Sat.Apr 06, 2024 - Fri.Apr 12, 2024

article thumbnail

Meta Will Label AI-Generated Content Starting In May

Data Breach Today

Tech Giant Asks Creators to Declare Content with 'Made with AI' Label Meta will slap a "made with AI" label on generative artificial intelligence contest posted onto its social media sites starting in May, a change the social media giant says will result in more content carrying a warning for users. The company will look for "industry standard AI image indicators.

article thumbnail

Information Governance: It’s What you Retain that Matters

AIIM

It’s funny how corporate leaders get serious about information governance right after their company has been hit with a lawsuit or regulatory action. OK, it’s not funny at all. But that’s usually when many executives decide it's time to implement information governance and in particular, document retention. We’re here to advise you to not put off having a defensible retention p rogram in place long before any legal action occur s.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Identity Security and How to Reduce Risk During M&A

Data Breach Today

Cybersecurity occupies a growing priority status in merger and acquisition discussions. But what about the specific role of identity security? SailPoint's Lori Diesen showcases the value of transitioning to SaaS-based identity security to reduce risk during M&A activity.

Risk 184
article thumbnail

Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers

Krebs on Security

On April 9, Twitter/X began automatically modifying links that mention “twitter.com” to read “x.com” instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links — such as fedetwitter[.]com , which until very recently rendered as fedex.com in tweets.

Phishing 317
article thumbnail

10 Rules for Managing Apache Cassandra

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

article thumbnail

Best Practices Q&A: Guidance about what directors need to hear from CISOs — from a board member

The Last Watchdog

CISOs can sometimes be their own worst enemy, especially when it comes to communicating with the board of directors. Related: The ‘cyber’ case for D&O insurance Vanessa Pegueros knows this all too well. She serves on the board of several technology companies and also happens to be steeped in cyber risk governance. I recently attended an IoActive-sponsored event in Seattle at which Pegueros gave a presentation titled: “Merging Cybersecurity, the Board & Executive Team” Peguero

More Trending

article thumbnail

Cloned Voice Tech Is Coming for Bank Accounts

Data Breach Today

Experts Warn AI Tools Can Now Compromise Voice Password Systems Used by Many Banks At many financial institutions, your voice is your password. Tiny variations in pitch, tone and timbre make human voices an ideal method for authenticating customers - as long as computers can't be trained to synthesize those pitch, tone and timbre characteristics in real time.

Passwords 300
article thumbnail

April’s Patch Tuesday Brings Record Number of Fixes

Krebs on Security

If only Patch Tuesdays came around infrequently — like total solar eclipse rare — instead of just creeping up on us each month like The Man in the Moon. Although to be fair, it would be tough for Microsoft to eclipse the number of vulnerabilities fixed in this month’s patch batch — a record 147 flaws in Windows and related software.

Security 237
article thumbnail

12 Data Loss Prevention Best Practices (+ Real Success Stories)

eSecurity Planet

Data loss prevention (DLP) best practices are principles that help prevent intentional or unintentional data erasure. By following these guidelines, organizations can reduce the detrimental impact of data loss and quickly resume operations after an incident. This also protects sensitive data and minimizes legal and reputational issues. Explore some real-world instances below and discover when and how to use DLP procedures for optimal data security.

article thumbnail

How to Stop Your Data From Being Used to Train AI

WIRED Threat Level

Some companies let you opt out of allowing your content to be used for generative AI. Here’s how to take back (at least a little) control from ChatGPT, Google’s Gemini, and more.

article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

article thumbnail

Half of UK Firms, Charities Failed to Report Cyber Incidents

Data Breach Today

Survey: SMBs, Charities Mostly Targeted With Phishing, Online Impersonation in 2023 Cybercriminals launched 7.78 million attacks against U.K. businesses and nearly 1 million against charity organizations, according to the latest U.K. government survey report. But fewer than half of those firms reported the incidents to authorities, something researchers say is a concerning trend.

Phishing 286
article thumbnail

Cisco warns of XSS flaw in end-of-life small business routers

Security Affairs

Cisco warns customers of Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Cross-Site scripting flaw. Cisco warns of a Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 routers Cross-Site scripting (XSS) flaw. The medium severity issue, tracked as CVE-2024-20362 (CVSS score 6.1), resides in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers.

Access 136
article thumbnail

News alert: Simbian launches with $10M to build autonomous, GenAI-powered security platform

The Last Watchdog

Mountain View, Calif. – April 11, 2024 – Simbian today emerged from stealth mode with oversubscribed $10M seed funding to deliver on fully autonomous security. As a first step towards that goal, the company is introducing the industry’s first GenAI-powered security co-pilot that integrates secure and intelligent AI solutions into diverse IT environments to maximize coverage and expedite resolutions to security teams’ ever-changing needs.

Security 100
article thumbnail

Security Vulnerability of HTML Emails

Schneier on Security

This is a newly discovered email vulnerability: The email your manager received and forwarded to you was something completely innocent, such as a potential customer asking a few questions. All that email was supposed to achieve was being forwarded to you. However, the moment the email appeared in your inbox, it changed. The innocent pretext disappeared and the real phishing email became visible.

Phishing 123
article thumbnail

Navigating the Future: Generative AI, Application Analytics, and Data

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

article thumbnail

US Cyber Command Expanded 'Hunt Forward' Operations in 2023

Data Breach Today

US Cyber Mission Force Led 22 Defensive Cyber Operations in 2023, Commander Says Air Force Gen. Timothy Haugh told the Senate Armed Services Committee the U.S. Cyber Command carried out nearly two dozen defensive cyber operations across the globe in 2023, expanding in size and scope since the "hunt forward" teams were first launched in 2014.

283
283
article thumbnail

Over 91,000 LG smart TVs running webOS are vulnerable to hacking

Security Affairs

Researchers found multiple vulnerabilities in LG webOS running on smart TVs that could allow attackers to gain root access to the devices. Bitdefender researchers discovered multiple vulnerabilities in LG webOS running on smart TVs that could be exploited to bypass authorization and gain root access on the devices. The vulnerabilities discovered by the researchers impact WebOS versions 4 through 7 running on LG TVs. “WebOS runs a service on ports 3000/3001 (HTTP/HTTPS/WSS) which is used by

article thumbnail

House Votes to Extend—and Expand—a Major US Spy Program

WIRED Threat Level

US House of Representatives voted on Friday to extend the Section 702 spy program. It passed without an amendment that would have required the FBI to obtain a warrant to access Americans' information.

Access 114
article thumbnail

Large-Scale StrelaStealer Campaign Impacts Over 100 Organizations Within the E.U. and U.S.

KnowBe4

A new campaign of StrelaStealer attacks identified by security analysts at Unit42 has been spotted targeting E.U. and U.S. organizations. This somewhat new infostealer has evolved to be even better at evading detection in a new string of campaigns aimed at stealing email credentials from well-known email clients.

Security 111
article thumbnail

Get Better Network Graphs & Save Analysts Time

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

article thumbnail

A Second Gang Shakes Down UnitedHealth Group for Ransom

Data Breach Today

RansomHub Claims It Has 4TBs of Data Stolen by BlackCat in Change Healthcare Attack A second cybercriminal gang - RansomHub - is trying to shake down Change Healthcare's parent company, UnitedHealth Group, and have it pay another ransom for data that an affiliate of ransomware-as-a-service group BlackCat claims to have stolen in February. Is this the latest ruse in a messy attack?

article thumbnail

Palo Alto Networks fixed multiple DoS bugs in its firewalls

Security Affairs

Palo Alto Networks fixed several vulnerabilities in its PAN-OS operating system, including 3 issues that can trigger a DoS condition on its firewalls. Palo Alto Networks released security updates to address several high-severity vulnerabilities in its PAN-OS operating system. The company fixed the following DoS vulnerabilities: CVE-2024-3385 – The company reported that a packet processing mechanism in Palo Alto Networks PAN-OS software allows a remote attacker to reboot hardware-based fire

IT 125
article thumbnail

AI Scam Calls: How to Protect Yourself, How to Detect

WIRED Threat Level

AI tools are getting better at cloning people's voices, and scammers are using these new capabilities to commit fraud. Avoid getting swindled by following these expert tips.

Security 117
article thumbnail

Jamf Connect feature: Limit Application Access for Unmanaged Devices

Jamf

Strengthening mobile security is critical. Especially for unmanaged devices that lack the management, identity and security controls of managed endpoints. In this blog, learn how Jamf Connect’s newest feature adds a layer of security to protect against unauthorized access and data breaches.

Access 111
article thumbnail

10 Rules for Managing Apache Kafka

Without proper guidance, it’s easy to miss out on Kafka’s full capabilities. While not the easiest technology to optimize, Kafka rewards those willing to explore its depths. Under the hood, it is an elegant system for stream processing, event sourcing, and data integration. Download this white paper to learn the 10 critical rules that will help you optimize your Kafka system and unlock its full potential.

article thumbnail

Breach Roundup: Sisense Supply Chain Attack

Data Breach Today

Also: A Romanian Botnet and Alcohol Counselor Monument Settles with US FTC Over Ads This week, Sisense supply chain attack, a likely Romanian botnet, Patch Tuesday, an Apple spyware warning and AT&T notifies customers of breach. Alcohol counselor Monument shared data with Meta, a breach of Home Depot employee data, a breach at Targus and a threat actor targeted Moroccan activists.

205
205
article thumbnail

Fortinet fixed a critical remote code execution bug in FortiClientLinux

Security Affairs

Fortinet addressed multiple issues in FortiOS and other products, including a critical remote code execution flaw in FortiClientLinux. Fortinet fixed a dozen vulnerabilities in multiple products, including a critical-severity remote code execution (RCE) issue, tracked as CVE-2023-45590 (CVSS score of 9.4), in FortiClientLinux. The vulnerability is an Improper Control of Generation of Code (‘Code Injection’) issue that resides in FortiClientLinux.

Security 126
article thumbnail

Section 702: The Future of the Biggest US Spy Program Hangs in the Balance

WIRED Threat Level

The US Congress will this week decide the fate of Section 702, a major surveillance program that will soon expire if lawmakers do not act. WIRED is tracking the major developments as they unfold.

Privacy 111
article thumbnail

Water Facilities Compromised By Iranian Threat Actors

KnowBe4

In December 2023, a joint alert was issued by the FBI, CISA, NSA, EPA, and INCD regarding Iranian cyber actors known as "CyberAv3ngers" linked to Iran's Islamic Revolutionary Guard Corps (IRGC).

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

PE Firm Accuses Synopsys of Breaching Exclusivity Agreement

Data Breach Today

Sunstone Partners: We Had a Letter of Intent to Buy Synopsys' Security Testing Unit A California private equity firm sued Synopsys and accused the systems design behemoth of breaching an exclusivity agreement by shopping its $525 million software integrity business. Sunstone Partners Management said it signed a letter of intent to acquire Synopsys' security testing services unit.

Security 196
article thumbnail

Google announces V8 Sandbox to protect Chrome users

Security Affairs

Google announced support for a V8 Sandbox in the Chrome web browser to protect users from exploits triggering memory corruption issues. Google has announced support for what’s called a V8 Sandbox in the Chrome web browser. The company included the V8 Sandbox in Chrome’s Vulnerability Reward Program (VRP). Chrome 123 is a sort of “beta” release for the sandbox designed to mitigate memory corruption issues in the Javascript engine.

Access 119
article thumbnail

DuckDuckGo Is Taking Its Privacy Fight to Data Brokers

WIRED Threat Level

Privacy-focused company DuckDuckGo is launching a tool to remove data from people-search websites, a VPN, and an identity theft restoration service.

Privacy 119