Sat.Feb 24, 2024 - Fri.Mar 01, 2024

article thumbnail

Let’s Give Information Its Own Office

AIIM

In my role as The Info Gov Guy™, I consult with clients from up and down their organizational charts: in records, IT, legal, HR, marketing, etc. What this tells me is that their employers don’t consider their information to be a core business asset – which is odd because they do acknowledge their success depends completely on their ability to quickly find and retrieve current, accurate, and properly safeguarded information.

IT 159
article thumbnail

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s calendar at Calendly , a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call. But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems.

Phishing 252
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Information Management During Mergers & Acquisitions

AIIM

In January, I served as a panelist during a three-part series on mergers and acquisitions in the association space. Hosted by the ASAE Executive Management Advisory Council, the series explored what non-profit organizations need to consider before, during, and after mergers and acquisitions. The panelists were mainly executives and legal professionals, so the fascinating conversations focused very much on strategy, governance, finances, and human capital.

article thumbnail

Alert: Info Stealers Target Stored Browser Credentials

Data Breach Today

Calls Grow to Block Browser-Based Password Storage as Malware Comes Calling Saving passwords in browser-based password managers or via "remember my details" website options might make for simple and fast log-ins for employees, but they also give attackers an easy way to lift legitimate credentials, oftentimes via highly automated, information-stealing malware, experts warn.

Passwords 332
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

News alert: ThreatHunter.ai stops hundreds of ransomware attacks, nation-state threats in 48 hours

The Last Watchdog

Brea, Calif. Feb. 27, 2024 — The current large surge in cyber threats has left many organizations grappling for security so ThreatHunter.ai is taking decisive action. Recognizing the critical juncture at which the digital world stands, ThreatHunter.ai is now offering their cutting-edge cybersecurity services free of charge to all organizations for 30 days, irrespective of their current cybersecurity measures.

More Trending

article thumbnail

Researchers found a zero-click Facebook account takeover

Security Affairs

A critical vulnerability in Facebook could have allowed threat actors to hijack any Facebook account, researcher warns. Meta addressed a critical Facebook vulnerability that could have allowed attackers to take control of any account. The Nepalese researcher Samip Aryal described the flaw as a rate-limiting issue in a specific endpoint of Facebook’s password reset flow.

Passwords 144
article thumbnail

FBI Is Focused on Election Integrity, Misinformation Threats

Data Breach Today

Agent Robert K. Tripp on FBI's Approach to Deepfakes, Nation-State Election Threats The U.S. presidential election is still eight months away, but the FBI is already seeing its share of cyberattacks, nation-state threats and AI-generated deepfakes. According to FBI Agent Robert K. Tripp, "We're no longer considering threats as a what-if situation; it's happening now.

IT 318
article thumbnail

Here Come the AI Worms

WIRED Threat Level

Security researchers created an AI worm in a test environment that can automatically spread between generative AI agents—potentially stealing data and sending spam emails along the way.

Security 142
article thumbnail

News alert: Chiral announces $3.8m funding round to advance nanomaterial chip manufacturing

The Last Watchdog

Zurich, Switzerland, Feb. 27, 2024 — Chipmaking has become one of the world’s most critical technologies in the last two decades. The main driver of this explosive growth has been the continuous scaling of silicon technology (widely known as the Moore’s Law). But these advances in silicon technology are slowing down, as we reach the physical limits of silicon.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Lazarus APT exploited zero-day in Windows driver to gain kernel privileges

Security Affairs

North Korea-linked Lazarus APT exploited a zero-day flaw in the Windows AppLocker driver (appid.sys) to gain kernel-level access to target systems. Avast researchers observed North Korea-linked Lazarus APT group using an admin-to-kernel exploit for a zero-day vulnerability in the appid.sys AppLocker driver. The zero-day, tracked as CVE-2024-21338 has been addressed by Microsoft in the February Patch Tuesday update.

article thumbnail

Chinese Group Runs Highly Persistent Ivanti 0-Day Exploits

Data Breach Today

UNC5325 Can Remain in Hacked Devices Despite Factory Reset and Patches Chinese threat actors are continuing to persist after exploiting the recent Ivanti Connect Secure VPN vulnerability even after factory resets, system upgrades and patches. The threat actor, UNC5325, is adept at "living off the land" techniques, warned threat intelligence firm Mandiant.

Security 296
article thumbnail

How the Pentagon Learned to Use Targeted Ads to Find its Targets—and Vladimir Putin

WIRED Threat Level

Meet the guy who taught US intelligence agencies how to make the most of the ad tech ecosystem, "the largest information-gathering enterprise ever conceived by man.

IT 145
article thumbnail

HHS Targets Small Behavioral Health Clinic for HIPAA Violations Following Ransomware Investigation

Hunton Privacy

On February 21, 2024, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) entered into a resolution agreement and corrective action plan with Green Ridge Behavioral Health LLC (“GRBH”) stemming from the organization’s failure to comply with the Privacy and Security Rules of the Health Insurance Portability and Accountability Act (“HIPAA”) and subsequent failure to protect against a 2019 ransomware attack that impacted the personal health information (“PHI”) of more

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

CISA adds Microsoft Streaming Service bug to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft Streaming Service vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2023-29360 (CVSS Score 8.4) Microsoft Streaming Service Untrusted pointer dereference vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.

IT 119
article thumbnail

Cryptohack Roundup: FTX Updates

Data Breach Today

Also: Bitcoin Fog Case Testimony; Axie Infinity Co-Founder Hack This week, progress was made in the FTX case, a hacker testified in the Bitcoin Fog case, an Axie Infinity co-founder and a MicroStrategy account were hacked, the KyberSwap hacker moved funds, the EU has a new AMLA office, and Aleo was breached.

292
292
article thumbnail

Change Healthcare Ransomware Attack: BlackCat Hackers Quickly Returned After FBI Bust

WIRED Threat Level

Two months ago, the FBI “disrupted” the BlackCat ransomware group. They're already back—and their latest attack is causing delays at pharmacies across the US.

article thumbnail

Apple Announces Post-Quantum Encryption Algorithms for iMessage

Schneier on Security

Apple announced PQ3 , its post-quantum encryption standard based on the Kyber secure key-encapsulation protocol, one of the post-quantum algorithms selected by NIST in 2022. There’s a lot of detail in the Apple blog post , and more in Douglas Stabila’s security analysis. I am of two minds about this. On the one hand, it’s probably premature to switch to any particular post-quantum algorithms.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Unmasking 2024’s Email Security Landscape

Security Affairs

Analyzing the Email Security Landscape and exploring Emerging Threats and Trends. In the ever-shifting digital arena, staying ahead of evolving threat trends is paramount for organizations aiming to safeguard their assets. Amidst this dynamic landscape, email stands as a primary battleground for cyber defense. VIPRE Security Group’s latest report, “Email Security in 2024: An Expert Insight into Email Threats,” delves into the cutting-edge tactics and technologies embraced by cy

Security 114
article thumbnail

NIST Unveils Second Iteration of Cybersecurity Framework

Data Breach Today

New CSF Adds 'Governance' to Core Functions Cybersecurity guidance for the private sector published by the U.S. National Institute of Standards and Technology in 2014 has received its first major update. The revised Cybersecurity Framework focuses on governance and says cybersecurity threats are a major source of enterprise risk.

article thumbnail

The White House Warns Cars Made in China Could Unleash Chaos on US Highways

WIRED Threat Level

As Chinese automakers prepare to launch in the US, the White House is investigating whether cars made in China could pose a national security threat.

Security 125
article thumbnail

VulnRecap 2/26/24 – VMWare, Apple, ScreenConnect Face Risks

eSecurity Planet

Critical vulnerabilities have been discovered across multiple systems, including Microsoft Exchange Servers, the Bricks Builder Theme for WordPress, VMware, ScreenConnect, Joomla, and Apple Shortcuts. Urgent patching and prompt updates can protect systems from unauthorized access, data breaches, and potential exploitation by threat actors. Organizations must prioritize implementing effective security measures and conducting frequent audits.

Risk 107
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

A cyber attack hit the Royal Canadian Mounted Police

Security Affairs

A cyber attack hit the Royal Canadian Mounted Police (RCMP), the federal and national law enforcement agency of Canada. The Royal Canadian Mounted Police (RCMP), the federal and national law enforcement agency of Canada, confirmed that it was the target of a cyber attack. RCMP also notified the Office of the Privacy Commissioner (OPC). The police have launched an investigation into the cyber attack and urged its staff to stay vigilant. “The situation is evolving quickly but at this time, t

article thumbnail

Zscaler CEO: Palo Alto Playing Defense as Firewall Sales Ebb

Data Breach Today

Jay Chaudhry Says Palo Alto Offering Free Products to New Platform Users Won't Work Zscaler CEO Jay Chaudhry said Palo Alto Networks' strategy of offering free products to new platform customers will "unravel over time" as firewalls become shelfware. Legacy vendors find themselves "in a defensive position" as the role of firewalls shrinks and demand for zero trust security grows.

Sales 288
article thumbnail

NIST Cybersecurity Framework 2.0

Schneier on Security

NIST has released version 2.0 of the Cybersecurity Framework: The CSF 2.0, which supports implementation of the National Cybersecurity Strategy , has an expanded scope that goes beyond protecting critical infrastructure, such as hospitals and power plants, to all organizations in any sector. It also has a new focus on governance, which encompasses how organizations make and carry out informed decisions on cybersecurity strategy.

article thumbnail

Renewable energy in action: Examples and use cases for fueling the future

IBM Big Data Hub

As more countries, companies and individuals seek energy sources beyond fossil fuels, interest in renewable energy continues to rise. In fact, world-wide capacity for energy from solar, wind and other renewable sources increased by 50% in 2023. More than 110 countries at the United Nations’ COP28 climate change conference agreed to triple that capacity by 2030, and global investment in clean energy transition hit a record high of USD 1.8 trillion in 2023.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

IntelBroker claimed the hack of the Los Angeles International Airport

Security Affairs

The popular hacker IntelBroker announced that it had hacked the Los Angeles International Airport by exploiting a flaw in one of its CRM systems. The website Hackread first reported that the popular hacker IntelBroker had breached one of the CRM systems used by the Los Angeles International Airport. IntelBroker announced it had exploited a vulnerability in the target system, the attack took place this month. “IntelBroker informed Hackread.com that they successfully executed the data breach

article thumbnail

Stages of LockBit Grief: Anger, Denial, Faking Resurrection?

Data Breach Today

Is LockBit a Kremlin Sock Puppet? Is Moscow using the Russian-speaking LockBit ransomware group as a tool to disrupt critical infrastructure and democracy in the West? While no publicly available evidence reveals direct ties, what are the chances that the prolific, trash-talking group has escaped authorities' attention - or demands?

article thumbnail

Game-Changer: Biometric-Stealing Malware

KnowBe4

I have been working in cybersecurity for a long time, since 1987, over 35 years. And, surprisingly to many readers/observers, I often say I have not seen anything new in the hacker/malware space since I began. The same threats that were a problem then are the same problems now.