Sat.Feb 11, 2023 - Fri.Feb 17, 2023

article thumbnail

ChatGPT Subs In as Security Analyst, Hallucinates Only Occasionally

Dark Reading

Incident response triage and software vulnerability discovery are two areas where the large language model has demonstrated success, although false positives are common.

Security 111
article thumbnail

GUEST ESSAY: Data loss prevention beccomes paramount — expecially in the wake of layoffs

The Last Watchdog

When a company announces layoffs, one of the last things most employees or even company owners worry about is data loss. Related: The importance of preserving trust in 2023 Valuable or sensitive information on a computer is exposed to theft or to getting compromised. This can happen due to intentional theft, human error, malware, or even physical destruction of servers.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Cybercriminals are Using Geotargeted Phishing to Target Victims

KnowBe4

Attackers are abusing a legitimate service called “GeoTargetly” to launch localized phishing attacks, according to Jeremy Fuchs at Avanan. GeoTargetly is meant to be used by advertisers to display ads in countries’ local languages. Avanan observed a phishing campaign that’s using phishing emails to target multiple countries in South America.

Phishing 101
article thumbnail

ChatGPT Is Ingesting Corporate Secrets

Schneier on Security

Interesting : According to internal Slack messages that were leaked to Insider , an Amazon lawyer told workers that they had “already seen instances” of text generated by ChatGPT that “closely” resembled internal company data. This issue seems to have come to a head recently because Amazon staffers and other tech workers throughout the industry have begun using ChatGPT as a “ coding assistant ” of sorts to help them write or improve strings of code, the report

IT 142
article thumbnail

LLMs in Production: Tooling, Process, and Team Structure

Speaker: Dr. Greg Loughnane and Chris Alexiuk

Technology professionals developing generative AI applications are finding that there are big leaps from POCs and MVPs to production-ready applications. They're often developing using prompting, Retrieval Augmented Generation (RAG), and fine-tuning (up to and including Reinforcement Learning with Human Feedback (RLHF)), typically in that order. However, during development – and even more so once deployed to production – best practices for operating and improving generative AI applications are le

article thumbnail

Automated Security and Compliance Attracts Venture Investors

eSecurity Planet

In 2013, Adam Markowitz founded Portfolium, an edtech startup that matched college students and graduates with employers. “I remember the first time we were asked for a SOC 2 report, which quickly became the minimum bar requirement in our industry for proof of an effective security program,” he said. The process for creating the report was time-consuming, manual and costly.

More Trending

article thumbnail

New Protections for Food Benefits Stolen by Skimmers

Krebs on Security

Millions of Americans receiving food assistance benefits just earned a new right that they can’t yet enforce: The right to be reimbursed if funds on their Electronic Benefit Transfer (EBT) cards are stolen by card skimming devices secretly installed at cash machines and grocery store checkout lanes. On December 29, 2022, President Biden signed into law the Consolidated Appropriations Act of 2023 , which — for the first time ever — includes provisions for the replacement of stol

article thumbnail

SHARED INTEL: The expect impacts of Pres. Biden’s imminent National Cybersecurity Strategy

The Last Watchdog

The United States will soon get some long-awaited cybersecurity updates. Related: Spies use Tik Tok, balloons That’s because the Biden administration will issue the National Cyber Strategy within days. Despite lacking an official published document, some industry professionals have already seen a draft copy of the strategic plan and weighed in with their thoughts.

article thumbnail

Bring-Your-Own-Device Programs: A Balance Between Privacy and Cybersecurity

Data Protection Report

A ”bring your own device” ( BYOD ) program is a popular arrangement used by employers, whereby employees use their personal devices (e.g., smartphones, laptops, or tablets) for both personal and business purposes. Last year, about two-thirds of Canadian private sector employers had at least one employee using personal devices for business-related activities. [1] While the BYOD approach may offer certain advantages, such as greater flexibility and cost savings, employers should be mindful of the

Privacy 126
article thumbnail

Chinese Threat Group Leaks Hacking Secrets in Failed Attack

Data Breach Today

The Tonto Team Used Spear-Phishing Emails to Target Group-IB Employees Group-IB says a July 2022 spear-phishing attempt on its own employees came from the Chinese threat actor known variously as Tonto Team and CactusPete. Tonto Team may be a unit of China's People's Liberation Army. Malwarebytes says the group has ramped up spying against Russian government agencies.

Phishing 304
article thumbnail

Your Expert Guide to CX Orchestration & Enhancing Customer Journeys

Speaker: Keith Kmett, Principal CX Advisor at Medallia

Join Keith Kmett, Principal CX Advisor, in this new webinar that will focus on: Understanding CX Orchestration Fundamentals: Gain a solid understanding of what CX orchestration is, its significance in the customer experience landscape, and how it plays a crucial role in shaping customer journeys. This includes the key concepts, strategies, and best practices involved in CX orchestration. 🔑 Connection to Customer Journey Maps: How to effectively integrate customer journey mapping into the

article thumbnail

Check Point Boosts AppSec Focus With CNAPP Enhancements

Dark Reading

Established network security players like Check Point are responding to the shift to cloud-native applications, which have exposed more vulnerabilities in open source software supply chains.

Cloud 120
article thumbnail

The Curse of Cybersecurity Knowledge

KnowBe4

The curse of knowledge is a cognitive bias that occurs when someone is trying to communicate information to another person, but falsely assumes that the other person has the same level of knowledge or understanding of the topic. This can lead to the communicator overestimating the other person's understanding of the subject, and thus not providing enough detail or explanation.

article thumbnail

Data Breaches: The Complete WIRED Guide

WIRED Threat Level

Everything you need to know about the past, present, and future of data security—from Equifax to Yahoo—and the problem with Social Security numbers.

article thumbnail

Play Ransomware Lists A10 Networks on its Leak Site

Data Breach Today

Group Says It Has Confidential Data, Tech Docs; A10 Says Operations Not Impacted The Play ransomware group listed networking hardware manufacturer A10 Networks in its leak site, after briefly gaining access to its IT infrastructure, according to data breach notifications firm BetterCyber. The group says it has confidential data, technical documentation and more.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

OT Network Security Myths Busted in a Pair of Hacks

Dark Reading

How newly exposed security weaknesses in industrial wireless, cloud-based interfaces, and nested PLCs serve as a wake-up call for hardening the physical process control layer of the OT network.

Security 107
article thumbnail

Jamf Threat Labs analyzes the exploited in-the-wild WebKit vulnerability CVE-2022-42856

Jamf

Jamf Threat Labs investigated a WebKit vulnerability that was exploited in the wild. Attackers can exploit CVE-2022-42856 to control code execution within WebKit, giving them the ability to read/write files. This blog explores what the vulnerability looked like in the code and the patches Apple applied.

105
105
article thumbnail

Master modern work with intelligent, connected, secure and responsible experiences

OpenText Information Management

No matter your industry or business function, whether you’re dealing with highly complex and regulated processes like clinical trials; simply need to automate manual data entry into everyday tools; or want a fast track to the cloud, seamlessly connecting content to process is essential to meet the demands of modern work. With Cloud Edition (CE) … The post Master modern work with intelligent, connected, secure and responsible experiences appeared first on OpenText Blogs.

Security 105
article thumbnail

Spanish Police Bust Phishing Ring That Defrauded Thousands

Data Breach Today

Group Targeted American Victims and Pocketed Over 5 Million Euros Police busted nine members of a cyber fraud gang that targeted mainly Americans. Spanish police arrested eight members, and U.S. authorities arrested one. In less than a year, the ring pocketed 5 million euros in scammed funds, say the Spanish National Police.

Phishing 267
article thumbnail

Use Cases for Apache Cassandra®

There’s a good reason why Apache Cassandra® is quickly becoming the NoSQL database of choice for organizations of all stripes. In this white paper, discover the key use cases that make Cassandra® such a compelling open source software – and learn the important pitfalls to avoid. From understanding its distributed architecture to unlocking its incredible power for industries like healthcare, finance, retail and more, experience how Cassandra® can transform your entire data operations.

article thumbnail

Is Pepsi Okay? Bottling Plant Suffers Malware Attack

IT Governance

Pepsi Bottling Ventures confirmed this week that vast quantities of personal data were stolen in a cyber attack. The incident began late last year, after criminal hackers broke into the organisation’s systems and installed malware. It took almost three weeks for Pepsi Bottling Ventures, the largest bottler of Pepsi-Cola in the US, to spot the intrusion, during which time the attackers had widespread access to its internal systems.

article thumbnail

European Parliament Committee Opposes Adequacy Under EU-U.S. Data Privacy Framework in Draft Opinion

Hunton Privacy

On February 14, 2023, in a Draft Motion for a Resolution on the adequacy of the protection afforded by the proposed EU-U.S. Data Privacy Framework (the “Framework”), the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (the “Committee”) urged the European Commission not to adopt adequacy based on the Framework, on the basis that it “fails to create actual equivalence” with the EU in the level of data protection that it provides.

article thumbnail

Novel Spy Group Targets Telecoms in 'Precision-Targeted' Cyberattacks

Dark Reading

The primary victims so far have been employees of telcos in the Middle East, who were hit with custom backdoors via the cloud, in a likely precursor to a broader attack.

Cloud 107
article thumbnail

Kia and Hyundai Fix TikTok Security Challenge

Data Breach Today

Vulnerability Potentially Caused Deaths and Thousands of Thefts in the US Hyundai and Kia are rolling out a software update aimed at stopping an outbreak of car thefts caused by a trend on social media app TikTok. The "Kia Challenge" went viral in mid-2022 after users discovered how to steal certain cars using a screwdriver and a male USB Type A connector.

Security 263
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

What Is the CIA Triad and Why Is It Important?

IT Governance

Confidentiality, integrity and availability. These are the three components of the CIA triad, an information security model designed to protect sensitive information from data breaches. The CIA triad is a widely accepted principle within the industry, and is used in ISO 27001 , the international standard for information security management. It’s also referenced in the GDPR (General Data Protection Regulation) , with Article 32 stating that organisations must “implement appropriate technical and

GDPR 105
article thumbnail

Microsoft Patch Tuesday Includes Three Exploited Zero-Day Vulnerabilities

eSecurity Planet

Microsoft’s February 2023 Patch Tuesday fixes 75 vulnerabilities, nine of them rated critical, and three (all rated important) that are being exploited. “This is only the second Patch Tuesday of the year, and we have already tripled the number of weaponized threats that need to be fixed in this release,” Syxsense CEO and founder Ashley Leonard told eSecurity Planet. “We also have five patches that resolve vulnerabilities with a CVSS score of more than 9 (critical), which

article thumbnail

Is OWASP at Risk of Irrelevance?

Dark Reading

A growing group of OWASP members and board leaders are calling for the AppSec group to make big changes to stay apace with modern development.

Risk 117
article thumbnail

GoDaddy Fingers Hacking Campaign for 3-Year Run of Breaches

Data Breach Today

The Campaign Installed Malware on Internal Systems and Obtained Source Code Internet domain registrar GoDaddy says it is the victim of a yearslong hacking campaign that installed malware on internal systems and obtained source code. The hackers' "apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution," the company says.

Phishing 256
article thumbnail

Reimagining CX: How to Implement Effective AI-Driven Transformations

Speaker: Steve Pappas

As businesses strive for success in an increasingly digitized world, delivering an exceptional customer experience has become paramount. To meet this demand, enterprises are embracing innovative approaches that captivate customers and fuel their loyalty. 💥 Enter conversational AI - an absolute game-changer (if done right) in redefining CX norms.

article thumbnail

How Important Are Collaboration Platforms In Large Enterprises (And How Does This Affect Ediscovery)

Hanzo Learning Center

In the 2022 Collaboration Data Benchmarking Report , just over a third (38%) of organizations said that they could not live without collaboration tools, while another 35% said that some of their teams could not live without collaboration tools. When asked how important collaboration tools will be 12 months down the road, 16% of organizations said they wouldn’t be able to live without them, while 37% said they will become more dependent on them.

98
article thumbnail

The Importance of a Return to Office Records Compliance Plan

Record Nations

The COVID-19 pandemic launched one of the largest experiments the workplace has ever seen. Businesses sent millions of people home. Companies scrambled to provide their workers with the resources they needed to work anywhere. Records and data, previously contained in-office, were spread across the globe. Now, as those offices fill with people and records again, […] The post The Importance of a Return to Office Records Compliance Plan appeared first on Record Nations.

article thumbnail

Window Snyder's Start-up Launches Security Platform for IoT Device Makers

Dark Reading

Thistle's technology will give device makers a way to easily integrate features for secure updates, memory management, and communications into their products, Snyder says.

Security 104