Weissman's World

APRIL 3, 2024

My work keeps me in touch with a lot of organizations, some already Doing Information Right™ but many more that have only gotten as far as to know they have to do SOMETHING, but haven’t yet figured out what. Too often, they just kick the can down the road, not understanding that not making a… Read More » No Decision IS a Decision in Information Governance The post No Decision IS a Decision in Information Governance appeared first on Holly Group.

Information governance 156

Information governance Government Records Management 156

WIRED Threat Level

APRIL 1, 2024

To settle a years-long lawsuit, Google has agreed to delete “billions of data records” collected from users of “Incognito mode,” illuminating the pitfalls of relying on Chrome to protect your privacy.

Privacy 140

Privacy Security 140

Data Breach Today

APRIL 1, 2024

GSA Establishes Framework for Security Regulations Covering Federal Acquisitions The federal government aims to streamline its information security and supply chain security procurement policies as part of an effort to better safeguard federal systems. It published a rule establishing a new section in the Federal Acquisition Regulation to consolidate cybersecurity requirements.

Information Security 274

Information Security Government Security Cybersecurity 274

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. In January 2024, The Manipulaters pleaded with this author to unpublish previous stories about their work, claiming the group had turned over a new leaf and gone legitimate.

Phishing 223

Phishing Passwords Risk Sales 223

Advertisement

With its unparalleled flexibility, rapid development and cost-saving capabilities, open source is proving time and again that it’s the leader in data management. But as the growth in open source adoption increases, so does the complexity of your data infrastructure. In this Analyst Brief developed with IDC, discover how and why the best solution to this complexity is a managed service, including: Streamlined compliance with some of the most complex regulatory guidelines Simplified operations, li

Compliance

The Last Watchdog

APRIL 1, 2024

The technology and best practices for treating cybersecurity as a business enabler, instead of an onerous cost-center, have long been readily available. Related: Data privacy vs data security However, this remains a novel concept at most companies. Now comes a Forrester Research report that vividly highlights why attaining and sustaining a robust cybersecurity posture translates into a competitive edge.

Cybersecurity 236

Cybersecurity Privacy B2B Risk 236

Data Breach Today

MARCH 30, 2024

Data of 75 Million Individuals, Including SSNs, Posted On Criminal Forum AT&T did an about-face Saturday, saying that a leaked tranche of data pertaining to 73 million individuals does in fact reveal sensitive information of current and former customers of America's largest wireless phone carrier. The company isn't necessarily taking responsibility for the breach.

325

325

Krebs on Security

APRIL 4, 2024

A cybercrook who has been setting up websites that mimic the self-destructing message service privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers.

Phishing 217

Phishing Blockchain Manufacturing Encryption 217

The Last Watchdog

APRIL 2, 2024

It’s a digital swindle as old as the internet itself, and yet, as the data tells us, the vast majority of security incidents are still rooted in the low-tech art of social engineering. Related: AI makes scam email look real Fresh evidence comes from Mimecast’s “The State of Email and Collaboration Security” 2024 report. The London-based supplier of email security technology, surveyed 1,100 information technology and cybersecurity professionals worldwide and found: •Human risk remains a

Security 212

Security Communications Risk Phishing 212

The Guardian Data Protection

APRIL 4, 2024

Exclusive: senior party officials worked on commercial venture that would allow brands to sell products to supporters Senior Conservative party officials worked on plans to hand over its entire membership database for a commercial venture that promised to make tens of millions of pounds, the Guardian can reveal. Leaked documents show Tory executives discussed exploiting members’ personal data to build a mobile phone app that could track users’ locations and allow big brands to advertise to Conse

Sales 145

Sales Personal data IT 145

Advertisement

The complexity of financial data, the need for real-time insight, and the demand for user-friendly visualizations can seem daunting when it comes to analytics - but there is an easier way. With Logi Symphony, we aim to turn these challenges into opportunities. Our platform empowers you to seamlessly integrate advanced data analytics, generative AI, data visualization, and pixel-perfect reporting into your applications, transforming raw data into actionable insights.

Analytics

Data Breach Today

APRIL 5, 2024

A Fake Software Library Made Up by a ChatBot Was Downloaded More Than 35,000 Times Generative artificial intelligence is good at sounding authoritative - even when it's making stuff up. One community that thinks so-called AI hallucinations are actually a good thing: hackers. Especially when developers use AI tools that hallucinate entire software libraries.

Artificial Intelligence 317

Artificial Intelligence Libraries IT 317

Thales Cloud Protection & Licensing

APRIL 3, 2024

Luna HSMs FIPS 140-3 Validation sparsh Wed, 04/03/2024 - 07:52 FIPS 140-3 and You, Part Two Awhile back, we shared that Thales Luna HSMs were about to kick-off the process of moving towards Federal Information Processing Standard (FIPS) 140-3 Level 3, the newest security standard to accredit cryptographic modules. Security standards, like technology, are always evolving, making compliance challenging for customers and vendors alike.

Compliance 133

Compliance Encryption Marketing Security 133

WIRED Threat Level

APRIL 3, 2024

The thwarted XZ Utils supply chain attack was years in the making. Now, clues suggest nation-state hackers were behind the persona that inserted the malicious code.

Security 143

Security 143

Security Affairs

MARCH 31, 2024

A Linux variant of the DinodasRAT backdoor used in attacks against users in China, Taiwan, Turkey, and Uzbekistan, researchers from Kaspersky warn. Researchers from Kaspersky uncovered a Linux version of a multi-platform backdoor DinodasRAT that was employed in attacks targeting China, Taiwan, Turkey, and Uzbekistan. DinodasRAT (aka XDealer ) is written in C++ and supports a broad range of capabilities to spy on users and steal sensitive data from a target’s system.

Libraries 132

Libraries Encryption Communications Government 132

Advertisement

Adding high-quality entity resolution capabilities to enterprise applications, services, data fabrics or data pipelines can be daunting and expensive. Organizations often invest millions of dollars and years of effort to achieve subpar results. This guide will walk you through the requirements and challenges of implementing entity resolution. By the end, you'll understand what to look for, the most common mistakes and pitfalls to avoid, and your options.

IT

Data Breach Today

APRIL 1, 2024

Chinese Hackers Have Used DinodasRAT Hackers are using a new version of a backdoor to target Linux servers and gain and maintain access in what appears to be an espionage campaign, warn researchers from Kaspersky. The hallmark of DinodasRAT's strategy is its sophisticated victim identification and persistence mechanisms.

Access 322

Access IT 322

Schneier on Security

APRIL 2, 2024

The cybersecurity world got really lucky last week. An intentionally placed backdoor in xz Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have been incorporated into both Debian and Red Hat Linux. From ArsTehnica : Malicious code added to xz Utils versions 5.6.0 and 5.6.1 modified the way the software functions.

Encryption 129

Encryption Libraries Cybersecurity IT 129

KnowBe4

APRIL 3, 2024

A trojanized version of the McAfee Security app is installing the Android banking Trojan “Vultur,” according to researchers at Fox-IT. The attackers are spreading links to the malicious app via text messages and phone calls.

Security 118

Security IT Phishing 118

Security Affairs

MARCH 30, 2024

AT&T confirmed that a data breach impacted 73 million current and former customers after its data were leaked on a cybercrime forum. In March 2024, more than 70,000,000 records from an unspecified division of AT&T were leaked onto Breached forum, vx-underground researchers reported. Today 70,000,000+ records from an unspecified division of AT&T were leaked onto Breached.

Data breaches 131

Data breaches Sales Archiving Access 131

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

Artificial Intelligence

Data Breach Today

APRIL 4, 2024

New IACS Rules to Secure Onboard Digital Systems, Equipment Go Into Effect July 1 IT and OT security experts say threats to shipping underscore the need for more stringent regulations for passenger, cargo and high-speed vessels by the International Association of Classification Societies. The new IACS cybersecurity and resilience requirements will go into effect July 1.

Cybersecurity 316

Cybersecurity IT Security 316

Schneier on Security

APRIL 4, 2024

The ProtonMail people are accusing Microsoft’s new Outlook for Windows app of conducting extensive surveillance on its users. It shares data with advertisers, a lot of data: The window informs users that Microsoft and those 801 third parties use their data for a number of purposes, including to: Store and/or access information on the user’s device Develop and improve products Personalize ads and content Measure ads and content Derive audience insights Obtain precise geolocation data

Access 128

Access IT Data collection Privacy 128

IT Governance

APRIL 4, 2024

A Springboard to Career Success CISM® (Certified Information Security Manager) is a globally recognised qualification that provides a good understanding of IT security with a management flavour. But with so much in the news about AI, Cloud security and other niche areas of cyber security, it’s easy to overlook the importance of such solid, tried-and-tested qualifications in information security.

Information Security 116

Information Security Cloud Government Security 116

Security Affairs

MARCH 30, 2024

Red Hat warns of a backdoor in XZ Utils data compression tools and libraries in Fedora development and experimental versions. Red Hat urges users to immediately stop using systems running Fedora development and experimental versions because of a backdoor in the latest versions of the “xz” tools and libraries. Red Hat Information Risk and Security and Red Hat Product Security determined that Fedora Linux 40 beta does use two versions of xz libraries – xz-libs-5.6.0-1.fc40.x86_64.rpm and xz-

Libraries 126

Libraries Authentication Access Risk 126

Advertisement

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

Paper

Data Breach Today

APRIL 5, 2024

Acquiring Baselime Will Give Developers Better Visibility Into Serverless Platforms Cloudflare purchased an observability startup founded by an aerospace dynamics expert to enhance the developer experience on serverless platforms. Baselime will allow developers to optimize performance, investigate bugs and regressions, and identify when a release needs to be rolled back.

306

306

Schneier on Security

APRIL 2, 2024

Through a 2010 FOIA request (yes, it took that long), we have copies of the NSA’s KRYPTOS Society Newsletter, “ Tales of the Krypt ,” from 1994 to 2003. There are many interesting things in the 800 pages of newsletter. There are many redactions. And a 1994 review of Applied Cryptography by redacted : Applied Cryptography, for those who don’t read the internet news, is a book written by Bruce Schneier last year.

FOIA 111

FOIA IT Security 111

eSecurity Planet

APRIL 1, 2024

Vendors and researchers disclosed a wide range of vulnerabilities this week from common Cisco IOS, Fortinet, and Windows Server issues to more focused flaws affecting developers (PyPI), artificial intelligence (Ray, NVIDIA), and industrial controls (Rockwell Automation). While most issues can be fixed through prompt patching and updating, a few remain unfixed and may require more significant changes to the security stack to block possible attacks.

Libraries 107

Libraries Authentication Artificial Intelligence Cloud 107

Security Affairs

APRIL 2, 2024

A cross-site scripting vulnerability (XXS) in the WordPress WP-Members Membership plugin can lead to malicious script injection. Researchers from Defiant’s Wordfence research team disclosed a cross-site scripting vulnerability (XXS) in the WordPress WP-Members Membership plugin that can lead to malicious script injection. The Unauthenticated Stored Cross-Site Scripting vulnerability was reported to Wordfence by the WordPress developer Webbernaut as part of the company Bug Bounty Extravaganza.

Access 124

Access IT Information Security Security 124

Advertisement

In the fast-moving manufacturing sector, delivering mission-critical data insights to empower your end users or customers can be a challenge. Traditional BI tools can be cumbersome and difficult to integrate - but it doesn't have to be this way. Logi Symphony offers a powerful and user-friendly solution, allowing you to seamlessly embed self-service analytics, generative AI, data visualization, and pixel-perfect reporting directly into your applications.

Analytics

Data Breach Today

APRIL 5, 2024

New Malware With Ties to IcedID Loader Evades Detection, Gains Persistence Security researchers are warning about a relatively new malware called Latrodectus, believed to be an evolutionary successor to the IcedID loader. It has been detected in malicious email campaigns since November 2023, and recent enhancements make it harder to detect and mitigate.

Security 308

Security IT 308

Schneier on Security

APRIL 5, 2024

It seems that the FCC might be fixing the vulnerabilities in SS7 and the Diameter protocol: On March 27 the commission asked telecommunications providers to weigh in and detail what they are doing to prevent SS7 and Diameter vulnerabilities from being misused to track consumers’ locations. The FCC has also asked carriers to detail any exploits of the protocols since 2018.

Communications 107

Communications Security IT 107

Jamf

APRIL 3, 2024

Keeping your endpoints secure is necessary for data protection. Learn what endpoint security is, what it defends against and tools to use for endpoint protection.

Security 111

Security IT 111