Schneier on Security
JANUARY 17, 2023
No details , though: According to the complaint against him, Al-Azhari allegedly visited a dark web site that hosts “unofficial propaganda and photographs related to ISIS” multiple times on May 14, 2019. In virtue of being a dark web site—that is, one hosted on the Tor anonymity network—it should have been difficult for the site owner’s or a third party to determine the real IP address of any of the site’s visitors.
Krebs on Security
JANUARY 19, 2023
T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately 37 million current customer accounts. Image: customink.com In a filing today with the U.S.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Data Breach Today
JANUARY 16, 2023
And They’ll Continue to Do So Until Authorities Better Disrupt Them - But How? Pity the overworked ransomware gang - say, LockBit - that just "discovered" one of its affiliates hit Britain's postal service. But until Western governments find a way to truly disrupt the ransomware business model, operators remain free to keep spouting half-truths and lies at victims' expense.
The Last Watchdog
JANUARY 16, 2023
My name is Eden Zaraf. I’ve been driven by my passion for technology for as long as I can remember. Somewhere around the age of 13, I learned to code. I developed scripts, websites and got involved in security which led me to penetration testing. Related: Leveraging employees as detectors. Penetration Testing is a never-ending challenge. Five years ago, my friend Sahar Avitan began developing an automatic penetration testing tool for our own use.
Speaker: Dr. Greg Loughnane and Chris Alexiuk
Technology professionals developing generative AI applications are finding that there are big leaps from POCs and MVPs to production-ready applications. They're often developing using prompting, Retrieval Augmented Generation (RAG), and fine-tuning (up to and including Reinforcement Learning with Human Feedback (RLHF)), typically in that order. However, during development – and even more so once deployed to production – best practices for operating and improving generative AI applications are le
The Last Watchdog
JANUARY 17, 2023
To get network protection where it needs to be, legacy cybersecurity vendors have begun reconstituting traditional security toolsets. The overarching goal is to try to derive a superset of very dynamic, much more tightly integrated security platforms that we’ll very much need, going forward. Related: The rise of security platforms. This development has gained quite a bit of steam over the past couple of years with established vendors of vulnerability management (VM,) endpoint detection and respo
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Data Breach Today
JANUARY 19, 2023
Unauthorized Party Obtained Access to Company API for Approximately 6 Weeks T-Mobile disclosed Thursday that hackers had access for approximately 6 weeks to an application programming interface that exposed customer data including names, dates of birth and email addresses. No payment information or passwords were part of the breach, the company said.
Dark Reading
JANUARY 19, 2023
The credential-stuffing attack, likely fueled by password reuse, yielded personal identifiable information that can be used to verify the authenticity of previously stolen data.
Troy Hunt
JANUARY 19, 2023
It's fascinating to see how creative people can get with breached data. Of course there's all the nasty stuff (phishing, identity theft, spam), but there are also some amazingly positive uses for data illegally taken from someone else's system. When I first built Have I Been Pwned (HIBP), my mantra was to "do good things after bad things happen" And arguably, it has, largely by enabling individuals and organisations to learn of their own personal exposure in breaches.
eSecurity Planet
JANUARY 20, 2023
CyberArk researchers are warning that OpenAI’s popular new AI tool ChatGPT can be used to create polymorphic malware. “[ChatGPT]’s impressive features offer fast and intuitive code examples, which are incredibly beneficial for anyone in the software business,” CyberArk researchers Eran Shimony and Omer Tsarfati wrote this week in a blog post that was itself apparently written by AI. “However, we find that its ability to write sophisticated malware that holds no mali
Speaker: Keith Kmett, Principal CX Advisor at Medallia
Join Keith Kmett, Principal CX Advisor, in this new webinar that will focus on: Understanding CX Orchestration Fundamentals: Gain a solid understanding of what CX orchestration is, its significance in the customer experience landscape, and how it plays a crucial role in shaping customer journeys. This includes the key concepts, strategies, and best practices involved in CX orchestration. 🔑 Connection to Customer Journey Maps: How to effectively integrate customer journey mapping into the
Data Breach Today
JANUARY 16, 2023
Norway's DNV Shuts Down IT Servers, Investigates Attack A maker of software used to manage shipping vessel operations says it has shut down its servers after detecting a ransomware attack. Norwegian classification society DNV, maker of ShipManager software, says onboard software functionally continues to operate.
Hunton Privacy
JANUARY 20, 2023
On January 20, 2023, The Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth published “Digital Assets and Privacy,” a discussion paper compiling insights from workshops with CIPL member companies that explored the intersection of privacy and digital assets, with a particular focus on blockchain technology. The paper includes recommendations for developing coherent, tech-friendly, future-focused, and pragmatic regulations and policies.
KnowBe4
JANUARY 20, 2023
An unusual phishing technique has surfaced this week. Avanan, a Check Point Software company, released a blog Thursday morning detailing a new attack in which hackers hide malicious content inside a blank image within an HTML attachment in phishing emails claiming to be from DocuSign.
Dark Reading
JANUARY 19, 2023
The "BoldMove" backdoor demonstrates a high level of knowledge of FortiOS, according to Mandiant researchers, who said the attacker appears to be based out of China.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Data Breach Today
JANUARY 18, 2023
Massive Profit Potential and Robust Initial Access Market Keep Fueling Ecosystem Ransomware syndicates continue to earn massive profits for criminals while disrupting victims' operations worldwide. Security researchers tracking known victims say their numbers remain unchanged from 2021 to 2022, as attackers tap abundant cybercrime services to help amass fresh victims.
eSecurity Planet
JANUARY 19, 2023
Despite challenges faced by Meta and others, there remains optimism for the metaverse. The PwC 2022 U.S. Business and Consumer Metaverse Survey highlights this. The survey, which included over 5,000 consumers and 1,000 U.S. business leaders, shows that half of consumers consider the metaverse to be exciting, and 66% of executives say their companies are actively engaged with it.
Schneier on Security
JANUARY 19, 2023
A group of Swiss researchers have published an impressive security analysis of Threema. We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers. We present seven different attacks against the protocol in three different threat models. As one example, we present a cross-protocol attack which breaks authentication in Threema and which exploits the lack of proper key separation between diff
Dark Reading
JANUARY 17, 2023
Security professionals must update their skill sets and be proactive to stay ahead of cybercriminals. It's time to learn to think and act like an attacker to cope with the cyber "new normal.
Advertisement
There’s a good reason why Apache Cassandra® is quickly becoming the NoSQL database of choice for organizations of all stripes. In this white paper, discover the key use cases that make Cassandra® such a compelling open source software – and learn the important pitfalls to avoid. From understanding its distributed architecture to unlocking its incredible power for industries like healthcare, finance, retail and more, experience how Cassandra® can transform your entire data operations.
Data Breach Today
JANUARY 20, 2023
Since Hydra Market Got Shuttered by Police, Russian Rivals Battle for Market Share Competition between rival Russian-language darknet markets remains fierce since police shuttered Hydra last year. The latest to fall dark is Solaris, which controlled an estimated 25% of the darknet drug trade. It got hacked by newcomer rival Kraken. But that wasn't Solaris' only problem.
Hanzo Learning Center
JANUARY 17, 2023
It’s that time of year again when people are pulling out their crystal balls and doing their best to predict the future of what we’ll see in the ediscovery industry in 2023. I mean who doesn’t want to know what to look out for down the road? So in that spirit, here are some things Hanzo has been paying attention to as we move into a new year.
Schneier on Security
JANUARY 18, 2023
Launched just weeks ago, ChatGPT is already threatening to upend how we draft everyday communications like emails , college essays and myriad other forms of writing. Created by the company OpenAI, ChatGPT is a chatbot that can automatically respond to written prompts in a manner that is sometimes eerily close to human. But for all the consternation over the potential for humans to be replaced by machines in formats like poetry and sitcom scripts, a far greater threat looms: artificial intelligen
WIRED Threat Level
JANUARY 20, 2023
Research shows that relatively few people exist in perfectly sealed-off media bubbles—but they’re still having an outsize impact on US politics.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Data Breach Today
JANUARY 16, 2023
Thomas Shares How the IntSights Acquisition Made Threat Intelligence Actionable The IntSights deal has allowed Rapid7 to offer more visibility into the threat landscape and target the phishing infrastructure used by hackers. The deal has helped Rapid7 determine the spoofed domains and the employees and social media accounts that adversaries have targeted, CEO Corey Thomas says.
Dark Reading
JANUARY 17, 2023
The latest critical bug is exploitable in dozens of ManageEngine products and exposes systems to catastrophic risks, researchers warn.
Schneier on Security
JANUARY 20, 2023
From an article about Zheng Xiaoqing, an American convicted of spying for China: According to a Department of Justice (DOJ) indictment, the US citizen hid confidential files stolen from his employers in the binary code of a digital photograph of a sunset, which Mr Zheng then mailed to himself.
IT Governance
JANUARY 16, 2023
Physical security in the workplace is a dying artform. With our growing reliance on technology and the rise in remote working, we are leaning more on cyber security and neglecting the protection of tangible assets. Although many workers still go into the office on a full- or part-time basis, our workforces are for the most part diffuse. Instead of individual desks in a single space, the office is now spread across the country and linked by home offices, Cloud services, videoconferencing software
Speaker: Steve Pappas
As businesses strive for success in an increasingly digitized world, delivering an exceptional customer experience has become paramount. To meet this demand, enterprises are embracing innovative approaches that captivate customers and fuel their loyalty. 💥 Enter conversational AI - an absolute game-changer (if done right) in redefining CX norms.
Data Breach Today
JANUARY 15, 2023
Meta Says Firm Used Fake Accounts to Gather Information on 600K Facebook Users Meta says it is taking legal action against scraping-for-hire service provider Voyager Labs for allegedly using fake accounts to copy data accessible about users when logged into Facebook, Instagram and other websites. The social media firms says it closed 60,000 fake accounts.
Dark Reading
JANUARY 18, 2023
Threat actors are diversifying across all aspects to attack critical infrastructure, muddying the threat landscape, and forcing industrial organizations to rethink their security.
Hunton Privacy
JANUARY 18, 2023
On January 16, 2023, the Directive on measures for a high common level of cybersecurity across the Union (the “NIS2 Directive”) and the Directive on the resilience of critical entities (“CER Directive”) entered into force. The NIS2 Directive repeals the current NIS Directive and creates a more extensive and harmonized set of rules on cybersecurity for organizations carrying out their activities within the European Union.
Expert insights. Personalized for you.
135 
Let's personalize your content