2024

article thumbnail

Alert: Info Stealers Target Stored Browser Credentials

Data Breach Today

Calls Grow to Block Browser-Based Password Storage as Malware Comes Calling Saving passwords in browser-based password managers or via "remember my details" website options might make for simple and fast log-ins for employees, but they also give attackers an easy way to lift legitimate credentials, oftentimes via highly automated, information-stealing malware, experts warn.

Passwords 333
article thumbnail

U.S. Internet Leaked Years of Internal, Customer Emails

Krebs on Security

The Minnesota-based Internet provider U.S. Internet Corp. has a business unit called Securence , which specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide. But until it was notified last week, U.S. Internet was publishing more than a decade’s worth of its internal email — and that of thousands of Securence clients — in plain text out on the Internet and just a click away for anyone with a Web browser

Education 330
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

SHARED INTEL: Poll shows companies pursuing ‘Digital Trust’ reap benefits as laggards fall behind

The Last Watchdog

Achieving “ digital trust ” is not going terribly well globally. Related: How decentralized IoT boosts decarbonization Yet, more so than ever, infusing trustworthiness into modern-day digital services has become mission critical for most businesses. Now comes survey findings that could perhaps help to move things in the right direction. According to DigiCert’s 2024 State of Digital Trust Survey results, released today , companies proactively pursuing digital trust are seeing boosts in revenue, i

article thumbnail

Researchers found a zero-click Facebook account takeover

Security Affairs

A critical vulnerability in Facebook could have allowed threat actors to hijack any Facebook account, researcher warns. Meta addressed a critical Facebook vulnerability that could have allowed attackers to take control of any account. The Nepalese researcher Samip Aryal described the flaw as a rate-limiting issue in a specific endpoint of Facebook’s password reset flow.

Passwords 145
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Police Arrest Teen Said to Be Linked to Hundreds of Swatting Attacks

WIRED Threat Level

A California teenager who allegedly used the handle Torswats to carry out a nationwide swatting campaign is being extradited to Florida to face felony charges, WIRED has learned.

Security 144

More Trending

article thumbnail

‘Mother of All Breaches’: 26 BILLION Records Leaked

IT Governance

Expert insight from Leon Teale into the implications of this historic data breach The security researcher Bob Diachenko and investigators from Cybernews have discovered an open instance with more than 26 billion data records, mostly compiled from previous breaches – although it likely also includes new data. Organisations associated with these data records include: Tencent QQ – 1.4 billion records; Weibo – 504 million records; Myspace – 360 million records; X/Twitter – 281 million records; Deeze

Passwords 139
article thumbnail

Microsoft Is Spying on Users of Its AI Tools

Schneier on Security

Microsoft announced that it caught Chinese, Russian, and Iranian hackers using its AI tools—presumably coding tools—to improve their hacking abilities. From their report : In collaboration with OpenAI, we are sharing threat intelligence showing detected state affiliated adversaries—tracked as Forest Blizzard, Emerald Sleet, Crimson Sandstorm, Charcoal Typhoon, and Salmon Typhoon—using LLMs to augment cyberoperations.

IT 132
article thumbnail

New Hampshire Becomes 15th State to Enact a Comprehensive State Privacy Law

Hunton Privacy

On March 6, 2024, Governor Chris Sununu signed into law SB 255 , making New Hampshire the 15th state with a comprehensive privacy law. Applicability SB 255 applies to persons that “conduct business” in New Hampshire (“NH”) or persons that “produce products or services that are targeted to residents of” NH that, in the period of a year: (1) “controlled or processed the personal data of not less than 35,000 unique consumers, excluding personal data controlled or processed solely for the purpose of

Privacy 112
article thumbnail

Generative AI use cases for the enterprise

IBM Big Data Hub

Remember how cool it felt when you first held a smartphone in your hand? The compact design and touch-based interactivity seemed like a leap into the future. Before long, smartphones became a way of life for organizations worldwide because of all they offer for business productivity and communication. Generative AI ( artificial intelligence ) promises a similar leap in productivity and the emergence of new modes of working and creating.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Welcoming the German Government to Have I Been Pwned

Troy Hunt

Back in 2018, we started making Have I Been Pwned domain searches freely available to national government cybersecurity agencies responsible for protecting their nations' online infrastructure. Today, we're very happy to welcome Germany as the 35th country to use this service, courtesy of their CERTBund department. This access now provides them with complete access to the exposure of their government domains in data breaches.

article thumbnail

Russian State Hackers Penetrated Microsoft Code Repositories

Data Breach Today

Russian Foreign Intelligence Service Hack Gets Worse for Computing Giant A Russian state hack against Microsoft was more serious than initially supposed, Microsoft acknowledged in a Friday disclosure to federal regulators. Microsoft said a Moscow threat actor obtained access to "source code repositories and internal systems.

Access 323
article thumbnail

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

On Jan. 9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. technology companies during the summer of 2022.

Passwords 304
article thumbnail

Facebook Phishing Scams Target Concerned Friends and Family

KnowBe4

BleepingComputer describes a phishing scam that’s been running rampant on Facebook for the past several months, in which threat actors use hacked accounts to post links to phony articles implying that someone has been killed in an accident.

Phishing 121
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Linux Malware targets misconfigured misconfigured Apache Hadoop, Confluence, Docker, and Redis servers

Security Affairs

A new Linux malware campaign campaign is targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances. Researchers from Cado Security observed a new Linux malware campaign targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances. The threat actors behind this campaign employed previously undetected payloads, including four Golang binaries that are used to automate the discovery and infection of hosts running the above services.

Honeypots 139
article thumbnail

How the Pentagon Learned to Use Targeted Ads to Find its Targets—and Vladimir Putin

WIRED Threat Level

Meet the guy who taught US intelligence agencies how to make the most of the ad tech ecosystem, "the largest information-gathering enterprise ever conceived by man.

IT 143
article thumbnail

What Should Be on Your AI Wishlist for eDiscovery: Insights from Dave Ruel, VP of Product at Hanzo

Hanzo Learning Center

In the rapidly evolving world of Artificial Intelligence (AI), it's crucial for enterprises to adopt technologies that integrate seamlessly into mission-critical workflows. Understanding the practicalities of this integration, especially in the legal domain, is key. To delve deeper into this topic, I had the opportunity to speak with Dave Ruel, VP of Product at Hanzo.

article thumbnail

Your CVSS Questions Answered

IT Governance

What the Common Vulnerability Scoring System is, how to use it, limitations and alternatives, and key changes in CVSS v4.0 Our senior penetration tester Leon Teale has more than ten years’ experience performing penetration tests for clients in various industries all over the world. In addition, he’s won hackathon events in the UK and internationally, and is accredited for multiple bug bounties.

IoT 118
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Automakers Are Sharing Driver Data with Insurers without Consent

Schneier on Security

Kasmir Hill has the story : Modern cars are internet-enabled, allowing access to services like navigation, roadside assistance and car apps that drivers can connect to their vehicles to locate them or unlock them remotely. In recent years, automakers, including G.M., Honda, Kia and Hyundai, have started offering optional features in their connected-car apps that rate people’s driving.

Insurance 116
article thumbnail

China Plans to Accelerate Cross-Border Data Transfers by Implementing Trial Rules in Shanghai Pilot Free Trade Zone

Hunton Privacy

Recent developments in the Shanghai Pilot Free Trade Zone to facilitate cross-border data transfers are expected to provide greater flexibility in exporting data from China, which has been stymied by the Cyberspace Administration of China (“CAC”)’s strict cross-border data transfer regulations proposed in December 2023. In recent years, the legal framework and practical enforcement for cross-border data transfers in China have undergone significant developments, especially with respect to the CA

article thumbnail

How Meta’s Llama 3 will impact the future of AI

IBM Big Data Hub

In January of 2024, Meta CEO Mark Zuckerberg announced in an Instagram video that Meta AI had recently begun training Llama 3. This latest generation of the LLaMa family of large language models (LLMs) follows the Llama 1 models (originally stylized as “LLaMA”) released in February 2023 and Llama 2 models released in July. Though specific details (like model sizes or multimodal capabilities) have not yet been announced, Zuckerberg indicated Meta’s intent to continue to open sou

article thumbnail

Thanks FedEx, This is Why we Keep Getting Phished

Troy Hunt

I've been getting a lot of those "your parcel couldn't be delivered" phishing attacks lately and if you're a human with a phone, you probably have been too. Just as a brief reminder, they look like this: These get through all the technical controls that exist at my telco and they land smack bang in my SMS inbox. However, I don't fall for the scams because I look for the warning signs: a sense of urgency, fear of missing out, and strange URLs that look nothing like any

Phishing 143
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Microsoft: Russian Hackers Had Access to Executives' Emails

Data Breach Today

Computing Giant Says Hackers Did Not Access Customer Data or Production Systems Russian state hackers obtained access to the inboxes of senior Microsoft executives for at least six weeks, the computing giant disclosed late Friday afternoon. "There is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems.

Access 342
article thumbnail

BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare

Krebs on Security

There are indications that U.S. healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. “ ALPHV “) as the company struggles to bring services back online amid a cyberattack that has disrupted prescription drug services nationwide for weeks. However, the cybercriminal who claims to have given BlackCat access to Change’s network says the crime gang cheated them out of their share of the ransom, and that they st

article thumbnail

Insurers Drop Bid to Exclude Merck's $1.4B NotPetya Claims

Data Breach Today

A Settlement Has Been Reached. So, How Might This Affect Similar Cases? A proposed settlement has been reached between Merck & Co. and several insurers that were appealing a 2023 court decision saying the insurance companies could not invoke "hostile warlike action" exclusions in refusing to pay drugmakers' claims filed after the 2017 NotPetya cyberattack.

Insurance 344
article thumbnail

Banning Ransom Payments: Calls Grow to 'Figure Out' Approach

Data Breach Today

As Ransomware Disruption Mounts, More Experts Seek Path to Banning Payments As ransomware groups are causing massive damage and disruption and showing no signs of stopping, cybersecurity policy expert Ciaran Martin said it's time for governments to start asking tough questions and "figure out how to make a ransomware payments ban work.

article thumbnail

The Big Payoff of Application Analytics

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

article thumbnail

Microsoft Says Test Account Gave Hackers Keys to the Kingdom

Data Breach Today

Postmortem: Multiple Customers Also Targeted by Russian Nation-State Attackers A nation-state hacking group run by Russian intelligence gained access to a Microsoft "legacy, non-production test tenant account" and used it to authorize malicious Office 365 OAuth applications, access Outlook, and steal Microsoft and customers' emails and attachments, Microsoft said.

Access 338
article thumbnail

Fraudsters Deepfake Entire Meeting, Swindle $25.5M

Data Breach Today

Hong Kong Company Scammed After Criminals Used Deepfake Technology to Imitate CFO Fraudsters used deepfake technology to trick an employee at a Hong Kong-based multinational company to transfer $25.57 million to their bank accounts. Hong Kong Police said Sunday that the fraudsters had created deepfake likenesses of top company executives in a video conference to fool the worker.

333
333
article thumbnail

FBI Is Focused on Election Integrity, Misinformation Threats

Data Breach Today

Agent Robert K. Tripp on FBI's Approach to Deepfakes, Nation-State Election Threats The U.S. presidential election is still eight months away, but the FBI is already seeing its share of cyberattacks, nation-state threats and AI-generated deepfakes. According to FBI Agent Robert K. Tripp, "We're no longer considering threats as a what-if situation; it's happening now.

IT 320