Sat.Oct 21, 2023 - Fri.Oct 27, 2023

article thumbnail

'Log in with.' Feature Allows Full Online Account Takeover for Millions

Dark Reading

Hundreds of millions of users of Grammarly, Vidio, and the Indonesian e-commerce giant Bukalapak are at risk for financial fraud and credential theft due to OAuth misfires -- and other online services likely have the same problems.

Risk 141
article thumbnail

GUEST ESSAY: Cisco-Splunk merger will boost Snowflake – here’s how security teams can benefit.

The Last Watchdog

Cisco’s $28 billion acquisition of Splunk comes at an inflection point of security teams beginning to adopt to working with modern, cloud-native data lakes. Related: Dasera launches new Snowflake platform For years, Splunk has been the workhorse SIEM for many enterprise Security Operation Centers (SOCs). However, security teams have challenges with Splunk’s steeply rising costs.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Breach Roundup: Winter Vivern Hunting For Emails

Data Breach Today

Also, Cloudflare Records Surge in HTTP DDoS Attacks This week: espionage group exploits a zero-day in Roundcube Webmail, Cloudflare records a surge in HTTP DDoS attacks, ZScaler detects a spike in IoT hacks, the International Criminal Court says its cyber incident was espionage and the Kansas court system still offline.

IoT 296
article thumbnail

NJ Man Hired Online to Firebomb, Shoot at Homes Gets 13 Years in Prison

Krebs on Security

A 22-year-old New Jersey man has been sentenced to more than 13 years in prison for participating in a firebombing and a shooting at homes in Pennsylvania last year. Patrick McGovern-Allen was the subject of a Sept. 4, 2022 story here about the emergence of “violence-as-a-service” offerings, where random people from the Internet hire themselves out to perform a variety of local, physical attacks, including firebombing a home, “bricking” windows, slashing tires, or perform

Access 239
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Shared Drives & Email as Low-Hanging InfoGov Fruit

Weissman's World

If you know – or have been told – you have to do SOMETHING to get a grip on your exploding piles of information … and you’ve been given next-to-no resources to get anything done … then let me remind you that you don’t have wait until you can do it all. No, you can start small,… Read More » Shared Drives & Email as Low-Hanging InfoGov Fruit The post Shared Drives & Email as Low-Hanging InfoGov Fruit appeared first on Holly Group.

Cleanup 156

More Trending

article thumbnail

CISA Launches Logging Tool For Resource-Poor Organizations

Data Breach Today

'Logging Made Easy' Provides Organizations With Critical Cybersecurity Insights The U.S. Cybersecurity and Infrastructure Security Agency launched a security tool intended to help organizations with limited resources better protect their Windows-based devices and sensitive data. Logging Made Easy is meant to serve as a turnkey log management tool.

article thumbnail

Cyberattackers Alter Implant on 30K Compromised Cisco IOS XE Devices

Dark Reading

A seemingly sharp drop in the number of compromised Cisco IOS XE devices visible on the Internet led to a flurry of speculation over the weekend — but it turns out the malicious implants were just hiding.

IT 135
article thumbnail

Artificial Governance Resources

AIIM

AI Governance Resources Patricia C. Franks and Scott Cameron provided this list of helpful resources. Be sure to check out their AIIM blog post about paradata and documenting artificial intelligence (AI) processes.

article thumbnail

Elon Musk Mocked Ukraine, and Russian Trolls Went Wild

WIRED Threat Level

Inauthentic accounts on X flocked to its owner’s post about Ukrainian president Vlodymr Zelensky, hailing “Comrade Musk” and boosting pro-Russia propaganda.

IT 134
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Phish Perfect: How ChatGPT Can Help Criminals Get There

Data Breach Today

AI Generated Phishing Still Cannot Beat Humans, But Not for Long: IBM ChatGPT can craft almost perfect phishing emails in five minutes, nearly beating a social engineering team with decades of experience, the results of a "nail-biting" experiment by IBM showed. The "humans emerged victorious, but by the narrowest of margins," the report said.

Phishing 322
article thumbnail

As Citrix Urges Its Clients to Patch, Researchers Release an Exploit

Dark Reading

In the race over Citrix's latest vulnerability, the bad guys have a huge head start, with broad implications for businesses and critical infrastructure providers worldwide.

IT 128
article thumbnail

News alert: Massachusetts awards $2.3 million grant to strengthen cybersecurity ecosystem statewide

The Last Watchdog

Boston, Mass., Oct. 27, 2023 – Today, the Healey-Driscoll Administration announced a $2.3 million grant through the MassTech Collaborative’s MassCyberCenter to CyberTrust Massachusetts, a nonprofit dedicated to strengthening the cybersecurity ecosystem, to support cybersecurity resiliency for Massachusetts communities and help develop a talent pipeline at Masschusetts colleges and universities to encourage students to enter the field.

article thumbnail

A threat actor is selling access to Facebook and Instagram’s Police Portal

Security Affairs

A threat actor is selling access to Facebook and Instagram’s Police Portal used by law enforcement agencies to request data relating to users under investigation. Cyber security researcher Alon Gal, co-founder & CTO of Hudson Rock, first reported that a threat actor is selling access to Facebook and Instagram’s Police Portal. The portal allows law enforcement agencies to request data relating to users (IP, phones, DMs, device info) or request the removal of posts and the ban of a

Access 124
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Spanish Police Dismantle Cybercrime Ring

Data Breach Today

Police Arrested 34 Members of the Group That Defrauded 3 Million Euros Spanish police arrested 34 members of a cybercrime group that used phishing and other tactics to extort nearly 3 million euros from victims. The group is believed to have stolen data of more than 4 million banking customers to target its victims.

Phishing 315
article thumbnail

Unlocking AI’s Strategic Imperative: From Proof of Concept to Production

Hanzo Learning Center

We will likely now all agree that the latest generation of AI has emerged as a game-changer. Its potential is undeniable and prevalent across every sector, industry, and use case. Yet, many enterprises remain stuck in the "Proof of Concept" (POC) phase due to various barriers, testing the waters but never diving in. It's time to move beyond this and build real-world applications using AI.

IT 117
article thumbnail

News alert: DataPivot delivers innovative data backup, recovery services to healthcare sector

The Last Watchdog

North Andover, Mass., Oct.25, 2023— DataPivot Technologies , a prominent provider of Data Center, Cloud and Data Protection Solutions, understands that healthcare providers today are scrambling to solve complex clinical, operational and patient data backup & recovery challenges. In response to this industry’s data growth and complexity, DataPivot is delivering innovative data protection solutions that are modern, flexible and scalable, empowering their clients to navigate the complexitie

Cloud 100
article thumbnail

Lockbit ransomware gang claims to have stolen data from Boeing

Security Affairs

The Lockbit ransomware gang claims to have hacked the aerospace manufacturer and defense contractor Boeing and threatened to leak the stolen data. The Boeing Company, commonly known as Boeing, is one of the world’s largest aerospace manufacturers and defense contractors. In 2022, Boeing recorded $66.61 billion in sales, the aerospace giant has 156,000 (2022).

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Known Ransomware Attack Volume Breaks Monthly Record, Again

Data Breach Today

Ransomware Groups Listed 514 Victims in Total on Their Data Leak Sites Last Month The volume of known ransomware attacks surged last month to record-breaking levels, with groups collectively listing 514 victims on their data-leak sites, security researchers report. In the lead: long-timer LockBit followed by newcomer LostTrust, with other new groups also having a notable impact.

article thumbnail

Octo Tempest Group Threatens Physical Violence as Social Engineering Tactic

Dark Reading

The financially motivated English-speaking threat actors use advanced social engineering techniques, SIM swapping, and even threats of violence to breach targets.

122
122
article thumbnail

News alert: Flexxon welcomes distinguished industry veteran Ravi Agarwal to its advisory board

The Last Watchdog

Singapore, Oct. 25, 2023 – Hardware cybersecurity solutions pioneer Flexxon (the “Company”) today announced the appointment of ex-Intel and Microsoft executive Mr Ravi Agarwal to its advisory board. An industry veteran with over three decades of experience, Mr Agarwal will lend his extensive expertise to the Company’s strategic growth and innovation strategy across its markets of operation.

IT 100
article thumbnail

MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

Security Affairs

MI5 chief warns Chinese cyber espionage reached an epic scale, more than 20,000 people in the UK have now been targeted. The head of MI5, Ken McCallum, warns that Chinese spies targeted more than 20,000 people in the UK. During a meeting of security chiefs of the Five Eyes alliance held in California, McCallum told BBC that the Chinese cyber espionage reached an epic scale.

Military 120
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

1Password Finds 'Suspicious Activity' Tied to Okta Breach

Data Breach Today

Stolen Customer Support Files From Okta Used to Attack 1Password, BeyondTrust Widely used password management software provider 1Password said a hacker breached had one of its systems but failed to steal any sensitive data, after stealing a valid session cookie from the customer support system of its access and identity management provider, Okta.

Passwords 305
article thumbnail

Microsoft: 0ktapus Cyberattackers Evolve to 'Most Dangerous' Status

Dark Reading

The English-speaking cyberattack group behind the MGM and Caesars Entertainment attacks is adding unique capabilities and gaining in sophistication. Prepare now, Microsoft says.

114
114
article thumbnail

News alert: Lumifi seeking to acquire MDR cybersecurity firms to accelerate growth

The Last Watchdog

Scottsdale, Ariz., Oct. 24, 2023 — Lumifi , a cybersecurity industry leader, is embarking on a strategic expansion plan by targeting cybersecurity firms. This strategic direction gains its foundation from Lumifi’s recent landmark acquisition, Castra, valued at $14 million, which further fortifies the SOC Visibility Triad, a concept initially introduced in a Gartner® research report titled “ Apply Network-Centric Approaches for Threat Detection and Response “ 1 We believ

article thumbnail

A Controversial Plan to Scan Private Messages for Child Abuse Meets Fresh Scandal

WIRED Threat Level

An EU government body is pushing a proposal to combat child sexual abuse material that has significant privacy implications. Its lead advocate is making things even messier.

Privacy 116
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Keyfactor Earns $1.3B Valuation After Sale of Minority Stake

Data Breach Today

Funds Comes Two Years After Insight-Backed Keyfactor Merged With CA Vendor PrimeKey A machine identity management provider led by an ex-Tricentis executive notched a $1.3 billion valuation after getting a minority investment from Sixth Street Group. Keyfactor said the funds will support high market demand for technology that secures devices and simplifies public key infrastructure.

Sales 302
article thumbnail

It's Time to Establish the NATO of Cybersecurity

Dark Reading

Cybercriminals already operate across borders. Nations must do the same to protect their critical infrastructure, people, and technology from threats foreign and domestic.

article thumbnail

Seiko confirmed a data breach after BlackCat attack

Security Affairs

Japanese watchmaker Seiko revealed that the attack that suffered earlier this year was carried out by the Black Cat ransomware gang. On August 10, 2023, the Japanese maker of watches Seiko disclosed a data breach following a cyber attack. “Seiko Group Corporation (hereinafter referred to as “the Company” or “we”) has confirmed that on July 28th of this year, the Company suffered a possible data breach.