The Last Watchdog

DECEMBER 13, 2023

Notable progress was made in 2023 in the quest to elevate Digital Trust. Related: Why IoT standards matter Digital Trust refers to the level of confidence both businesses and consumers hold in digital products and services – not just that they are suitably reliable, but also that they are as private and secure as they need to be. We’re not yet at a level of Digital Trust needed to bring the next generation of connected IT into full fruition – and the target keeps moving.

Encryption 311

Encryption IoT Authentication Security 311

Data Breach Today

DECEMBER 20, 2023

Attackers Apparently Stole Authenticated Sessions to Hit Telecommunications Giant Comcast says attackers stole personal information pertaining to 35.9 million customers of its Xfinity-branded TV, internet and home telephone services in an October attack that targeted a vulnerability - dubbed Citrix Bleed - present in NetScaler and Citrix networking equipment.

Authentication 308

Authentication IT 308

Security Affairs

DECEMBER 28, 2023

Leaksmas: On Christmas Eve, multiple threat actors released substantial data leaks, Resecurity experts reported. On Christmas Eve, Resecurity protecting Fortune 100 and government agencies globally, observed multiple actors on the Dark Web releasing substantial data leaks. Over 50 million records containing PII of consumers from around the world have been leaked.

Data breaches 141

Data breaches Personal data Government IT 141

eSecurity Planet

DECEMBER 19, 2023

As 2023 draws to an end and cybersecurity budgeting is nearly complete, it helps to consider the year’s events and try to predict next year’s trends. After receiving input from industry experts and doing my own analysis of the year’s driving forces, I identified five major cybersecurity trends. We each need to consider how these trends may affect our organizations and allocate our budgets and resources accordingly: AI will turbo-charge cybersecurity and cyberthreats: Artificial intelligence (AI

Cybersecurity 140

Cybersecurity Cloud Ransomware Risk 140

Advertisement

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

Analytics

Schneier on Security

DECEMBER 5, 2023

Spying and surveillance are different but related things. If I hired a private detective to spy on you, that detective could hide a bug in your home or car, tap your phone, and listen to what you said. At the end, I would get a report of all the conversations you had and the contents of those conversations. If I hired that same private detective to put you under surveillance, I would get a different report: where you went, whom you talked to, what you purchased, what you did.

Marketing 134

Marketing Government Data Privacy Privacy 134

The Last Watchdog

DECEMBER 27, 2023

Russia’s asymmetrical cyber-attacks have been a well-documented, rising global concern for most of the 2000s. Related: Cybersecurity takeaways of 2023 I recently visited with Mihoko Matsubara , Chief Cybersecurity Strategist at NTT to discuss why this worry has climbed steadily over the past few years – and is likely to intensify in 2024. The wider context is all too easy to overlook.

Cybersecurity 312

Cybersecurity Military Government Data Privacy 312

Data Breach Today

DECEMBER 12, 2023

Parliamentary Committee Says UK Must Be More Aggressive A U.K. parliamentary committee investigating ransomware threats recommended a more aggressive stance against threat actors and said the government should consider making incident reporting mandatory and provide government support for public sector victims "to the point of full recovery.

Ransomware 313

Ransomware IT Government 313

Security Affairs

DECEMBER 8, 2023

Researchers devised a novel attack vector for process injection, dubbed Pool Party, that evades EDR solutions. Researchers from cybersecurity firm SafeBreach devised a set of process injection techniques, dubbed Pool Party, that allows bypassing EDR solutions. They presented the technique at Black Hat Europe 2023. The experts relied on the less-explored Windows thread pools to discover a novel attack vector for process injection.

Cybersecurity 136

Cybersecurity IT Security Information Security 136

KnowBe4

DECEMBER 6, 2023

A phishing campaign is impersonating Disney+ with phony invoices, according to researchers at Abnormal Security. The phishing emails targeted individuals at 22 organizations in September.

Phishing 125

Phishing Security 125

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

John Battelle's Searchblog

DECEMBER 27, 2023

Let’s talk 2024. 2023 was a down year on the predictions front , but at least I’ve learned to sidestep distractions like Trump, crypto, and Musk. If I can avoid talking about the joys of the upcoming election and/or the politics of Silicon Valley billionaires, I’m optimistic I’ll return to form. As always, I am going to write this post with no prep and in one stream-of-conscious sitting.

Marketing 121

Marketing Energy and Utilities Big data B2B 121

WIRED Threat Level

DECEMBER 7, 2023

Mark Zuckerberg personally promised that the privacy feature would launch by default on Messenger and Instagram chat. WIRED goes behind the scenes of the company’s colossal effort to get it right.

Encryption 123

Encryption IT Privacy Security 123

The Last Watchdog

DECEMBER 17, 2023

The Internet of Things ( IoT ) is on the threshold of ascending to become the Internet of Everything ( IoE.) Related: Why tech standards matter IoT is transitioning from an array of devices that we can control across the Internet into a realm where billions of IoE devices can communicate with each other and make unilateral decisions on our behalf. This, of course, is the plot of endless dystopian books and movies that end with rogue machines in charge.

IoT 264

IoT Cloud Authentication Manufacturing 264

Data Breach Today

DECEMBER 18, 2023

Cyber Group Dubbed Predatory Sparrow Takes Responsibility for Widespread Attack A group known as Predatory Sparrow claimed responsibility for a Monday cyberattack that shut down a majority of gas stations across Iran as officials blamed the attack on foreign powers. The group has previously taken credit for a number of attacks targeting Iran's fuel supply and rail system.

312

312

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Security Affairs

DECEMBER 10, 2023

WordPress 6.4.2 addressed a security vulnerability that could be chained with another flaw to achieve remote code execution. WordPress released a security update to address a flaw that can be chained with another issue to gain remote code execution. According to the advisory, the RCE flaw is not directly exploitable in the core, however, threat actors can chain it with some plugins, especially in multisite installations, to execute arbitrary code. “A Remote Code Execution vulnerability tha

Cybersecurity 132

Cybersecurity Security IT Information Security 132

KnowBe4

DECEMBER 28, 2023

With so much of an attack riding on a cybercriminals ability to gain access to systems, applications and data, experts predict the trend of rising impersonation is only going to get worse.

Data breaches 119

Data breaches Access Phishing 119

Hunton Privacy

DECEMBER 18, 2023

As we previously reported , the U.S. Securities and Exchange Commission’s (“SEC”) new Form 8-K rules for reporting material cybersecurity incidents take effect today, December 18, for filers other than smaller reporting companies. The new rules require reporting to the SEC within four business days from the determination of materiality. Incident response will potentially become more complicated as the incremental burdens of timely compliance with the new Form 8-K requirements add additional comp

Cybersecurity 121

Cybersecurity Risk Compliance Security 121

WIRED Threat Level

DECEMBER 18, 2023

On Telegram, scammers are impersonating doctors to sell fake Covid-19 vaccination certificates and other products, showing how criminals are taking advantage of conspiracy theories.

Security 122

Security 122

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Hanzo Learning Center

DECEMBER 19, 2023

In 2023, the legal landscape has been significantly shaped by two key trends: the rapid evolution of Artificial Intelligence (AI) and the advancements in ediscovery. These developments have not only transformed legal processes but also presented new challenges and opportunities for legal professionals. As we delve into this first part of our series, we examine the top blogs that have been at the forefront of these trends.

Artificial Intelligence 119

Artificial Intelligence 119

Data Breach Today

DECEMBER 8, 2023

European Union Will Enact Comprehensive Regulations on AI EU officials announced a compromise over a regulation on artificial intelligence in the works since 2021, making the trading bloc first in the world to comprehensively regulate the nascent technology. Europe understands "the importance of its role as global standard setter,” said Thierry Breton.

Artificial Intelligence 303

Artificial Intelligence IT 303

Security Affairs

DECEMBER 9, 2023

Threat actors launched a cyberattack on an Irish water utility causing the interruption of the power supply for two days. Threat actors hacked a small water utility in Ireland and interrupted the water supply for two days. The victim of the attack is a private group water utility in the Erris area, the incident impacted 180 homeowners. According to the Irish media , the residents of the Binghamstown/Drum were without their water supply on Thursday and Friday.

IT 131

IT Security Information Security 131

IBM Big Data Hub

DECEMBER 8, 2023

Last year, almost 200 million people shopped on Black Friday. Online alone, they spent more than $9 billion. This holiday season, shoppers are ready to shop again and they’re prepared to spend even more. Are your IT systems ready to handle any spikes and keep everyone jolly? Or are you worried that incidents—finicky apps, slow page loads or even downtime— might ruin the holiday spirit along with your bottom line?

IT 120

IT Customer Experience Artificial Intelligence Cloud 120

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

eSecurity Planet

DECEMBER 10, 2023

Firewalls monitor and control incoming and outgoing traffic while also preventing unauthorized access. The consistent implementation of firewall best practices establish a strong defense against cyber attacks to secure sensitive data, protect the integrity and continuity of business activities, and ensure network security measures function optimally.

Security 119

Security Education Access Risk 119

WIRED Threat Level

DECEMBER 14, 2023

Kytch, the company that tried to fix McDonald’s broken ice cream machines, has unearthed a 3-year-old email it says proves claims of an alleged plot to undermine their business.

IT 119

IT Security 119

Hunton Privacy

DECEMBER 14, 2023

On December 12, 2023, the Centre for Information Policy Leadership at Hunton Andrews Kurth LLP (“CIPL”) released a white paper on Privacy-Enhancing and Privacy-Preserving Technologies: Understanding the Role of PETs and PPTs in the Digital Age. The paper explores how organizations are approaching privacy-enhancing technologies (“PETs”) and how PETs can advance data protection principles, and provides examples of how specific types of PETs work.

Paper 118

Paper Privacy Data Privacy Education 118

Data Breach Today

DECEMBER 19, 2023

Ransomware Group Declares Nothing Off Limits Outside of CIS Countries The BlackCat ransomware as service operation's putative "unseizing" of its leak site from the FBI is a stunt made possible by way the dark web handles address resolution, security researchers said Monday. The stung was a "tactical error" that could alienate affiliates.

Ransomware 301

Ransomware Security IT 301

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

Customer Experience

Security Affairs

DECEMBER 25, 2023

The threat actor UAC-0099 is exploiting a flaw in the WinRAR to deliver LONEPAGE malware in attacks against Ukraine. A threat actor, tracked as UAC-0099, continues to target Ukraine. In some attacks, the APT group exploited a high-severity WinRAR flaw CVE-2023-38831 to deliver the LONEPAGE malware. UAC-0099 threat actor has targeted Ukraine since mid-2022, it was spotted targeting Ukrainian employees working for companies outside of Ukraine.

Archiving 129

Archiving Phishing Security IT 129

KnowBe4

DECEMBER 12, 2023

First ever insight into those annoying spam calls provides enlightening detail into how many calls are there, where are they coming from, and how much time is wasted dealing with them.

Security awareness 118

Security awareness Security 118

Schneier on Security

DECEMBER 7, 2023

When you get a push notification on your Apple or Google phone, those notifications go through Apple and Google servers. Which means that those companies can spy on them—either for their own reasons or in response to government demands. Sen. Wyden is trying to get to the bottom of this : In a statement, Apple said that Wyden’s letter gave them the opening they needed to share more details with the public about how governments monitored push notifications. “In this case, the fed

Metadata 118

Metadata Government IT Privacy 118