Sat.Mar 18, 2023 - Fri.Mar 24, 2023

article thumbnail

Google Suspends Chinese App Following Malware Discovery

Data Breach Today

Google Discovered Malware In Pinduoduo’s Non-Play Store Versions Google suspended popular budget e-commerce application Pinduoduo from the Play Store after detecting malware on versions of the Chinese app downloadable from other online stores. Chinese security researchers say they found code inside Pinduoduo versions designed to monitor users.

Security 277
article thumbnail

GUEST ESSAY: Here’s why a big cybersecurity budget won’t necessarily keep your company safe

The Last Watchdog

The cybersecurity landscape is constantly changing. While it might seem like throwing more money into the IT fund or paying to hire cybersecurity professionals are good ideas, they might not pay off in the long run. Related : Security no longer just a ‘cost center’ Do large cybersecurity budgets always guarantee a company is safe from ongoing cybersecurity threats?

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Why You Should Opt Out of Sharing Data With Your Mobile Provider

Krebs on Security

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection. Here’s a primer on why you might want to do that, and how.

article thumbnail

Hackers Are Actively Exploiting Unpatched Adobe ColdFusion

Data Breach Today

Experts Urge Immediate Patching and Reviewing Servers for Signs of Compromise Hackers have been actively exploiting vulnerabilities in ColdFusion to remotely compromise servers, Adobe warns. Since at least early January, attackers have been dropping web shells via ColdFusion, but it's unclear if only now-known vulnerabilities are being exploited, security researchers say.

Security 269
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

ChatGPT Privacy Flaw

Schneier on Security

OpenAI has disabled ChatGPT’s privacy history, almost certainly because they had a security flaw where users were seeing each others’ histories.

Privacy 122

More Trending

article thumbnail

Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

Dark Reading

In two days, ethical researchers from 10 countries have unearthed more than 22 zero-day bugs in a wide range of technologies at the annual hacking contest.

145
145
article thumbnail

US Officials Urged to Examine Chinese Risk to Electric Grid

Data Breach Today

Utility Vendors Have Cut Back on Buying Chinese Transformers Due to Security Risks Utility companies have increasingly refrained from purchasing large power transformers from China given greater awareness of the security risks. Lawmakers sparred with the Energy Department's cybersecurity leader over how much of the electric grid contains components manufactured in China.

Risk 232
article thumbnail

UK’s New Pro-innovation Approach to Regulating Digital Technologies

Data Matters

On 15 March 2023, the UK Government published, alongside its Spring Budget, a report on the Pro-innovation Regulation of Technologies Review (the “ Report ”). The Report was led by the government’s Chief Scientific Advisor and National Technology Officer, Sir Patrick Vallance, who was tasked with “bringing together the best minds to advise how the UK can better regulate emerging technologies, enabling their rapid and safe introduction.

article thumbnail

FIRESIDE CHAT: U.S. banking regulators call out APIs as embodying an attack surface full of risk

The Last Watchdog

APIs have been a linchpin as far as accelerating digital transformation — but they’ve also exponentially expanded the attack surface of modern business networks. Related: Why ‘attack surface management’ has become crucial The resultant benefits-vs-risks gap has not surprisingly attracted the full attention of cyber criminals who now routinely leverage API weaknesses in all phases of sophisticated, multi-stage network attacks.

Risk 189
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

GitHub's Private RSA SSH Key Mistakenly Exposed in Public Repository

Dark Reading

GitHub hastens to replace its RSA SSH host key after an exposure mishap threatens users with man-in-the-middle attacks and organization impersonation.

IT 142
article thumbnail

US Charges Bulgarian Woman in $4B OneCoin Fraud Case

Data Breach Today

Irina Dilkinska Allegedly Laundered $400M as Firm's Legal, Compliance Head A Bulgarian woman extradited to the United States for her role in a $4 billion crypto pyramid scheme adds to a growing list of law enforcement actions against perpetrators of the OneCoin Ponzi scheme. OneCoin generated $4 billion in fraudulent revenue and earned profits of close to $3 billion.

article thumbnail

FTC Announces Orders to Address Deceptive Advertising on Social Media and Video Streaming Platforms

Hunton Privacy

On March 16, 2023, the Federal Trade Commission announced it issued orders to eight social media and video streaming platforms seeking Special Reports on how the platforms review and monitor commercial advertising to detect, prevent and reduce deceptive advertisements, including those related to fraudulent healthcare products, financial scams and the sale of fake goods.

Sales 113
article thumbnail

Ferrari Hits a Roadblock as Cyber Criminals Hold it to Ransom

IT Governance

Ferrari is racing to contain the damage after it was targeted by cyber criminals this week. The supercar manufacturer said that its systems were compromised and that customer data has been stolen. In a breach notification letter sent to affected individuals, Ferrari noted that a limited number of IT systems were breached, and some customers’ names, addresses, email addresses and telephone numbers were exposed.

IT 111
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Chinese Warships Suspected of Signal-Jamming Passenger Jets

Dark Reading

Attackers claiming to be part of the Chinese navy are making calls to commercial Qantas pilots midair, while GPS, comms systems, and altimeter instruments are all experiencing denial of service.

114
114
article thumbnail

How BreachForums' 'Pompompurin' Led the FBI to His Home

Data Breach Today

Police: Fitzpatrick Waived Right to Silence, Confessed to Starting & Running Forum The alleged administrator of criminal online forum BreachForums may have thought he took steps to hide his real identity, but instead he left a trail of digital breadcrumbs that led to his arrest and prosecution, shows information unsealed in federal court.

190
190
article thumbnail

Cyber-insurance – 72 hours for the insured party to file a criminal complaint: GDPR’s false friend

Data Protection Report

Cyberattacks have become more frequent, problematic and complex over the years – so much so that they now represent a real threat to economic activities. The French Information and Digital Security Experts Club ( CESIN ) has estimated that 54% of French companies were subject to cyberattacks in 2021, [1] while France Assureurs has put cyberattack risks on top of all other risks for the sixth year in a row. [2] In this context, the Directorate General of the French Treasury has put forward a plan

Insurance 105
article thumbnail

IT Governance Podcast 2023-6: Ferrari, Dole, TikTok (again), Android

IT Governance

This week, we discuss ransomware attacks on Ferrari and the Dole Food Company, another TikTok ban – this time by the BBC – and vulnerabilities that allow some Android phones to be hacked with only the victim’s phone number. Now available on Spotify , Amazon Music , Apple Podcasts and SoundCloud. The post IT Governance Podcast 2023-6: Ferrari, Dole, TikTok (again), Android appeared first on IT Governance UK Blog.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Zoom Zoom: 'Dark Power' Ransomware Extorts 10 Targets in Less Than a Month

Dark Reading

A new threat actor is racking up victims and showing unusual agility. Part of its success could spring from the use of the Nim programming language.

article thumbnail

GitHub Replaces Private RSA SSH Key After Public Exposure

Data Breach Today

'Abundance of Caution' Cited for Move; No System Compromise or Data Breach Detected GitHub has replaced its private RSA SSH host key after discovering it was being inadvertently exposed to the public via a GitHub repository. Used to safeguard SSH access to Git operations, a bad actor could use the key to impersonate GitHub or eavesdrop. But GitHub reported no signs of abuse.

article thumbnail

DOJ Publishes New Corporate Compliance Guidance Related to Communications Platforms and Messaging Applications

Hunton Privacy

On March 3, 2023, the U.S. Department of Justice (“DOJ”) released an update to its Evaluation of Corporate Compliance Programs guidance (“ECCP Guidance”). The ECCP Guidance serves as a guidance document for prosecutors when evaluating a corporate compliance program. Among other updates, the ECCP Guidance now includes new guidance for assessing how companies govern employees’ use of personal devices, communication platforms and messaging applications.

article thumbnail

Identifying AI-Enabled Phishing

KnowBe4

Users need to adapt to an evolving threat landscape in which attackers can use AI tools like ChatGPT to craft extremely convincing phishing emails, according to Matthew Tyson at CSO.

Phishing 104
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

10 Vulnerabilities Types to Focus On This Year

Dark Reading

A new Tech Insight report examines how the enterprise attack surface is expanding and how organizations must deal with vulnerabilities in emerging technologies.

110
110
article thumbnail

Hacker Exploits Months-Old Bug to Steal Crypto From ATMs

Data Breach Today

Now-Patched Bug Allowed Thief to Remotely Steal User Passwords, Private Keys Bitcoin ATM manufacturer General Bytes suspended its cloud services supporting more than 15,000 machines after a hacker exploited a vulnerability in its software to steal user passwords and private keys and made off with cryptocurrency worth millions of dollars.

article thumbnail

SEC Advances Three New Cybersecurity Rule Proposals

Hunton Privacy

On March 15, 2023, the Securities and Exchange Commission (“SEC”) proposed three rules related to cybersecurity and the protection of consumer information. The SEC’s first proposal would amend Regulation S-P. Regulation S-P imposes privacy, data security, and data disposal rules on broker-dealers, investment advisers, and investment companies subject to the SEC’s authority under the Gramm-Leach-Bliley Act.

article thumbnail

Apple and Jamf help airline employees spread their wings

Jamf

The aviation industry is always on the move; their technology needs to be able to keep up. Apple and Jamf help airlines stay efficient and effective on the go—read this blog to learn more.

98
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Okta Post-Exploitation Method Exposes User Passwords

Dark Reading

Accidentally typing a password in the username field of the platform saves them to audit logs, to which threat actors can gain access and use to compromise enterprise services.

Passwords 104
article thumbnail

Lawmakers Weigh New Regulations in U.S. Cyber Strategy

Data Breach Today

Don't 'Overregulate,' GOP Subcommittee Chairwoman Tells White House Official Members of a U.S. House panel got their first look at the Biden Administration's new National Cybersecurity Strategy and quizzed the White House cybersecurity director on the timeline, proposed regulations and incentives for private businesses.

article thumbnail

CIPL Publishes Key Takeaways from Age Assurance and Age Verification Tools Roundtable

Hunton Privacy

On February 16, 2023, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP held a virtual roundtable to discuss the role of age assurance and age verification tools as part of its Children’s Data Privacy Project. Representatives from CIPL member companies, data protection authorities, civil society and experts exchanged views on the effectiveness of different methodologies and emerging best practices to shield minors from harmful or inappropriate content.

Risk 102