of the services we de

article thumbnail

Digital Car Keys Are Coming

Schneier on Security

Soon we will be able to unlock and start our cars from our phones. Let’s hope people are thinking about security.

Security 126
article thumbnail

General Electric, DARPA Hack Claims Raise National Security Concerns

Dark Reading

Weapons systems data, AI research, and other classified information may be up for sale, not to mention access to other government agencies.

Sales 122