Thu.Feb 22, 2024

article thumbnail

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign espionage campaigns to the nation’s burgeoning and highly competitive cybersecurity industry.

article thumbnail

Breach Roundup: More Fallout From the LockBit Takedown

Data Breach Today

Also: Avast Agrees to $16.5 Million Civil Penalty to Settle Privacy Investigation This week: more fallout from LockBit, Avast to pay $16.5M, Russia-linked group targeted mail servers, no indication that AT&T was hacked, analysis of a patched Apple flaw, Microsoft enhanced logging, an Android banking Trojan, North Korean hackers and a baking giant fell to ransomware.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Here Are the Secret Locations of ShotSpotter Gunfire Sensors

WIRED Threat Level

The locations of microphones used to detect gunshots have been kept hidden from police and the public. A WIRED analysis of leaked coordinates confirms arguments critics have made against the technology.

Privacy 28
article thumbnail

LockBit Group Prepared New Crypto-Locker Before Takedown

Data Breach Today

Numerous Impediments Remain If Administrators Attempt to Reboot the Operation The notorious ransomware-as-a-service group LockBit, disrupted by law enforcement this week, was developing a new version of its crypto-locking malware prior to being shut down, security researchers reported. Even so, experts say it's unlikely the group would be able to successfully reboot.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

CISA orders federal agencies to fix ConnectWise ScreenConnect bug in a week

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds ConnectWise ScreenConnect bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a ConnectWise ScreenConnect vulnerability, tracked as CVE-2024-1709 , to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is an authentication bypass vulnerability issue that an attacker with network access to the management interface can exploit to create a new,

More Trending

article thumbnail

Multiple XSS flaws in Joomla can lead to remote code execution

Security Affairs

Joomla maintainers have addressed multiple vulnerabilities in the popular content management system (CMS) that can lead to execute arbitrary code. The maintainers of the Joomla! Project released Joomla 5.0.3 and 4.4.3 versions that addressed the following vulnerabilities in the popular content management system (CMS): [ 20240201 ] – CVE-2024-21722 Core – Insufficient session expiration in MFA management views: The MFA management features did not properly terminate existing user sessi

CMS 137
article thumbnail

Change Healthcare Cyber Outage Disrupts Firms Nationwide

Data Breach Today

HHS Issues Special Alert Urging Providers and Contractors to 'Stay Vigilant' Change Healthcare - a unit of Optum that provides IT services and applications to hundreds of U.S. pharmacies, payers and healthcare providers - is dealing with a cyber incident that has forced the company to take its applications offline enterprisewide. The company said is triaging the situation.

IT 258
article thumbnail

FTC charged Avast with selling users’ browsing data to advertising companies

Security Affairs

US FTC charged cyber security firm Avast with harvesting consumer web browsing data through its browser extension and antivirus and sold it. The US Federal Trade Commission (FTC) has filed charges against cybersecurity firm Avast, accusing it of collecting and selling consumer web browsing data gathered through its browser extension and antivirus services.

article thumbnail

Report: Ofcom Unprepared to Implement UK Online Safety Bill

Data Breach Today

UK Parliamentary Committee Says the Agency Is Not Likely to Meet the 2025 Deadline The U.K. telecom regulatory Ofcom faces "significant challenges" in implementing the newly passed Online Safety Act, which is intended to protect children from online harm, says analysis by the House of Commons Committee of Public Accounts.

244
244
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

“Beyond the border scam”, pay attention to the instance of the new Nigerian fraud

Security Affairs

Security researcher Salvatore Lombardo shared details about a new instance of Nigerian fraud that he called ‘Beyond the border scam.’ The 419 scam is a form of scam that requires the recipient to pay an upfront sum to receive a much larger reward later. The name derives from article 419 of the Nigerian penal code which punishes this type of fraud and is therefore also known as Nigerian fraud.

article thumbnail

Privacy Teams Expected to Guard AI Future

Data Breach Today

Tarun Samtani of International SOS Discusses AI Privacy Implementation Principles In most organizations, the privacy team plays an important role in artificial intelligence implementation and governance. Tarun Samtani, DPO and privacy program director at International SOS, said privacy principles inherently align with the demand for responsible data use of AI technology.

Privacy 244
article thumbnail

New Image/Video Prompt Injection Attacks

Schneier on Security

Simon Willison has been playing with the video processing capabilities of the new Gemini Pro 1.5 model from Google, and it’s really impressive. Which means a lot of scary new video prompt injection attacks. And remember, given the current state of technology, prompt injection attacks are impossible to prevent in general.

IT 118
article thumbnail

Cryptohack Roundup: $26 Million FixedFloat Hack

Data Breach Today

Also: FCA Rounds Up Noncompliant Firms; GoFundMe Shuts Down Tornado Cash Fundraiser This week, FixedFloat lost $26 million in a hack, the U.K. Financial Conduct Authority found illegal promotions of cryptocurrency, GoFundMe shuttered a Tornado Cash fundraiser, and an Australian cop allegedly stole $4 million worth of bitcoins.

242
242
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Leak Shows Alarm in Congress Over a Russian ‘Threat’ Is a Real Anomaly

WIRED Threat Level

The US Congress was preparing to vote on a key foreign surveillance program last week. Then a wild Russian threat appeared.

Privacy 117
article thumbnail

European Commission to Establish AI Office

Hunton Privacy

On January 24, 2024, the European Commission announced that it had published the Commission Decision establishing the European AI Office (the “Decision”). The AI Office will be established within the Commission as part of the administrative structure of the Directorate-General for Communication Networks, Content and Technology , and subject to its annual management plan.

Risk 106
article thumbnail

IBM Cloud delivers enterprise sovereign cloud capabilities

IBM Big Data Hub

As we see enterprises increasingly face geographic requirements around sovereignty, IBM Cloud® is committed to helping clients navigate beyond the complexity so they can drive true transformation with innovative hybrid cloud technologies. We believe this is particularly important with the rise of generative AI. While AI can undoubtedly offer a competitive edge to organizations that effectively leverage its capabilities, we have seen unique concerns from industry to industry and region to re

Cloud 73
article thumbnail

An Update on the SEC’s Cybersecurity Reporting Rules

Hunton Privacy

As we pass the two-month anniversary of the effectiveness of the U.S. Securities and Exchange Commission’s (“SEC’s”) Form 8-K cybersecurity reporting rules under new Item 1.05, this blog post provides a high-level summary of the filings made to date. Six companies have now made Item 1.05 Form 8-K filings. Three of these companies also have amended their first Form 8-K filings to provide additional detail regarding subsequent events.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Empower your technical staff with hands-on technology training

IBM Big Data Hub

With a vast amount of technology training and education available today, it’s difficult to know what deserves your attention and what’s just a marketing ploy. Furthermore, most training and education in technology is only offered through text or video, meaning that the learner doesn’t have an opportunity to apply the theory that they are learning.

article thumbnail

HID Connects Podcast Season 2 Episode 1: Is There a Generation Gap in the Security Industry?

HID Global

People of different ages think about security differently. We review these inherent differences in this podcast episode.

article thumbnail

Expanding on ethical considerations of foundation models

IBM Big Data Hub

The rise of foundation models that power the growth of generative AI and other AI use cases offers exciting possibilities—yet it also raises new questions and concerns about their ethical design, development, deployment, and use. The IBM AI Ethics Board publication Foundation models: Opportunities, risks and mitigations addresses those concerns and explores the technology’s benefits, risks, guardrails, and mitigations.

Paper 60
article thumbnail

Thanks to Machine Learning, Scientist Finally Recover Text From The Charred Scrolls of Vesuvius via Slashdot.org

IG Guru

Check out the post here. The post Thanks to Machine Learning, Scientist Finally Recover Text From The Charred Scrolls of Vesuvius via Slashdot.org first appeared on IG GURU.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Driving innovation and growth, Reltio powers into 2024

Reltio

Every company needs to unify information from disparate sources, derive actionable insights, and fuel real-time operations in a data-driven world. As a pioneer in data unification and management, Reltio® continues to push the frontiers in empowering customers to realize the full potential of their data and enable digital transformation. Last year represented a watershed moment for us, with major new product launches, high-profile industry recognition, and increased growth in new customers.

article thumbnail

Season 2 Episode 1: Is There a Generation Gap in the Security Industry?

HID Global

People of different ages think about security differently. We review these inherent differences in this podcast episode.

article thumbnail

Security 360 spotlight: Back to basics

Jamf

Jamf’s annual report helps Security teams understand which real-world threats made the greatest impact while underscoring the need for a defense-in-depth security plan to best protect your organization from evolving risk to Mac and mobile platforms.

article thumbnail

Archive-It Partner News, February 2024

Archive-It

Introducing ARCHWay ARCHWay, a free Archives Research Compute Hub (ARCH) service, lets you computationally explore web archives in new ways. Users have access to a diverse set of collections, as well as the ARCH user guide with written and video tutorials on how to use and explore ARCH datasets. If you’d like to learn more and request access to your own ARCHWay account, check out the ARCHWay announcement on the Archive-It Blog.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Operationalizing responsible AI principles for defense

IBM Big Data Hub

Artificial intelligence (AI) is transforming society, including the very character of national security. Recognizing this, the Department of Defense (DoD) launched the Joint Artificial Intelligence Center (JAIC) in 2019, the predecessor to the Chief Digital and Artificial Intelligence Office (CDAO), to develop AI solutions that build competitive military advantage, conditions for human-centric AI adoption, and the agility of DoD operations.