Wed.Mar 27, 2024

article thumbnail

Tycoon 2FA - The Criminals' Favorite Platform for MFA Theft

Data Breach Today

Phishing-as-a-Service Platform Lets Hackers Impersonate More Than 1,100 Domains A phishing-as-a-service platform that allows cybercriminals to impersonate more than 1,100 domains has over the past half year become one of the most widespread adversary-in-the-middle platforms. Attackers are meeting the rise of multifactor authentication by using tools such as Tycoon 2FA.

Phishing 306
article thumbnail

Data Privacy in the Age of AI

AIIM

Data privacy and Artificial Intelligence (AI) are two of biggest issues in the information spaces today. However, despite the enormous amount of coverage they receive in the trade and general media, what is not yet well understood is how tightly intertwined they are, and how risky it can be to address them without a proper foundation. Here are a few points to ponder to help you avoid the most common risks.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Hackers Developing Malicious LLMs After WormGPT Falls Flat

Data Breach Today

Crooks Are Recruiting AI Experts to Jailbreak Existing LLM Guardrails Cybercrooks are exploring ways to develop custom, malicious large language models after existing tools such as WormGPT failed to cater to their demands for advanced intrusion capabilities, security researchers say. Undergrounds forums teem with hackers' discussions about how to exploit guardrails.

Security 306
article thumbnail

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

Security Affairs

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening to leak three terabytes of alleged stolen data. The INC Ransom extortion gang added the National Health Service (NHS) of Scotland to the list of victims on its Tor leak site. The cybercrime group claims to have stolen three terabytes of data and is threatening to leak them.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

On the Increase: Zero-Days Being Exploited in the Wild

Data Breach Today

Espionage Groups and Commercial Surveillance Vendors Tied to Many Zero-Day Exploits Fresh zero-day vulnerabilities continue to be getting actively exploited in the wild by attackers, often for surveillance and espionage purposes, according to the latest annual review of in-the-wild exploits published by Google. In 2023, 97 new zero-days came to light, up from 62 in 2022.

296
296

More Trending

article thumbnail

Change Healthcare Wake-Up Call: Is Sector Too Codependent?

Data Breach Today

Denise Anderson and Errol Weiss of Health-ISAC Discuss Critical Cyber Issues The Change Healthcare attack - the most disruptive cyber incident to ever hit the U.S. healthcare ecosystem - spotlights the risks that come from relying on a handful of major suppliers, said leaders of the Health Information Sharing and Analysis Center.

Risk 287
article thumbnail

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the 2023 Pwn2Own to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2023-24955 Microsoft SharePoint Server Code Injection Vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.

IT 137
article thumbnail

New Regulations Pose Compliance Challenges

Data Breach Today

How to Navigate New SEC Rules The new SEC rules, which took effect in late 2023, introduce mandatory cyber-incident reporting requirements for all U.S.-listed companies.

article thumbnail

The DDR Advantage: Real-Time Data Defense

Security Affairs

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build a real-time data defense. In cybersecurity, and in life, by the time you find out that something went wrong it is often too late. The advantage of Data Detection and Response (DDR) is that you no longer have to wait until the milk is spilled. With DDR, your organization can have real-time data defense.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

AI Opens Fraud Detection Gap, Says US Treasury

Data Breach Today

Department Says It May Contribute Its Own Data for Training Models The widespread advent of artificial intelligence is opening a fraud detection capability gap between large and small financial institutions, the U.S. Department of the Treasury warns, suggesting that it may use its own historical data to narrow the divide.

article thumbnail

‘Malicious Activity’ Hits the University of Cambridge’s Medical School

WIRED Threat Level

Multiple university departments linked to the Clinical School Computing Service have been inaccessible for a month. The university has not revealed the nature of the “malicious activity.

Security 126
article thumbnail

Turning to a Career in Cybersecurity

Data Breach Today

Cyberthreats Are Rampant, Expertise Is Needed, and the Rewards Are Great The transition to a career in cybersecurity is not just a change of professional direction; it represents a commitment to defending the digital world. Here's how you can get the critical technical skills needed to fill the 4-million-job shortfall and protect our interconnected world.

article thumbnail

A Simple 'Payment is Underway' Phishing Email Downloads RATs from AWS, GitHub

KnowBe4

Analysis of a new initial access malware attack shows how simple these attacks can be while also proving that malware can reside on legitimate repositories.

Phishing 122
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

CISA Seeks Public Input on Cyber Incident Reporting Rules

Data Breach Today

US Cyber Defense Agency Proposes 72-Hour Reporting Rule for Covered Entities The U.S. Cybersecurity and Infrastructure Security Agency posted to the Federal Register its proposed rule-making aimed at implementing a 72-hour reporting requirement for covered critical infrastructure entities as required under the Cyber Incident Reporting for Critical Infrastructure Act of 2022.

article thumbnail

The Number of New Pieces of Malware Per Minute Has Quadrupled in Just One Year

KnowBe4

The threat of novel malware is growing exponentially, making it more difficult for security solutions to identify attachments and links to files as being malware.

Security 122
article thumbnail

Security Vulnerability in Saflok’s RFID-Based Keycard Locks

Schneier on Security

It’s pretty devastating : Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba.

Security 119
article thumbnail

[SCARY] Research Shows Weaponized GenAI Worm That Gets Distributed Via A Zero Click Phishing Email

KnowBe4

Discover the latest research on a GPT worm being weaponized through RAG and distributed via zero-click phishing emails.

Phishing 119
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Hyperscale vs. colocation: Go big or go rent?

IBM Big Data Hub

Here’s the situation: You’re the CIO or similarly empowered representative of an organization. Different voices within your business are calling attention to the awesome scalability and power of hyperscale computing, which you’ve also noticed with increasing interest. Now the word comes down from on high that you’ve been tasked with designing and implementing your company’s hyperscale computing solution—whatever that should be.

Cloud 98
article thumbnail

Whistleblower raises alarm over UK Nursing and Midwifery Council’s DB via The Register

IG Guru

Check out the article here. The post Whistleblower raises alarm over UK Nursing and Midwifery Council’s DB via The Register first appeared on IG GURU.

Privacy 54
article thumbnail

EclipseStore enables high performance and saves 96% data storage costs with WebSphere Liberty InstantOn

IBM Big Data Hub

As AI technology advances, the need for high-performance, cost-effective and easily deployable solutions reached unprecedented levels. EclipseStore, a groundbreaking data storage platform from MicroStream , is revolutionizing the development of cutting-edge software applications. IBM ® collaborated with MicroStream to integrate the IBM WebSphere ® Liberty InstantOn feature within EclipseStore.

Cloud 94
article thumbnail

Episode 257: Securing Software on Wheels with Dennis Kengo Oka of Synopsys

The Security Ledger

In this episode of The Security Ledger Podcast (#257) Paul speaks with Dennis Kengo Oka, a senior principal automotive security strategist at the firm Synopsys about the growing cyber risks to automobiles as connected vehicle features proliferate in the absence of strong cybersecurity protections. The post Episode 257: Securing Software on Wheels. Read the whole entry. » Click the icon below to listen.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

The “hidden figures” of AI: Women shaping a new era of ethical innovation

IBM Big Data Hub

The end of March marks the conclusion of Women’s History Month. And despite the increased focus on women’s issues and contributions to society throughout the month, the conversation would be incomplete without recognizing how indispensable the success of women—past and present—has been in the tech industry. In particular, women are leading the way every day toward a new era of unprecedented global innovation in the field of generative AI.

article thumbnail

Episode 257: Securing Software on Wheels with

The Security Ledger

In this episode of The Security Ledger Podcast (#257) Paul speaks with Dennis Kengo Oka, a senior principal automotive security strategist at the firm Synopsys about the growing cyber risks to automobiles as connected vehicle features proliferate in the absence of strong cybersecurity protections. The post Episode 257: Securing Software on Wheels. Read the whole entry. » Click the icon below to listen.

article thumbnail

Accelerating scope 3 emissions accounting: LLMs to the rescue

IBM Big Data Hub

The rising interest in the calculation and disclosure of Scope 3 GHG emissions has thrown the spotlight on emissions calculation methods. One of the more common Scope 3 calculation methodologies that organizations use is the spend-based method, which can be time-consuming and resource intensive to implement. This article explores an innovative way to streamline the estimation of Scope 3 GHG emissions leveraging AI and Large Language Models (LLMs) to help categorize financial transaction data to

Mining 73
article thumbnail

6 Reasons Why FIDO Is Critical for Passwordless Authentication

HID Global

Passwordless authentication is preventing hackers from accessing sensitive information. In this post, we’ll discuss how FIDO is powering this revolutionary charge.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Turning climate risks into business opportunities 

IBM Big Data Hub

Climate change causes extreme weather events across the world that endanger people’s lives and disrupt the businesses on which they depend. In Africa, for example, recurring droughts, floods and cyclones due to climate change might cause crop failures and food insecurity. As businesses make plans to mitigate climate risks such as extreme weather events, they have an opportunity to innovate with new business models and demonstrate leadership by implementing more sustainable practices.

Risk 60
article thumbnail

Cybersecurity Takeaways From White House Tech Report

Data Matters

On Feb. 26, the White House's Office of the National Cyber Director (ONCD), released a report on how technology manufacturers and software developers can improve the cybersecurity posture of the U.S. This report, "Back to the Building Blocks: A Path Toward Secure and Measurable Software," aligns with the Biden administration's current, intense focus on combatting ever-increasing cyberthreats through software development and software manufacturer accountability.

article thumbnail

Banks, your shareholders do care about payment costs 

IBM Big Data Hub

Here’s an argument for modernizing payments: Profits from traditional payment types are caught in a death spiral. As usage of traditional methods of payments decline, the high fixed cost to maintain them begins to seriously hurt margins as the revenue from smaller volumes declines. Increasing the price for the remaining transactions only hastens the decline.