Wed.Feb 07, 2024

article thumbnail

Record-Breaking Ransomware Profits Surpassed $1B in 2023

Data Breach Today

Ongoing Innovation and Sophistication Drive Unparalleled Profits Attackers wielding ransomware collectively earned over $1 billion last year - breaking previous records. Their increasingly sophisticated attacks targeted "high-profile institutions and critical infrastructure, including hospitals, schools and government," reported Chainalysis.

article thumbnail

From Cybercrime Saul Goodman to the Russian GRU

Krebs on Security

In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. The leaked user database shows one of the forum’s founders was an attorney who advised Russia’s top hackers on the legal risks of their work, and what to do if they got caught. A review of this user’s hacker identities shows that during his time on the forums he served as an officer in the special forces of the GRU , the foreign military intelligence agency of the Russian Federation.

Military 276
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Meta Is Being Urged to Crack Down on UK Payment Scams

Data Breach Today

Banking Fraud Heads Say Facebook Marketplace Is Teeming With Scammers Meta-owned online marketplaces are swarming with scammers who use deceptive ads to defraud banking customers, fraud prevention heads at leading British banks testified before a U.K. Parliament committee. They called on the social media giant to roll out stronger fraud prevention measures.

290
290
article thumbnail

Fortinet addressed two critical FortiSIEM vulnerabilities

Security Affairs

Fortinet warns of two critical OS command injection vulnerabilities in FortiSIEM that could allow remote attackers to execute arbitrary code Cybersecurity vendor Fortinet warned of two critical vulnerabilities in FortiSIEM, tracked as CVE-2024-23108 and CVE-2024-23109 (CVSS score 10), which could lead to remote code execution. “Multiple improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiSIEM supervisor may allow a remote unauthenticated attacke

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

To BEC or Not to BEC: How to Approach New Email Authentication Requirements

Data Breach Today

OnDemand | The Tools & Technology You Need to Meet Google/Yahoo Email Authentication Requirements Our email authentication experts will be on hand to provide their insight and a demonstration of how exactly Proofpoint Email Fraud Defense can help identify and close requirement gaps.

More Trending

article thumbnail

Chinese Hackers Preparing 'Destructive Attacks,' CISA Warns

Data Breach Today

Officials Say Hackers Are Evading Detection on Critical Infrastructure Networks The U.S. Cybersecurity and Infrastructure Security Agency urged critical infrastructure owners to patch systems after publishing a warning that Chinese hackers are evading detection and maintaining persistent unauthorized access in U.S. information technology environments.

article thumbnail

Teaching LLMs to Be Deceptive

Schneier on Security

Interesting research: “ Sleeper Agents: Training Deceptive LLMs that Persist Through Safety Training “: Abstract: Humans are capable of strategically deceptive behavior: behaving helpfully in most situations, but then behaving very differently in order to pursue alternative objectives when given the opportunity. If an AI system learned such a deceptive strategy, could we detect it and remove it using current state-of-the-art safety training techniques?

Security 121
article thumbnail

DHS Is Recruiting Techies for the AI Corps

Data Breach Today

The Agency Plans to Hire 50 AI Experts This Year The U.S. Department of Homeland Security is recruiting dozens of artificial intelligence experts to integrate AI abilities into government work such as defending against cyberthreats and using AI-powered computer vision to assess damages after a disaster.

article thumbnail

CISA adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Google Chromium V8 Type Confusion bug, tracked as CVE-2023-4762 , to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability impacts Google Chrome prior to 116.0.5845.179, it allows a remote attacker to execute arbitrary code via a crafted HTML page.

IT 133
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Entrust in Talks to Acquire Onfido for AI-Based ID Checks

Data Breach Today

Acquisition Would Support Entrust's Digital Identity Security Portfolio Entrust, a pioneer payment, identity and data security software and services provider, is in talks to acquire Onfido, a pioneer in cloud-based, AI-powered identity verification technology, for a reported $400 million. The combined solution will help customers fight identity fraud.

Cloud 261
article thumbnail

Experts warn of a critical bug in JetBrains TeamCity On-Premises

Security Affairs

A new vulnerability in JetBrains TeamCity On-Premises can be exploited by threat actors to take over vulnerable instances. JetBrains addressed a critical security vulnerability, tracked as CVE-2024-23917 (CVSS score 9.8) in its TeamCity On-Premises continuous integration and continuous deployment (CI/CD) software. An attacker can trigger the vulnerability to take over vulnerable installs. “The vulnerability may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to

article thumbnail

Holes Appear in Internet-Connected Toothbrush Botnet Warning

Data Breach Today

Don't Brush in Fear, as Supposed DDoS Dental Trauma Fails to Pass Muster Breathless reports claim 3 million IoT toothbrushes have been remotely compromised and used to target unsuspecting businesses via distributed denial-of-service attacks. Just one problem: This story has more holes in it than the teeth of kid with a 10-pack-a-day Gummy Bear habit.

IoT 259
article thumbnail

Ransomware Payments Hit a Record $1.1 Billion in 2023

WIRED Threat Level

After a slowdown in payments to ransomware gangs in 2022, last year saw total ransom payouts jump to their highest level yet, according to a new report from crypto-tracing firm Chainalysis.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Google Settles Google+ API Data Leak Lawsuit for $350M

Data Breach Today

Plaintiffs Alleged Google Sought to Cover Up API Flaw That Exposed Private Data Silicon Valley giant Google agreed to settle for $350 million a shareholder lawsuit alleging it mislead investors by attempting to cover up a privacy flaw in now-defunct social network Google+ that resulted in outside applications having access to private profile information.

Privacy 248
article thumbnail

How to Fight Long-Game Social Engineering Attacks

KnowBe4

Sophisticated cybercriminals are playing the long game. Unlike the typical hit-and-run cyber attacks, they build trust before laying their traps. They create a story so believable and intertwined with trust that even the most careful individuals can get caught in a trap set over time. Are your users prepared to confront such calculated attacks?

106
106
article thumbnail

Sustainability trends: 5 issues to watch in 2024

IBM Big Data Hub

In 2024, sustainability is taking center stage. Efforts to track and reduce emissions, environmental impact and contributions to climate change are no longer rare or optional; instead, they’ve become the norm. Businesses, governments and individuals now see sustainability as a global imperative. Advanced technologies, more stringent reporting standards and stronger support from stakeholders are building momentum for eco-friendly initiatives and the incentives that encourage them.

article thumbnail

Chinese Hackers Spy on Dutch Ministry of Defense: A Story of Alarming Cyber Espionage

KnowBe4

In a revelation that adds yet another chapter to the ongoing saga of international cybersecurity threats, the Dutch Ministry of Defense recently shed light on a significant security breach. Reports that state-sponsored Chinese hackers have infiltrated the internal computer network the ministry uses were confirmed.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Navigating the Digital Landscape: Insights from the 2024 Thales Digital Trust Index

Thales Cloud Protection & Licensing

Navigating the Digital Landscape: Insights from the 2024 Thales Digital Trust Index madhav Thu, 02/08/2024 - 05:04 In today's rapidly evolving digital world, the balance between a seamless online experience and robust data security is more critical than ever. The 2024 Thales Digital Trust Index sheds light on this delicate balance, revealing compelling insights into consumer and employee perspectives on digital trust and experience.

article thumbnail

The case for separating DNS from your CDN 

IBM Big Data Hub

If you’re signing on with a content delivery network (CDN) provider, you’ll probably see DNS as part of the standard service package. It’s only natural—to access your content delivered by the CDN, the Internet has to know where to send the traffic. CDNs make it easy to configure and manage those DNS settings. It’s easy to accept DNS services as part of a CDN package.

IT 82
article thumbnail

2054, Part III: The Singularity

WIRED Threat Level

“You’d have an incomprehensible level of computational, predictive, analytic, and psychic skill. You’d have the mind of God.” An exclusive excerpt from 2054: A Novel.

article thumbnail

Destination: Artificial General Intelligence

OpenText Information Management

At OpenText, we are fully committed to helping organizations gain the AI advantage to reimagine work, as evidenced by our OpenText™ Aviator announcement last fall. But we won’t stop there – our AI strategy is ambitious and far-reaching because we believe we’ve only scratched the surface of how this innovative technology can elevate us to … The post Destination: Artificial General Intelligence appeared first on OpenText Blogs.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

U.S. CFTC Seeks Public Input on Use of Artificial Intelligence in Commodity Markets and Simultaneously Warns of AI Scams

Data Matters

The staff of the Commodity Futures Trading Commission (CFTC) is seeking public comment (the Request for Comment) on the risks and benefits associated with use of artificial intelligence (AI) in the commodity derivatives markets. According to the Request for Comment, the staff “recognizes that use of AI may lead to significant benefits in derivatives markets, but such use may also pose risks relating to market safety, customer protection, governance, data privacy, mitigation of bias, and cybers

article thumbnail

New Wave of Website Privacy Lawsuits Under the Pen Register and Trap and Trace Device Theory

Hunton Privacy

In the latest evolution of lawsuits challenging technologies that track website users, California class action plaintiffs have begun to file under a new theory—the pen register and trap and trace device theory under Section 638.51 of the California Invasion of Privacy Act (“CIPA”). Over the last two years, courts have seen an influx of putative class action lawsuits targeting businesses with websites that utilize technology to track users’ website interactions.

Privacy 67
article thumbnail

Opinion: Should I be charged for my own site data, harvested without my consent/request? on Slashdot

IG Guru

Check out the page here. The post Opinion: Should I be charged for my own site data, harvested without my consent/request? on Slashdot first appeared on IG GURU.

Risk 82
article thumbnail

Elearning Staff Awareness Course Overview: Ransomware

IT Governance

Understanding the threat, and how staff awareness training can address it Damian Garcia has worked in the IT sector in the UK and internationally, including for IBM and Microsoft. In his more than 30 years in the industry, he’s helped both private- and public-sector organisations reduce the risks to their on-site and Cloud-based IT environments. He also has an MSc in cyber security risk management.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Bolstering Healthcare Cybersecurity: The Regulatory Outlook

Data Breach Today

The Biden administration's strategy for bolstering health sector cybersecurity, which includes newly released voluntary cyber performance goals and plans to update the HIPAA Security Rule, is fueling uncertainty in some organizations, said privacy attorney Iliana Peters of law firm Polsinelli.