Wed.Jan 24, 2024

article thumbnail

North Korean Hackers Using AI in Advanced Cyberattacks

Data Breach Today

U.S.-Led Sanctions Do Little to Curtail North Korea's Development of AI South Korea's intelligence agency has reported that North Korean hackers are using generative AI to conduct cyberattacks and search for hacking targets. Experts believe North Korea's AI capabilities are robust enough for more precise attacks on South Korea.

318
318
article thumbnail

5379 GitLab servers vulnerable to zero-click account takeover attacks

Security Affairs

Thousands of GitLab servers are vulnerable to zero-click account takeover attacks exploiting the flaw CVE-2023-7028. GitLab has recently released security updates to address two critical vulnerabilities impacting both the Community and Enterprise Edition. The most critical vulnerability, tracked as CVE-2023-7028 (CVSS score 10), is an account takeover via Password Reset.

Passwords 144
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

UK Mulls Rollout of New Software Vulnerability Rules

Data Breach Today

Voluntary Rules Will Set Baseline Security Requirement for Software Vendors, Users The U.K. government is mulling the rollout of a voluntary set of rules urging software vendors to responsibly disclose vulnerabilities in their systems. The measure comes as the government continues to face criticism over poor management of legacy infrastructure.

article thumbnail

Akira ransomware attack on Tietoevry disrupted the services of many Swedish organizations

Security Affairs

A ransomware attack against the Finnish IT services provider Tietoevry disrupted the services of some Swedish government agencies and shops. The online services of multiple Swedish government agencies, universities, and commercial activities were disrupted by an Akira ransomware attack that hit the Finnish IT services and enterprise cloud hosting Tietoevry.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

GSA Sparks Security Fears After Buying Risky Chinese Cameras

Data Breach Today

Experts Warn Against Increasing Federal Reliance on Chinese Technology Experts are raising fresh concerns about the "significant risk" for Chinese espionage against U.S. federal networks after a government watchdog caught the government's main acquisition arm purchasing unauthorized, Chinese-manufactured video conference cameras.

More Trending

article thumbnail

Watching the Watchdog: Learning from HHS' Grant Payment Mess

Data Breach Today

Tight-Lipped Agency's Next Move in Wake of $7.5M Scam Could Be Telling Rumors are swirling about how the Department of Health and Human Services lost about $7.5 million in grant payments through a series of cyberattacks last year, including speculation over whether the incidents involved sophisticated AI-augmented spear-phishing or more commonplace fraud schemes.

Phishing 292
article thumbnail

Experts released PoC exploit for Fortra GoAnywhere MFT flaw CVE-2024-0204

Security Affairs

Researchers released PoC exploit code for a recently disclosed critical authentication bypass flaw in Fortra’s GoAnywhere MFT (Managed File Transfer). Researchers with cybersecurity firm Horizon3’s Attack Team published technical details of the recently disclosed vulnerability CVE-2024-0204 impacting Fortra GoAnywhere MFT. The security experts also published a proof-of-concept (PoC) exploit that allows the creation of new admin users on vulnerable instances exposed online. “

article thumbnail

HPE Fingers Russian State Hackers for Email Hack

Data Breach Today

'Midnight Blizzard' Was Inside Company Network for 7 Months Hewlett Packard Enterprise in an after-hours regulatory filing disclosed that suspected Russian state hackers had gained access to corporate email inboxes for more than seven months. A threat group tracked as "Midnight Blizzard" first penetrated HPE's cloud-based email service in May 2023.

Cloud 287
article thumbnail

CISA adds Atlassian Confluence Data Center bug to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Atlassian Confluence Data Center and Server Template Injection bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Atlassian Confluence Data Center and Server Template Injection bug, tracked as CVE-2023-22527 , to its Known Exploited Vulnerabilities (KEV) catalog.

IT 140
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Ransomware on Tap as Major Water Providers Fall Victim

Data Breach Today

US and UK Water Giants Report Network Breaches and Data Leaks, But No Encryption Two major water providers in the U.S. and U.K. report that they recently fell victim to ransomware attacks. In both cases, attackers appear to have stolen employee or customer data that they're now holding to ransom. Ransomware trackers say known attacks, affecting all sectors, have been surging.

article thumbnail

‘Mother of All Breaches’: 26 BILLION Records Leaked

IT Governance

Expert insight from Leon Teale into the implications of this historic data breach The security researcher Bob Diachenko and investigators from Cybernews have discovered an open instance with more than 26 billion data records, mostly compiled from previous breaches – although it likely also includes new data. Organisations associated with these data records include: Tencent QQ – 1.4 billion records; Weibo – 504 million records; Myspace – 360 million records; X/Twitter – 281 million records; Deeze

Passwords 139
article thumbnail

Fortra GoAnywhere MFT Flaw Grants Admin Access to Anyone

Data Breach Today

'/.;/' Strikes Again A security vulnerability in Fortra's GoAnywhere managed file transfer software can allow unauthorized users to create a new admin user. The vulnerability is a remotely exploitable authentication bypass flaw. Hackers have targeted file transfer software over the past year, including GoAnywhere MFT.

Access 277
article thumbnail

Ring Will Stop Giving Cops a Free Pass on Warrantless Video Requests

WIRED Threat Level

The Amazon-owned home surveillance company says it is shuttering a feature in its Neighbors app that allows police to request footage from users. But it’s not shutting out the cops entirely.

IT 136
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Gen AI Expected to Bring Big Changes to Banking Sector

Data Breach Today

McKinsey Predicts up to 15% Profit Increase, Gen AI Use in All Areas of Banking Bloomberg, JPMC, European Central Bank, Morgan Stanley, NASDAQ, HDFC ERGO and Commonwealth Bank Australia are harnessing gen AI to enhance productivity and customer experience. Gen AI has the potential to reshape job roles, redefine customer interactions and create new business models.

article thumbnail

Poisoning AI Models

Schneier on Security

New research into poisoning AI models : The researchers first trained the AI models using supervised learning and then used additional “safety training” methods, including more supervised learning, reinforcement learning, and adversarial training. After this, they checked if the AI still had hidden behaviors. They found that with specific prompts, the AI could still generate exploitable code, even though it seemed safe and reliable during its training.

Paper 127
article thumbnail

Use of Generative AI Apps Jumps 400% in 2023, Signaling the Potential for More AI-Themed Attacks

KnowBe4

As the use of Cloud SaaS platforms of generative AI solutions increases, the likelihood of more “GPT” attacks used to gather credentials, payment info and corporate data also increases.

Cloud 126
article thumbnail

Three ways to stay on top of evolving AI and data privacy rules

CGI

Every January 28, organizations around the world celebrate Data Privacy Day (also known as Data Protection Day). Data Privacy Day commemorates the first international treaty governing data privacy, signed on January 28, 1981. Back then, legal requirements encouraging businesses to respect privacy were limited. Over the next decades, we experienced across the globe many regulatory developments and advances in how organizations safeguard data to better protect individuals.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

North Korean Threat Actor Targeting Cybersecurity Researchers With Spear Phishing Attacks

KnowBe4

A suspected North Korean state-sponsored threat actor called “ScarCruft” is launching spear phishing attacks against cybersecurity professionals, according to researchers at SentinelOne.

Phishing 126
article thumbnail

UK National Cyber Security Centre Warns Ransomware Threat Expected to Rise with AI

Hunton Privacy

On January 24, 2024, the UK National Cyber Security Centre (“NCSC”) announced it had published a report on how AI will impact the efficacy of cyber operations and the cyber threats posed by AI over the next two years. The report concludes that AI “will almost certainly increase the volume and heighten the impact of cyber attacks over the next two years.

article thumbnail

Roblox Game 'Hack-A-Cat' Now Part of the Free KnowBe4 Children’s Interactive Cybersecurity Activity Kit

KnowBe4

If you haven’t heard of Roblox, you probably don’t have kids like me. Roblox is an online virtual world/metaverse that has been around since 2006 that allows people to play with others and is super popular with young people. We know from research done at Berkeley that gamification can be a good way to get students engaged with cybersecurity.

article thumbnail

What Are Firewall Rules? Ultimate Guide & Best Practices

eSecurity Planet

Firewall rules are preconfigured, logical computing controls that give a firewall instructions for permitting and blocking network traffic. They help IT and security teams manage the traffic that flows to and from their private network. This includes protecting data from internet threats, but it also means restricting unauthorized traffic attempting to leave your enterprise network.

Access 107
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Balancing Security + Compliance

Jamf

Learn about the basics of compliance in cybersecurity and why it is a crucial component of your organization’s security posture. Also, understand how achieving a balance between security and compliance is table stakes for regulated businesses and how critical factors like key regulations, industry standards and best practices, integrated alongside advanced technologies and security tooling, work hand in glove to benefit organizations while minimizing the risk of non-compliance.

article thumbnail

Protecting Against the Risks and Managing the Complexities of a Quantum World with Thales and IBM Consulting

Thales Cloud Protection & Licensing

Protecting Against the Risks and Managing the Complexities of a Quantum World with Thales and IBM Consulting madhav Thu, 01/25/2024 - 11:03 Contributors: Ollie Omotosho - Director, Strategir Partnerships, Thales Antti Ropponen, Head of Data & Application Security Services, IBM Consulting In the world of business, data security is paramount. Cryptography is the cornerstone to protecting the data, ensuring confidentiality, integrity, and preventing exposure of sensitive information.

Risk 87
article thumbnail

Federal and State Regulators Fine Foreign Bank for Unauthorized Disclosure of Confidential Supervisory Information

Data Matters

On January 17, 2024, the New York Department of Financial Services (NYDFS) entered into a consent order with Industrial and Commercial Bank of China Ltd. (ICBC or the Bank), resolving a matter in which ICBC’s New York branch disclosed confidential supervisory information (CSI) without authorization. The order includes a civil monetary penalty of $30 million.

article thumbnail

Penetration testing methodologies and standards

IBM Big Data Hub

The online space continues to grow rapidly, opening more opportunities for cyberattacks to occur within a computer system, network, or web application. To mitigate and prepare for such risks, penetration testing is a necessary step in finding security vulnerabilities that an attacker might use. What is penetration testing? A penetration test , or “pen test,” is a security test that is run to mock a cyberattack in action.

Risk 72
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

ARMA Austin Spring (Hybrid) Seminar – Records Ringleaders: Leading the Circus of Records & Data Management

IG Guru

Register Here The post ARMA Austin Spring (Hybrid) Seminar – Records Ringleaders: Leading the Circus of Records & Data Management first appeared on IG GURU.

article thumbnail

Strengthening Higher Education Institutions against evolving cyberthreats

OpenText Information Management

As cyberthreats continue to evolve, it is crucial for higher education institutions and universities to be vigilant. Enforcing security strategies prudently designed to safeguard digital assets and the integrity of their academic research provides better cyber resilience. The education sector has become a prime target for attackers due to the vast amount of sensitive data, … The post Strengthening Higher Education Institutions against evolving cyberthreats appeared first on OpenText Blogs.

article thumbnail

Time for a data center refresh? Get ahead of the growing digital landscape with a modern data center strategy

IBM Big Data Hub

With the seismic shift wrought by generative AI, the pressure is on IT to modernize and optimize to meet the demand. Cloud service platforms abound promising greater elasticity and savings. There are times, though, when organizations prefer to keep certain applications and data in their own data center—security and compliance requirements or control of sensitive data for example.

Cloud 60