Sat.Oct 28, 2023 - Fri.Nov 03, 2023

article thumbnail

Researcher Claims to Crack RSA-2048 With Quantum Computer

Data Breach Today

As Ed Gerck Readies Research Paper, Security Experts Say They Want to See Proof A scientist claims to have developed an inexpensive system for using quantum computing to crack RSA, which is the world's most commonly used public key algorithm. If true, this would be a breakthrough that comes years before experts predicted. Now, they're asking for proof.

Paper 363
article thumbnail

Author Q&A: Here’s why the good guys must continually test the limitations of ‘EDR’

The Last Watchdog

A new tier of overlapping, interoperable, highly automated security platforms must, over the next decade, replace the legacy, on-premise systems that enterprises spent multiple kings’ fortunes building up over the past 25 years. Related: How ‘XDR’ defeats silos Now along comes a new book, Evading EDR: The Definitive Guide for Defeating Endpoint Detection Systems , by a red team expert, Matt Hand, that drills down a premier legacy security system that is in the midst of this transitio

Security 312
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Krebs on Security

The login page for the criminal reshipping service SWAT USA Drop. One of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. Here’s a closer look at the Russia-based SWAT USA Drop Service , which currently employs more than 1,200 people across the United States who are knowingly or unwittingly involved in reshipping expensive consumer goods purchased with stolen credit cards.

article thumbnail

Takeaways from the Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence

AIIM

In the U.S., President Joe Biden’s administration issued an executive order on artificial intelligence, which “establishes new standards for AI security.” The Executive Order issued on October 30, 2023 directs several actions designed to “protect Americans from the potential risks of AI systems.

article thumbnail

LLMs in Production: Tooling, Process, and Team Structure

Speaker: Dr. Greg Loughnane and Chris Alexiuk

Technology professionals developing generative AI applications are finding that there are big leaps from POCs and MVPs to production-ready applications. They're often developing using prompting, Retrieval Augmented Generation (RAG), and fine-tuning (up to and including Reinforcement Learning with Human Feedback (RLHF)), typically in that order. However, during development – and even more so once deployed to production – best practices for operating and improving generative AI applications are le

article thumbnail

Lazarus Group Looking for Unpatched Software Vulnerabilities

Data Breach Today

North Korean Hackers Repeatedly Target Known Flaws in Legitimate Software North Korean hackers are spreading malware through known vulnerabilities in legitimate software. In a new campaign spotted by Kaspersky researchers, the Lazarus group is targeting a version of an unnamed software product with vulnerabilities reported and patches available.

303
303

More Trending

article thumbnail

US Harbors Prolific Malicious Link Shortening Service

Krebs on Security

The top-level domain for the United States — US — is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. The findings come close on the heels of a report that identified.US domains as among the most prevalent in phishing attacks over the past year.

Phishing 262
article thumbnail

The Critical Role of Content Architecture in Generative AI

AIIM

What is Generative AI? Generative AI has caught fire in the industry – almost every tech vendor has a ChatGPT-like offering (or claims to have one). They are claiming to use the same technology – a large language model (LLM) (actually there are many Large Language Models both open source and proprietary fine-tuned for various industries and purposes) to access and organize content knowledge of the enterprise.

Access 118
article thumbnail

Feds Levy First-Ever HIPAA Fine for Ransomware Data Breach

Data Breach Today

Massachusetts Management Firm to Pay $100,000, Monitor HIPAA Compliance for 3 Years A Massachusetts-based medical management firm holds the dubious honor of being the first ransomware victim fined for a data breach by the Department of Health and Human Services. Doctor Management Group agreed to a $100,000 financial settlement and three years of HIPAA compliance monitoring.

article thumbnail

The UN Hired an AI Company to Untangle the Israeli-Palestinian Crisis

WIRED Threat Level

CulturePulse's AI model promises to create a realistic virtual simulation of every Israeli and Palestinian citizen. But don't roll your eyes: It's already been put to the test in other conflict zones.

article thumbnail

Your Expert Guide to CX Orchestration & Enhancing Customer Journeys

Speaker: Keith Kmett, Principal CX Advisor at Medallia

Join Keith Kmett, Principal CX Advisor, in this new webinar that will focus on: Understanding CX Orchestration Fundamentals: Gain a solid understanding of what CX orchestration is, its significance in the customer experience landscape, and how it plays a crucial role in shaping customer journeys. This includes the key concepts, strategies, and best practices involved in CX orchestration. 🔑 Connection to Customer Journey Maps: How to effectively integrate customer journey mapping into the

article thumbnail

Oracle Enables MFA by Default on Oracle Cloud

Dark Reading

Mandatory multifactor authentication is just the latest in Oracle's commitment to have security built-in by default into Oracle Cloud Infrastructure.

Cloud 136
article thumbnail

UK Information Commissioner’s Office Publishes Toolkit for Data Sharing with Law Enforcement

Data Matters

The Information Commissioner’s Office (“ ICO ”) has introduced a toolkit on data sharing with law enforcement (“ Toolkit ”) which supplements the ICO’s existing guidance on sharing personal data with law enforcement authorities. The Toolkit is intended to function as a tool for smaller organisations to make an informed decision about whether to share personal data with law enforcement.

article thumbnail

Boeing Reports 'Cyber Incident'; Ransomware Group Claims Hit

Data Breach Today

Aerospace Giant Says Elements of Parts and Distribution Business Are Affected Boeing has confirmed suffering a "cyber incident" affecting its parts and distribution business days after the notorious LockBit ransomware group claimed to have breached systems at the world's biggest aerospace company and to have stolen "a tremendous amount of sensitive data.

article thumbnail

News alert: AdviserCyber launches to help ‘RIAs’ meet SEC’s cybersecurity infrastructure rules

The Last Watchdog

Phoenix, Ariz. — Nov. 1, 2023 — AdviserCyber , a cybersecurity service provider for Registered Investment Advisers (RIAs) with $500M to $3B Assets Under Management (AUM) who must comply with the Securities and Exchange Commission (SEC) cybersecurity requirements, announced its formal launch today. In the last year alone, advisers and wealth managers in financial sectors have witnessed an 80% increase in cyber threats and intrusion activity, with investment advisers being particularly vulner

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

SEC Charges Against SolarWinds CISO Send Shockwaves Through Security Ranks

Dark Reading

The legal actions may have a chilling effect on hiring CISOs, who are already in short supply, but may also expose just how budget-constrained most security executives are.

Security 128
article thumbnail

Mainframe Modernization Challenge: It’s Not About COBOL, It’s About Mainframe Skills and Resources

OpenText Information Management

In the fast-evolving landscape of digital transformation, which is shifting exponentially into the artificial intelligence (AI) era, organizations are accelerating their mainframe modernization journey to innovate and stay competitive. While many with valuable legacy applications on the mainframe perceive the primary challenge to be the archaic COBOL code, a closer look reveals that the real … The post Mainframe Modernization Challenge: It’s Not About COBOL, It’s About Mainfram

article thumbnail

Misdirection for a Price: Malicious Link-Shortening Services

Data Breach Today

Researchers Discover 'Prolific Puma' Service Used by Hackers, Phishers and Scammers Researchers have discovered an underground offering with the codename "Prolific Puma," which since 2020 has been the "largest and most dynamic" cybercrime link-shortening service on the market. Attackers use it to better target victims with phishing campaigns, scams and malware.

Phishing 295
article thumbnail

News alert: Ivanti reports reveals 49% of CXOs have requested bypassing security measures

The Last Watchdog

Salt Lake City, Utah, Oct. 31, 2023 — Ivanti , the tech company that elevates and secures Everywhere Work, today announced the results of its Executive Security Spotlight report as part of Ivanti’s Cybersecurity Status Report Series. Ivanti surveyed over 6,500 executive leaders, cybersecurity professionals and office workers to understand today’s threats and discover how organizations are preparing for yet-unknown future threats.

Security 100
article thumbnail

Use Cases for Apache Cassandra®

There’s a good reason why Apache Cassandra® is quickly becoming the NoSQL database of choice for organizations of all stripes. In this white paper, discover the key use cases that make Cassandra® such a compelling open source software – and learn the important pitfalls to avoid. From understanding its distributed architecture to unlocking its incredible power for industries like healthcare, finance, retail and more, experience how Cassandra® can transform your entire data operations.

article thumbnail

Russian FSB arrested Russian hackers who supported Ukrainian cyber operations

Security Affairs

The FSB arrested two Russian hackers who are accused of having helped Ukrainian entities carry out cyberattacks on critical infrastructure targets. The Russian intelligence agency Federal Security Service (FSB) arrested two individuals who are suspected of supporting Ukrainian entities to carry out cyberattacks to disrupt Russian critical infrastructure.

Security 121
article thumbnail

Boeing Confirms Cyberattack, System Compromise

Dark Reading

The aerospace giant said it's alerting customers that its parts and distribution systems have been impacted by cyberattack.

IT 143
article thumbnail

White House Issues Sweeping Executive Order to Secure AI

Data Breach Today

Biden Administration Demands to See Red-Teaming Safety Tests of Foundational Models U.S. President Joe Biden is invoking a Cold War-era law in an executive order directing developers of advanced AI models to notify the government and share safety tests. The order is "the strongest set of actions any government in the world has ever taken on AI safety," a White House official said.

Security 294
article thumbnail

News alert: Traceable celebrates winning the prestigious SINET16 Innovator Award for 2023

The Last Watchdog

San Francisco, Calif., Oct. 31, 2023 – Traceable AI , the industry’s leading API security company, proudly announces its continued recognition in the cybersecurity industry, with the latest accolade being the prestigious SINET16 Innovator Award for 2023. The SINET16 Innovator Award recognizes the most innovative companies and technologies addressing today’s top cybersecurity threats and vulnerabilities.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Bug hunters earned $1,038,250 for 58 unique 0-days at Pwn2Own Toronto 2023

Security Affairs

The Pwn2Own Toronto 2023 hacking competition is over, bug hunters earned $1,038,500 for 58 zero-day exploits. The Pwn2Own Toronto 2023 hacking competition is over, the organizers awarded $1,038,250 for 58 unique 0-days. The Team Viettel ( @vcslab ) won the Master of Pwn with $180K and 30 points. The vulnerabilities exploited by the experts have been disclosed to the vendors, the ZDI gives them 90 days to address these flaws.

Security 124
article thumbnail

Ace Hardware Still Reeling From Weeklong Cyberattack

Dark Reading

Cyberattackers downed a quarter of the hardware giant's entire IT apparatus. Now, before the company can recover, they're going after individual branches.

IT 127
article thumbnail

How the Healthcare Sector Can Boost Credential Management

Data Breach Today

Stolen and compromised credentials continue to be the crux of major health data security incidents involving cloud environments. But stronger credential management practices and a focused approach to "least privilege engineering" would help, said Taylor Lehmann of Google Cloud.

Cloud 276
article thumbnail

The history of Kubernetes

IBM Big Data Hub

When it comes to modern IT infrastructure, the role of Kubernetes —the open-source container orchestration platform that automates the deployment, management and scaling of containerized software applications (apps) and services—can’t be underestimated. According to a Cloud Native Computing Foundation (CNCF) report (link resides outside ibm.com), Kubernetes is the second largest open-source project in the world after Linux and the primary container orchestration tool for 71% of

Cloud 116
article thumbnail

Reimagining CX: How to Implement Effective AI-Driven Transformations

Speaker: Steve Pappas

As businesses strive for success in an increasingly digitized world, delivering an exceptional customer experience has become paramount. To meet this demand, enterprises are embracing innovative approaches that captivate customers and fuel their loyalty. 💥 Enter conversational AI - an absolute game-changer (if done right) in redefining CX norms.

article thumbnail

Experts released PoC exploit code for Cisco IOS XE flaw CVE-2023-20198

Security Affairs

Researchers publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. Researchers from Researchers at Horizon3.ai publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. Cisco recently warned customers of a zero-day vulnerability, tracked as CVE-2023-20198 (CVSS score 10), in its IOS XE Software that is actively exploited in attacks.

Honeypots 121
article thumbnail

Exciting Announcements at HashiCorp’s Annual Conference

Daymark

HashiCorp recently held their annual conference, HashiConf 2023, in San Francisco (and virtually) to unveil some exciting enhancements to their suite of multi-cloud infrastructure automation software. Key themes revolved around infrastructure and security with an emphasis on how to use the cloud operating model to achieve operational cloud maturity and improve the developer experience while enabling platform teams to put controls in place to manage risk and cost.

Cloud 114
article thumbnail

Ransomware Groups Exploiting Unpatched NetScaler Devices

Data Breach Today

Patch or Perish: Researchers See Mass Exploits of NetScaler ADC and Gateway Devices Ransomware-wielding groups are among the attackers exploiting vulnerabilities in NetScaler devices to bypass authentication and gain initial access to victims' networks. Experts say users must not just patch but also wipe device memory to prevent attackers from bypassing access controls.