Krebs on Security

FEBRUARY 9, 2024

Until earlier this week, the support website for networking equipment vendor Juniper Networks was exposing potentially sensitive information tied to customer products, including which devices customers bought, as well as each product’s warranty status, service contracts and serial numbers. Juniper said it has since fixed the problem, and that the inadvertent data exposure stemmed from a recent upgrade to its support portal.

Artificial Intelligence 298

Artificial Intelligence Access IT Government 298

Data Breach Today

FEBRUARY 9, 2024

US, UK, South Korea and India Most Targeted for Election Interference, Experts Warn With over 1 billion people across more than 50 countries - including the U.S., the U.K. and India - due to hold elections this year, one open question remains: How can nations combat adversaries who attempt to influence elections or otherwise interfere via physical, cyber or operational means?

286

286

AIIM

FEBRUARY 9, 2024

Artificial Intelligence is a key focus of AIIM's new strategy , which the AIIM Board of Directors debuted in January 2024. So it's only fitting that AI take the lead at the AIIM Conference 2024 in San Antonio, Texas, April 3-5.

Artificial Intelligence 191

Artificial Intelligence IT 191

Data Breach Today

FEBRUARY 9, 2024

Researchers Find Unprotected Unitronics Devices Here's one reason why Iranian state hackers may have been able to target Israeli-made pressure-monitoring controllers used by American water systems: Nearly 150 of the controllers are exposed to the internet - and some still use the default password 1111.

Passwords 284

Passwords 284

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Security Affairs

FEBRUARY 9, 2024

Black Basta ransomware gang claims the hack of the car maker Hyundai Motor Europe and the theft of three terabytes of their data. BleepingComputer reported that the Car maker Hyundai Motor Europe was breached by the Black Basta ransomware gang. The threat actors claim to have stolen three terabytes of data from the company. In January the company experienced IT issues, the outage was likely caused by the ransomware attack, but the company did not disclose it.

Ransomware 143

Ransomware Data breaches Manufacturing Sales 143

Security Affairs

FEBRUARY 9, 2024

Researcher demonstrated how to exploit a signed Minifilter Driver in a BYOVD attack to terminate a specific process from the kernel. Exploiting a signed Minifilter Driver that can be used to used the BYOVD attack technique to a program able to terminate a specific process from the kernel. Exploiting a vulnerable Minifilter Driver to create a process killer Bring Your Own Vulnerable Driver (BYOVD) is a technique that uses a vulnerable driver in order to achieve a specific goal.

Communications 138

Communications IT Security Access 138

Data Breach Today

FEBRUARY 9, 2024

UK AI Safety Institute Says LLMs Can't Give Novice Hackers Advanced Capabilities Large language models may boost the capabilities of novice hackers but are of little use to threat actors past their salad days, concludes a British governmental evaluation. "There may be a limited number of tasks in which use of currently deployed LLMs could increase the capability of a novice.

257

257

Data Matters

FEBRUARY 9, 2024

Last week, the U.S. Department of Commerce published a notice of proposed rulemaking ( NPRM ) implementing Executive Orders (EO) 13984 and 14110 to prevent “foreign malicious cyber actors” from accessing U.S. infrastructure as a service products 1 (IaaS Rule). The IaaS Rule seeks to strengthen the U.S. government’s ability to track “foreign malicious cyber actors” who have relied on U.S.

Cloud 156

Cloud Privacy Access Security 156

Data Breach Today

FEBRUARY 9, 2024

Final Rule for 42 CFR Part 2 Changes Aims to Improve Patient Care Coordination The Department of Health and Human Services has finalized regulations to better align federal requirements for the confidentiality of substance use disorder records with privacy protections afforded under HIPAA. The aim is to improve care coordination while enhancing sensitive data protections.

Privacy 248

Privacy 248

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Security Affairs

FEBRUARY 9, 2024

Fortinet warns that the recently discovered critical remote code execution flaw in FortiOS SSL VPN, tracked CVE-2024-21762, is being actively exploited. Fortinet is warning that the recently discovered critical remote code execution vulnerability in FortiOS SSL VPN, tracked as CVE-2024-21762 (CVSS score 9.6), is actively exploited in attacks in the wild.

Military 134

Military Government Security IT 134

Data Breach Today

FEBRUARY 9, 2024

2 Men Arrested in Malta, Nigeria for Hawking Malware on Hacking Forums Since 2012 Federal authorities have seized internet domains and arrested two men in Malta and Nigeria who they say served as sales and customer service reps for a dark web business that sold RAT malware to cybercriminals over a 12-year period, leading to the "takeover and infection of computers worldwide.

Sales 246

Sales 246

Security Affairs

FEBRUARY 9, 2024

Ivanti warns customers of a new authentication bypass vulnerability in its Connect Secure, Policy Secure, and ZTA gateway devices. Ivanti has warned customers of a new high-severity security vulnerability, tracked as CVE-2024-22024 (CVSS score 8.3), in its Connect Secure, Policy Secure, and ZTA gateway devices that could allow attackers to bypass authentication.

Security 134

Security Authentication IT Access 134

Data Breach Today

FEBRUARY 9, 2024

Joe Sullivan Also Discusses Identity Management, AI, State of Information Sharing In the latest weekly update, Joe Sullivan, CEO of Ukraine Friends, joins three editors at ISMG to discuss the challenges of being a CISO in 2024, growing threats from disinformation, vulnerabilities in MFA, AI's role in cybersecurity, and the obstacles to public-private information sharing.

Cybersecurity 232

Cybersecurity 232

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

eSecurity Planet

FEBRUARY 9, 2024

A next generation firewall (NGFW) performs deep packet inspection to check the contents of the data flowing through the firewall. Unlike more basic firewalls that only check the header of data packets, NGFWs examine and evaluate the payload data within the packet. This deep packet inspection provides the basis for the various NGFW features that improve malware blocking.

Encryption 113

Encryption Cloud Security Risk 113

Schneier on Security

FEBRUARY 9, 2024

The widely reported story last week that 1.5 million smart toothbrushes were hacked and used in a DDoS attack is false. Near as I can tell, a German reporter talking to someone at Fortinet got it wrong , and then everyone else ran with it without reading the German text. It was a hypothetical, which Fortinet eventually confirmed. Or maybe it was a stock-price hack.

IT 111

IT 111

IT Governance

FEBRUARY 9, 2024

What the Common Vulnerability Scoring System is, how to use it, limitations and alternatives, and key changes in CVSS v4.0 Our senior penetration tester Leon Teale has more than ten years’ experience performing penetration tests for clients in various industries all over the world. In addition, he’s won hackathon events in the UK and internationally, and is accredited for multiple bug bounties.

IoT 103

IoT Risk Security Access 103

KnowBe4

FEBRUARY 9, 2024

A new report shows massive increases in browser attacks in the second half of 2023, with over 31,000 threats specifically designed to bypass security solution detection.

Phishing 111

Phishing Security Security awareness 111

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

IG Guru

FEBRUARY 9, 2024

Check out the story here. The post Patchwork Using Romance Scam Lures to Infect Android Devices with VajraSpy Malware via the Hacker News first appeared on IG GURU.

Information governance 82

Information governance Risk Government Information Security 82

KnowBe4

FEBRUARY 9, 2024

The U.S. Securities and Exchange Commission (SEC), through a new requirement of Item 1.05 of the 8-K, requires that all regulated companies report significant cybersecurity breaches within four business days of determining that the incident was “material”.

Cybersecurity 84

Cybersecurity Security Ransomware 84

Hunton Privacy

FEBRUARY 9, 2024

On February 8, 2024, the French Data Protection Authority (the “CNIL”) announced the priority topics for its inspections in 2024. In 2024, the CNIL will focus its investigations on the following priority topics: Data Collection for the Olympic and Paralympic Games. As millions of individuals are expected to travel to France for the Olympic and Paralympic Games this year, the CNIL will focus on verifying the measures that are deployed for security purposes ( e.g. , the use of QR codes for restr

Data collection 74

Data collection Personal data Privacy Access 74

WIRED Threat Level

FEBRUARY 9, 2024

“Had this all been contrived? Had his life become a game in which everyone knew the rules but him?” An exclusive excerpt from 2054: A Novel.

Security 83

Security 83

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Cloud

Hunton Privacy

FEBRUARY 9, 2024

Hunton Andrews Kurth is hosting a webinar discussing the Federal Trade Commission’s proposed revisions to the Children’s Online Privacy Protection Rule ( i.e. , the COPPA Rule) on February 20, 2024, at 12:00 p.m. (ET). Hunton partners Phyllis Marcus and Lisa Sotto will discuss the FTC’s recent proposal to strengthen federal protections for children’s privacy and the implications of the new changes, if enacted, for organizations.

Privacy 67

Privacy 67

John Battelle's Searchblog

FEBRUARY 9, 2024

Google’s Gemini launch. As hype escalated around the debut of ChatGPT more than a year ago, I predicted that OpenAI and Microsoft would rapidly develop consumer subscription service models for their nascent businesses. Later that year I wrote a piece speculating that Google would inevitably follow suit. If Google was smart, and careful, it had a chance to become “ the world’s largest subscription service.” From that piece: Google can’t afford to fall behind as its closest

IT 59

IT Artificial Intelligence 59

Information Matters

FEBRUARY 9, 2024

Cloud ERP provider Acumatica showcased new capabilities and celebrated customer growth at its annual summit this week. The event highlighted Acumatica’s focus on customer feedback to drive product development. “Our Read more The post Acumatica Unveils New Features, Celebrates Customers at Annual Summit appeared first on Information Matters - Where AI Meets Knowledge Management.

Cloud 52

Cloud IT 52

Docuware

FEBRUARY 9, 2024

Digitalization has fundamentally changed the leadership role. Authoritarian bosses, micromanagement and hierarchical thinking are a thing of the past. This is because traditional management structures can’t respond quickly to constantly changing market conditions and new customer demands. Instead, today’s leaders are called upon to exercise their emotional intelligence as well as business savvy and coach rather than give orders.

Marketing 29

Marketing 29

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Information Matters

FEBRUARY 9, 2024

A new report by Information Services Group (ISG) finds that advancements in generative AI are starting to reshape the European market for intelligent automation, though hype remains high. The ISG Read more The post GenAI Reshaping Europe’s Intelligent Automation Landscape appeared first on Information Matters - Where AI Meets Knowledge Management.

Marketing 52

Marketing 52

Schneier on Security

FEBRUARY 9, 2024

Amusing story about a penguin named “Squid.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.

Security 100

Security 100

eSecurity Planet

FEBRUARY 9, 2024

Cloud-native application development combines organizational and technical changes in the design, build, and deployment of software in the cloud to deliver value faster and improve overall business efficiency. This includes using cloud-native principles, services, architecture, and DevOps processes to build scalable, flexible, and resilient systems.

Cloud 113

Cloud Compliance Risk Security 113