Thu.Jan 18, 2024

article thumbnail

Popular GPUs Used AI Systems Vulnerable to Memory Leak Flaw

Data Breach Today

LeftoverLocals Affects Apple, AMD and Qualcomm Devices Researchers uncovered a critical vulnerability in graphic processing units of popular devices that could allow attackers to access data from large language models. They dubbed the vulnerability LeftoverLocals and said it affects the GPU frameworks of Apple, AMD and Qualcomm devices.

Access 320
article thumbnail

Jamf Threat Labs discovers new malware embedded in pirated applications

Jamf

In this blog, Jamf Threat Labs researchers analyze malware they discovered in pirated macOS applications. These apps, appearing similar to ZuRu malware, download and execute multiple payloads to compromise machines in the background.

143
143
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

White House Official Warns of AI Risks in 2024 Elections

Data Breach Today

No 'Magic Solution' to Prevent Malicious Use of AI in Elections, OSTP Chief Says Arati Prabhakar, director of the White House's Office of Science and Technology Policy, said during an event at the 2024 World Economic Forum that generative artificial intelligence has the potential to "dramatically accelerate and amplify the erosion of information integrity.

article thumbnail

CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Chrome and Citrix flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2023-6548 – Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability.

IT 141
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Breach Roundup: Microsoft's Effort to Store EU Data Locally

Data Breach Today

Also: FBI Warning About Androxgh0st; eBay Pays a $3 Million Fine for Cyberstalking This week, Microsoft expanded plans to store EU citizens' data locally, shipping-themed phishing spam is a threat, the British Library overcame a ransomware setback, the FBI warned of Androxgh0st malware, Remcos RAT targeted South Korea, and eBay was fined $3 million for a cyberstalking campaign.

Libraries 308

More Trending

article thumbnail

Cryptohack Roundup: SEC Still Probing X Account Hack

Data Breach Today

Also: $3.3M Socket Hack; Do Kwon and Alex Mashinsky Trials This week, the U.S. SEC assessed its X account hack, attackers stole $3.3M from Socket, Do Kwon got a new trial date, Alex Mashinsky sought to dismiss charges, Google Play Store removed crypto apps for India users, IRS clarified crypto asset reporting and South Korea mulled crypto mixer legislation.

IT 297
article thumbnail

Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

Security Affairs

Google warns that the Russia-linked threat actor COLDRIVER expands its targeting and is developing a custom malware. The ColdRiver APT (aka “ Seaborgium “, “Callisto”, “Star Blizzard”, “TA446”) is a Russian cyberespionage group that has been targeting government officials, military personnel, journalists and think tanks since at least 2015.

Phishing 138
article thumbnail

Google: Russian FSB Hacking Group Turns to Malware

Data Breach Today

'Coldriver' Has Been Sending Backdoors Embedded in PDFs Since November 2022 A Russian domestic intelligence agency hacking group known for long-lasting logon credential phishing campaigns against Western targets is now deploying malware embedded into PDFs, say security researchers from Google. "Coldriver" is using a family of backdoors Google dubs Spica.

Phishing 296
article thumbnail

PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts

Security Affairs

Experts found multiple flaws, collectively named PixieFail, in the network protocol stack of an open-source reference implementation of the UEFI. Quarkslab researchers discovered nine vulnerabilities, collectively tracked as e PixieFAIL, affecting the IPv6 network protocol stack of EDK II, TianoCore’s open source reference implementation of UEFI.

IT 137
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

PHMSA Launches Initiatives to Bolster Pipeline Cybersecurity

Data Breach Today

Agency Tasked With Pipeline Security Takes New Steps to Combat Rise in Cyberattacks A U.S. federal agency tasked with ensuring the secure transportation of energy and hazardous materials is launching a series of initiatives to address an increase in cyberattacks, a top official said. Watchdogs have warned for years that action is urgently needed to better protect U.S. pipelines.

article thumbnail

‘Swatting’ Becomes the Latest Extortion Tactic in Ransomware Attacks

KnowBe4

Rather than stick to traditional ransomware extortion methods that revolve around the attack itself, a new form of extortion known as Swatting puts the focus on the victim organization’s customers.

article thumbnail

Privacy Fines: Tech Hub Ireland Leads EU in GDPR Sanctions

Data Breach Today

4.7 Billion Euros in Total Known Fines Since Data Protection Law Took Effect Ireland - home to the European headquarters of a throng of multinational tech companies - is responsible for the greatest amount of aggregate data protection fines - 2.9 billion euros - since the European Union General Data Protection Regulation went into effect.

GDPR 293
article thumbnail

How Secure Is Cloud Storage? Features, Risks, & Protection

eSecurity Planet

Cloud storage is a cloud computing model that allows data storage on remote servers operated by a service provider, accessible via internet connections. It’s a scalable and cost-effective storage solution for businesses offered through a subscription service. When assessing the overall security of cloud storage and choosing a solution tailored to your business, it helps to determine its features, potential risks, security measures, and other considerations.

Cloud 124
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Swiss Government Reports Nuisance-Level DDoS Disruptions

Data Breach Today

Self-Proclaimed Russian Hacktivists Continue Putin-Aligned Information Operations Switzerland's federal government reports that multiple federal agencies' public-facing sites were temporarily disrupted by distributed denial-of-service attacks perpetrated by a self-proclaimed Russian hacktivist group "as a means of gaining media attention for their cause.

article thumbnail

Ninety-Four Percent of Organizations Sustained Phishing Attacks Last Year

KnowBe4

A survey by Egress has found that 94% of organizations were hit by phishing attacks in 2023, Infosecurity Magazine reports. Additionally, 91% of firms experienced data loss and exfiltration. The three most common causes of data loss were reckless behavior, human error and malicious exfiltration.

Phishing 122
article thumbnail

AHA: Rise in Scams Targeting IT Help Desks for Payment Fraud

Data Breach Today

American Hospital Association Warns of Social Engineering Schemes The American Hospital Association is warning of increasingly sophisticated social engineering scams targeting hospital IT help desks with schemes involving the stolen credentials of revenue cycle and other finance employees to commit payment fraud against the institutions.

IT 282
article thumbnail

Scammers Target Owners of Missing Pets

KnowBe4

Some particularly cold-hearted scammers are targeting users of lost pet forums with phony ransom demands, the BBC reports.

Security 119
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Canadian Citizen Gets Phone Back from Police

Schneier on Security

After 175 million failed password guesses, a judge rules that the Canadian police must return a suspect’s phone. [Judge] Carter said the investigation can continue without the phones, and he noted that Ottawa police have made a formal request to obtain more data from Google. “This strikes me as a potentially more fruitful avenue of investigation than using brute force to enter the phones,” he said.

Passwords 114
article thumbnail

More Than Half of Data Breaches in the U.K.’s Legal Sector are Due to Insider Error

KnowBe4

A new analysis of data breaches in the United Kingdom's legal sector shows that organizations need to be looking inward more and look for ways to elevate the security awareness of employees.

article thumbnail

$8 million penalty to NYDFS – and another case of over-retention

Data Protection Report

2024 was not a happy new year for Genesis Global Trading, Inc. (“GGT”). On January 3, 2024, the New York Department of Financial Services announced a consent order with GGT, where GGT agreed to pay NYDFS $8 million and to surrender its BitLicense (for cryptocurrency trading), due to alleged violations of NYDFS’ cybersecurity and its virtual currency regulations.

article thumbnail

Unlocking the power of chatbots: Key benefits for businesses and customers

IBM Big Data Hub

Chatbots can help your customers and potential clients find or input information quickly by instantly responding to requests that use audio input, text input or a combination of both, eliminating the need for human intervention or manual research. Chatbots are everywhere, providing customer care support and assisting employees who use smart speakers at home, SMS, WhatsApp, Facebook Messenger, Slack and numerous other applications.

Sales 85
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Fidelity National now says 1.3M customers had data stolen by cyber-crooks via The Registry

IG Guru

Check out the article here. The post Fidelity National now says 1.3M customers had data stolen by cyber-crooks via The Registry first appeared on IG GURU.

article thumbnail

3 Opportunities for Cybersecurity Leaders Who Choose to Stay

Lenny Zeltser

Several years into your role as a security leader at a company, you’ll reach a point when you ask yourself, “What’s next for me?” This article discusses three ways to proceed if you choose to stay at your current organization. (It was co-authored by Yael Nagler and Lenny Zeltser.) At this point in your CISO tenure, you know your way around the company, you’re familiar with the cadence and patterns of the organization, you know what’s expected, and you understand your trajectory.

article thumbnail

deepset Cloud Establishes New Standards for Trust in AI Models

Information Matters

San Francisco-based startup deepset Cloud has unveiled groundbreaking new features that aim to address concerns around reliability and accountability in large language models (LLMs), setting a new bar for the Read more The post deepset Cloud Establishes New Standards for Trust in AI Models appeared first on Information Matters - Where AI Meets Knowledge Management.

Cloud 52
article thumbnail

Four critical assertions for same-day support in enterprise IT management

Jamf

Discover the importance of same-day support for Apple updates, focusing on compatibility and cross-platform integration. See how to enhance security and productivity.

IT 40
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

The Market for Streamlining Teamwork Heats Up

Information Matters

A new report from Gartner sizes up the rapidly growing market for collaborative work management (CWM) platforms and evaluates the strengths and weaknesses of the major players. These tools aim Read more The post The Market for Streamlining Teamwork Heats Up appeared first on Information Matters - Where AI Meets Knowledge Management.

article thumbnail

Surveying Community Webs Members’ Digital Preservation Needs

Archive-It

by the Community Programs team Community Webs members and the Community Programs team gathered in the spring of last year for a virtual meeting, Future Webs , to reflect on the success and achievements of the program and chart next steps in 2024 and beyond. Internet Archive Community Programs staff received member feedback on what members liked about the program, what they wanted to see more of, and how we could sustain the program long into the future.

article thumbnail

Pecan AI Marries Generative AI and Predictive Modeling

Information Matters

San Francisco-based Pecan AI has announced new capabilities that combine generative AI conversational interfaces with predictive analytics model-building workflows. Industry observers say this fusion of leading-edge AI technologies promises to Read more The post Pecan AI Marries Generative AI and Predictive Modeling appeared first on Information Matters - Where AI Meets Knowledge Management.