The Last Watchdog

DECEMBER 13, 2023

Notable progress was made in 2023 in the quest to elevate Digital Trust. Related: Why IoT standards matter Digital Trust refers to the level of confidence both businesses and consumers hold in digital products and services – not just that they are suitably reliable, but also that they are as private and secure as they need to be. We’re not yet at a level of Digital Trust needed to bring the next generation of connected IT into full fruition – and the target keeps moving.

Encryption 311

Encryption IoT Authentication Security 311

Data Breach Today

DECEMBER 11, 2023

Prolific Ransomware Operation Tied to Big Hits Claims 'Everything Will Work Soon' Cybercrime underground chatter suggests ransomware group BlackCat - aka Alphv - is being disrupted by law enforcement. Experts warn that disruptions too often remain short-lived, as operators reboot under different names and affiliates go independent or work with a bevy of rival services.

Ransomware 318

Ransomware 318

Krebs on Security

DECEMBER 12, 2023

The final Patch Tuesday of 2023 is upon us, with Microsoft Corp. today releasing fixes for a relatively small number of security holes in its Windows operating systems and other software. Even more unusual, there are no known “zero-day” threats targeting any of the vulnerabilities in December’s patch batch. Still, four of the updates pushed out today address “critical” vulnerabilities that Microsoft says can be exploited by malware or malcontents to seize complete c

IT 216

IT Security 216

Security Affairs

DECEMBER 10, 2023

WordPress 6.4.2 addressed a security vulnerability that could be chained with another flaw to achieve remote code execution. WordPress released a security update to address a flaw that can be chained with another issue to gain remote code execution. According to the advisory, the RCE flaw is not directly exploitable in the core, however, threat actors can chain it with some plugins, especially in multisite installations, to execute arbitrary code. “A Remote Code Execution vulnerability tha

Cybersecurity 135

Cybersecurity Security IT Information Security 135

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, CTO of Betterworks, will explore a practical framework to transform Generative AI prototypes into

Artificial Intelligence

The Last Watchdog

DECEMBER 14, 2023

Here’s the final installment of leading technologists sharing their observations about cybersecurity developments in the year that’s coming to a close — and the year to come. Last Watchdog posed two questions: •What should be my biggest takeaway from 2023, with respect to mitigating cyber risks at my organization? •What should I be most concerned about – and focus on – in 2024?

Cybersecurity 234

Cybersecurity Encryption Marketing Risk 234

Data Matters

DECEMBER 13, 2023

On 8 December 2023 — following three days of lengthy and intensive negotiations — EU legislators reached political agreement on the world’s first stand-alone law regulating AI: the EU’s AI Act. The EU considers the AI Act as one of its key pieces of legislation and fundamental to ensuring the EU becomes the world’s leading digital economy. The EU aims for the AI Act to have the same ‘Brussels effect’ as the GDPR — in other words, to have a significant impact on global markets and practices.

GDPR 166

GDPR Marketing Privacy IT 166

Security Affairs

DECEMBER 10, 2023

Researchers discovered a lock screen bypass bug in Android 14 and 13 that could expose sensitive data in users’ Google accounts. The security researcher Jose Rodriguez ( @VBarraquito ) discovered a new lock screen bypass vulnerability for Android 14 and 13. A threat actor with physical access to a device can access photos, contacts, browsing history and more.

Access 130

Access IT Security Information Security 130

The Last Watchdog

DECEMBER 10, 2023

Professionals are constantly seeking ways to fortify their defenses against malicious threats. One approach gaining traction is the “assume-breach mindset.” This proactive approach is designed to better prepare organizations for inevitable security breaches. Related: The case for proactive security An assume-breach mindset is a cybersecurity strategy that flips the traditional security model.

Cybersecurity 203

Cybersecurity Marketing Security Risk 203

Data Breach Today

DECEMBER 11, 2023

Alphv/BlackCat Claimed Responsibility for May Attack A Kentucky-based hospital chain is notifying millions of individuals that their information was potentially exfiltrated in a May attack. Russian-speaking ransomware-as-a-service group Alphv/BlackCat - which is currently reportedly undergoing its own disruptions - took credit for the data theft.

Ransomware 313

Ransomware IT 313

Advertisement

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

Analytics

Schneier on Security

DECEMBER 12, 2023

Interesting attack based on malicious pre-OS logo images : LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux… The vulnerabilities are the subject of a coordinated mass disclosure released Wednesday.

Manufacturing 122

Manufacturing Libraries Security IT 122

Security Affairs

DECEMBER 15, 2023

Security flaws in Netgate pfSense firewall solution can potentially lead to arbitrary code execution on vulnerable devices. pfSense is a popular open-source firewall solution maintained by Netgate, researchers discovered multiple security issues affecting it. Researchers from SonarCloud discovered several security issues, Cross-Site Scripting (XSS) vulnerabilities and a Command Injection vulnerability in pfSense CE ( CVE-2023-42325 , CVE-2023-42327 , CVE-2023-42326 ).

Phishing 123

Phishing Authentication Access Security 123

The Last Watchdog

DECEMBER 12, 2023

Stockhom, Sweden & Boston, Mass., Dec. 12, 2023 – Detectify , the External Attack Surface Management platform powered by elite ethical hackers, has today released its “ State of EASM 2023 ” report. The research incorporates insights from Detectify’s customer base and provides a snapshot of the threat landscape faced by core industries and regions that Detectify serves.

Financial Services 100

Financial Services Risk Communications Marketing 100

Data Breach Today

DECEMBER 13, 2023

'Oxygen of Publicity' Helps Intimidate Victims and Recruit Affiliates, Experts Warn Seeking to maximize profits no matter the cost, ransomware groups have been bolstering their technical prowess and psychological shakedowns with a fresh strategy: attempting to control the narrative. Experts are warning security researchers and journalists to beware being co-opted.

Ransomware 308

Ransomware Marketing Security 308

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

Hunton Privacy

DECEMBER 14, 2023

On December 12, 2023, the Centre for Information Policy Leadership at Hunton Andrews Kurth LLP (“CIPL”) released a white paper on Privacy-Enhancing and Privacy-Preserving Technologies: Understanding the Role of PETs and PPTs in the Digital Age. The paper explores how organizations are approaching privacy-enhancing technologies (“PETs”) and how PETs can advance data protection principles, and provides examples of how specific types of PETs work.

Paper 118

Paper Privacy Data Privacy Education 118

Security Affairs

DECEMBER 14, 2023

Microsoft’s Digital Crimes Unit seized multiple domains used by cybercrime group Storm-1152 to sell fraudulent Outlook accounts. Microsoft’s Digital Crimes Unit seized multiple domains used by a cybercrime group, tracked as Storm-1152, to sell fraudulent accounts. Storm-1152 operates illicit websites and social media pages, selling fake Microsoft accounts and tools to bypass identity verification software on popular technology platforms. “These services reduce the time and effo

Sales 122

Sales Ransomware Marketing IT 122

KnowBe4

DECEMBER 12, 2023

First ever insight into those annoying spam calls provides enlightening detail into how many calls are there, where are they coming from, and how much time is wasted dealing with them.

Security awareness 117

Security awareness Security 117

Data Breach Today

DECEMBER 15, 2023

Alan Turing Institute Calls for 'Shift in Mindset' to Tackle National Security Risk The U.K. national institute for artificial intelligence urged the government to establish red lines against the use of generative AI in scenarios in which the technology could take an irreversible action without direct human oversight. The U.K. government has sought to cultivate responsible AI.

Artificial Intelligence 297

Artificial Intelligence Government Risk Security 297

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Hanzo Learning Center

DECEMBER 12, 2023

In the ever-evolving world of legal technology, the annual webinar co-hosted by the Association of Certified E-Discovery Specialists (ACEDS) and Hanzo has become a beacon of insight and guidance. This year, marking the fourth collaboration between ACEDS and Hanzo, the webinar brought together a panel of seasoned professionals, each offering a unique perspective on the challenges and future of legal industry collaboration data.

e-Discovery 117

e-Discovery 117

Security Affairs

DECEMBER 12, 2023

The Dubai Taxi Company (DTC) app, which provides taxi, limousine, and other transport services, left a database open to the public, exposing sensitive customer and driver data. Dubai Taxi Company, a subsidiary of Dubai’s Roads and Transport Authority, leaked a trove of sensitive information from the DTC app, the Cybernews research team has found. Over 197K app users and nearly 23K drivers were exposed.

Encryption 122

Encryption Passwords Marketing Risk 122

WIRED Threat Level

DECEMBER 14, 2023

Kytch, the company that tried to fix McDonald’s broken ice cream machines, has unearthed a 3-year-old email it says proves claims of an alleged plot to undermine their business.

IT 115

IT Security 115

Data Breach Today

DECEMBER 14, 2023

Gambling and Retail Firms Top Targets of 'GambleForce' Group, Researchers Warn A recently spotted hacking group with a penchant for using open source tools has been using a less-than-novel tactic: exploiting SQL injection flaws. So warn researchers who recently detected attacks by the group, codenamed GambleForce, which appears to focus on gambling and retail firms.

Retail 297

Retail 297

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

KnowBe4

DECEMBER 11, 2023

The US Justice Department has indicted two individuals for launching spear phishing attacks against the US, the UK, Ukraine and various NATO member countries on behalf of the Russian government.

Phishing 117

Phishing Government Security 117

Security Affairs

DECEMBER 9, 2023

Kentucky health system Norton Healthcare disclosed a data breach after it was a victim of a ransomware attack in May. Norton Healthcare disclosed a data breach after a ransomware attack that hit the organization on May 9, 2023. The security breach exposed personal information belonging to patients, employees, and dependents. The health system notified federal law enforcement and launched an investigation into the incident with the help of a leading forensic security provider.

Data breaches 119

Data breaches Ransomware Insurance Access 119

OpenText Information Management

DECEMBER 11, 2023

The world of data analytics and artificial intelligence (AI) continues to evolve at an unprecedented rate. Over the next four years, analytics, AI, and machine learning developments promise to revolutionize how we interact with technology, unlocking a range of new possibilities. Analytics and AI trend #1: The integration of generative AI and business intelligence Traditional … The post Analytics and AI predictions for 2024: Exploring the future appeared first on OpenText Blogs.

Analytics 113

Analytics Artificial Intelligence 113

Data Breach Today

DECEMBER 12, 2023

Ukrainian President Volodymyr Zelenskyy Is in Washington Ukrainian telecom operator Kyivstar was the target of a cyberattack that knocked internet access and mobile communications offline on the same day Ukrainian President Volodymyr Zelenskyy is in Washington to boost the case for additional military aid.

Military 297

Military Communications Access 297

Advertisement

Start-ups & SMBs launching products quickly must bundle dashboards, reports, & self-service analytics into apps. Customers expect rapid value from your product (time-to-value), data security, and access to advanced capabilities. Traditional Business Intelligence (BI) tools can provide valuable data analysis capabilities, but they have a barrier to entry that can stop small and midsize businesses from capitalizing on them.

Analytics

Schneier on Security

DECEMBER 15, 2023

In 2016, I wrote about an Internet that affected the world in a direct, physical manner. It was connected to your smartphone. It had sensors like cameras and thermostats. It had actuators: Drones, autonomous cars. And it had smarts in the middle, using sensor data to figure out what to do and then actually do it. This was the Internet of Things (IoT).

IoT 114

IoT Cloud IT Government 114

Security Affairs

DECEMBER 14, 2023

Users of Ubiquiti WiFi products started reporting that they are accessing other people’s devices when logging into their accounts. Some users of Ubiquiti wifi products started reporting unexpected access to security camera footage, photos, and other devices upon logging into their accounts. Ubiquiti allows its customers to access and manage their devices through a proprietary cloud-based UniFi platform.

Access 117

Access Cloud Security IT 117

KnowBe4

DECEMBER 13, 2023

Analysis of nearly a year’s worth of emails brings insight into exactly what kinds of malicious content are being used, who’s being impersonated, and who’s being targeted.

Phishing 114

Phishing Security 114