Weissman's World

JANUARY 14, 2025

For years, youve heard me exhort you to implement information governance because you collected all that information for a reason, right? and infogov is how you get value from it. And while thats true, Im not sure I ever completely brought that sentiment to ground. So let me now close that gap. Over the next… Read More » Turning Information Into Outcomes: What Governance Really is About The post Turning Information Into Outcomes: What Governance Really is About appeared first on Holly

Government 268

Government Information governance IT Records Management 268

Data Breach Today

JANUARY 16, 2025

Also: Intensified Russian Hacking in Ukraine, Spain's Telefnica Confirms Breach This week, Microsoft laid off security staff and released Patch Tuesday, Russian hackers intensified attacks on Ukraine in 2024, Telefnica confirmed a breach, a Tennessee mortgage leader reported a breach and the Texas AG sued Allstate over driver data collection.

Security 173

Security Data collection 173

Data Breach Today

JANUARY 13, 2025

Guardrails Bypassed on Azure OpenAI to Generate 'Thousands of Harmful Images' Microsoft filed a lawsuit targeting a cybercrime service used to generate "thousands of harmful images" by subverting the guardrails built into its Azure generative artificial intelligence tools. The company said attackers built a tool that reverse-engineered the guardrails in its AI platform.

Artificial Intelligence 232

Artificial Intelligence IT 232

Krebs on Security

JANUARY 14, 2025

Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack. Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017. Rapid7 ‘s Adam Barnett says January marks the fourth consecutive month where Microsoft has published zero-day vulnerabilities on Patch Tuesday without evaluating any of them

Security 252

Security Artificial Intelligence Access Encryption 252

Advertiser: ZoomInfo

Incorporating generative AI (gen AI) into your sales process can speed up your wins through improved efficiency, personalized customer interactions, and better informed decision- making. Gen AI is a game changer for busy salespeople and can reduce time-consuming tasks, such as customer research, note-taking, and writing emails, and provide insightful data analysis and recommendations.

Sales

Security Affairs

JANUARY 10, 2025

Experts found a new version of the Banshee macOS information stealer which was enhanced with new evasion mechanisms. Check Point researchers discovered a new version of the Banshee macOS infostealer which is distributed through phishing websites and fake GitHub repositories, often masqueraded as popular software. In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures.

Archiving 120

Archiving Phishing Encryption Passwords 120

The Last Watchdog

JANUARY 15, 2025

Tel Aviv, Israel, Jan. 15, 2025, CyberNewswire — Sweet Security , a leader in cloud runtime detection and response, today announced the launch of its groundbreaking patent-pending Large Language Model (LLM)-powered cloud detection engine. This innovation enhances Sweet’s unified detection and response solution, enabling it to reduce cloud detection noise to an unprecedented 0.04%.

Cloud 130

Cloud Privacy Analytics Security 130

Data Breach Today

JANUARY 13, 2025

Mitigating Cybersecurity, Privacy Risks for New Class of Autonomous Agents Many organizations are looking to artificial intelligence agents to autonomously perform tasks that surpass traditional automation. Tech firms are rolling out agentic AI tools that can handle customer-facing interactions, IT operations and a variety of other processes without human intervention, but experts are cautioning security teams to watch for cyber and privacy risks.

Risk 230

Risk Artificial Intelligence Privacy Cybersecurity 230

WIRED Threat Level

JANUARY 16, 2025

US president Joe Biden just issued a 40-page executive order that aims to bolster federal cybersecurity protections, directs government use of AIand takes a swipe at Microsofts dominance.

Cybersecurity 112

Cybersecurity Government Security 112

Security Affairs

JANUARY 15, 2025

A previously unknown threat actor released config files and VPN passwords for Fortinet FortiGate devices on a popular cybercrime forum. A previously unknown threat actor named Belsen Group published configuration files and VPN passwords for over 15,000 Fortinet FortiGate appliances. “2025 will be a fortunate year for the world. At the beginning of the year, and as a positive start for us, and in order to solidify the name of our group in your memory, we are proud to announce our first offi

Passwords 123

Passwords Security IT Data breaches 123

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Collaboration 2.0

JANUARY 15, 2025

Ready to transform how you use AI tools?

Artificial Intelligence 137

Artificial Intelligence 137

The Last Watchdog

JANUARY 15, 2025

Prague, Czech Republic, Jan. 15, 2025, CyberNewswire — Quantum computing is set to revolutionize technology, but it also presents a significant security risk for financial institutions. Czech cybersecurity startup Wultra has raised 3 million from Tensor Ventures, Elevator Ventures, and J&T Ventures to accelerate the development of its post-quantum authentication technology, safeguarding banks and fintech against the coming wave of quantum threats.

Authentication 130

Authentication Security Marketing Compliance 130

Data Matters

JANUARY 17, 2025

Rapid rulemaking and aggressive enforcement by the SEC, combined with legislative, judicial, and regulatory developments, have created new requirements and expectations for U.S. public companies. The post Action Items for U.S. Public Companies for 2025 appeared first on Data Matters Privacy Blog.

88

88

Security Affairs

JANUARY 15, 2025

The ransomware group Codefinger is using compromised AWS keys to encrypt S3 bucket data using SSE-C, Halcyon researchers warn. The ransomware group Codefinger has been spotted using compromised AWS keys to encrypt data in S3 buckets. The threat actor used AWSs Server-Side Encryption with Customer Provided Keys (SSE-C) for encryption, then demanded the payment of a ransom to the victim to recover the data using the attackers’ symmetric AES-256 keys required to decrypt data.

Encryption 107

Encryption Ransomware Authentication Cloud 107

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Collaboration 2.0

JANUARY 13, 2025

Designed to replace the current Mail and Calendar apps, the new Outlook can only be removed after it's been installed.

IT 136

IT 136

The Last Watchdog

JANUARY 15, 2025

Silver Spring, MD, Jan. 15, 2025, CyberNewswire — Aembit , the non-human identity and access management (IAM) company, unveiled the full agenda for NHIcon 2025, a virtual event dedicated to advancing non-human identity security, streaming live on Jan. 28 and headlined by industry luminary Kevin Mandia. NHIcon 2025 is co-presented by Aembit and Veza , alongside industry partners Identity Defined Security Alliance and Cloud Security Alliance.

Security 130

Security Cloud Risk Access 130

Data Breach Today

JANUARY 14, 2025

Threat Actor 'Codefinger' Targets Cloud Environments A ransomware group is targeting Amazon S3 buckets, exploiting the data stored there using AWSs server-side encryption with customer keys and demanding a ransom in exchange for the encryption key needed to unlock the data. The group uses compromised or publicly exposed AWS account credentials.

Ransomware 173

Ransomware Encryption Cloud 173

WIRED Threat Level

JANUARY 13, 2025

Behind the scenes, companies and governments are feeding a trove of data about international travelers into opaque AI tools that aim to predict whos safeand whos a threat.

Government 94

Government Privacy Security 94

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Security Affairs

JANUARY 14, 2025

The FBI has removed Chinese PlugX malware from over 4,200 computers in networks across the United States, the U.S. Department of Justice reported. The Justice Department and FBI, along with international partners, announced they deleted PlugX malware from thousands of infected computers worldwide as part of a multi-month law enforcement operation. The malware was operated by a China-linked threat actor, known as Mustang Panda (aka Twill Typhoon, to steal sensitive information from victim compute

Government 118

Government Cybersecurity Access IT 118

Collaboration 2.0

JANUARY 17, 2025

ChatGPT tasks offers AI prompt scheduling and automation, but what happens when things go wrong?

IT 122

IT Artificial Intelligence 122

Schneier on Security

JANUARY 15, 2025

A very security-conscious company was hit with a (presumed) massive state-actor phishing attack with gift cards, and everyone rallied to combat it—until it turned out it was company management sending the gift cards.

Phishing 90

Phishing Security IT 90

Data Breach Today

JANUARY 16, 2025

Legal Firm Joins Other Class Action Litigators Targeted by Hackers Wolf Haldenstein Adler Freeman & Herz LLP, a law firm that represents consumers in data breach lawsuits, has reported to regulators its own 2023 hack affecting more than 3.4 million individuals. The incident isn't the first time a law firm that handles data breach litigation reported a major hack.

Data breaches 162

Data breaches IT 162

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

The Guardian Data Protection

JANUARY 13, 2025

Anonymised data could help develop treatments, drugs and diagnostic tools but potential misuse worries experts What does AI plan mean for NHS patient data and is there cause for concern? Ministers are considering allowing private companies to make profits from NHS data as part of a push to revolutionise the health service using artificial intelligence, government officials have indicated.

Artificial Intelligence 99

Artificial Intelligence Government 99

Security Affairs

JANUARY 15, 2025

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiOS vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Fortinet FortiOS authorization bypass vulnerability, tracked as CVE-2024-55591 (CVSS score: 9.6) to its Known Exploited Vulnerabilities (KEV) catalog.

IT 103

IT Cybersecurity Authentication Risk 103

Collaboration 2.0

JANUARY 14, 2025

Pixel phones are well known for their superior cameras. This feature makes them even better.

IT 130

IT 130

KnowBe4

JANUARY 16, 2025

In cybersecurity, email has always been a critical concern. However, we feel the new 2024 Gartner Magic Quadrant for Email Security Platforms has signaled a shift in how we approach email protection.

Security 84

Security Cybersecurity Phishing 84

Advertiser: ZoomInfo

In today’s ultra-competitive markets, it’s no longer enough to wait for buyers to show obvious signs of interest. Instead, sales teams must be proactive, identifying and acting on nuanced buyer behaviors — often before prospects are fully ready to make a purchase. In this eBook from ZoomInfo & Sell Better, learn 10 actionable ways to use these buyer signals to transform your sales strategy and close deals faster.

Sales

Data Breach Today

JANUARY 15, 2025

RansomHub, Play and Akira Appear to Dominate; Numerous Newcomers Join the Fray While ransomware groups' data-leak sites regularly lie, if taken at face value, in December 2024 they collectively listed the largest number of victims ever seen in a one-month period, dominated by RansomHub, Play and Akira operations, plus a bevy of newcomers, researchers report.

Ransomware 162

Ransomware 162

WIRED Threat Level

JANUARY 14, 2025

Huione Guarantee, a gray market researchers believe is central to the online scam ecosystem, now includes a messaging app, stablecoin, and crypto exchangewhile facilitating $24 billion in transactions.

Marketing 83

Marketing Blockchain Security 83

Security Affairs

JANUARY 13, 2025

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BeyondTrust PRA and RS and Qlik Sense flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-12686 (CVSS score of 6.6) The flaw is an OS Command Injection Vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS).

IT 111

IT Cybersecurity Access Risk 111