Krebs on Security

NOVEMBER 29, 2023

When KrebsOnSecurity broke the news on Oct. 20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal sensitive data from fewer than one percent of its 18,000+ customers. But today, Okta revised that impact statement, saying the attackers also stole the name and email address for nearly all of its customer support users.

Authentication 257

Authentication Passwords Access Cloud 257

Data Breach Today

NOVEMBER 29, 2023

Vulnerability Management is a well-known cybersecurity essential. However the lines have blurred over the years regarding which vital practices fall under the VM classification.

Cybersecurity 266

Cybersecurity 266

Weissman's World

NOVEMBER 29, 2023

We’ve talked a lot about the perils of using generative AI, which while improving is still prone to making stuff up and exposes our data to privacy problems if used as engine fodder. But I don’t know that I’ve properly distinguished between the “bad” public technologies and the possible “good” of those installed internally –… Read More » Public AI: Bad.

Information governance 156

Information governance Government Privacy 156

Data Breach Today

NOVEMBER 29, 2023

Industry Experts Share Concerns Over Misuse, Privacy and Security With Committee As Congress weighs potential legislative and regulatory guardrails for the use of AI in healthcare, issues such as human oversight, privacy and security risk need close attention, said healthcare industry experts who testified during a House Energy and Commerce subcommittee hearing on Wednesday.

Privacy 257

Privacy Risk Security 257

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Security Affairs

NOVEMBER 29, 2023

Google released security updates to address a new actively exploited zero-day vulnerability, tracked as CVE-2023-6345, in the Chrome browser. Google on Wednesday released security updates to address a new actively exploited zero-day, tracked as CVE-2023-6345, in the Chrome browser. The CVE-2023-5217 is a high-severity integer overflow in Skia. Skia is an open-source 2D graphics library that provides common APIs that work across a variety of hardware and software platforms.

Libraries 136

Libraries Security Access IT 136

Security Affairs

NOVEMBER 29, 2023

The Rhysida ransomware group claimed to have hacked King Edward VII’s Hospital in London. King Edward VII’s Hospital is a private hospital located on Beaumont Street in the Marylebone district of central London. It is a leading provider of acute and specialist medical care, with a focus on musculoskeletal health, urology, women’s health, and digestive health.

Ransomware 140

Ransomware Manufacturing Education Libraries 140

Data Breach Today

NOVEMBER 29, 2023

Sinbad Was the 'Preferred Mixing Service' of North Korean Hackers The U.S. federal government Wednesday added cryptocurrency mixer Sinbad.io to a growing blacklist of virtual asset platforms under sanctions that prevent Americans from doing business with them. The FBI seized the Sinbad website in an international operation.

Government 250

Government 250

The Last Watchdog

NOVEMBER 29, 2023

San Mateo, Calif., November 29, 2023 – Kiteworks , which delivers data privacy and compliance for sensitive content communications through its Private Content Network (PCN), released today its Sensitive Content Communications 2024 Forecast Report. The report outlines 12 predictions and strategies to help IT, security, risk management, and compliance leaders tackle data privacy and cyber-risk challenges for the coming year.

Risk 100

Risk Data Privacy Compliance Communications 100

Data Breach Today

NOVEMBER 29, 2023

Federal Agencies Lack Comprehensive Guidelines For Developing SBOMs, Experts Say Procurement experts testified to the House subcommittee on cybersecurity, information technology and government innovation Wednesday that government requirements leave too many unanswered questions and ambiguities for federal agencies when it comes to implementing SBOMs.

Government 240

Government Cybersecurity IT 240

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Security Affairs

NOVEMBER 29, 2023

Thousands of secrets have been left exposed on Docker Hub, a platform where web developers collaborate on their code for web applications. While some are harmless API keys, others could lead to unauthorized access, data breaches, or identity theft, the latest Cybernews research reveals. The Docker Hub store has at least 5,493 container images that contain secrets and could be considered as exposing sensitive information.

Analytics 137

Analytics Cloud Authentication Data breaches 137

Data Breach Today

NOVEMBER 29, 2023

In this episode of "Cybersecurity Insights," Eyal Fisher discussed Sweet Security's Cloud Runtime Security Suite, which helps CISOS and security teams defend against all stages of a cyberattack by gathering data, generating insights, baselining the normal environment and looking for deviations.

Cloud 238

Cloud Cybersecurity Security 238

Schneier on Security

NOVEMBER 29, 2023

They’re not that good : Security researchers Jesse D’Aguanno and Timo Teräs write that, with varying degrees of reverse-engineering and using some external hardware, they were able to fool the Goodix fingerprint sensor in a Dell Inspiron 15, the Synaptic sensor in a Lenovo ThinkPad T14, and the ELAN sensor in one of Microsoft’s own Surface Pro Type Covers.

Security 122

Security IT Authentication 122

Data Breach Today

NOVEMBER 29, 2023

Beware Phishing and Social Engineering Attacks Targeting Passwords, Vendor Warns Identity and authentication giant Okta said the attacker behind its September data breach stole usernames and contact details for all users of its primary customer support system, and warned customers to beware potential follow-on phishing and social engineering attacks.

Phishing 237

Phishing Data breaches Passwords Authentication 237

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Security Affairs

NOVEMBER 29, 2023

Cloud identity and access management solutions provider Okta revealed additional threat actor activity linked to the October 2023 breach. Okta provided additional details about the October 2023 breach and revealed additional threat actor malicious activities. In October, the Cloud identity and access management solutions provider said that threat actors broke into its support case management system and stole authentication data, including cookies and session tokens, that can be abused in future

Authentication 132

Authentication Cloud Access Archiving 132

Data Breach Today

NOVEMBER 29, 2023

Content Collaboration Platform Sent Updates and Alert Directly to Users Last Month Security researchers say attackers are actively attempting to exploit a critical vulnerability in unpatched ownCloud implementations, which they can use to steal credentials and other secret information. Last month, ownCloud said it had sent all users a security alert and updates to fix the flaws.

Security 234

Security IT 234

KnowBe4

NOVEMBER 29, 2023

This is a cautionary tale of both how your data can legally end up in the hands of an organization you never intended and how victims can be largely left in the dark post-breach.

Data breaches 117

Data breaches Phishing Security 117

Data Breach Today

NOVEMBER 29, 2023

Deal Will Expand BlueVoyant's Footprint in US Government, Defense Industrial Base BlueVoyant purchased a risk management vendor led by an Army veteran to expand its SaaS footprint with U.S. government and defense industrial organizations. Buying Conquest Cyber will allow BlueVoyant to provide cyber risk maturity and compliance assessments to both federal and commercial customers.

Compliance 228

Compliance Risk Government IT 228

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

WIRED Threat Level

NOVEMBER 29, 2023

Released earlier this month, OpenAI’s GPTs let anyone create custom chatbots. But some of the data they’re built on is easily exposed.

Artificial Intelligence 125

Artificial Intelligence Privacy Security 125

The Guardian Data Protection

NOVEMBER 29, 2023

Four groups claim no legal basis exists for setting up the Federated Data Platform which facilitates information sharing The NHS has been accused of “breaking the law” by creating a massive data platform that will share information about patients. Four organisations are bringing a lawsuit against NHS England claiming that there is no legal basis for its setting up of the Federated Data Platform (FDP).

Privacy 103

Privacy IT 103

KnowBe4

NOVEMBER 29, 2023

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Security awareness 103

Security awareness Phishing Security IT 103

Thales Cloud Protection & Licensing

NOVEMBER 29, 2023

FIDO, Biometry and Contactless: Enhancing End User Adoption of Phishing-Resistant MFA madhav Thu, 11/30/2023 - 04:52 The surge in social engineering and phishing attacks seeking to bypass established multi-factor authentication (MFA) methods indicates that organizations must move to phishing-resistant MFA. In their report “ Avoid the Top 9 Pitfalls of Implementing MFA ,” Gartner makes several recommendations for careful consideration by security professionals responsible for the successful deplo

Phishing 87

Phishing Authentication Data Privacy Passwords 87

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Cloud

IBM Big Data Hub

NOVEMBER 29, 2023

Financial Services clients are increasingly looking to modernize their applications. This includes modernization of code development and maintenance (helping with scarce skills and allowing innovation and new technologies required by end users) as well as improvement of deployment and operations, using agile techniques and DevSecOps. As part of their modernization journey, clients want to have flexibility to determine what is the best “fit for purpose” deployment location for their a

Cloud 89

Cloud Financial Services Security Compliance 89

KnowBe4

NOVEMBER 29, 2023

There’s been a “precipitous rise” in QR code phishing (quishing) campaigns in 2023, according to Matthew Tyson at CSO.

Phishing 113

Phishing Security 113

IBM Big Data Hub

NOVEMBER 29, 2023

By leveraging AI for real-time event processing, businesses can connect the dots between disparate events to detect and respond to new trends, threats and opportunities. In 2023, the IBM® Institute for Business Value (IBV) surveyed 2,500 global executives and found that best-in-class companies are reaping a 13% ROI from their AI projects—more than twice the average ROI of 5.9%.

Artificial Intelligence 84

Artificial Intelligence Unstructured data Analytics Customer Experience 84

CILIP

NOVEMBER 29, 2023

Partnership to Campaign: Green Libraries is growing Global leaders, thinkers, and activists from industry and politics will gather this weekend in Dubai for the first day of COP28 to rethink, reboot, and refocus the climate agenda. Meanwhile libraries across the UK and beyond have been working hard to bring climate action and awareness to their communities as part of the Green Libraries Partnership.

Libraries 83

Libraries Security IT 83

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

IBM Big Data Hub

NOVEMBER 29, 2023

With the emergence of new advances and applications in machine learning models and artificial intelligence, including generative AI, generative adversarial networks, computer vision and transformers, many businesses are seeking to address their most pressing real-world data challenges using both types of synthetic data: structured and unstructured. Structured synthetic data types are quantitative and includes tabular data, such as numbers or values, while unstructured synthetic data types are qu

Privacy 80

Privacy Data Privacy Artificial Intelligence Risk 80

WIRED Threat Level

NOVEMBER 29, 2023

Okta upped its original estimate of customer support users affected by a recent breach from 1 percent to 100 percent, citing a “discrepancy.

IT 87

IT Security 87

IBM Big Data Hub

NOVEMBER 29, 2023

Australia pioneered water rights trading in the early 1900s, becoming a world leader in water sharing between valleys. The initiative extended throughout the states of Australia across the Murray-Darling Basin (MDB). However, findings from the water market’s inquiry of the MDB, completed by the Australian Consumer and Competition Commission (ACCC) and the Department of Climate Change, Energy, the Environment and Water (DCCEEW), highlighted a great many challenges of the system.

Blockchain 73

Blockchain Marketing Paper Access 73