Sat.Mar 09, 2024 - Fri.Mar 15, 2024

article thumbnail

Business Forms and AI

AIIM

Nobody gives much thought to business forms; they just ‘are.’ As for the management of business forms, almost nobody knows that Forms Management is a ‘thing’; many likely wonder why business forms even need managing. Frankly, it’s as if business forms are unimportant, yet that could not be further from reality. They are critically important, and their centrality and importance in the world of information management and enterprise automation will likely grow exponentially over the coming years.

article thumbnail

Hackers Hiding Keylogger, RAT Malware in SVG Image Files

Data Breach Today

New Campaign Evades Security Tools to Deliver Agent Tesla Keylogger and XWorm RAT Threat actors are using image files or Scalable Vector Graphics files to deliver ransomware, download banking Trojans or distribute malware. The campaign uses an open-source tool, AutoSmuggle, to facilitate the delivery of malicious files through SVG or HTML files.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Building a 911 Cyber Civil Defense System for Healthcare

Data Breach Today

The healthcare sector needs a 911-style cyber civil defense system that can help all segments of the industry, including under-resourced groups, to more rapidly and effectively respond to cyberattacks and related incidents, said Erik Decker, CISO of Intermountain Health and a federal cyber adviser.

284
284
article thumbnail

CEO of data privacy company Onerep.com founded dozens of people-search firms

Krebs on Security

The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

There Are Dark Corners of the Internet. Then There's 764

WIRED Threat Level

A global network of violent predators is hiding in plain sight, targeting children on major platforms, grooming them, and extorting them to commit horrific acts of abuse.

Security 140

More Trending

article thumbnail

Ransomware Groups' Data Leak Blogs Lie: Stop Trusting Them

Data Breach Today

Don't Let the Quest for Data Lead You to Amplify What Criminals Might Be Claiming For the love of humanity, please stop playing into ransomware groups' hands by treating their data leak blogs as reliable sources of information and then using them to build lists of who's amassed the most victims. That's not what data leak sites actually document.

article thumbnail

Incognito Darknet Market Mass-Extorts Buyers, Sellers

Krebs on Security

Borrowing from the playbook of ransomware purveyors, the darknet narcotics bazaar Incognito Market has begun extorting all of its vendors and buyers, threatening to publish cryptocurrency transaction and chat records of users who refuse to pay a fee ranging from $100 to $20,000. The bold mass extortion attempt comes just days after Incognito Market administrators reportedly pulled an “exit scam” that left users unable to withdraw millions of dollars worth of funds from the platform.

Marketing 266
article thumbnail

Airbnb Bans All Indoor Security Cameras

WIRED Threat Level

Starting at the end of April, Airbnb will no longer allow hosts to have security cameras inside their rental properties, citing a commitment to prioritizing guest privacy.

Security 137
article thumbnail

FCC Updated Data Breach Notification Rules Go into Effect Despite Challenges

Hunton Privacy

On March 13, 2024, the Federal Communications Commission’s updates to the FCC data breach notification rules (the “Rules”) went into effect. They were adopted in December 2023 pursuant to an FCC Report and Order (the “Order”). The Rules went into effect despite challenges brought in the United States Court of Appeals for the Sixth Circuit. Two trade groups, the Ohio Telecom Association and the Texas Association of Business, petitioned the United States Court of Appeals for the Sixth Circuit and

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Ransomware Talent Surges to Akira After LockBit's Demise

Data Breach Today

US Healthcare Entities Are Firmly in Akira Ransomware Group's Sights, Expert Warns Ransomware groups may come and go, but often it's only in name, as the individuals involved will move on to power whatever group remains a going concern. Cue a reported flow of top talent from LockBit, which was recently disrupted by law enforcement, to Akira, which is apparently alive and well.

article thumbnail

Threat actors breached two crucial systems of the US CISA

Security Affairs

Threat actors hacked the systems of the Cybersecurity and Infrastructure Security Agency (CISA) by exploiting Ivanti flaws. The US Cybersecurity and Infrastructure Security Agency (CISA) agency was hacked in February, the Recorded Future News first reported. In response to the security breach, the agency had to shut down two crucial systems, as reported by a CISA spokesperson and US officials with knowledge of the incident, according to CNN.

article thumbnail

The 4 Big Questions the Pentagon’s New UFO Report Fails to Answer

WIRED Threat Level

The Pentagon says it’s not hiding aliens, but it stops notably short of saying what it is hiding. Here are the key questions that remain unanswered—some answers could be weirder than UFOs.

IT 125
article thumbnail

Automakers Are Sharing Driver Data with Insurers without Consent

Schneier on Security

Kasmir Hill has the story : Modern cars are internet-enabled, allowing access to services like navigation, roadside assistance and car apps that drivers can connect to their vehicles to locate them or unlock them remotely. In recent years, automakers, including G.M., Honda, Kia and Hyundai, have started offering optional features in their connected-car apps that rate people’s driving.

Insurance 120
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Pentagon Appoints New Chief Artificial Intelligence Officer

Data Breach Today

Radha Plumb Set to Replace the Defense Department’s First-Ever Chief AI Officer The Department of Defense has announced its inaugural Chief Digital and Artificial Intelligence Officer Craig Martell is stepping down from his role after establishing the office as a small but influential team within the department over the last two years.

article thumbnail

Massive cyberattacks hit French government agencies

Security Affairs

A series of “intense” cyberattacks hit multiple French government agencies, revealed the prime minister’s office. “Several “intense” cyberattacks targeted multiple French government agencies since Sunday night, as disclosed by the prime minister’s office.” The French minister’s office did not provide details about the attacks, however, the French agencies were likely hit with distributed denial-of-service (DDoS) attacks.

article thumbnail

New Hampshire Becomes 15th State to Enact a Comprehensive State Privacy Law

Hunton Privacy

On March 6, 2024, Governor Chris Sununu signed into law SB 255 , making New Hampshire the 15th state with a comprehensive privacy law. Applicability SB 255 applies to persons that “conduct business” in New Hampshire (“NH”) or persons that “produce products or services that are targeted to residents of” NH that, in the period of a year: (1) “controlled or processed the personal data of not less than 35,000 unique consumers, excluding personal data controlled or processed solely for the purpose of

Privacy 120
article thumbnail

Security News This Week: Russian Hackers Stole Microsoft Source Code—and the Attack Isn’t Over

WIRED Threat Level

Plus: An ex-Google engineer gets arrested for allegedly stealing trade secrets, hackers breach the top US cybersecurity agency, and X’s new feature exposes sensitive user data.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Dropbox Used in Latest Exploit for Phishing Attacks

Data Breach Today

Darktrace Warns of Malware Hidden in PDF Stored in Dropbox Phishing attacks continue to adapt to exploit popular apps. While many phishing campaigns have focused on mobile banking and payment sites, attackers are also targeting widely used but lower-profile, cloud-based utilities such as the ubiquitous Dropbox storage platform.

Phishing 299
article thumbnail

Researchers found multiple flaws in ChatGPT plugins

Security Affairs

Researchers analyzed ChatGPT plugins and discovered several types of vulnerabilities that could lead to data exposure and account takeover. Researchers from Salt Security discovered three types of vulnerabilities in ChatGPT plugins that can be could have led to data exposure and account takeovers. ChatGPT plugins are additional tools or extensions that can be integrated with ChatGPT to extend its functionalities or enhance specific aspects of the user experience.

Access 124
article thumbnail

Compromised Credentials Postings on the Dark Web Increase 20% in Just One Year

KnowBe4

Data trends show a clear upward momentum of posts from initial access brokers on the dark web, putting the spotlight on what may become cybersecurity’s greatest challenge.

Access 109
article thumbnail

Jailbreaking LLMs with ASCII Art

Schneier on Security

Researchers have demonstrated that putting words in ASCII art can cause LLMs—GPT-3.5, GPT-4 , Gemini, Claude, and Llama2—to ignore their safety instructions. Research paper.

Paper 108
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Experts Say Chinese Safes Pose Risks to US National Security

Data Breach Today

Senator Urges Government to Tell Public About Little-Known Manufacturer Reset Codes Experts told ISMG that Chinese-made locks and commercial safes could pose national security risks when used by major U.S. businesses, institutions and the public - after a senator urged the government to update its publicly available information about the threat associated with Chinese-made safes.

Risk 294
article thumbnail

Hackers exploited WordPress Popup Builder plugin flaw to compromise 3,300 sites

Security Affairs

Threat actors are hacking WordPress sites by exploiting a vulnerability, tracked as CVE-2023-6000, in old versions of the Popup Builder plugin. In January, Sucuri researchers reported that Balada Injector malware infected over 7100 WordPress sites using a vulnerable version of the Popup Builder WordPress plugin. Sucurity reported that on December 13th, the Balada Injector campaign started infecting websites using older versions of the Popup Builder ( CVE-2023-6000 , CVSS score 8.8).

Cleanup 123
article thumbnail

New Research: BEC Attacks Rose 246% in 2023

KnowBe4

Business email compromise (BEC) attacks surged by 246% last year, according to researchers at ReliaQuest.The researchers believe the increase is due to widely available phishing kits that facilitate BEC.

Phishing 106
article thumbnail

Safeguarding against the rise of mobile malware: Actions to take following recent incidents

Jamf

Learn how the evolving threat landscape finds threat actors increasingly targeting mobile devices to exploit sensitive resources and what steps organizations can take to minimize risks while strengthening their overall security posture.

Risk 105
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Pressure Mounts on Meta to Scrap 'Pay or OK' Model in EU

Data Breach Today

EU Lawmakers Say Privacy Shouldn't Be for Sale Facebook's attempt to navigate European privacy regulations by giving users a fee-based opt-out from behavioral advertising triggered backlash from more than a dozen European politicians who accused the social media giant of treating human rights as a commodity.

Sales 292
article thumbnail

Fortinet fixes critical bugs in FortiOS, FortiProxy, and FortiClientEMS

Security Affairs

Fortinet released security updates to address critical code execution vulnerabilities in FortiOS, FortiProxy, and FortiClientEMS. Fortinet this week has released security updates to fix critical code execution vulnerabilities in FortiOS, FortiProxy, and FortiClientEMS. The first vulnerability is an out-of-bounds write issue, tracked as CVE-2023-42789 (CVSS score 9.3), it can be exploited to execute unauthorized code or commands by sending specially crafted HTTP requests to vulnerable devices.

Security 116
article thumbnail

Do more with trusted data: Join us at Data Citizens ’24

Collibra

AI is everywhere. It is in our homes, our businesses, and our schools — and it’s here to stay. While AI offers great opportunities, it can also present enormous risks. That is why we believe trusted data is more important now than ever before. With the increased focus on AI, organizations need to prepare for the future with strong AI governance to mitigate risks and increase ROI.