Trending Articles

article thumbnail

News alert: SpyCloud accelerates supply chain risk analysis with new ‘IDLink’ correlation capability

The Last Watchdog

Austin, TX, Oct. 10th, 2024, CyberNewswire — SpyCloud, the leader in Identity Threat Protection, announced that its SaaS Investigations solution has been enhanced with identity analytics that illuminate the scope of digital identities and accelerate successful outcomes of complex investigations from days or hours to minutes. SpyCloud Investigations is a powerful cybercrime and identity threat investigation solution used by analysts and investigators to discover and act on threats by naviga

Risk 285
article thumbnail

Oil and Gas Firms Aware of Cyber Risks

Data Breach Today

Sector Uses Multifactor, Eschews Cloud, Can't Afford Cyber Insurance The oil and gas industry has high levels of cyber awareness and low levels of cyber insurance, says a sectoral assessment from credit rating agency Moody's. The sector has experienced a clutch of high-profile attacks including a high-profile 2021 incident at Colonial Pipeline.

Insurance 164
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

US DOJ Developing Guidelines for AI Use in Law Enforcement

Data Breach Today

Justice Department Aiming to Emphasize Privacy and Security in AI Deployment The U.S. Department of Justice is drafting new guidelines for law enforcement on the use of artificial intelligence and facial recognition tools to enhance public safety while safeguarding civil rights and ensuring ethical deployment, a senior official said Wednesday.

article thumbnail

Patch Tuesday, October 2024 Edition

Krebs on Security

Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Also, Adobe plugged 52 security holes across a range of products, and Apple has addressed a bug in its new macOS 15 “ Sequoia ” update that broke many cybersecurity tools.

article thumbnail

The Tumultuous IT Landscape is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Passwordless Authentication without Secrets!

Thales Cloud Protection & Licensing

Passwordless Authentication without Secrets! divya Fri, 10/11/2024 - 08:54 As user expectations for secure and seamless access continue to grow, the 2024 Thales Consumer Digital Trust Index (DTI) research revealed that 65% of users feel frustrated with frequent password resets. This highlights an increasing demand for advanced authentication methods like passkeys and multi-factor authentication (MFA), which provide robust security for most use cases.

More Trending

article thumbnail

Internet Archive Breach Exposes 31 Million Users

WIRED Threat Level

The hack exposed the data of 31 million users as the embattled Wayback Machine maker scrambles to stay online and contain the fallout of digital—and legal—attacks.

Archiving 124
article thumbnail

Hackers Prowling For Unencrypted BIG-IP Cookies, Warns CISA

Data Breach Today

Agency Says Cookies Could Help Attackers Find Network Assets, Vulnerabilities Unencrypted cookies tied to a suite of secure gateway technology from F5 are gateways for hackers to reach internal devices on corporate networks, warns the Cybersecurity and Infrastructure Security Agency. BIG-IP uses persistent cookies as a traffic load-balancing convenience.

article thumbnail

China Possibly Hacking US “Lawful Access” Backdoor

Schneier on Security

The Wall Street Journal is reporting that Chinese hackers (Salt Typhoon) penetrated the networks of US broadband providers, and might have accessed the backdoors that the federal government uses to execute court-authorized wiretap requests. Those backdoors have been mandated by law—CALEA—since 1994. It’s a weird story. The first line of the article is: “A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers.” This

Access 119
article thumbnail

Secure Your World with Phishing Resistant Passkeys

Thales Cloud Protection & Licensing

Secure Your World with Phishing Resistant Passkeys madhav Thu, 10/10/2024 - 05:12 As we celebrate Cybersecurity Awareness Month 2024 with the theme "Secure Our World," exploring innovative technologies is crucial to help us achieve this goal. One such advancement that's revolutionizing online security and user authentication is passkeys. Passkeys represent a significant leap forward in creating a safer digital landscape, aligning perfectly with the mission to secure our world.

Phishing 132
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Iran and China-linked actors used ChatGPT for preparing attacks

Security Affairs

OpenAI disrupted 20 cyber and influence operations in 2023, revealing Iran and China-linked actors used ChatGPT for planning ICS attacks. OpenAI announced the disruption of over 20 cyber and influence operations this year, involving Iranian and Chinese state-sponsored hackers. The company uncovered the activities of three threat actors abusing ChatGPT to launch cyberattacks.

Phishing 115
article thumbnail

69,000 Bitcoins Are Headed for the US Treasury—While the Agent Who Seized Them Is in Jail

WIRED Threat Level

The $4.4 billion in crypto is set to be the largest pile of criminal proceeds ever sold off by the US. The former IRS agent who seized the recording-breaking sum, meanwhile, languishes in a Nigerian jail cell.

article thumbnail

Beyond Proof of Concepts: Will Gen AI Live Up to the Hype?

Data Breach Today

How Gen AI Is Evolving From Experimentation to Driving Major Business Impact As gen AI moves from hype to reality, 30% of projects are predicted to be abandoned after the proof-of-concept phase. Despite gen AI's enormous potential to boost revenue and productivity and reduce costs, organizations must perform a thorough assessment before committing to large-scale investments.

259
259
article thumbnail

Deebot Robot Vacuums Are Using Photos and Audio to Train Their AI

Schneier on Security

An Australian news agency is reporting that robot vacuum cleaners from the Chinese company Deebot are surreptitiously taking photos and recording audio, and sending that data back to the vendor to train their AIs. Ecovacs’s privacy policy— available elsewhere in the app —allows for blanket collection of user data for research purposes, including: The 2D or 3D map of the user’s house generated by the device Voice recordings from the device’s microphone Photos or vide

Privacy 113
article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

article thumbnail

Series wrap – The rise of the threat hunter

OpenText Information Management

As we reach the conclusion of the Threat Hunters blog series, it’s clear that the role of these cybersecurity specialists has never been more important. Over the past several weeks, we’ve delved into the world of threat hunters—exploring their day-to-day activities, the challenges they face, and the unique skills that set them apart. This series has highlighted how threat hunters are at the frontline, proactively defending organizations against increasingly sophisticated and evolving cyber threa

article thumbnail

Mozilla issued an urgent Firefox update to fix an actively exploited flaw

Security Affairs

Mozilla released an urgent Firefox update to fix a critical use-after-free vulnerability actively exploited in ongoing attacks. Mozilla released an emergency security update for its Firefox browser to address a critical use-after-free vulnerability, tracked as CVE-2024-9680, that is actively exploited in attacks. The vulnerability CVE-2024-9680 resides in Animation timelines.

Security 110
article thumbnail

Pig Butchering Scams Are Going High Tech

WIRED Threat Level

Scammers in Southeast Asia are increasingly turning to AI, deepfakes, and dangerous malware in a way that makes their pig butchering operations even more convincing.

Security 110
article thumbnail

Marriott Pays $52M to Settle US States' Breach Litigation

Data Breach Today

World's Biggest Hotel Chain Also Settles with Federal Trade Commission The world's largest hotel chain agreed Wednesday to pay $52 million and submit to 20 years of third-party monitoring of its cybersecurity program to settle a rash of data breaches affecting millions of guests. The sizeable payout is part of a settlement reached with 50 U.S. attorneys general.

article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

Perfectl Malware

Schneier on Security

Perfectl in an impressive piece of malware: The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the Internet potential targets, researchers from Aqua Security said. It can also exploit CVE-2023-33246, a vulnerability with a severity rating of 10 out of 10 that was patched last year in Apache RocketMQ, a messaging and streaming platform that’s found on ma

Mining 88
article thumbnail

Hurricane Deepfakes Flood Social Media

KnowBe4

As the recent hurricane Helene caused major damage and as hurricane Milton is expected to make landfall in Florida soon, deepfakes are spreading misinformation on social media.

109
109
article thumbnail

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 15

Security Affairs

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Over 300,000! GorillaBot: The New King of DDoS Attacks Hidden cryptocurrency mining and theft campaign affected over 28,000 users The Mongolian Skimmer: different clothes, equally dangerous Akira and Fog ransomware now exploit cri

article thumbnail

Beyond Compliance: The Power of Proactive, Year-Round Network Pen Testing

eSecurity Planet

IT leaders know that the reason regulators and cybersecurity insurers require them to conduct network penetration testing is to ensure they’re protecting their networks from being accessed by attackers. But hackers don’t operate on the same schedule as regulators. Compliance-focused network penetration testing — conducted annually or quarterly — only helps organizations identify weaknesses that are present at the specific points in time when they’re undertaking testing.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

How AI Shields Enterprises from Advanced Email Attacks

Data Breach Today

SEGs have performed admirably for many years, but they’re no match for this new generation of email attacks, and relying on outdated tools can have catastrophic consequences. By upgrading to a behavioral AI-based solution, you can defend against emerging threats and become more proactive in the fight against cybercrime.

259
259
article thumbnail

Oura Ring Gen 3 Horizon: Enhanced features, no more flat spot

Collaboration 2.0

It's been a year since Oura revealed its Gen 3 Ring and it has rolled out several updates since that release. The new model delivers the same software and data, but its design is perfectly round with no flat spot.

IT 85
article thumbnail

The War on Passwords Is One Step Closer to Being Over

WIRED Threat Level

“Passkeys,” the secure authentication mechanism built to replace passwords, are getting more portable and easier for organizations to implement thanks to new initiatives the FIDO Alliance announced on Monday.

article thumbnail

Fidelity Investments suffered a second data breach this year

Security Affairs

US-based financial services company Fidelity Investments warns 77,000 individuals of a data breach that exposed their personal information. U.S.-based financial services company Fidelity Investments is notifying 77,099 individuals that their personal information was compromised in an August cyberattack. The data breach occurred on August 17, 2024 and was discovered two days later, on August 19, 2024. “Between August 17 and August 19, a third party accessed and obtained certain information

article thumbnail

Launching LLM-Based Products: From Concept to Cash in 90 Days

Speaker: Christophe Louvion, Chief Product & Technology Officer of NRC Health and Tony Karrer, CTO at Aggregage

Christophe Louvion, Chief Product & Technology Officer of NRC Health, is here to take us through how he guided his company's recent experience of getting from concept to launch and sales of products within 90 days. In this exclusive webinar, Christophe will cover key aspects of his journey, including: LLM Development & Quick Wins 🤖 Understand how LLMs differ from traditional software, identifying opportunities for rapid development and deployment.

article thumbnail

Chinese Hackers Breach US Wiretapping Data, Expose Vulnerabilities

eSecurity Planet

In a significant cybersecurity breach — not as big as the NPD breach , though — Chinese hackers recently infiltrated the networks of major U.S. telecom providers, accessing highly sensitive wiretapping data. Companies like Verizon, AT&T, and Lumen Technologies were targeted in this attack, allowing unauthorized access to critical systems used for court-authorized wiretapping — a tool vital for law enforcement surveillance.

article thumbnail

Internet Archive Data Breach Exposes 31 Million Accounts

Data Breach Today

Nonprofit Digital Archive Also Suffers Denial-of-Service Attacks, Defacement The nonprofit Internet Archive has been hit by hackers, who stole usernames and for 31 million accounts, including email addresses and bcrypt-hashed passwords. In recent days, the digital archive has also suffered defacement and repeat denial-of-service attacks.

Archiving 256
article thumbnail

The 65+ best Walmart deals you can shop now: Live updates

Collaboration 2.0

Walmart's major sale on tech, home, toys, and more ahead of the holidays ends today. Don't miss these deals from Apple, Samsung, and more.

Sales 98