Sat.Jun 08, 2024 - Fri.Jun 14, 2024

article thumbnail

Microsoft Now Promises Extra Security for AI-Driven Recall

Data Breach Today

Concerns Remain Over Screenshot-Capture Feature and Microsoft's Security Practices How in the world has Microsoft's leadership managed to get the debut of its forthcoming Recall feature for Windows so wrong on the security and privacy fronts? In the face of serious concerns, Redmond has belatedly promised multiple enhancements, but serious questions remain unanswered.

Security 290
article thumbnail

RSAC Fireside Chat: Jscrambler levels-up JavaScript security, slows GenAI-fueled privacy loss

The Last Watchdog

Could we be on the verge of Privacy Destruction 2.0, thanks to GenAI? Related: Next-level browser security That’s a question that spilled out of a thought-provoking conversation I had with Pedro Fortuna , co-founder and CTO of Jscrambler , at RSAC 2024. Jscrambler provides granular visibility and monitoring of JavaScript coding thus enabling companies to set and enforce security rules and privacy policies.

Privacy 240
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Patch Tuesday, June 2024 “Recall” Edition

Krebs on Security

Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows users. The software giant also responded to a torrent of negative feedback on a new feature of Redmond’s flagship operating system that constantly takes screenshots of whatever users are doing on their computers, saying the feature would no longer be enabled by default.

Mining 193
article thumbnail

PHP addressed critical RCE flaw potentially impacting millions of servers

Security Affairs

A new PHP for Windows remote code execution (RCE) flaw affects version 5.x and earlier versions, potentially impacting millions of servers worldwide. Researchers at cybersecurity firm DEVCORE discovered a critical remote code execution (RCE) vulnerability , tracked as CVE-2024-4577, in the PHP programming language. An unauthenticated attacker can exploit the flaw to take full control of affected servers.

Honeypots 118
article thumbnail

10 Rules for Managing Apache Cassandra

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

article thumbnail

London Hospitals Seek Biologics Backup After Ransomware Hit

Data Breach Today

Urgent Appeal Issued for O Type Blood; Attack Disrupts Patient Blood Type Matching The ransomware attack on a U.K. pathology services vendor has disrupted multiple London hospitals' ability to match patients' blood with available stocks. Lacking an IT system-level plan B, officials are resorting to a biologics backup by urging O type blood donors to come forward.

More Trending

article thumbnail

LLMs Acting Deceptively

Schneier on Security

New research: “ Deception abilities emerged in large language models “: Abstract: Large language models (LLMs) are currently at the forefront of intertwining AI systems with human communication and everyday life. Thus, aligning them with human values is of great importance. However, given the steady increase in reasoning abilities, future LLMs are under suspicion of becoming able to deceive human operators and utilizing this ability to bypass monitoring efforts.

article thumbnail

Arm zero-day in Mali GPU Drivers actively exploited in the wild

Security Affairs

Semiconductor and software design company Arm warns of an actively exploited zero-day vulnerability in Mali GPU Kernel Driver. Arm is warning of an actively exploited zero-day vulnerability, tracked as CVE-2024-4610, in Mali GPU Kernel Driver. The vulnerability is a use-after-free issue issue that impacts Bifrost GPU Kernel Driver (all versions from r34p0 to r40p0) and Valhall GPU Kernel Driver (all versions from r34p0 to r40p0). “A local non-privileged user can make improper GPU memory pr

Access 91
article thumbnail

Critical PHP Vulnerability Threatens Windows Servers

Data Breach Today

Remote Code Execution Exploit Found; Patch Now Available A critical remote code execution vulnerability in PHP for Windows, affecting all releases since version 5.x, requires immediate action from server administrators. The flaw enables attackers to execute arbitrary code on remote PHP servers through an argument injection attack.

280
280
article thumbnail

RSAC Fireside Chat: Ontinue ups the ‘MXDR’ ante — by emphasizing wider automation, collaboration

The Last Watchdog

Companies that need to protect assets spread across hybrid cloud infrastructure face a huge challenge trying to mix and match disparate security tools. Related: Cyber help for hire Why not seek help from a specialist? At RSAC 2024 , I visited with Geoff Haydon , CEO, and Alex Berger , Head of Product Marketing, at Ontinue , a new player in the nascent Managed Extended Detection and Response ( MXDR ) space.

Marketing 130
article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

article thumbnail

Exploiting Mistyped URLs

Schneier on Security

Interesting research: “ Hyperlink Hijacking: Exploiting Erroneous URL Links to Phantom Domains “: Abstract: Web users often follow hyperlinks hastily, expecting them to be correctly programmed. However, it is possible those links contain typos or other mistakes. By discovering active but erroneous hyperlinks, a malicious actor can spoof a website or service, impersonating the expected content and phishing private information.

article thumbnail

Security Affairs newsletter Round 475 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. New York Times source code compromised via exposed GitHub token SolarWinds fixed multiple flaws in Serv-U and SolarWinds Platform Pandabuy was extorted twice by the same threat actor UAC-0020 threat actor used the SPECTR Malware to target Ukraine&

article thumbnail

Hackers Claim They Breached Telecom Firm in Singapore

Data Breach Today

Threat Actor GhostR Says It Stole 34 GB of Data A financially motivated hacker claims to have stolen over 34 gigabytes of data belonging to Singapore-based Telecom company Absolute Telecom. The hacker dubbed GhostR claims to have access to the company's data including corporate accounting, credit cards and customer information.

Access 258
article thumbnail

RSAC Fireside Chat: VISO TRUST replaces questionaires with AI analysis to advance ‘TPRM’

The Last Watchdog

Taking stock of exposures arising from the data-handling practices of third-party suppliers was never simple. Related: Europe requires corporate sustainability In a hyper-connected, widely-distributed operating environment the challenge has become daunting. At RSAC 2024 , I visited with Paul Valente , co-founder and CEO of VISO TRUST. We had a wide-ranging discussion about the limitations of traditional third-party risk management ( TPRM ), which uses extensive questionnaires—and the honor syste

130
130
article thumbnail

Navigating the Future: Generative AI, Application Analytics, and Data

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

article thumbnail

Bruce Schneier: "AI Will Increase the Quantity—and Quality—of Phishing Scams"

KnowBe4

Wow. It does not happen often that the godfather of infosec comes out this strong about phishing risks. He co-published new research in the Harvard Business Review May 30, 2024, which in turn links back to the actual study that was published at the IEEE. This is the best budget ammo I have seen in the last few years.

article thumbnail

UK NHS call for O-type blood donations following ransomware attack on London hospitals

Security Affairs

The UK NHS issued an urgent call for O-type blood donations following the recent ransomware attack that hit several London hospitals. The UK National Health Service (NHS) issued an urgent call for O-type blood donations due to the recent ransomware attack on Synnovis that disrupted operations at several healthcare organizations in London. In early June, a ransomware attack on pathology and diagnostic services provider Synnovis severely impacted the operations at several major NHS hospitals in Lo

article thumbnail

UK Sides With APP Fraud Victims - Despite Industry Pressure

Data Breach Today

Payments Regulator Says Banks Should Prioritize Customer Protection Over Losses The U.K. Payments Systems Regulator has denied The Payment Association's request to delay the contentious APP fraud reimbursement plan by a year. The association, the largest community in payments, had warned that failing to delay the plan would permanently damage the payments industry.

217
217
article thumbnail

Apple WWDC24: Keynote recap

Jamf

Get an overview of the latest announcements from Apple at World Wide Developers Conference (WWDC) 2024. Built with privacy in mind, new features include personalization options, productivity and collaboration enhancements, and Apple Intelligence.

Privacy 89
article thumbnail

Get Better Network Graphs & Save Analysts Time

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

article thumbnail

Ransomware Is ‘More Brutal’ Than Ever in 2024

WIRED Threat Level

As the fight against ransomware slogs on, security experts warn of a potential escalation to “real-world violence.” But recent police crackdowns are successfully disrupting the cybercriminal ecosystem.

article thumbnail

New York Times source code compromised via exposed GitHub token

Security Affairs

The source code and data of The New York Times leaked on the 4chan was stolen from the company’s GitHub repositories in January 2024. This week, VX-Underground first noticed that the internal data of The New York Times was leaked on 4chan by an anonymous user. The mysterious user leaked 270GB of data and claimed that the American newspaper has over 5,000 source code repositories, with less than 30 being encrypted.

article thumbnail

AI Will Soon Exhaust the Internet. What's Next?

Data Breach Today

Researchers Expect an AI Training Data Drought in the Next 2 to 8 Years Artificial intelligence models consume training data faster than humans can produce it, and large language model researchers warn that the stocks of public text data are set to be exhausted as early as two years from now. They also say that bottlenecks aren't inevitable.

article thumbnail

[New Feature] Find Out if They've Got a Bad Reputation in Record Time with PhishER Plus Threat Intel

KnowBe4

The PhishER Plus platform just got smarter with the addition of the new PhishER Plus Threat Intel feature that integrates web reputation data into the PhishER Plus console.

article thumbnail

10 Rules for Managing Apache Kafka

Without proper guidance, it’s easy to miss out on Kafka’s full capabilities. While not the easiest technology to optimize, Kafka rewards those willing to explore its depths. Under the hood, it is an elegant system for stream processing, event sourcing, and data integration. Download this white paper to learn the 10 critical rules that will help you optimize your Kafka system and unlock its full potential.

article thumbnail

KuppingerCole Names Thales as Industry Leader in Passwordless Authentication

Thales Cloud Protection & Licensing

KuppingerCole Names Thales as Industry Leader in Passwordless Authentication madhav Tue, 06/11/2024 - 05:36 The KuppingerCole Leadership Compass for Consumers has recognized Thales as an Overall, Innovation, Product, and Market Leader in the Passwordless Authentication. The report praises the platform for offering a versatile set of identity applications encompassing a wide range of authentication methods to meet organizations’ needs.

article thumbnail

Japanese video-sharing platform Niconico was victim of a cyber attack

Security Affairs

The Japanese video-sharing platform, Niconico, was forced to suspend its services following a cybersecurity incident. The Japanese video-sharing platform, Niconico, temporarily suspended its services following a large-scale cyberattack on June 8, 2024. “Due to the effects of a large-scale cyber attack, Niconico has been unavailable since early morning on June 8th” reads the incident notice published by the company. “We sincerely apologize for the inconvenience. ” In respo

article thumbnail

Fortinet Acquires Unicorn Lacework to Enhance Cloud Security

Data Breach Today

Deal Integrates Lacework's CNAPP into Fortinet's Security Fabric and SASE Platform Fortinet plans to purchase trouble late-stage startup Lacework to integrate its AI-driven cloud native application protection platform into the Fortinet Security Fabric. The deal enhances Fortinet's Unified Secure Access Service Edge platform, providing protection from code to cloud.

Cloud 214
article thumbnail

Beware: Major AI Chatbots Now Intentionally Spreading Election Disinformation

KnowBe4

Just when you thought the disinformation landscape couldn't get any worse, an alarming new report from Democracy Reporting International reveals that popular AI chatbots have started intentionally spreading false information related to elections and the voting process.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Genetic testing company 23andMe investigated over hack that hit 7m users

The Guardian Data Protection

Data watchdogs in UK and Canada to look at whether there were enough safeguards on personal information Business live – latest updates The California genetic testing company 23andMe faces investigations by the data watchdogs of the UK and Canada over a security breach affecting nearly 7 million people last October. Hackers who broke into the site gained access to personal information by using customers’ old passwords.

article thumbnail

Frontier Communications data breach impacted over 750,000 individuals

Security Affairs

Frontier Communications is notifying over 750,000 individuals that their personal information was stolen in a recent cyber attack. Last week, the RansomHub ransomware group claimed to have stolen the information of over 2 million customers from the American telecommunications company Frontier Communications. The RansomHub group claimed to have stolen 5GB of data from the telecommunications giant.

article thumbnail

Privacy Regulators Probe Impact of 23andMe's Mega-Breach

Data Breach Today

6.9 Million Individuals' Genetic Details Stolen via 2023 Credential-Stuffing Attack Privacy regulators in the U.K. and Canada have launched a joint investigation into 23andMe following the direct-to-consumer genetic testing service suffering a massive data breach in October 2023 that led to the theft of 6.9 million individuals' ancestry details.

Privacy 169