March, 2024

article thumbnail

Russian State Hackers Penetrated Microsoft Code Repositories

Data Breach Today

Russian Foreign Intelligence Service Hack Gets Worse for Computing Giant A Russian state hack against Microsoft was more serious than initially supposed, Microsoft acknowledged in a Friday disclosure to federal regulators. Microsoft said a Moscow threat actor obtained access to "source code repositories and internal systems.

Access 323
article thumbnail

CEO of data privacy company Onerep.com founded dozens of people-search firms

Krebs on Security

The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Business Forms and AI

AIIM

Nobody gives much thought to business forms; they just ‘are.’ As for the management of business forms, almost nobody knows that Forms Management is a ‘thing’; many likely wonder why business forms even need managing. Frankly, it’s as if business forms are unimportant, yet that could not be further from reality. They are critically important, and their centrality and importance in the world of information management and enterprise automation will likely grow exponentially over the coming years.

article thumbnail

Critical Fortinet FortiOS bug CVE-2024-21762 potentially impacts 150,000 internet-facing devices

Security Affairs

Researchers warn that the critical vulnerability CVE-2024-21762 in Fortinet FortiOS could potentially impact 150,000 exposed devices. In February, Fortinet warned that the critical remote code execution vulnerability CVE-2024-21762 (CVSS score 9.6) in FortiOS SSL VPN was actively exploited in attacks in the wild. The security firm did not provide details about the attacks exploiting this vulnerability.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Airbnb Bans All Indoor Security Cameras

WIRED Threat Level

Starting at the end of April, Airbnb will no longer allow hosts to have security cameras inside their rental properties, citing a commitment to prioritizing guest privacy.

Security 130

More Trending

article thumbnail

Alert: Info Stealers Target Stored Browser Credentials

Data Breach Today

Calls Grow to Block Browser-Based Password Storage as Malware Comes Calling Saving passwords in browser-based password managers or via "remember my details" website options might make for simple and fast log-ins for employees, but they also give attackers an easy way to lift legitimate credentials, oftentimes via highly automated, information-stealing malware, experts warn.

Passwords 333
article thumbnail

Incognito Darknet Market Mass-Extorts Buyers, Sellers

Krebs on Security

Borrowing from the playbook of ransomware purveyors, the darknet narcotics bazaar Incognito Market has begun extorting all of its vendors and buyers, threatening to publish cryptocurrency transaction and chat records of users who refuse to pay a fee ranging from $100 to $20,000. The bold mass extortion attempt comes just days after Incognito Market administrators reportedly pulled an “exit scam” that left users unable to withdraw millions of dollars worth of funds from the platform.

Marketing 264
article thumbnail

Polishing Rough Diamonds: How Information Governance Boosts AI-Driven Innovation

AIIM

With AI-centric use cases expanding to extract value from both physical and digital assets, it’s time to see information governance as a way to accelerate innovation.

article thumbnail

Linux Malware targets misconfigured misconfigured Apache Hadoop, Confluence, Docker, and Redis servers

Security Affairs

A new Linux malware campaign campaign is targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances. Researchers from Cado Security observed a new Linux malware campaign targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances. The threat actors behind this campaign employed previously undetected payloads, including four Golang binaries that are used to automate the discovery and infection of hosts running the above services.

Honeypots 139
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

There Are Dark Corners of the Internet. Then There's 764

WIRED Threat Level

A global network of violent predators is hiding in plain sight, targeting children on major platforms, grooming them, and extorting them to commit horrific acts of abuse.

Security 127
article thumbnail

New Hampshire Becomes 15th State to Enact a Comprehensive State Privacy Law

Hunton Privacy

On March 6, 2024, Governor Chris Sununu signed into law SB 255 , making New Hampshire the 15th state with a comprehensive privacy law. Applicability SB 255 applies to persons that “conduct business” in New Hampshire (“NH”) or persons that “produce products or services that are targeted to residents of” NH that, in the period of a year: (1) “controlled or processed the personal data of not less than 35,000 unique consumers, excluding personal data controlled or processed solely for the purpose of

Privacy 112
article thumbnail

Hackers Hiding Keylogger, RAT Malware in SVG Image Files

Data Breach Today

New Campaign Evades Security Tools to Deliver Agent Tesla Keylogger and XWorm RAT Threat actors are using image files or Scalable Vector Graphics files to deliver ransomware, download banking Trojans or distribute malware. The campaign uses an open-source tool, AutoSmuggle, to facilitate the delivery of malicious files through SVG or HTML files.

article thumbnail

Patch Tuesday, March 2024 Edition

Krebs on Security

Apple and Microsoft recently released software updates to fix dozens of security holes in their operating systems. Microsoft today patched at least 60 vulnerabilities in its Windows OS. Meanwhile, Apple’s new macOS Sonoma addresses at least 68 security weaknesses, and its latest update for iOS fixes two zero-day flaws. Last week, Apple pushed out an urgent software update to its flagship iOS platform, warning that there were at least two zero-day exploits for vulnerabilities being used in

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

LLM Prompt Injection Worm

Schneier on Security

Researchers have demonstrated a worm that spreads through prompt injection. Details : In one instance, the researchers, acting as attackers, wrote an email including the adversarial text prompt, which “poisons” the database of an email assistant using retrieval-augmented generation (RAG) , a way for LLMs to pull in extra data from outside its system.

Paper 118
article thumbnail

Threat actors breached two crucial systems of the US CISA

Security Affairs

Threat actors hacked the systems of the Cybersecurity and Infrastructure Security Agency (CISA) by exploiting Ivanti flaws. The US Cybersecurity and Infrastructure Security Agency (CISA) agency was hacked in February, the Recorded Future News first reported. In response to the security breach, the agency had to shut down two crucial systems, as reported by a CISA spokesperson and US officials with knowledge of the incident, according to CNN.

article thumbnail

Here Come the AI Worms

WIRED Threat Level

Security researchers created an AI worm in a test environment that can automatically spread between generative AI agents—potentially stealing data and sending spam emails along the way.

Security 135
article thumbnail

Welcoming the German Government to Have I Been Pwned

Troy Hunt

Back in 2018, we started making Have I Been Pwned domain searches freely available to national government cybersecurity agencies responsible for protecting their nations' online infrastructure. Today, we're very happy to welcome Germany as the 35th country to use this service, courtesy of their CERTBund department. This access now provides them with complete access to the exposure of their government domains in data breaches.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Banning Ransom Payments: Calls Grow to 'Figure Out' Approach

Data Breach Today

As Ransomware Disruption Mounts, More Experts Seek Path to Banning Payments As ransomware groups are causing massive damage and disruption and showing no signs of stopping, cybersecurity policy expert Ciaran Martin said it's time for governments to start asking tough questions and "figure out how to make a ransomware payments ban work.

article thumbnail

How the European Union’s Digital Markets Act impacts your iOS estate

Jamf

Launching alongside iOS 17.4, Apple will be making changes to adhere to the European Union’s Digital Markets Act, which could have massive implications for your organization’s end users and the security of their devices.

Marketing 111
article thumbnail

Jailbreaking LLMs with ASCII Art

Schneier on Security

Researchers have demonstrated that putting words in ASCII art can cause LLMs—GPT-3.5, GPT-4 , Gemini, Claude, and Llama2—to ignore their safety instructions. Research paper.

Paper 106
article thumbnail

Massive cyberattacks hit French government agencies

Security Affairs

A series of “intense” cyberattacks hit multiple French government agencies, revealed the prime minister’s office. “Several “intense” cyberattacks targeted multiple French government agencies since Sunday night, as disclosed by the prime minister’s office.” The French minister’s office did not provide details about the attacks, however, the French agencies were likely hit with distributed denial-of-service (DDoS) attacks.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment

WIRED Threat Level

The transaction, visible on Bitcoin's blockchain, suggests the victim of one of the worst ransomware attacks in years may have paid a very large ransom.

article thumbnail

Do more with trusted data: Join us at Data Citizens ’24

Collibra

AI is everywhere. It is in our homes, our businesses, and our schools — and it’s here to stay. While AI offers great opportunities, it can also present enormous risks. That is why we believe trusted data is more important now than ever before. With the increased focus on AI, organizations need to prepare for the future with strong AI governance to mitigate risks and increase ROI.

article thumbnail

Experts Say Chinese Safes Pose Risks to US National Security

Data Breach Today

Senator Urges Government to Tell Public About Little-Known Manufacturer Reset Codes Experts told ISMG that Chinese-made locks and commercial safes could pose national security risks when used by major U.S. businesses, institutions and the public - after a senator urged the government to update its publicly available information about the threat associated with Chinese-made safes.

Risk 297
article thumbnail

Safeguarding against the rise of mobile malware: Actions to take following recent incidents

Jamf

Learn how the evolving threat landscape finds threat actors increasingly targeting mobile devices to exploit sensitive resources and what steps organizations can take to minimize risks while strengthening their overall security posture.

Risk 105
article thumbnail

The Big Payoff of Application Analytics

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

article thumbnail

Surveillance through Push Notifications

Schneier on Security

The Washington Post is reporting on the FBI’s increasing use of push notification data—”push tokens”—to identify people. The police can request this data from companies like Apple and Google without a warrant. The investigative technique goes back years. Court orders that were issued in 2019 to Apple and Google demanded that the companies hand over information on accounts identified by push tokens linked to alleged supporters of the Islamic State terrorist group.

article thumbnail

Researchers found multiple flaws in ChatGPT plugins

Security Affairs

Researchers analyzed ChatGPT plugins and discovered several types of vulnerabilities that could lead to data exposure and account takeover. Researchers from Salt Security discovered three types of vulnerabilities in ChatGPT plugins that can be could have led to data exposure and account takeovers. ChatGPT plugins are additional tools or extensions that can be integrated with ChatGPT to extend its functionalities or enhance specific aspects of the user experience.

Access 124
article thumbnail

Meta Abandons Hacking Victims, Draining Law Enforcement Resources, Officials Say

WIRED Threat Level

A coalition of 41 state attorneys general says Meta is failing to assist Facebook and Instagram users whose accounts have been hacked—and they want the company to take “immediate action.

Security 118