Security Affairs
APRIL 4, 2024
HTTP/2 CONTINUATION Flood: Researchers warn of a new HTTP/2 vulnerability that can be exploited to conduct powerful denial-of-service (DoS) attacks. HTTP messages can contain named fields in both header and trailer sections. CERT/CC experts explained that both header and trailer fields are serialized as field blocks in HTTP/2 to transmit them in multiple fragments to the target implementation.
WIRED Threat Level
APRIL 4, 2024
As “P4x,” Alejandro Caceres single-handedly disrupted the internet of an entire country. Then he tried to show the US military how it can—and should—adopt his methods.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Data Breach Today
APRIL 4, 2024
New IACS Rules to Secure Onboard Digital Systems, Equipment Go Into Effect July 1 IT and OT security experts say threats to shipping underscore the need for more stringent regulations for passenger, cargo and high-speed vessels by the International Association of Classification Societies. The new IACS cybersecurity and resilience requirements will go into effect July 1.
Security Affairs
APRIL 4, 2024
Ivanti addressed four flaws impacting Connect Secure and Policy Secure Gateways that could lead to code execution and denial-of-service (DoS) condition. Ivanti has released security updates to address four security flaws impacting Connect Secure and Policy Secure Gateways that could result in code execution and denial-of-service (DoS). The list of vulnerabilities addressed by the company is reported below: CVE Description CVSS Vector CVE-2024-21894 A heap overflow vulnerability in IPSec componen
Advertiser: ZoomInfo
AI adoption is reshaping sales and marketing. But is it delivering real results? We surveyed 1,000+ GTM professionals to find out. The data is clear: AI users report 47% higher productivity and an average of 12 hours saved per week. But leaders say mainstream AI tools still fall short on accuracy and business impact. Download the full report today to see how AI is being used — and where go-to-market professionals think there are gaps and opportunities.
Data Breach Today
APRIL 4, 2024
Bugs Allowed Device Unlocking and Memory Access Google addressed two zero-day vulnerabilities in Pixel mobile phones that forensic firms exploited to bypass PINs and access stored data on the device. The bugs allowed attackers to unlock and access Pixel's device memory with physical access.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Data Breach Today
APRIL 4, 2024
OneLogin Departs Forrester's Leaderboard as User Experience Takes Center Stage Microsoft, Okta and CyberArk remained atop Forrester's workforce identity rankings, while OneLogin tumbled from the leaders' spot. The shift toward digital platforms and growing adoption of cloud services have been pivotal in driving the evolution of workforce identity platforms.
Krebs on Security
APRIL 4, 2024
A cybercrook who has been setting up websites that mimic the self-destructing message service privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers.
Data Breach Today
APRIL 4, 2024
What is RDP, why is it a very nearly ubiquitous finding in incident response, and how can investigators run it to ground when it goes wrong? An Active Adversary Special Report Remote Desktop Protocol (RDP) is commonly abused by ransomware groups. Here are methods on how we can provide context and advice for administrators and responders looking to deal with RDP.
The Guardian Data Protection
APRIL 4, 2024
Exclusive: senior party officials worked on commercial venture that would allow brands to sell products to supporters Senior Conservative party officials worked on plans to hand over its entire membership database for a commercial venture that promised to make tens of millions of pounds, the Guardian can reveal. Leaked documents show Tory executives discussed exploiting members’ personal data to build a mobile phone app that could track users’ locations and allow big brands to advertise to Conse
Speaker: Ben Epstein, Stealth Founder & CTO | Tony Karrer, Founder & CTO, Aggregage
When tasked with building a fundamentally new product line with deeper insights than previously achievable for a high-value client, Ben Epstein and his team faced a significant challenge: how to harness LLMs to produce consistent, high-accuracy outputs at scale. In this new session, Ben will share how he and his team engineered a system (based on proven software engineering approaches) that employs reproducible test variations (via temperature 0 and fixed seeds), and enables non-LLM evaluation m
Data Breach Today
APRIL 4, 2024
Differences in How the United States and United Kingdom Think About Cybersecurity The differences between working in cybersecurity in the U.K. and U.S. are not just a matter of accent or office culture; they are a study in how national security priorities, regulatory environments and cultural attitudes toward privacy and surveillance affect cyber workers' professional lives.
Schneier on Security
APRIL 4, 2024
The ProtonMail people are accusing Microsoft’s new Outlook for Windows app of conducting extensive surveillance on its users. It shares data with advertisers, a lot of data: The window informs users that Microsoft and those 801 third parties use their data for a number of purposes, including to: Store and/or access information on the user’s device Develop and improve products Personalize ads and content Measure ads and content Derive audience insights Obtain precise geolocation data
Data Breach Today
APRIL 4, 2024
Also: Insurer Predicts Ransomware for Cars, Offers to Cover Towing Costs This week, Omni, OWASP and MarineMax suffered cyber incidents, Ivanti disclosed flaws, Cisco gave tips to stop password-spraying attacks, a court upheld an FCC ban, India rescued citizens in Cambodia, Americans lost $1.1 billion to impersonation scams, and an insurer introduced a cyber auto policy.
KnowBe4
APRIL 4, 2024
As if it couldn’t get any worse, new data shows that the attacks IT feels most inadequate to stop are the ones they’re experiencing the most.
Advertiser: ZoomInfo
ZoomInfo customers aren’t just selling — they’re winning. Revenue teams using our Go-To-Market Intelligence platform grew pipeline by 32%, increased deal sizes by 40%, and booked 55% more meetings. Download this report to see what 11,000+ customers say about our Go-To-Market Intelligence platform and how it impacts their bottom line. The data speaks for itself!
Data Breach Today
APRIL 4, 2024
Device Bound Session Credentials Tie Authentication Cookies to Specific Computers Google is prototyping a method to stymie hackers who get around multifactor security by stealing authentication cookies from desktops. Google says its proposal for cryptographically tying authentication tokens to computers will succeed where previous attempts such as Token Binding failed.
IT Governance
APRIL 4, 2024
A Springboard to Career Success CISM® (Certified Information Security Manager) is a globally recognised qualification that provides a good understanding of IT security with a management flavour. But with so much in the news about AI, Cloud security and other niche areas of cyber security, it’s easy to overlook the importance of such solid, tried-and-tested qualifications in information security.
Data Breach Today
APRIL 4, 2024
'Fictitious Dialogue' About Harmful Content Subverts Defenses, Researchers Find After testing safety features built into generative artificial intelligence tools developed by the likes of Anthropic, OpenAI and Google DeepMind, researchers have discovered that a technique called "many-shot jailbreaking" can be used to defeat safety guardrails and obtain prohibited content.
KnowBe4
APRIL 4, 2024
A new string of multi-factor authentication (MFA) attacks targeting the reset of Apple IDs seem to be popping up in a likely attempt to steal the victim’s digital identity and more.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Data Breach Today
APRIL 4, 2024
Notorious Hacker Alleges They Stole Data From National Security Contractor The U.S. Department of State confirmed it’s investigating claims of a cyber incident after a notorious hacker known as IntelBroker posted on a publicly accessible hacking forum that they had leaked data belonging to the federal government and its allies.
Jamf
APRIL 4, 2024
This new study of schools in the UK's Shaw Trust offers hard data for educators seeking to start 1:1 or 1:many iPad programs in their K-12 schools.
Data Breach Today
APRIL 4, 2024
Also: A OneCoin Sentencing, Tornado Cash Update, FTX Repayment Plans This week, hackers stole from Prisma Finance and demanded praise, a OneCoin head was sentenced to prison, a Tornado Cash co-founder asked for dismissal of charges, FTX said it will repay customers, Singapore has new digital payment token rules, and the BoE and FCA launched Digital Security Sandbox.
IT Governance
APRIL 4, 2024
IT Governance’s research found the following for March 2024: 3,478 publicly disclosed security incidents. 299,368,075 records known to be breached. This month saw fewer records breached than in February (a 58% drop), but a staggering 388% rise in incidents. This is largely caused by two outlier events: Misconfigured Google Firebase instances , exposing 124,605,664 records across 916 misconfigured websites.
Advertiser: ZoomInfo
Incorporating generative AI (gen AI) into your sales process can speed up your wins through improved efficiency, personalized customer interactions, and better informed decision- making. Gen AI is a game changer for busy salespeople and can reduce time-consuming tasks, such as customer research, note-taking, and writing emails, and provide insightful data analysis and recommendations.
Data Breach Today
APRIL 4, 2024
Leading Means Admitting What You Don't Know - And Other Tips for Leaders Being an effective leader involves recognizing and embracing the expertise of others, particularly in areas where your own knowledge is limited. Here are tips on how to attract top talent and retain these exceptional employees by fostering a culture of excellence, innovation and continuous learning.
IG Guru
APRIL 4, 2024
Check out the article here. The post The Air Force Bought a Surveillance-Focused AI Chatbot via 404 first appeared on IG GURU.
Data Breach Today
APRIL 4, 2024
Escalation of Cyberespionage Likely Tied to Upcoming European Elections German federal agencies warned that phishing attacks targeting political parties surged ahead of upcoming European Union elections. The government did not attribute the attacks to a specific country but confirmed that they are tied to a nation-state group.
IBM Big Data Hub
APRIL 4, 2024
The popularity of private cloud is growing, primarily driven by the need for greater data security. Across industries like education, retail and government, organizations are choosing private cloud settings to conduct business use cases involving workloads with sensitive information and to comply with data privacy and compliance needs. In a report from Technavio (link resides outside ibm.com), the private cloud services market size is estimated to grow at a CAGR of 26.71% between 2023 and 2028,
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
KnowBe4
APRIL 4, 2024
At least twelve men working in the UK parliament have recently been targeted by WhatsApp spear phishing messages, POLITICO reports. The targeted individuals include “a senior Labour MP, four party staffers, and a political journalist.
Data Matters
APRIL 4, 2024
On March 28, 2024, in US v. EZ Lynk , the U.S. District Court for the Southern District of New York dismissed the Department of Justice’s (DOJ) claim that an automotive device manufacturer violated Section 203 of the Clean Air Act (CAA), holding that Section 230 of the Communications Decency Act (CDA) provided complete immunity from CAA liability for the sale of certain aftermarket automotive devices.
OpenText Information Management
APRIL 4, 2024
COVID-19 changed everything. Loyalty is on the auction block. Customers are uncertain: delaying purchases and shopping around. Brands that win in this new era will use customer success to drive transformative change with an eye to the future. What is customer success? Customer success grew out of the boom in SaaS companies. As B2B SaaS companies gained popularity in the early 2000s, vendors faced a challenge: neglecting customer training and retention led to frustrated users grappling with compl
Expert insights. Personalized for you.
345 
Let's personalize your content