Trending Articles

article thumbnail

Turning Information Into Outcomes: What Governance Really is About

Weissman's World

For years, youve heard me exhort you to implement information governance because you collected all that information for a reason, right? and infogov is how you get value from it. And while thats true, Im not sure I ever completely brought that sentiment to ground. So let me now close that gap. Over the next… Read More » Turning Information Into Outcomes: What Governance Really is About The post Turning Information Into Outcomes: What Governance Really is About appeared first on Holly

article thumbnail

Breach Roundup: Microsoft Makes Security Staff Cuts

Data Breach Today

Also: Intensified Russian Hacking in Ukraine, Spain's Telefnica Confirms Breach This week, Microsoft laid off security staff and released Patch Tuesday, Russian hackers intensified attacks on Ukraine in 2024, Telefnica confirmed a breach, a Tennessee mortgage leader reported a breach and the Texas AG sued Allstate over driver data collection.

Security 173
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Microsoft Sues Harmful Fake AI Image Crime Ring

Data Breach Today

Guardrails Bypassed on Azure OpenAI to Generate 'Thousands of Harmful Images' Microsoft filed a lawsuit targeting a cybercrime service used to generate "thousands of harmful images" by subverting the guardrails built into its Azure generative artificial intelligence tools. The company said attackers built a tool that reverse-engineered the guardrails in its AI platform.

article thumbnail

Microsoft: Happy 2025. Here’s 161 Security Updates

Krebs on Security

Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack. Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017. Rapid7 ‘s Adam Barnett says January marks the fourth consecutive month where Microsoft has published zero-day vulnerabilities on Patch Tuesday without evaluating any of them

Security 252
article thumbnail

5 Ways You Can Win Faster with Gen AI in Sales

Incorporating generative AI (gen AI) into your sales process can speed up your wins through improved efficiency, personalized customer interactions, and better informed decision- making. Gen AI is a game changer for busy salespeople and can reduce time-consuming tasks, such as customer research, note-taking, and writing emails, and provide insightful data analysis and recommendations.

article thumbnail

Banshee macOS stealer supports new evasion mechanisms

Security Affairs

Experts found a new version of the Banshee macOS information stealer which was enhanced with new evasion mechanisms. Check Point researchers discovered a new version of the Banshee macOS infostealer which is distributed through phishing websites and fake GitHub repositories, often masqueraded as popular software. In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures.

Archiving 120

More Trending

article thumbnail

News alert: Sweet Security’s LLM-powered detection engine reduces cloud noise to 0.04%

The Last Watchdog

Tel Aviv, Israel, Jan. 15, 2025, CyberNewswire — Sweet Security , a leader in cloud runtime detection and response, today announced the launch of its groundbreaking patent-pending Large Language Model (LLM)-powered cloud detection engine. This innovation enhances Sweet’s unified detection and response solution, enabling it to reduce cloud detection noise to an unprecedented 0.04%.

Cloud 130
article thumbnail

What Enterprises Need to Know About Agentic AI Risks

Data Breach Today

Mitigating Cybersecurity, Privacy Risks for New Class of Autonomous Agents Many organizations are looking to artificial intelligence agents to autonomously perform tasks that surpass traditional automation. Tech firms are rolling out agentic AI tools that can handle customer-facing interactions, IT operations and a variety of other processes without human intervention, but experts are cautioning security teams to watch for cyber and privacy risks.

Risk 230
article thumbnail

A New Jam-Packed Biden Executive Order Tackles Cybersecurity, AI, and More

WIRED Threat Level

US president Joe Biden just issued a 40-page executive order that aims to bolster federal cybersecurity protections, directs government use of AIand takes a swipe at Microsofts dominance.

article thumbnail

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Security Affairs

A previously unknown threat actor released config files and VPN passwords for Fortinet FortiGate devices on a popular cybercrime forum. A previously unknown threat actor named Belsen Group published configuration files and VPN passwords for over 15,000 Fortinet FortiGate appliances. “2025 will be a fortunate year for the world. At the beginning of the year, and as a positive start for us, and in order to solidify the name of our group in your memory, we are proud to announce our first offi

Passwords 123
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

The five biggest mistakes people make when prompting an AI

Collaboration 2.0

Ready to transform how you use AI tools?

article thumbnail

News alert: Wultra secures €3M funding to help financial firms mitigate coming quantum threats

The Last Watchdog

Prague, Czech Republic, Jan. 15, 2025, CyberNewswire — Quantum computing is set to revolutionize technology, but it also presents a significant security risk for financial institutions. Czech cybersecurity startup Wultra has raised 3 million from Tensor Ventures, Elevator Ventures, and J&T Ventures to accelerate the development of its post-quantum authentication technology, safeguarding banks and fintech against the coming wave of quantum threats.

article thumbnail

Action Items for U.S. Public Companies for 2025

Data Matters

Rapid rulemaking and aggressive enforcement by the SEC, combined with legislative, judicial, and regulatory developments, have created new requirements and expectations for U.S. public companies. The post Action Items for U.S. Public Companies for 2025 appeared first on Data Matters Privacy Blog.

88
article thumbnail

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

Security Affairs

The ransomware group Codefinger is using compromised AWS keys to encrypt S3 bucket data using SSE-C, Halcyon researchers warn. The ransomware group Codefinger has been spotted using compromised AWS keys to encrypt data in S3 buckets. The threat actor used AWSs Server-Side Encryption with Customer Provided Keys (SSE-C) for encryption, then demanded the payment of a ransom to the victim to recover the data using the attackers’ symmetric AES-256 keys required to decrypt data.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Microsoft to force new Outlook app in Windows 10 with no way to block it

Collaboration 2.0

Designed to replace the current Mail and Calendar apps, the new Outlook can only be removed after it's been installed.

IT 136
article thumbnail

News alert: Aembit announces speakers for NHIcon event, highlighting non-human identity security

The Last Watchdog

Silver Spring, MD, Jan. 15, 2025, CyberNewswire — Aembit , the non-human identity and access management (IAM) company, unveiled the full agenda for NHIcon 2025, a virtual event dedicated to advancing non-human identity security, streaming live on Jan. 28 and headlined by industry luminary Kevin Mandia. NHIcon 2025 is co-presented by Aembit and Veza , alongside industry partners Identity Defined Security Alliance and Cloud Security Alliance.

Security 130
article thumbnail

Ransomware Campaign Targets Amazon S3 Buckets

Data Breach Today

Threat Actor 'Codefinger' Targets Cloud Environments A ransomware group is targeting Amazon S3 buckets, exploiting the data stored there using AWSs server-side encryption with customer keys and demanding a ransom in exchange for the encryption key needed to unlock the data. The group uses compromised or publicly exposed AWS account credentials.

article thumbnail

Inside the Black Box of Predictive Travel Surveillance

WIRED Threat Level

Behind the scenes, companies and governments are feeding a trove of data about international travelers into opaque AI tools that aim to predict whos safeand whos a threat.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

FBI deleted China-linked PlugX malware from over 4,200 US computers

Security Affairs

The FBI has removed Chinese PlugX malware from over 4,200 computers in networks across the United States, the U.S. Department of Justice reported. The Justice Department and FBI, along with international partners, announced they deleted PlugX malware from thousands of infected computers worldwide as part of a multi-month law enforcement operation. The malware was operated by a China-linked threat actor, known as Mustang Panda (aka Twill Typhoon, to steal sensitive information from victim compute

article thumbnail

I spent hours testing ChatGPT Tasks - and its refusal to follow directions was mildly terrifying

Collaboration 2.0

ChatGPT tasks offers AI prompt scheduling and automation, but what happens when things go wrong?

IT 122
article thumbnail

Phishing False Alarm

Schneier on Security

A very security-conscious company was hit with a (presumed) massive state-actor phishing attack with gift cards, and everyone rallied to combat it—until it turned out it was company management sending the gift cards.

article thumbnail

Law Office Wolf Haldenstein Says Hack Affected 3.4 Million

Data Breach Today

Legal Firm Joins Other Class Action Litigators Targeted by Hackers Wolf Haldenstein Adler Freeman & Herz LLP, a law firm that represents consumers in data breach lawsuits, has reported to regulators its own 2023 hack affecting more than 3.4 million individuals. The incident isn't the first time a law firm that handles data breach litigation reported a major hack.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Ministers mull allowing private firms to make profit from NHS data in AI push

The Guardian Data Protection

Anonymised data could help develop treatments, drugs and diagnostic tools but potential misuse worries experts What does AI plan mean for NHS patient data and is there cause for concern? Ministers are considering allowing private companies to make profits from NHS data as part of a push to revolutionise the health service using artificial intelligence, government officials have indicated.

article thumbnail

U.S. CISA adds Fortinet FortiOS to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiOS vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Fortinet FortiOS authorization bypass vulnerability, tracked as CVE-2024-55591 (CVSS score: 9.6) to its Known Exploited Vulnerabilities (KEV) catalog.

IT 103
article thumbnail

This hidden Pixel camera feature makes your photos more vibrant - how to enable it

Collaboration 2.0

Pixel phones are well known for their superior cameras. This feature makes them even better.

IT 130
article thumbnail

First Ever Magic Quadrant™ for Email Security Platforms by Gartner®

KnowBe4

In cybersecurity, email has always been a critical concern. However, we feel the new 2024 Gartner Magic Quadrant for Email Security Platforms has signaled a shift in how we approach email protection.

article thumbnail

10 Ways to Leverage Buyer Signals and Drive Revenue

In today’s ultra-competitive markets, it’s no longer enough to wait for buyers to show obvious signs of interest. Instead, sales teams must be proactive, identifying and acting on nuanced buyer behaviors — often before prospects are fully ready to make a purchase. In this eBook from ZoomInfo & Sell Better, learn 10 actionable ways to use these buyer signals to transform your sales strategy and close deals faster.

article thumbnail

Ransomware Leak Sites Suggest Attacks Reached Record High

Data Breach Today

RansomHub, Play and Akira Appear to Dominate; Numerous Newcomers Join the Fray While ransomware groups' data-leak sites regularly lie, if taken at face value, in December 2024 they collectively listed the largest number of victims ever seen in a one-month period, dominated by RansomHub, Play and Akira operations, plus a bevy of newcomers, researchers report.

article thumbnail

The ‘Largest Illicit Online Marketplace’ Ever Is Growing at an Alarming Rate, Report Says

WIRED Threat Level

Huione Guarantee, a gray market researchers believe is central to the online scam ecosystem, now includes a messaging app, stablecoin, and crypto exchangewhile facilitating $24 billion in transactions.

article thumbnail

U.S. CISA adds BeyondTrust PRA and RS and Qlik Sense flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BeyondTrust PRA and RS and Qlik Sense flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-12686 (CVSS score of 6.6) The flaw is an OS Command Injection Vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS).

IT 111