Sat.May 11, 2024 - Fri.May 17, 2024

article thumbnail

FBI Warns of AI-Assisted Phishing Campaigns

KnowBe4

The US Federal Bureau of Investigation’s (FBI’s) San Francisco division warns that threat actors are increasingly using AI tools to improve their social engineering attacks.

Phishing 100
article thumbnail

Understanding Imposter Syndrome in the Technology Sector

Data Breach Today

What It Means, Who Is Affected by It and How to Overcome It Imposter syndrome is a psychological phenomenon in which individuals doubt their accomplishments and have an internalized fear of being exposed as a fraud. Employees can overcome these fears by finding mentors, documenting achievements and engaging in continuous learning.

IT 171
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST ESSAY: Turning to cloud services can help SMBs scale to meet growth needs

The Last Watchdog

Meeting the demands of the modern-day SMB is one of the challenges facing many business leaders and IT operators today. Traditional, office-based infrastructure was fine up until the point where greater capacity was needed than those servers could deliver, vendor support became an issue, or the needs of a hybrid workforce weren’t being met. Related: SMB brand spoofing In the highly competitive SMB space, maintaining and investing in a robust and efficient IT infrastructure can be one of the ways

Cloud 100
article thumbnail

Patch Tuesday, May 2024 Edition

Krebs on Security

Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two “zero-day” vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day flaw.

Libraries 217
article thumbnail

The Tumultuous IT Landscape Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs

Security Affairs

Russia-linked Turla APT allegedly used two new backdoors, named Lunar malware and LunarMail, to target European government agencies. ESET researchers discovered two previously unknown backdoors named LunarWeb and LunarMail that were exploited to breach European ministry of foreign affairs. The two backdoors are designed to carry out a long-term compromise in the target network, data exfiltration, and maintaining control over compromised systems.

More Trending

article thumbnail

RSAC Fireside Chat: Flexxon advances hardware-level security with its ‘Server Defender’ module

The Last Watchdog

Hardware-based cybersecurity solutions are needed to help defend company networks in a tumultuous operating environment. Related: World’s largest bank hit by ransomware attack While software solutions dominated RSA Conference 2024 and are essential for multi-layered defense of an expanding network attack surface, hardware security solutions can serve as a last line of defense against unauthorized access to sensitive data and tampering with systems.

Security 147
article thumbnail

Another Chrome Vulnerability

Schneier on Security

Google has patched another Chrome zero-day: On Thursday, Google said an anonymous source notified it of the vulnerability. The vulnerability carries a severity rating of 8.8 out of 10. In response, Google said, it would be releasing versions 124.0.6367.201/.202 for macOS and Windows and 124.0.6367.201 for Linux in subsequent days. “Google is aware that an exploit for CVE-2024-4671 exists in the wild,” the company said.

IT 125
article thumbnail

Internal Emails Show How a Controversial Gun-Detection System Found Its Way to NYC

WIRED Threat Level

NYC mayor Eric Adams wants to test Evolv’s gun-detection tech in subway stations—despite the company saying it’s not designed for that environment. Emails obtained by WIRED show how the company still found an in.

IT 120
article thumbnail

Microsoft Patches Zero-Day Exploited by QakBot

Data Breach Today

Kaspersky Says It Spotted QakBot Operators Exploiting the Flaw in April Microsoft issued a patch Tuesday for a Windows zero-day vulnerability that security researchers say operators of the QakBot botnet and other hackers actively exploited. The elevation of privilege vulnerability flaw is rated "important" on the CVSS scale.

Security 223
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

News alert: Criminal IP and Quad9 collaborate to exchange domain and IP threat intelligence

The Last Watchdog

Torrance, Calif., May 13, 2024, CyberNewsWire — Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA, has recently signed a technology partnership to exchange threat intelligence data based on domains and potentially on the IP address to protect users by blocking threats to end users. Criminal IP underwent rigorous data evaluation to integrate with Quad9’s threat-blocking service, demonstrating high data uniqueness and accuracy.

Phishing 130
article thumbnail

Zero-Trust DNS

Schneier on Security

Microsoft is working on a promising-looking protocol to lock down DNS. ZTDNS aims to solve this decades-old problem by integrating the Windows DNS engine with the Windows Filtering Platform—the core component of the Windows Firewall—directly into client devices. Jake Williams, VP of research and development at consultancy Hunter Strategy, said the union of these previously disparate engines would allow updates to be made to the Windows firewall on a per-domain name basis.

Security 121
article thumbnail

Threat actors may have exploited a zero-day in older iPhones, Apple warns

Security Affairs

Apple rolled out urgent security updates to address code execution vulnerabilities in iPhones, iPads, and macOS. Apple released urgent security updates to address multiple vulnerabilities in iPhones, iPads, macOS. The company also warns of a vulnerability patched in March that the company believes may have been exploited as a zero-day. The issue impacts older iPhone devices, it is tracked as CVE-2024-23296 and is a memory corruption flaw in the RTKit.

Access 118
article thumbnail

FBI Seizes Criminal Site BreachForums

Data Breach Today

Website of BreachForums Administrator 'Baphomet' Also Appears to Be Down An international law enforcement operation shut down BreachForums, a criminal forum where hackers posted and sold the contents of hacked databases. The website of the criminal forum in its clear and dark web domains displays a seizure notice stating that it is "under the control of the FBI.

IT 210
article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

article thumbnail

New alert: Logicalis enhances global security services with the launch of Intelligent Security

The Last Watchdog

London, United Kingdom, May 13, 2024, CyberNewsWire — Logicalis, the global technology service provider delivering next-generation digital managed services, has today announced the launch of Intelligent Security, a blueprint approach to its global security portfolio designed to deliver proactive advanced security for customers worldwide. Intelligent Security has been designed by Logicalis’ worldwide team of security specialists to give customers the most comprehensive observability a

Security 100
article thumbnail

LLMs’ Data-Control Path Insecurity

Schneier on Security

Back in the 1960s, if you played a 2,600Hz tone into an AT&T pay phone, you could make calls without paying. A phone hacker named John Draper noticed that the plastic whistle that came free in a box of Captain Crunch cereal worked to make the right sound. That became his hacker name, and everyone who knew the trick made free pay-phone calls. There were all sorts of related hacks, such as faking the tones that signaled coins dropping into a pay phone and faking tones used by repair equipment.

Risk 121
article thumbnail

Google fixes sixth actively exploited Chrome zero-day this year

Security Affairs

Google released emergency security updates to address an actively exploited Chrome zero-day vulnerability. Google has released emergency security updates to address a high-severity zero-day vulnerability vulnerability, tracked as CVE-2024-4761, in the Chrome browser. The vulnerability is an out-of-bounds write issue that resides in the V8 JavaScript engine of the Google web browser.

Libraries 117
article thumbnail

Breach Roundup: Kimsuky Serves Linux Trojan

Data Breach Today

Also: Turla Targets European Missions and Google Patches Chrome Zero-Days This week, hackers used a Linus backdoor and a Microsoft client management tool; Santander Bank, the Helsinki Education Division, an Australian energy provider and auction house Christie's were breached; hackers targeted European missions in the Middle East; and Google patched a zero-day flaw.

Education 183
article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

Welcome to the Laser Wars

WIRED Threat Level

Amid a rising tide of adversary drones and missile attacks, laser weapons are finally poised to enter the battlefield.

Security 145
article thumbnail

FBI Seizes BreachForums Website

Schneier on Security

The FBI has seized the BreachForums website, used by ransomware criminals to leak stolen corporate data. If law enforcement has gained access to the hacking forum’s backend data, as they claim, they would have email addresses, IP addresses, and private messages that could expose members and be used in law enforcement investigations. […] The FBI is requesting victims and individuals contact them with information about the hacking forum and its members to aid in their investigation.

article thumbnail

Santander: a data breach at a third-party provider impacted customers and employees

Security Affairs

The Spanish bank Santander disclosed a data breach at a third-party provider that impacted customers in Chile, Spain, and Uruguay. The Spanish financial institution Santander revealed a data breach involving a third-party provider that affected customers in Chile, Spain, and Uruguay. The bank recently became aware of unauthorized access to one of its databases hosted by a third-party provider.

article thumbnail

UK, US Officials Warn About Chinese Cyberthreat

Data Breach Today

UK GCHQ Director Calls Chinese Hacking a 'Top Priority' Chinese-backed espionage and cyber disruption pose a major threat to global critical infrastructure as Beijing races for global edge, British and U.S. cyber officials warned Tuesday. Responding to the scale and complexity of Chinese hacking is a top British priority.

177
177
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

The $2.3 Billion Tornado Cash Case Is a Pivotal Moment for Crypto Privacy

WIRED Threat Level

Tuesday’s verdict in the trial of Alexey Pertsev, a creator of crypto-privacy service Tornado Cash, is the first in a string of cases that could make it much harder to skirt financial surveillance.

Privacy 114
article thumbnail

Wingardium Trivia-osa! On-Device Sorting Hatbot Powered by Gemma, Ollama, USearch, and RETSim

Elie

Exploring the societal impact of the GenAI workforce entering the market.

Marketing 149
article thumbnail

As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide

Security Affairs

Black Basta ransomware affiliates have breached over 500 organizations between April 2022 and May 2024, FBI and CISA reported. The FBI, CISA, HHS, and MS-ISAC have issued a joint Cybersecurity Advisory (CSA) regarding the Black Basta ransomware activity as part of the StopRansomware initiative. Black Basta has targeted at least 12 critical infrastructure sectors, including Healthcare and Public Health.

article thumbnail

US SEC Approves Wall Street Data Breach Reporting Regs

Data Breach Today

Covered Financial Institutions Have 30 Days to Notify Customers of Data Breaches The Securities and Exchange Commission unanimously approved updated regulations for covered financial institutions requiring entities such as fund companies and investment advisers to notify customers within 30 days of a cyber incident that compromised their data.

article thumbnail

Launching LLM-Based Products: From Concept to Cash in 90 Days

Speaker: Christophe Louvion, Chief Product & Technology Officer of NRC Health and Tony Karrer, CTO at Aggregage

Christophe Louvion, Chief Product & Technology Officer of NRC Health, is here to take us through how he guided his company's recent experience of getting from concept to launch and sales of products within 90 days. In this exclusive webinar, Christophe will cover key aspects of his journey, including: LLM Development & Quick Wins 🤖 Understand how LLMs differ from traditional software, identifying opportunities for rapid development and deployment.

article thumbnail

Secrecy Concerns Mount Over Spy Powers Targeting US Data Centers

WIRED Threat Level

A coalition of digital rights groups is demanding the US declassify records that would clarify just how expansive a major surveillance program really is.

Privacy 121
article thumbnail

“Unknown” Initial Attack Vectors Continue to Grow and Plague Ransomware Attacks

KnowBe4

Trend analysis of ransomware attacks in the first quarter of this year reveals a continual increase in the number of "unknown" initial attack vectors, and I think I might understand why.

article thumbnail

Russian hackers defaced local British news sites

Security Affairs

A group of hackers that defines itself as “first-class Russian hackers” claims the defacement of hundreds of local and regional British newspaper websites. A group claiming to be “first-class Russian hackers” defaced numerous local and regional British newspaper websites owned by Newsquest Media Group. The group defaced the home pages of the targeted websites and posted the message “PERVOKLASSNIY RUSSIAN HACKERS ATTACK.” The following image shows an archived version of t

CMS 111