December, 2023

article thumbnail

Lessons in Threat Detection for Insider Threats

Data Breach Today

The Risk of Insider Threats Is Growing, But So Are Methods to Detect Them Whether because they're malicious, oblivious to company rules or outsmarted by hackers, insiders pose a mounting degree of risk to companies. Hunting for outside hackers offers lessons in preventing insider incidents, said Thomas Etheridge, CrowdStrike chief global professional services officer.

Risk 270
article thumbnail

ICANN Launches Service to Help With WHOIS Lookups

Krebs on Security

More than five years after domain name registrars started redacting personal data from all public domain registration records, the non-profit organization overseeing the domain industry has introduced a centralized online service designed to make it easier for researchers, law enforcement and others to request the information directly from registrars.

Phishing 224
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

CIP Task Force and Beta Testers Contribute to Updated Certified Information Professional Credential

AIIM

AIIM debuted a new version of the Certified Information Professional (CIP) credential. As of November 27, 2023, AIIM is offering a new version of the exam, which reflects the skills needed for today’s information professionals.

233
233
article thumbnail

GUEST ESSAY: Taking proactive steps to heal the planet — by reducing the impact of video streaming

The Last Watchdog

Most folks don’t realize that the Internet contributes more than 3.7 percent of global greenhouse gas emissions. Related: Big data can foster improved healthcare Within that, video represents over 80 percent of the traffic that flows through this global network which is growing rapidly at about 25 percent per year. A similar dynamic is taking place over enterprise networks, especially in the wake of the COVID-19 pandemic.

article thumbnail

LLMOps for Your Data: Best Practices to Ensure Safety, Quality, and Cost

Speaker: Travis Addair, Co-Founder and CTO at Predibase

Large Language Models (LLMs) such as ChatGPT offer unprecedented potential for complex enterprise applications. However, productionzing LLMs comes with a unique set of challenges such as model brittleness, total cost of ownership, data governance and privacy, and the need for consistent, accurate outputs. Putting the right LLMOps process in place today will pay dividends tomorrow, enabling you to leverage the part of AI that constitutes your IP – your data – to build a defensible AI strategy for

article thumbnail

A Decade of Have I Been Pwned

Troy Hunt

A decade ago to the day, I published a tweet launching what would surely become yet another pet project that scratched an itch, was kinda useful to a few people but other than that, would shortly fade away into the same obscurity as all the other ones I'd launched over the previous couple of decades: It's alive! "Have I been pwned?" by @troyhunt is now up and running.

More Trending

article thumbnail

CISA Urges Software Developers to Prioritize Memory Safe Coding

Data Breach Today

CISA, NSA, FBI and Global Partners Urge Manufacturers to Make Memory Safe Road Maps The U.S. Cybersecurity and Infrastructure Security Agency is urging software developers to implement memory safe coding as part of an effort to address critical vulnerabilities in programming languages and further shift security responsibilities away from end users.

article thumbnail

AI and Trust

Schneier on Security

I trusted a lot today. I trusted my phone to wake me on time. I trusted Uber to arrange a taxi for me, and the driver to get me to the airport safely. I trusted thousands of other drivers on the road not to ram my car on the way. At the airport, I trusted ticket agents and maintenance engineers and everyone else who keeps airlines operating. And the pilot of the plane I flew.

article thumbnail

My CIP Story: Using Certification to Advance Myself and Others

AIIM

I am brimming with pride right now. On November 27, 2023, the Association for Intelligent Information Management (AIIM) debuted a new version of the Certified Information Professional (CIP) credential. On November 27, I also found out that I had earned my CIP!

210
210
article thumbnail

News alert: Reflectiz adds AI-powered capabilities to its Smart Alerting web threat management system

The Last Watchdog

Tel Aviv, Israel, Dec. 7, 2023 — Reflectiz, a cybersecurity company specializing in continuous web threat management, proudly introduces a new AI-powered capability enhancing its Smart Alerting system. The new AI-powered insights enhances the Reflectiz Smart Alerting system by integrating AI LLM technology on top of its traditional alerting tool for cross-checking the validity of the alert with Reflectiz’s extensive databases.

article thumbnail

Your Expert Guide to CX Orchestration & Enhancing Customer Journeys

Speaker: Keith Kmett, Principal CX Advisor at Medallia

Join Keith Kmett, Principal CX Advisor, in this new webinar that will focus on: Understanding CX Orchestration Fundamentals: Gain a solid understanding of what CX orchestration is, its significance in the customer experience landscape, and how it plays a crucial role in shaping customer journeys. This includes the key concepts, strategies, and best practices involved in CX orchestration. 🔑 Connection to Customer Journey Maps: How to effectively integrate customer journey mapping into the

article thumbnail

Inside America's School Internet Censorship Machine

WIRED Threat Level

A WIRED investigation into internet censorship in US schools found widespread use of filters to censor health, identity, and other crucial information. Students say it makes the web entirely unusable.

IT 122
article thumbnail

WordPress 6.4.2 fixed a Remote Code Execution (RCE) flaw

Security Affairs

WordPress 6.4.2 addressed a security vulnerability that could be chained with another flaw to achieve remote code execution. WordPress released a security update to address a flaw that can be chained with another issue to gain remote code execution. According to the advisory, the RCE flaw is not directly exploitable in the core, however, threat actors can chain it with some plugins, especially in multisite installations, to execute arbitrary code. “A Remote Code Execution vulnerability tha

Security 113
article thumbnail

ISMG Editors: Call for Cooperation at Black Hat Europe 2023

Data Breach Today

Highlights From the Conference on Improving Public-Private Sector Collaboration In this special edition at Black Hat Europe 2023 in London, three ISMG editors cover the highlights of the conference, including a resounding call for better collaboration between government agencies and the private sector, regulatory trends, and the cautionary tale of ex-Uber CISO Joe Sullivan.

article thumbnail

The Internet Enabled Mass Surveillance. AI Will Enable Mass Spying.

Schneier on Security

Spying and surveillance are different but related things. If I hired a private detective to spy on you, that detective could hide a bug in your home or car, tap your phone, and listen to what you said. At the end, I would get a report of all the conversations you had and the contents of those conversations. If I hired that same private detective to put you under surveillance, I would get a different report: where you went, whom you talked to, what you purchased, what you did.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Leveraging Generative AI in eDiscovery: The Art and Science of Prompt Engineering

Hanzo Learning Center

The use of generative AI in eDiscovery is opening new avenues for efficiency and precision. But, as is often the case with powerful tools, the devil is in the details. A significant part of those details? Prompt engineering. Let's take a look.

115
115
article thumbnail

Get your IT team battle-ready for the next holiday rush 

IBM Big Data Hub

Last year, almost 200 million people shopped on Black Friday. Online alone, they spent more than $9 billion. This holiday season, shoppers are ready to shop again and they’re prepared to spend even more. Are your IT systems ready to handle any spikes and keep everyone jolly? Or are you worried that incidents—finicky apps, slow page loads or even downtime— might ruin the holiday spirit along with your bottom line?

110
110
article thumbnail

The 23andMe Data Breach Keeps Spiraling

WIRED Threat Level

23andMe has provided more information about the scope and scale of its recent breach, but with these details come more unanswered questions.

article thumbnail

Researcher discovered a new lock screen bypass bug for Android 14 and 13

Security Affairs

Researchers discovered a lock screen bypass bug in Android 14 and 13 that could expose sensitive data in users’ Google accounts. The security researcher Jose Rodriguez ( @VBarraquito ) discovered a new lock screen bypass vulnerability for Android 14 and 13. A threat actor with physical access to a device can access photos, contacts, browsing history and more.

Security 112
article thumbnail

Use Cases for Apache Cassandra®

There’s a good reason why Apache Cassandra® is quickly becoming the NoSQL database of choice for organizations of all stripes. In this white paper, discover the key use cases that make Cassandra® such a compelling open source software – and learn the important pitfalls to avoid. From understanding its distributed architecture to unlocking its incredible power for industries like healthcare, finance, retail and more, experience how Cassandra® can transform your entire data operations.

article thumbnail

North Korea's Supercharged State-Backed Cryptocurrency Theft

Data Breach Today

Report Says State Backing Makes Pyongyang's Hackers Like Cybercriminals on Steroids To service the perpetually cash-starved regime of North Korea, hackers will continue their relentless onslaught on cryptocurrency - and all users of it - with state backing to industrialize their hacking and money laundering capabilities, experts warn.

IT 259
article thumbnail

Don't Be Fooled By This Sneaky Disney+ Scam

KnowBe4

A phishing campaign is impersonating Disney+ with phony invoices, according to researchers at Abnormal Security. The phishing emails targeted individuals at 22 organizations in September.

Phishing 113
article thumbnail

Data Breaches and Cyber Attacks in November 2023 – 519,111,354 Records Breached

IT Governance

IT Governance’s research has found the following for November 2023: 470 publicly disclosed security incidents. 519,111,354 records known to be breached. The number of incidents is particularly high this month, partly because we’ve improved our incident-finding processes, but also partly because we’ve seen several big supply chain attacks this month.

article thumbnail

In a Win for Defendants, Illinois Supreme Court Holds That Health Care Exemption Under BIPA Is Not Limited to Patients’ Biometric Information

Data Matters

For the third time in 2023, the Illinois Supreme Court addressed the scope of the Illinois Biometric Information Privacy Act (BIPA) — this time in Mosby v. Ingalls Memorial Hospital. In a unanimous decision, the court held that BIPA’s “health care exemption” is not limited to patients’ biometric information (such as fingerprint scans), but also extends to biometric information collected, used, or stored for health care treatment, payment, or operations — regardless of its source. 1 This deci

Privacy 88
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

The Binance Crackdown Will Be an 'Unprecedented' Bonanza for Crypto Surveillance

WIRED Threat Level

Binance’s settlement requires it to offer years of transaction data to US regulators and cops, exposing the company—and its customers—to a “24/7, 365-days-a-year financial colonoscopy.

IT 107
article thumbnail

New Agent Raccoon malware targets the Middle East, Africa and the US

Security Affairs

Threat actors are using the Agent Raccoon malware in attacks against organizations in the Middle East, Africa and the U.S. Unit42 researchers uncovered a new backdoor named Agent Raccoon, which is being used in attacks against organizations in the Middle East, Africa, and the U.S. The malware was used in attacks against multiple industries, including education, real estate, retail, non-profit organizations, telecom companies, and governments.

Retail 123
article thumbnail

Feds Warn Health Sector to Watch for Open-Source Threats

Data Breach Today

Apps and Devices Powered by Open-Source Code Are Pervasive in Healthcare Open-source software is pervasive in healthcare. It is used in critical systems such as electronic health records and components contained in medical devices. Federal regulators are urging healthcare sector firms to be vigilant in managing risks and threats involving open-source software.

Risk 238
article thumbnail

The Alarming Threat of Ransomware: Insights from the Secureworks State of the Threat Report 2023

KnowBe4

In the ever-evolving landscape of cybersecurity, the battle against ransomware has taken a concerning turn. According to the latest findings from Secureworks annual State of the Threat Report , the deployment of ransomware is now occurring within just one day of initial access in more than half of all engagements.

article thumbnail

The Definitive Entity Resolution Buyer’s Guide

Are you thinking of adding enhanced data matching and relationship detection to your product or service? Do you need to know more about what to look for when assessing your options? The Senzing Entity Resolution Buyer’s Guide gives you step-by-step details about everything you should consider when evaluating entity resolution technologies. You’ll learn about use cases, technology and deployment options, top ten evaluation criteria and more.

article thumbnail

GUEST ESSAY: Adopting an ‘assume-breach mindset’ to defend company networks in 2024

The Last Watchdog

Professionals are constantly seeking ways to fortify their defenses against malicious threats. One approach gaining traction is the “assume-breach mindset.” This proactive approach is designed to better prepare organizations for inevitable security breaches. Related: The case for proactive security An assume-breach mindset is a cybersecurity strategy that flips the traditional security model.

article thumbnail

Data center consolidation: Strategy and best practices

IBM Big Data Hub

The modern pace of data creation is staggering. The average organization produces data constantly—perhaps even continuously—and soon it’s investing in servers to provide ample storage for that information. In time, and probably sooner than expected, the organization accrues more data and outgrows that server, so it invests in multiple servers.

Cloud 99
article thumbnail

Police Can Spy on Your iOS and Android Push Notifications

WIRED Threat Level

Governments can access records related to push notifications from mobile apps by requesting that data from Apple and Google, according to details in court records and a US senator.