Dark Reading
FEBRUARY 15, 2023
Incident response triage and software vulnerability discovery are two areas where the large language model has demonstrated success, although false positives are common.
The Last Watchdog
FEBRUARY 13, 2023
When a company announces layoffs, one of the last things most employees or even company owners worry about is data loss. Related: The importance of preserving trust in 2023 Valuable or sensitive information on a computer is exposed to theft or to getting compromised. This can happen due to intentional theft, human error, malware, or even physical destruction of servers.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
KnowBe4
FEBRUARY 14, 2023
Attackers are abusing a legitimate service called “GeoTargetly” to launch localized phishing attacks, according to Jeremy Fuchs at Avanan. GeoTargetly is meant to be used by advertisers to display ads in countries’ local languages. Avanan observed a phishing campaign that’s using phishing emails to target multiple countries in South America.
Schneier on Security
FEBRUARY 16, 2023
Interesting : According to internal Slack messages that were leaked to Insider , an Amazon lawyer told workers that they had “already seen instances” of text generated by ChatGPT that “closely” resembled internal company data. This issue seems to have come to a head recently because Amazon staffers and other tech workers throughout the industry have begun using ChatGPT as a “ coding assistant ” of sorts to help them write or improve strings of code, the report
Speaker: Dr. Greg Loughnane and Chris Alexiuk
Technology professionals developing generative AI applications are finding that there are big leaps from POCs and MVPs to production-ready applications. They're often developing using prompting, Retrieval Augmented Generation (RAG), and fine-tuning (up to and including Reinforcement Learning with Human Feedback (RLHF)), typically in that order. However, during development – and even more so once deployed to production – best practices for operating and improving generative AI applications are le
eSecurity Planet
FEBRUARY 14, 2023
In 2013, Adam Markowitz founded Portfolium, an edtech startup that matched college students and graduates with employers. “I remember the first time we were asked for a SOC 2 report, which quickly became the minimum bar requirement in our industry for proof of an effective security program,” he said. The process for creating the report was time-consuming, manual and costly.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Krebs on Security
FEBRUARY 17, 2023
Millions of Americans receiving food assistance benefits just earned a new right that they can’t yet enforce: The right to be reimbursed if funds on their Electronic Benefit Transfer (EBT) cards are stolen by card skimming devices secretly installed at cash machines and grocery store checkout lanes. On December 29, 2022, President Biden signed into law the Consolidated Appropriations Act of 2023 , which — for the first time ever — includes provisions for the replacement of stol
The Last Watchdog
FEBRUARY 14, 2023
The United States will soon get some long-awaited cybersecurity updates. Related: Spies use Tik Tok, balloons That’s because the Biden administration will issue the National Cyber Strategy within days. Despite lacking an official published document, some industry professionals have already seen a draft copy of the strategic plan and weighed in with their thoughts.
Data Protection Report
FEBRUARY 16, 2023
A ”bring your own device” ( BYOD ) program is a popular arrangement used by employers, whereby employees use their personal devices (e.g., smartphones, laptops, or tablets) for both personal and business purposes. Last year, about two-thirds of Canadian private sector employers had at least one employee using personal devices for business-related activities. [1] While the BYOD approach may offer certain advantages, such as greater flexibility and cost savings, employers should be mindful of the
Data Breach Today
FEBRUARY 14, 2023
The Tonto Team Used Spear-Phishing Emails to Target Group-IB Employees Group-IB says a July 2022 spear-phishing attempt on its own employees came from the Chinese threat actor known variously as Tonto Team and CactusPete. Tonto Team may be a unit of China's People's Liberation Army. Malwarebytes says the group has ramped up spying against Russian government agencies.
Speaker: Keith Kmett, Principal CX Advisor at Medallia
Join Keith Kmett, Principal CX Advisor, in this new webinar that will focus on: Understanding CX Orchestration Fundamentals: Gain a solid understanding of what CX orchestration is, its significance in the customer experience landscape, and how it plays a crucial role in shaping customer journeys. This includes the key concepts, strategies, and best practices involved in CX orchestration. 🔑 Connection to Customer Journey Maps: How to effectively integrate customer journey mapping into the
Dark Reading
FEBRUARY 17, 2023
Established network security players like Check Point are responding to the shift to cloud-native applications, which have exposed more vulnerabilities in open source software supply chains.
KnowBe4
FEBRUARY 17, 2023
The curse of knowledge is a cognitive bias that occurs when someone is trying to communicate information to another person, but falsely assumes that the other person has the same level of knowledge or understanding of the topic. This can lead to the communicator overestimating the other person's understanding of the subject, and thus not providing enough detail or explanation.
WIRED Threat Level
FEBRUARY 17, 2023
Everything you need to know about the past, present, and future of data security—from Equifax to Yahoo—and the problem with Social Security numbers.
Data Breach Today
FEBRUARY 11, 2023
Group Says It Has Confidential Data, Tech Docs; A10 Says Operations Not Impacted The Play ransomware group listed networking hardware manufacturer A10 Networks in its leak site, after briefly gaining access to its IT infrastructure, according to data breach notifications firm BetterCyber. The group says it has confidential data, technical documentation and more.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Dark Reading
FEBRUARY 14, 2023
How newly exposed security weaknesses in industrial wireless, cloud-based interfaces, and nested PLCs serve as a wake-up call for hardening the physical process control layer of the OT network.
Jamf
FEBRUARY 17, 2023
Jamf Threat Labs investigated a WebKit vulnerability that was exploited in the wild. Attackers can exploit CVE-2022-42856 to control code execution within WebKit, giving them the ability to read/write files. This blog explores what the vulnerability looked like in the code and the patches Apple applied.
OpenText Information Management
FEBRUARY 16, 2023
No matter your industry or business function, whether you’re dealing with highly complex and regulated processes like clinical trials; simply need to automate manual data entry into everyday tools; or want a fast track to the cloud, seamlessly connecting content to process is essential to meet the demands of modern work. With Cloud Edition (CE) … The post Master modern work with intelligent, connected, secure and responsible experiences appeared first on OpenText Blogs.
Data Breach Today
FEBRUARY 14, 2023
Group Targeted American Victims and Pocketed Over 5 Million Euros Police busted nine members of a cyber fraud gang that targeted mainly Americans. Spanish police arrested eight members, and U.S. authorities arrested one. In less than a year, the ring pocketed 5 million euros in scammed funds, say the Spanish National Police.
Advertisement
There’s a good reason why Apache Cassandra® is quickly becoming the NoSQL database of choice for organizations of all stripes. In this white paper, discover the key use cases that make Cassandra® such a compelling open source software – and learn the important pitfalls to avoid. From understanding its distributed architecture to unlocking its incredible power for industries like healthcare, finance, retail and more, experience how Cassandra® can transform your entire data operations.
IT Governance
FEBRUARY 16, 2023
Pepsi Bottling Ventures confirmed this week that vast quantities of personal data were stolen in a cyber attack. The incident began late last year, after criminal hackers broke into the organisation’s systems and installed malware. It took almost three weeks for Pepsi Bottling Ventures, the largest bottler of Pepsi-Cola in the US, to spot the intrusion, during which time the attackers had widespread access to its internal systems.
Hunton Privacy
FEBRUARY 15, 2023
On February 14, 2023, in a Draft Motion for a Resolution on the adequacy of the protection afforded by the proposed EU-U.S. Data Privacy Framework (the “Framework”), the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (the “Committee”) urged the European Commission not to adopt adequacy based on the Framework, on the basis that it “fails to create actual equivalence” with the EU in the level of data protection that it provides.
Dark Reading
FEBRUARY 17, 2023
The primary victims so far have been employees of telcos in the Middle East, who were hit with custom backdoors via the cloud, in a likely precursor to a broader attack.
Data Breach Today
FEBRUARY 16, 2023
Vulnerability Potentially Caused Deaths and Thousands of Thefts in the US Hyundai and Kia are rolling out a software update aimed at stopping an outbreak of car thefts caused by a trend on social media app TikTok. The "Kia Challenge" went viral in mid-2022 after users discovered how to steal certain cars using a screwdriver and a male USB Type A connector.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
IT Governance
FEBRUARY 14, 2023
Confidentiality, integrity and availability. These are the three components of the CIA triad, an information security model designed to protect sensitive information from data breaches. The CIA triad is a widely accepted principle within the industry, and is used in ISO 27001 , the international standard for information security management. It’s also referenced in the GDPR (General Data Protection Regulation) , with Article 32 stating that organisations must “implement appropriate technical and
eSecurity Planet
FEBRUARY 15, 2023
Microsoft’s February 2023 Patch Tuesday fixes 75 vulnerabilities, nine of them rated critical, and three (all rated important) that are being exploited. “This is only the second Patch Tuesday of the year, and we have already tripled the number of weaponized threats that need to be fixed in this release,” Syxsense CEO and founder Ashley Leonard told eSecurity Planet. “We also have five patches that resolve vulnerabilities with a CVSS score of more than 9 (critical), which
Dark Reading
FEBRUARY 17, 2023
A growing group of OWASP members and board leaders are calling for the AppSec group to make big changes to stay apace with modern development.
Data Breach Today
FEBRUARY 17, 2023
The Campaign Installed Malware on Internal Systems and Obtained Source Code Internet domain registrar GoDaddy says it is the victim of a yearslong hacking campaign that installed malware on internal systems and obtained source code. The hackers' "apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution," the company says.
Speaker: Steve Pappas
As businesses strive for success in an increasingly digitized world, delivering an exceptional customer experience has become paramount. To meet this demand, enterprises are embracing innovative approaches that captivate customers and fuel their loyalty. 💥 Enter conversational AI - an absolute game-changer (if done right) in redefining CX norms.
Hanzo Learning Center
FEBRUARY 15, 2023
In the 2022 Collaboration Data Benchmarking Report , just over a third (38%) of organizations said that they could not live without collaboration tools, while another 35% said that some of their teams could not live without collaboration tools. When asked how important collaboration tools will be 12 months down the road, 16% of organizations said they wouldn’t be able to live without them, while 37% said they will become more dependent on them.
Record Nations
FEBRUARY 14, 2023
The COVID-19 pandemic launched one of the largest experiments the workplace has ever seen. Businesses sent millions of people home. Companies scrambled to provide their workers with the resources they needed to work anywhere. Records and data, previously contained in-office, were spread across the globe. Now, as those offices fill with people and records again, […] The post The Importance of a Return to Office Records Compliance Plan appeared first on Record Nations.
Dark Reading
FEBRUARY 16, 2023
Thistle's technology will give device makers a way to easily integrate features for secure updates, memory management, and communications into their products, Snyder says.
Expert insights. Personalized for you.
111 
Let's personalize your content