Sat.Mar 11, 2023 - Fri.Mar 17, 2023

article thumbnail

GUEST ESSAY: Could CISOs be on the verge of disproving the ‘security-as-a-cost-center’ fallacy?

The Last Watchdog

This year has kicked off with a string of high-profile layoffs — particularly in high tech — prompting organizations across all sectors to both consider costs and plan for yet another uncertain 12 or more months. Related: Attack surface management takes center stage. So how will this affect chief information security officers (CISOs) and security programs?

Security 203
article thumbnail

Why Security Practitioners Should Understand Their Business

Dark Reading

The sooner CISOs become proactive in understanding the flip side of the organizations they protect, the better they'll be at their jobs.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The risk of pasting confidential company data into ChatGPT

Security Affairs

Experts warn that employees are providing sensitive corporate data to the popular artificial intelligence chatbot model ChatGPT. Researchers from Cyberhaven Labs analyzed the use of ChatGPT by 1.6 million workers at companies across industries. They reported that 5.6% of them have used it in the workplace and 4.9% have provided company data to the popular chatbot model since it launched.

Risk 97
article thumbnail

A Spy Wants to Connect With You on LinkedIn

WIRED Threat Level

Russia, North Korea, Iran, and China have been caught using fake profiles to gather information. But the platform’s tools to weed them out only go so far.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

A Rise in Dynamic Phishing

KnowBe4

Attackers are increasingly using techniques to prevent their phishing pages from being detected by security firms, a new report from BlueVoyant has found. The report found that in 2022 there was a 240% increase in phishing pages that attempted to redirect potential security researchers and bots away from the sites.

More Trending

article thumbnail

Feds Charge NY Man as BreachForums Boss “Pompompurin”

Krebs on Security

The U.S. Federal Bureau of Investigation (FBI) this week arrested a New York man on suspicion of running BreachForums , a popular English-language cybercrime forum where some of the world biggest hacked databases routinely show up for sale. The forum’s administrator “ Pompompurin ” has been a thorn in the side of the FBI for years, and BreachForums is widely considered a reincarnation of RaidForums , a remarkably similar crime forum that the FBI infiltrated and dismantled in 20

Sales 294
article thumbnail

SHARED INTEL Q&A: Bi-partisan report calls a for a self-sacrificing approach to cybersecurity

The Last Watchdog

A new report from the Bipartisan Policy Center ( BPC ) lays out — in stark terms – the prominent cybersecurity risks of the moment. Related: Pres. Biden’s impact on cybersecurity. The BPC’s Top Risks in Cybersecurity 2023 analysis calls out eight “top macro risks” that frame what’s wrong and what’s at stake in the cyber realm. BPC is a Washington, DC-based think tank that aims to revitalize bipartisanship in national politics.

article thumbnail

EDPB Guidelines on international transfers: 6 key takeways

Data Protection Report

EDPB Guidelines on the interplay between Article 3 and the provisions in Chapter V of the General Data Protection Regulation on international data transfers On 14 February 2023, the European Data Protection Board ( EDPB ) published its Guidelines on the interplay between Article 3 and the provisions in Chapter V of the General Data Protection Regulation ( GDPR ) on international data transfers (the Guidelines ).

GDPR 141
article thumbnail

Microsoft, CrowdStrike Lead Endpoint Protection Gartner MQ

Data Breach Today

Cybereason Enters Leaders Quadrant While Trellix Falls From Leader to Niche Player Microsoft and CrowdStrike once again dominate Gartner's Magic Quadrant for Endpoint Protection. Cybereason has risen to the leaders quadrant and Trellix has fallen to a niche player. The endpoint protection market has rapidly matured in recent years - 50% of organizations have already adopted EDR.

Marketing 290
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Two U.S. Men Charged in 2022 Hacking of DEA Portal

Krebs on Security

Two U.S. men have been charged with hacking into a U.S. Drug Enforcement Agency (DEA) online portal that taps into 16 different federal law enforcement databases. Both are alleged to be part of a larger criminal organization that specializes in using fake emergency data requests from compromised police and government email accounts to publicly threaten and extort their victims.

article thumbnail

TikTok Banned on UK Government Devices

IT Governance

The UK government has announced plans to ban ministers and civil servants from using TikTok on work devices. It follows concern regarding the data privacy practices of the Chinese-owned app, with the European Parliament making a similar ruling last week. The problems stem from TikTok’s ties to the Chinese government and the ways that people’s personal data could be used for nefarious purposes.

article thumbnail

Key Points from the US National Cybersecurity Strategy 2023

Thales Cloud Protection & Licensing

Key Points from the US National Cybersecurity Strategy 2023 divya Mon, 03/13/2023 - 15:39 On March 2, the Biden administration released its 2023 National Cybersecurity Strategy, an attempt “ to secure the full benefits of a safe and secure digital ecosystem for all Americans.” The Strategy recognizes that the US government must use all tools of national power in a coordinated manner to protect national security, public safety, and economic prosperity.

article thumbnail

Healthcare Leaders Call for Cybersecurity Standards

Data Breach Today

Also: Please Help the Sector Pay for Cybersecurity, Execs Tell Senate Panel Healthcare executives called on Congress to ensure minimum cybersecurity standards, saying a wholly voluntary approach is failing clinics and hospitals. Gaps are widest at small rural hospitals, testified a former hospital CISO before the Senate Homeland Security and Governmental Affairs Committee.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Microsoft Patch Tuesday, March 2023 Edition

Krebs on Security

Microsoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software. Two of those flaws are already being actively attacked, including an especially severe weakness in Microsoft Outlook that can be exploited without any user interaction. The Outlook vulnerability ( CVE-2023-23397 ) affects all versions of Microsoft Outlook from 2013 to the newest.

Passwords 224
article thumbnail

Understanding DMARC Better

KnowBe4

I talk and present often about DMARC (and SPF and DKIM), including here. A lot of people who think they understand how DMARC works, do not really understand it as well as they think they do. This post is aimed to help clarify some common misunderstandings.

IT 127
article thumbnail

UK ICO Issues Updated Guidance on AI and Data Protection

Hunton Privacy

On March 15, 2023, the UK Information Commissioner’s Office (“ICO”) published an updated version of its guidance on AI and data protection (the “updated guidance”), following requests from UK industry to clarify requirements for fairness in AI. The key updates are summarized as follows: The updated guidance has been restructured using the data protection principles as the core of the structure.

article thumbnail

Breach Roundup: Med Devices, Hospitals and a Death Registry

Data Breach Today

On Radar: Zoll, CHU Saint-Pierre, Latitude Financial, LA Housing Authority In this week's data breach roundup: medical device manufacturer Zoll, CHU University hospitals, Australian company Latitude Financial, Hawaiian death registry, Los Angeles Housing Authority, Indian Railway ticketing app, updates on U.S. Marshals Service and Congress, and a new ransomware decryptor!

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Access Control Gap in Microsoft Active Directory Widens Enterprise Attack Surface

Dark Reading

One researcher thinks trust is broken in AD. Microsoft disagrees that there's a security vulnerability. But enterprise IT environments should be aware of an authentication gap either way.

Access 117
article thumbnail

If These Walls Could Talk: A Century of Scandals and Secrets Behind the Oldest House in Beverly Hills

Information Governance Perspectives

The home I grew up in, Beverly Hills, California, figures prominently in my new memoir, The Bastard of Beverly Hills. I can't reveal too much because the setting is part of the book's mystery, but I can share some other odd facts about the home's history and it's owners that might blow your mind. The post If These Walls Could Talk: A Century of Scandals and Secrets Behind the Oldest House in Beverly Hills appeared first on The Bastard's Blog.

IT 105
article thumbnail

SEC Brings Cyber Disclosure Enforcement Action

Hunton Privacy

On March 9, 2023, the U.S. Securities and Exchange Commission (SEC) announced settled administrative charges against Blackbaud Inc. The case stems from disclosures Blackbaud made to investors regarding a 2020 ransomware attack that targeted donor data management software the company provides to non-profit organizations. The SEC’s order alleges that Blackbaud initially announced details of the incident on the company’s website and notified impacted customers in July 2020.

article thumbnail

European Digital Identity Bill Heads to Final Negotiations

Data Breach Today

European Parliament and Council of the EU Set to Engage in Trilogue The European Parliament approved Thursday legislation creating a continentwide framework for digital identity that European leaders hope will diminish the role of big tech companies such as Google and Apple. Members of the European Parliament have pushed for additional privacy measures.

Privacy 276
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector

Dark Reading

Over the weekend, cybercriminals laid the groundwork for Silicon Valley Bank-related fraud attacks that they're now starting to cash in on. Businesses are the targets and, sometimes, the enablers.

111
111
article thumbnail

Microsoft Warns of Business Email Compromise Attacks Taking Hours

KnowBe4

According to Microsoft's Security Intelligence team, a recent business email compromise attack (BEC) has shown that threat actors are quickening the pace of these attacks, with certain elements only taking a few minutes.

Security 105
article thumbnail

Colorado Finalizes Rules Implementing the Colorado Privacy Act   

Hunton Privacy

On March 15, 2023, the Colorado Attorney General’s Office finalized rules implementing the Colorado Privacy Act (“CPA”). The finalized rules were released with an official redline that reflects prior revisions of the rules dated December 21, 2022 , January 27, 2023 , and February 23, 2023. The rules will be published in the Colorado Register later this month and will go into effect on July 1, 2023, when the CPA takes effect.

Privacy 114
article thumbnail

Long-Term Care Services Firm Says Breach Affects 4.2 Million

Data Breach Today

'Inaccessible Computers' Incident Initially Reported as Affecting 501 People A vendor of clinical and third-party administrative services to managed care organizations and healthcare providers serving elderly and disabled patients said a cybersecurity incident last summer has affected more than 4.2 million individuals.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Jamf After Dark: Current Mobile Security Landscape

Jamf

In the most recent episode of Jamf After Dark, co-hosts Kat Garbis, senior channel program Manager, and Sean Rabbitt, senior consulting engineer, Identity, discuss the current mobile security landscape with Jamf security experts Michael Covington, Garry Scotts and Suzan Sakarya.

article thumbnail

Threat Actors are Using FINRA Impersonation For Their Attacks

KnowBe4

DomainTools warns that a sophisticated West Africa-based fraud group is impersonating the Financial Industry Regulatory Authority (FINRA) to target users in the United States, according to researchers at DomainTools. The threat actors are attempting to trick investors into providing sensitive documents in order to verify their identities. Users can avoid falling for these attacks if they’re familiar with FINRA’s legitimate roles.

article thumbnail

Golang-Based Botnet GoBruteforcer targets web servers

Security Affairs

A recently discovered Golang-based botnet, dubbed GoBruteforcer, is targeting web servers running FTP, MySQL, phpMyAdmin, and Postgres services Researchers from Palo Alto Networks Unit 42 recently discovered a Golang-based botnet, tracked as GoBruteforcer, which is targeting web servers running FTP, MySQL, phpMyAdmin, and Postgres services. In order to compromise a target system, the samples require special conditions on it, such as the use of specific arguments and targeted services already bei