Sat.Oct 28, 2023 - Fri.Nov 03, 2023

article thumbnail

Researcher Claims to Crack RSA-2048 With Quantum Computer

Data Breach Today

As Ed Gerck Readies Research Paper, Security Experts Say They Want to See Proof A scientist claims to have developed an inexpensive system for using quantum computing to crack RSA, which is the world's most commonly used public key algorithm. If true, this would be a breakthrough that comes years before experts predicted. Now, they're asking for proof.

Paper 364
article thumbnail

Author Q&A: Here’s why the good guys must continually test the limitations of ‘EDR’

The Last Watchdog

A new tier of overlapping, interoperable, highly automated security platforms must, over the next decade, replace the legacy, on-premise systems that enterprises spent multiple kings’ fortunes building up over the past 25 years. Related: How ‘XDR’ defeats silos Now along comes a new book, Evading EDR: The Definitive Guide for Defeating Endpoint Detection Systems , by a red team expert, Matt Hand, that drills down a premier legacy security system that is in the midst of this transitio

Cloud 311
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Krebs on Security

The login page for the criminal reshipping service SWAT USA Drop. One of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. Here’s a closer look at the Russia-based SWAT USA Drop Service , which currently employs more than 1,200 people across the United States who are knowingly or unwittingly involved in reshipping expensive consumer goods purchased with stolen credit cards.

Marketing 276
article thumbnail

Takeaways from the Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence

AIIM

In the U.S., President Joe Biden’s administration issued an executive order on artificial intelligence, which “establishes new standards for AI security.” The Executive Order issued on October 30, 2023 directs several actions designed to “protect Americans from the potential risks of AI systems.

article thumbnail

10 Rules for Managing Apache Cassandra

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

article thumbnail

Lazarus Group Looking for Unpatched Software Vulnerabilities

Data Breach Today

North Korean Hackers Repeatedly Target Known Flaws in Legitimate Software North Korean hackers are spreading malware through known vulnerabilities in legitimate software. In a new campaign spotted by Kaspersky researchers, the Lazarus group is targeting a version of an unnamed software product with vulnerabilities reported and patches available.

317
317

More Trending

article thumbnail

US Harbors Prolific Malicious Link Shortening Service

Krebs on Security

The top-level domain for the United States — US — is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. The findings come close on the heels of a report that identified.US domains as among the most prevalent in phishing attacks over the past year.

Phishing 273
article thumbnail

The Critical Role of Content Architecture in Generative AI

AIIM

What is Generative AI? Generative AI has caught fire in the industry – almost every tech vendor has a ChatGPT-like offering (or claims to have one). They are claiming to use the same technology – a large language model (LLM) (actually there are many Large Language Models both open source and proprietary fine-tuned for various industries and purposes) to access and organize content knowledge of the enterprise.

Access 115
article thumbnail

Feds Levy First-Ever HIPAA Fine for Ransomware Data Breach

Data Breach Today

Massachusetts Management Firm to Pay $100,000, Monitor HIPAA Compliance for 3 Years A Massachusetts-based medical management firm holds the dubious honor of being the first ransomware victim fined for a data breach by the Department of Health and Human Services. Doctor Management Group agreed to a $100,000 financial settlement and three years of HIPAA compliance monitoring.

article thumbnail

Bug hunters earned $1,038,250 for 58 unique 0-days at Pwn2Own Toronto 2023

Security Affairs

The Pwn2Own Toronto 2023 hacking competition is over, bug hunters earned $1,038,500 for 58 zero-day exploits. The Pwn2Own Toronto 2023 hacking competition is over, the organizers awarded $1,038,250 for 58 unique 0-days. The Team Viettel ( @vcslab ) won the Master of Pwn with $180K and 30 points. The vulnerabilities exploited by the experts have been disclosed to the vendors, the ZDI gives them 90 days to address these flaws.

Security 128
article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

article thumbnail

The UN Hired an AI Company to Untangle the Israeli-Palestinian Crisis

WIRED Threat Level

CulturePulse's AI model promises to create a realistic virtual simulation of every Israeli and Palestinian citizen. But don't roll your eyes: It's already been put to the test in other conflict zones.

IT 126
article thumbnail

SEC Charges Against SolarWinds CISO Send Shockwaves Through Security Ranks

Dark Reading

The legal actions may have a chilling effect on hiring CISOs, who are already in short supply, but may also expose just how budget-constrained most security executives are.

Security 127
article thumbnail

Misdirection for a Price: Malicious Link-Shortening Services

Data Breach Today

Researchers Discover 'Prolific Puma' Service Used by Hackers, Phishers and Scammers Researchers have discovered an underground offering with the codename "Prolific Puma," which since 2020 has been the "largest and most dynamic" cybercrime link-shortening service on the market. Attackers use it to better target victims with phishing campaigns, scams and malware.

Phishing 305
article thumbnail

Russian FSB arrested Russian hackers who supported Ukrainian cyber operations

Security Affairs

The FSB arrested two Russian hackers who are accused of having helped Ukrainian entities carry out cyberattacks on critical infrastructure targets. The Russian intelligence agency Federal Security Service (FSB) arrested two individuals who are suspected of supporting Ukrainian entities to carry out cyberattacks to disrupt Russian critical infrastructure.

Security 125
article thumbnail

Navigating the Future: Generative AI, Application Analytics, and Data

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

article thumbnail

UK Information Commissioner’s Office Publishes Toolkit for Data Sharing with Law Enforcement

Data Matters

The Information Commissioner’s Office (“ ICO ”) has introduced a toolkit on data sharing with law enforcement (“ Toolkit ”) which supplements the ICO’s existing guidance on sharing personal data with law enforcement authorities. The Toolkit is intended to function as a tool for smaller organisations to make an informed decision about whether to share personal data with law enforcement.

article thumbnail

Oracle Enables MFA by Default on Oracle Cloud

Dark Reading

Mandatory multifactor authentication is just the latest in Oracle's commitment to have security built-in by default into Oracle Cloud Infrastructure.

Cloud 134
article thumbnail

White House Issues Sweeping Executive Order to Secure AI

Data Breach Today

Biden Administration Demands to See Red-Teaming Safety Tests of Foundational Models U.S. President Joe Biden is invoking a Cold War-era law in an executive order directing developers of advanced AI models to notify the government and share safety tests. The order is "the strongest set of actions any government in the world has ever taken on AI safety," a White House official said.

Security 304
article thumbnail

Experts released PoC exploit code for Cisco IOS XE flaw CVE-2023-20198

Security Affairs

Researchers publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. Researchers from Researchers at Horizon3.ai publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. Cisco recently warned customers of a zero-day vulnerability, tracked as CVE-2023-20198 (CVSS score 10), in its IOS XE Software that is actively exploited in attacks.

Honeypots 124
article thumbnail

Get Better Network Graphs & Save Analysts Time

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

article thumbnail

News alert: AdviserCyber launches to help ‘RIAs’ meet SEC’s cybersecurity infrastructure rules

The Last Watchdog

Phoenix, Ariz. — Nov. 1, 2023 — AdviserCyber , a cybersecurity service provider for Registered Investment Advisers (RIAs) with $500M to $3B Assets Under Management (AUM) who must comply with the Securities and Exchange Commission (SEC) cybersecurity requirements, announced its formal launch today. In the last year alone, advisers and wealth managers in financial sectors have witnessed an 80% increase in cyber threats and intrusion activity, with investment advisers being particularly vulner

article thumbnail

Mainframe Modernization Challenge: It’s Not About COBOL, It’s About Mainframe Skills and Resources

OpenText Information Management

In the fast-evolving landscape of digital transformation, which is shifting exponentially into the artificial intelligence (AI) era, organizations are accelerating their mainframe modernization journey to innovate and stay competitive. While many with valuable legacy applications on the mainframe perceive the primary challenge to be the archaic COBOL code, a closer look reveals that the real … The post Mainframe Modernization Challenge: It’s Not About COBOL, It’s About Mainfram

article thumbnail

Boeing Reports 'Cyber Incident'; Ransomware Group Claims Hit

Data Breach Today

Aerospace Giant Says Elements of Parts and Distribution Business Are Affected Boeing has confirmed suffering a "cyber incident" affecting its parts and distribution business days after the notorious LockBit ransomware group claimed to have breached systems at the world's biggest aerospace company and to have stolen "a tremendous amount of sensitive data.

article thumbnail

Okta customer support system breach impacted 134 customers

Security Affairs

Threat actors who breached the Okta customer support system also gained access to files belonging to 134 customers. Threat actors who breached the Okta customer support system in October gained access to files belonging to 134 customers, the company revealed. Some of the files accessed by the attackers are HAR files that contained session tokens. According to the company, the threat actor was able to use these session tokens to hijack the legitimate Okta sessions of 5 customers.

article thumbnail

10 Rules for Managing Apache Kafka

Without proper guidance, it’s easy to miss out on Kafka’s full capabilities. While not the easiest technology to optimize, Kafka rewards those willing to explore its depths. Under the hood, it is an elegant system for stream processing, event sourcing, and data integration. Download this white paper to learn the 10 critical rules that will help you optimize your Kafka system and unlock its full potential.

article thumbnail

News alert: Ivanti reports reveals 49% of CXOs have requested bypassing security measures

The Last Watchdog

Salt Lake City, Utah, Oct. 31, 2023 — Ivanti , the tech company that elevates and secures Everywhere Work, today announced the results of its Executive Security Spotlight report as part of Ivanti’s Cybersecurity Status Report Series. Ivanti surveyed over 6,500 executive leaders, cybersecurity professionals and office workers to understand today’s threats and discover how organizations are preparing for yet-unknown future threats.

Security 100
article thumbnail

Boeing Confirms Cyberattack, System Compromise

Dark Reading

The aerospace giant said it's alerting customers that its parts and distribution systems have been impacted by cyberattack.

IT 142
article thumbnail

Ransomware Groups Exploiting Unpatched NetScaler Devices

Data Breach Today

Patch or Perish: Researchers See Mass Exploits of NetScaler ADC and Gateway Devices Ransomware-wielding groups are among the attackers exploiting vulnerabilities in NetScaler devices to bypass authentication and gain initial access to victims' networks. Experts say users must not just patch but also wipe device memory to prevent attackers from bypassing access controls.

article thumbnail

ZDI discloses four zero-day flaws in Microsoft Exchange

Security Affairs

Researchers disclosed four zero-day flaws in Microsoft Exchange that can be remotely exploited to execute arbitrary code or disclose sensitive information on vulnerable installs. Trend Micro’s Zero Day Initiative (ZDI) disclosed four zero-day vulnerabilities in Microsoft Exchange that can be remotely exploited by an authenticated attacker to execute arbitrary code or disclose sensitive information on vulnerable installs.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

News alert: Traceable celebrates winning the prestigious SINET16 Innovator Award for 2023

The Last Watchdog

San Francisco, Calif., Oct. 31, 2023 – Traceable AI , the industry’s leading API security company, proudly announces its continued recognition in the cybersecurity industry, with the latest accolade being the prestigious SINET16 Innovator Award for 2023. The SINET16 Innovator Award recognizes the most innovative companies and technologies addressing today’s top cybersecurity threats and vulnerabilities.

article thumbnail

Ace Hardware Still Reeling From Weeklong Cyberattack

Dark Reading

Cyberattackers downed a quarter of the hardware giant's entire IT apparatus. Now, before the company can recover, they're going after individual branches.

IT 127
article thumbnail

SEC Alleges SolarWinds, CISO Tim Brown Defrauded Investors

Data Breach Today

SEC Seeks to Ban Brown From Serving As Officer, Director of Publicly-Traded Company Federal regulators accused SolarWinds and CISO Tim Brown of fraud and internal control failures for misleading investors about the company's cybersecurity practices and risks. The SEC said SolarWinds and Brown disclosed only generic and hypothetical risks even though they knew about specific issues.

Risk 291