Sat.Mar 11, 2023 - Fri.Mar 17, 2023

article thumbnail

GUEST ESSAY: Could CISOs be on the verge of disproving the ‘security-as-a-cost-center’ fallacy?

The Last Watchdog

This year has kicked off with a string of high-profile layoffs — particularly in high tech — prompting organizations across all sectors to both consider costs and plan for yet another uncertain 12 or more months. Related: Attack surface management takes center stage. So how will this affect chief information security officers (CISOs) and security programs?

Security 203
article thumbnail

Why Security Practitioners Should Understand Their Business

Dark Reading

The sooner CISOs become proactive in understanding the flip side of the organizations they protect, the better they'll be at their jobs.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The risk of pasting confidential company data into ChatGPT

Security Affairs

Experts warn that employees are providing sensitive corporate data to the popular artificial intelligence chatbot model ChatGPT. Researchers from Cyberhaven Labs analyzed the use of ChatGPT by 1.6 million workers at companies across industries. They reported that 5.6% of them have used it in the workplace and 4.9% have provided company data to the popular chatbot model since it launched.

Risk 97
article thumbnail

A Spy Wants to Connect With You on LinkedIn

WIRED Threat Level

Russia, North Korea, Iran, and China have been caught using fake profiles to gather information. But the platform’s tools to weed them out only go so far.

article thumbnail

10 Rules for Managing Apache Cassandra

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

article thumbnail

A Rise in Dynamic Phishing

KnowBe4

Attackers are increasingly using techniques to prevent their phishing pages from being detected by security firms, a new report from BlueVoyant has found. The report found that in 2022 there was a 240% increase in phishing pages that attempted to redirect potential security researchers and bots away from the sites.

More Trending

article thumbnail

Feds Charge NY Man as BreachForums Boss “Pompompurin”

Krebs on Security

The U.S. Federal Bureau of Investigation (FBI) this week arrested a New York man on suspicion of running BreachForums , a popular English-language cybercrime forum where some of the world biggest hacked databases routinely show up for sale. The forum’s administrator “ Pompompurin ” has been a thorn in the side of the FBI for years, and BreachForums is widely considered a reincarnation of RaidForums , a remarkably similar crime forum that the FBI infiltrated and dismantled in 20

Sales 317
article thumbnail

EDPB Guidelines on international transfers: 6 key takeways

Data Protection Report

EDPB Guidelines on the interplay between Article 3 and the provisions in Chapter V of the General Data Protection Regulation on international data transfers On 14 February 2023, the European Data Protection Board ( EDPB ) published its Guidelines on the interplay between Article 3 and the provisions in Chapter V of the General Data Protection Regulation ( GDPR ) on international data transfers (the Guidelines ).

GDPR 142
article thumbnail

Understanding DMARC Better

KnowBe4

I talk and present often about DMARC (and SPF and DKIM), including here. A lot of people who think they understand how DMARC works, do not really understand it as well as they think they do. This post is aimed to help clarify some common misunderstandings.

IT 135
article thumbnail

Microsoft, CrowdStrike Lead Endpoint Protection Gartner MQ

Data Breach Today

Cybereason Enters Leaders Quadrant While Trellix Falls From Leader to Niche Player Microsoft and CrowdStrike once again dominate Gartner's Magic Quadrant for Endpoint Protection. Cybereason has risen to the leaders quadrant and Trellix has fallen to a niche player. The endpoint protection market has rapidly matured in recent years - 50% of organizations have already adopted EDR.

Marketing 280
article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

article thumbnail

Two U.S. Men Charged in 2022 Hacking of DEA Portal

Krebs on Security

Two U.S. men have been charged with hacking into a U.S. Drug Enforcement Agency (DEA) online portal that taps into 16 different federal law enforcement databases. Both are alleged to be part of a larger criminal organization that specializes in using fake emergency data requests from compromised police and government email accounts to publicly threaten and extort their victims.

article thumbnail

TikTok Banned on UK Government Devices

IT Governance

The UK government has announced plans to ban ministers and civil servants from using TikTok on work devices. It follows concern regarding the data privacy practices of the Chinese-owned app, with the European Parliament making a similar ruling last week. The problems stem from TikTok’s ties to the Chinese government and the ways that people’s personal data could be used for nefarious purposes.

article thumbnail

UK ICO Issues Updated Guidance on AI and Data Protection

Hunton Privacy

On March 15, 2023, the UK Information Commissioner’s Office (“ICO”) published an updated version of its guidance on AI and data protection (the “updated guidance”), following requests from UK industry to clarify requirements for fairness in AI. The key updates are summarized as follows: The updated guidance has been restructured using the data protection principles as the core of the structure.

article thumbnail

Healthcare Leaders Call for Cybersecurity Standards

Data Breach Today

Also: Please Help the Sector Pay for Cybersecurity, Execs Tell Senate Panel Healthcare executives called on Congress to ensure minimum cybersecurity standards, saying a wholly voluntary approach is failing clinics and hospitals. Gaps are widest at small rural hospitals, testified a former hospital CISO before the Senate Homeland Security and Governmental Affairs Committee.

article thumbnail

Navigating the Future: Generative AI, Application Analytics, and Data

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

article thumbnail

Microsoft Patch Tuesday, March 2023 Edition

Krebs on Security

Microsoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software. Two of those flaws are already being actively attacked, including an especially severe weakness in Microsoft Outlook that can be exploited without any user interaction. The Outlook vulnerability ( CVE-2023-23397 ) affects all versions of Microsoft Outlook from 2013 to the newest.

Passwords 243
article thumbnail

Access Control Gap in Microsoft Active Directory Widens Enterprise Attack Surface

Dark Reading

One researcher thinks trust is broken in AD. Microsoft disagrees that there's a security vulnerability. But enterprise IT environments should be aware of an authentication gap either way.

Access 117
article thumbnail

SEC Brings Cyber Disclosure Enforcement Action

Hunton Privacy

On March 9, 2023, the U.S. Securities and Exchange Commission (SEC) announced settled administrative charges against Blackbaud Inc. The case stems from disclosures Blackbaud made to investors regarding a 2020 ransomware attack that targeted donor data management software the company provides to non-profit organizations. The SEC’s order alleges that Blackbaud initially announced details of the incident on the company’s website and notified impacted customers in July 2020.

article thumbnail

European Digital Identity Bill Heads to Final Negotiations

Data Breach Today

European Parliament and Council of the EU Set to Engage in Trilogue The European Parliament approved Thursday legislation creating a continentwide framework for digital identity that European leaders hope will diminish the role of big tech companies such as Google and Apple. Members of the European Parliament have pushed for additional privacy measures.

Privacy 268
article thumbnail

Get Better Network Graphs & Save Analysts Time

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

article thumbnail

Microsoft Warns of Business Email Compromise Attacks Taking Hours

KnowBe4

According to Microsoft's Security Intelligence team, a recent business email compromise attack (BEC) has shown that threat actors are quickening the pace of these attacks, with certain elements only taking a few minutes.

Security 109
article thumbnail

Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector

Dark Reading

Over the weekend, cybercriminals laid the groundwork for Silicon Valley Bank-related fraud attacks that they're now starting to cash in on. Businesses are the targets and, sometimes, the enablers.

111
111
article thumbnail

Colorado Finalizes Rules Implementing the Colorado Privacy Act   

Hunton Privacy

On March 15, 2023, the Colorado Attorney General’s Office finalized rules implementing the Colorado Privacy Act (“CPA”). The finalized rules were released with an official redline that reflects prior revisions of the rules dated December 21, 2022 , January 27, 2023 , and February 23, 2023. The rules will be published in the Colorado Register later this month and will go into effect on July 1, 2023, when the CPA takes effect.

Privacy 114
article thumbnail

Breach Roundup: Med Devices, Hospitals and a Death Registry

Data Breach Today

On Radar: Zoll, CHU Saint-Pierre, Latitude Financial, LA Housing Authority In this week's data breach roundup: medical device manufacturer Zoll, CHU University hospitals, Australian company Latitude Financial, Hawaiian death registry, Los Angeles Housing Authority, Indian Railway ticketing app, updates on U.S. Marshals Service and Congress, and a new ransomware decryptor!

article thumbnail

10 Rules for Managing Apache Kafka

Without proper guidance, it’s easy to miss out on Kafka’s full capabilities. While not the easiest technology to optimize, Kafka rewards those willing to explore its depths. Under the hood, it is an elegant system for stream processing, event sourcing, and data integration. Download this white paper to learn the 10 critical rules that will help you optimize your Kafka system and unlock its full potential.

article thumbnail

Threat Actors are Using FINRA Impersonation For Their Attacks

KnowBe4

DomainTools warns that a sophisticated West Africa-based fraud group is impersonating the Financial Industry Regulatory Authority (FINRA) to target users in the United States, according to researchers at DomainTools. The threat actors are attempting to trick investors into providing sensitive documents in order to verify their identities. Users can avoid falling for these attacks if they’re familiar with FINRA’s legitimate roles.

article thumbnail

If These Walls Could Talk: A Century of Scandals and Secrets Behind the Oldest House in Beverly Hills

Information Governance Perspectives

The home I grew up in, Beverly Hills, California, figures prominently in my new memoir, The Bastard of Beverly Hills. I can't reveal too much because the setting is part of the book's mystery, but I can share some other odd facts about the home's history and it's owners that might blow your mind. The post If These Walls Could Talk: A Century of Scandals and Secrets Behind the Oldest House in Beverly Hills appeared first on The Bastard's Blog.

IT 105
article thumbnail

Microsoft Targets Critical Outlook Zero-Day Flaw

eSecurity Planet

Microsoft’s Patch Tuesday for March 2023 includes patches for more than 70 vulnerabilities, including zero-day flaws in Outlook and in Windows SmartScreen. According to Crowdstrike researchers , 40 percent of the patched vulnerabilities are remote code execution flaws, down from 48 percent last month; 31 percent are elevation of privilege flaws, up from almost 16 percent last month; and 22 percent are information disclosure flaws, up from 10 percent last month.

article thumbnail

Long-Term Care Services Firm Says Breach Affects 4.2 Million

Data Breach Today

'Inaccessible Computers' Incident Initially Reported as Affecting 501 People A vendor of clinical and third-party administrative services to managed care organizations and healthcare providers serving elderly and disabled patients said a cybersecurity incident last summer has affected more than 4.2 million individuals.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

79% of Employee-Reported Phishing Emails Go Completely Undetected by Cybersecurity Solutions

KnowBe4

As cybercriminals increasingly turn to malwareless phishing attacks, the ability for security solutions to correctly identify a malicious email is becoming more and more difficult.

Phishing 100
article thumbnail

Jamf After Dark: Current Mobile Security Landscape

Jamf

In the most recent episode of Jamf After Dark, co-hosts Kat Garbis, senior channel program Manager, and Sean Rabbitt, senior consulting engineer, Identity, discuss the current mobile security landscape with Jamf security experts Michael Covington, Garry Scotts and Suzan Sakarya.

article thumbnail

Golang-Based Botnet GoBruteforcer targets web servers

Security Affairs

A recently discovered Golang-based botnet, dubbed GoBruteforcer, is targeting web servers running FTP, MySQL, phpMyAdmin, and Postgres services Researchers from Palo Alto Networks Unit 42 recently discovered a Golang-based botnet, tracked as GoBruteforcer, which is targeting web servers running FTP, MySQL, phpMyAdmin, and Postgres services. In order to compromise a target system, the samples require special conditions on it, such as the use of specific arguments and targeted services already bei