Krebs on Security

OCTOBER 5, 2022

A recent proliferation of phony executive profiles on LinkedIn is creating something of an identity crisis for the business networking site, and for companies that rely on it to hire and screen prospective employees. The fabricated LinkedIn identities — which pair AI-generated profile photos with text lifted from legitimate accounts — are creating major headaches for corporate HR departments and for those managing invite-only LinkedIn groups.

Artificial Intelligence 259

Artificial Intelligence Authentication IT Communications 259

Dark Reading

OCTOBER 4, 2022

Responding to cyberattacks is extraordinarily stressful, but better planning, frequent practice, and the availability of mental health services can help IR professionals, a survey finds.

132

132

OpenText Information Management

OCTOBER 4, 2022

Most Professional Services engagements with OpenText™ follow a traditional design, built, test and deploy project methodology. OpenText software is well suited for the waterfall project model. A notable exception is OpenText™ Magellan™ and our Data Science projects. In these cases, customers can expect an approach which simply adds refinement iterations to the build phase or … The post An agile approach to Data Science appeared first on OpenText Blogs.

Data science 113

Data science Artificial Intelligence Analytics 113

Data Breach Today

OCTOBER 1, 2022

Department Paid $110,000 in Rewards for Submitted Vulnerability Reports The U.S. Department of Defense uncovered almost 350 vulnerabilities in the department's networks as part of its experimental bug bounty program launched on American Independence Day. The week-long bug bounty challenge called "Hack U.S." ran from July 4 to July 11.

IT 261

IT 261

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

IBM Big Data Hub

OCTOBER 4, 2022

It is well known that Artificial Intelligence (AI) has progressed, moving past the era of experimentation. Today, AI presents an enormous opportunity to turn data into insights and actions, to amplify human capabilities, decrease risk and increase ROI by achieving break through innovations. While the promise of AI isn’t guaranteed and doesn’t always come easy, adoption is no longer a choice.

Government 102

Government Artificial Intelligence Metadata Data science 102

The Last Watchdog

OCTOBER 3, 2022

How did America and Americans regress to being much less secure than before the Internet? Everyone knows the many amazing conveniences, benefits, and advances the Internet has enabled. What everyone doesn’t know is how irrational the Internet’s utopian founding premises have proven to be concerning America’s and Americans’ security over the last quarter century.

Government 170

Government Authentication Communications Privacy 170

Data Breach Today

OCTOBER 7, 2022

CSI Laboratories Says Recent Phishing Incident Affected 245,000 Patients A Georgia-based cancer testing laboratory has reported to federal regulators a phishing breach affecting the sensitive information of nearly 245,000 individuals. It is the lab's second hacking breach affecting hundreds of thousands of individuals reported over the last six months.

Phishing 292

Phishing IT 292

Data Matters

OCTOBER 1, 2022

On September 22, 2022, the Federal Energy Regulatory Commission (FERC) issued a Notice of Proposed Rulemaking (NOPR) regarding Incentives for Advanced Cybersecurity Investment, requesting comment on proposed revisions to regulations implementing the Federal Power Act (FPA). The revisions would provide incentive-based rate treatments for the transmission of electric energy in interstate commerce and the sale of electric energy at wholesale in interstate commerce by utilities for certain voluntary

Energy and Utilities 158

Energy and Utilities Cybersecurity Sales Privacy 158

Krebs on Security

OCTOBER 1, 2022

Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server , a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime, it is urging a subset of Exchange customers to enable a setting that could help mitigate ongoing attacks.

Passwords 174

Passwords Phishing Authentication Access 174

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Schneier on Security

OCTOBER 3, 2022

This is interesting research : In this paper, we develop a new mechanism for detecting audio deepfakes using techniques from the field of articulatory phonetics. Specifically, we apply fluid dynamics to estimate the arrangement of the human vocal tract during speech generation and show that deepfakes often model impossible or highly-unlikely anatomical arrangements.

Paper 143

Paper Artificial Intelligence IT 143

Data Breach Today

OCTOBER 6, 2022

But Payments to 540,000 Class Members in Breach Settlement Capped at $800,000 A Baltimore, Maryland-based healthcare organization has agreed to spend nearly $8 million improving and maintaining its data security as "injunctive relief" to settle a class action lawsuit involving two data breaches that affected a total of about 540,000 individuals.

Data breaches 246

Data breaches Security IT 246

Thales Cloud Protection & Licensing

OCTOBER 4, 2022

Cybersecurity Awareness Month: Resilient Multi-factor Authentication (MFA) and Strong Passwords. divya. Tue, 10/04/2022 - 05:20. Historically, October has always been an important month for the cybersecurity community and a month of major cybersecurity events. So in 2004, the President of the United States designated October as Cybersecurity Awareness Month.

Authentication 127

Authentication Passwords Cybersecurity Personal data 127

IT Governance

OCTOBER 6, 2022

This October is Cyber Security Awareness Month, an event designed to educate people about information security and the steps they can take to stay safe online. Now in its nineteenth year, the campaign provides tools and resources to help people learn more about the cyber security industry and the ways they can get involved. This year’s event focuses on phishing and ransomware – two of the biggest threats that organisations currently face.

Security awareness 130

Security awareness Security Phishing Passwords 130

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

WIRED Threat Level

OCTOBER 7, 2022

Blockchain investigators have uncovered at least $4 million—and counting—in cryptocurrency fundraising has reached Russia's violent militia groups.

Blockchain 141

Blockchain Security 141

Data Breach Today

OCTOBER 6, 2022

UK Insurance Marketplace Gauging Best Options for Reconnecting Systems Put Offline Lloyd's of London is probing a possible cybersecurity incident that led it to yank some systems offline. Details are scarce at the moment, including whether the incident is malicious or involves ransomware and who may have instigated the incident.

Insurance 246

Insurance Ransomware Cybersecurity IT 246

Security Affairs

OCTOBER 3, 2022

The Finnish Security Intelligence Service ( SUPO ) warns Russia will highly likely intensify its cyber activity over the winter. The Finnish Security Intelligence Service ( Suojelupoliisi or SUPO ) warn of a highly likely intensification of cyberespionage activities conducted by Russia-linked threat actors over the winter. According to the SUPO, future NATO membership will make the country a privileged target for Russian intelligence and influence operations.

Manufacturing 130

Manufacturing Access Security Government 130

Dark Reading

OCTOBER 7, 2022

The group has been operating for over a year, promoting their tools in hacking forums, stealing credit card information, and using typosquatting techniques to target open source software flaws.

124

124

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Hunton Privacy

OCTOBER 7, 2022

On October 7, 2022, President Biden signed Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities , which provides a new framework for legal data transfers between the European Union and the United States. The legal basis for transatlantic data transfers has been uncertain since 2020, when the European Court of Justice (“ECJ”) declared the previous framework, the EU-U.S.

Privacy 116

Privacy Personal data Security GDPR 116

Data Breach Today

OCTOBER 7, 2022

CISA, FBI and NSA List 20 Common Vulnerabilities Used by Beijing Count Log4Shell among Chinese hackers' favorite vulnerabilities, federal agencies say in a compilation of top exploits used by Beijing for state-sponsored cyber theft and espionage. Chinese state-sponsored hacking remains "one of the largest and most dynamic threats," warn the FBI, NSA and CISA.

245

245

Security Affairs

OCTOBER 1, 2022

Microsoft confirmed that two recently disclosed zero-day flaws in Microsoft Exchange are being actively exploited in the wild. Microsoft confirmed that two zero-day vulnerabilities in Microsoft Exchange recently disclosed by researchers at cybersecurity firm GTSC are being actively exploited in the wild. The IT giant has promptly started the investigation into the two zero-day vulnerabilities that impacts Microsoft Exchange Server 2013, 2016, and 2019.

Authentication 125

Authentication Cybersecurity Access Risk 125

eSecurity Planet

OCTOBER 1, 2022

Vietnamese security firm GTSC published a blog post this week warning of a new zero-day remote code execution (RCE) flaw in Microsoft Exchange Server, which it said has been actively exploited at least since early August. GTSC submitted the vulnerability to the Zero Day Initiative , which verified two flaws on September 8 and 9: ZDI-CAN-18333 and ZDI-CAN-18802, with CVSS scores of 8.8 and 6.3, respectively.

Government 116

Government Cybersecurity Security IT 116

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Dark Reading

OCTOBER 7, 2022

A boom in artificial intelligence-powered detection and remediation tools pushes security spending to the top of the AI market, according to Forrester.

Marketing 123

Marketing Artificial Intelligence Cybersecurity Security 123

Data Breach Today

OCTOBER 4, 2022

Hong Kong Privacy Office Says It Is 'Disappointed' With Breach Notification Upscale Asian hotelier Shangri-La Group has copped to a data breach incident that may affect hundreds of thousands of guests. The hotel detected unauthorized access to its guest database in July but didn't notify guests or regulators until September.

Data breaches 245

Data breaches Privacy Access IT 245

Security Affairs

OCTOBER 3, 2022

The Italian luxury sports car manufacturer Ferrari confirmed the availability of internal documents online, but said it has no evidence of cyber attack. Documents belonging to the Italian luxury sports car manufacturer Ferrari are circulating online, the company confirmed their authenticity stating it is not aware of cyber attacks. Ferrari is investigating the leak of the internal documents and announced it will implement all the necessary actions.

Manufacturing 116

Manufacturing Ransomware Authentication IT 116

eSecurity Planet

OCTOBER 3, 2022

ZINC, a sub-group of the notorious North Korean Lazarus hacking group, has implanted malicious payloads in open-source software to infiltrate corporate networks, Microsoft’s threat hunting team has reported. PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and the muPDF/Subliminal Recording software installer have been backdoored to perform a wide range of social engineering campaigns that started in April 2022.

IT 111

IT Phishing Encryption Archiving 111

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Dark Reading

OCTOBER 1, 2022

Weeks after it breached the Los Angeles Unified School District, the Vice Society ransomware group is threatening to leak the stolen data, unless they get paid.

Ransomware 118

Ransomware IT 118

Data Breach Today

OCTOBER 6, 2022

19-Year-Old From Sydney Suburbs Allegedly Sent Extortion SMS to Data Breach Victims Police arrested a teenager in his suburban Sydney home for allegedly attempting to extort AU$2,000 from victims of the Optus data breach. The unnamed 19-year-old allegedly threatened to conduct financial crimes using the information of 93 individuals unless he received a payout.

Data breaches 242

Data breaches 242

Security Affairs

OCTOBER 1, 2022

A cyberespionage group, tracked as Witchetty, used steganography to hide a previously undocumented backdoor in a Windows logo. Broadcom’s Symantec Threat Hunter Team observed a threat actor, tracked as Witchetty, using steganography to hide a previously undocumented backdoor in a Windows logo. The group used the backdoor in attacks against Middle Eastern governments.

Manufacturing 119

Manufacturing Government Cybersecurity IT 119