Tue.Dec 05, 2023

article thumbnail

North Korean Hackers Steal South Korean Anti-Aircraft Data

Data Breach Today

Andariel Group Rented Server to Steal 1.2TB of Data, Extort $357,000 in Ransoms Seoul police have accused the North Korean hacker group Andariel of stealing sensitive defense secrets from South Korean defense companies and laundering ransomware proceeds back to North Korea. The hackers stole 1.2TB of data, including information on advanced anti-aircraft weapons.

article thumbnail

CIP Task Force and Beta Testers Contribute to Updated Certified Information Professional Credential

AIIM

AIIM debuted a new version of the Certified Information Professional (CIP) credential. As of November 27, 2023, AIIM is offering a new version of the exam, which reflects the skills needed for today’s information professionals.

194
194
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

23andMe Says Hackers Stole Ancestry Data of 6.9M Users

Data Breach Today

Credential-Stuffing Attack Led to Profile Scraping Genetics testing firm 23andMe says hackers, in a credential-stuffing attack this fall, siphoned the ancestry data of 6.9 million individuals. 23andMe disclosed the attack on Oct. 1, stating the attackers had scraped the profiles of 23andMe users who opted in to the company's DNA Relatives feature.

290
290
article thumbnail

The Internet Enabled Mass Surveillance. AI Will Enable Mass Spying.

Schneier on Security

Spying and surveillance are different but related things. If I hired a private detective to spy on you, that detective could hide a bug in your home or car, tap your phone, and listen to what you said. At the end, I would get a report of all the conversations you had and the contents of those conversations. If I hired that same private detective to put you under surveillance, I would get a different report: where you went, whom you talked to, what you purchased, what you did.

Marketing 137
article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, CTO of Betterworks, will explore a practical framework to transform Generative AI prototypes into

article thumbnail

TSA Envisions AI-Driven Future of Secure, Streamlined Travel

Data Breach Today

TSA Official Details How Agency Aims to Implement AI Systems Across Operations The Transportation Security Administration is exploring the possibilities of a future of U.S. travel "underpinned by AI advancements," according to the agency's deputy CIO, with next-generation technologies shaping new verification and threat detection efforts.

Security 277

More Trending

article thumbnail

Experts Urge Congress to Task NIST With REAL ID Standards

Data Breach Today

'TSA Is Not the Right Agency to Lead' REAL ID Implementation, Security Experts Say Security experts testified to Congress that the National Institute of Standards and Technology is better placed than the Transportation Security Administration to lead national implementation efforts for security-enhanced identification cards ahead of a looming 2025 deadline for national compliance.

article thumbnail

Google fixed critical zero-click RCE in Android

Security Affairs

Google fixed a critical zero-click RCE vulnerability (CVE-2023-40088) with the release of the December 2023 Android security updates. Google December 2023 Android security updates addressed 85 vulnerabilities, including a critical zero-click remote code execution (RCE) flaw tracked as CVE-2023-40088. The vulnerability resides in Android’s System component, it doesn’t require additional privileges to be triggered.

Security 120
article thumbnail

Feds, AHA Urge Hospitals to Mitigate Citrix Bleed Threats

Data Breach Today

Urgent Action Needed to Prevent Ransomware Attacks Involving Vulnerability Exploit A recent spike in ransomware attacks has prompted federal regulators and the American Hospital Association to issue urgent warnings to hospitals and other healthcare firms to prevent potential exploitation of the Citrix Bleed software flaw affecting some NetScaler ADC and NetScaler Gateway devices.

article thumbnail

ENISA published ENISA Threat Landscape for DoS Attacks

Security Affairs

ENISA published the ENISA Threat Landscape for DoS Attacks report to bring new insights to the DoS threat landscape. Denial-of-Service (DoS) attacks pose a persistent and significant security risk for organizations. Over the past few years, threat actors have increasingly had access to cost-effective and efficient means and services to carry out such kinds of attacks.

article thumbnail

Navigating the Future: Generative AI, Application Analytics, and Data

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

article thumbnail

API Flaws Put AI Models at Risk of Data Poisoning

Data Breach Today

Hugging Face Fixes Flaw; Meta, Other Tech Giants Revoke Vulnerable Tokens Security researchers could access and modify an artificial intelligence code generation model developed by Facebook after scanning for API access tokens on AI developer platform Hugging Face and code repository GitHub. Tampering with training data is among the top threats to large language models.

article thumbnail

Data Breaches and Cyber Attacks in November 2023 – 519,111,354 Records Breached

IT Governance

IT Governance’s research has found the following for November 2023: 470 publicly disclosed security incidents. 519,111,354 records known to be breached. The number of incidents is particularly high this month, partly because we’ve improved our incident-finding processes, but also partly because we’ve seen several big supply chain attacks this month.

article thumbnail

Mapping the Unseen Vulnerabilities of Zombie APIs

Data Breach Today

Zombie APIs are becoming more common, just because of the sheer number APIs and third-party vendors that organizations rely on. Joshua Scott, head of information security and IT at API platform Postman, says businesses need to identify "what is critical to the business and map backward.

article thumbnail

The 23andMe Data Breach Keeps Spiraling

WIRED Threat Level

23andMe has provided more information about the scope and scale of its recent breach, but with these details come more unanswered questions.

article thumbnail

Get Better Network Graphs & Save Analysts Time

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

article thumbnail

Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw

Security Affairs

The U.S. CISA warns that threat actors are actively exploiting a critical vulnerability in Adobe ColdFusion to breach government agencies. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about threat actors actively exploiting a critical vulnerability ( CVE-2023-26360 ) in Adobe ColdFusion to breach government agencies. The flaw is an Improper Access Control that can allow a remote attacker to execute arbitrary code.

article thumbnail

New SEC Rules Will Do More Than Result in Quick Breach Reporting

KnowBe4

On July 26, the U.S. Security & Exchange Commission (SEC) announced several new cybersecurity rules , taking affect mid-December 2023, that will significantly impact all U.S. organizations (and foreign entities doing business in the U.S.) that must follow SEC regulations.

article thumbnail

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. Microsoft’s Threat Intelligence is warning of Russia-linked cyber-espionage group APT28 (aka “Forest Blizzard”, “Fancybear” or “Strontium”) actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information.

Military 107
article thumbnail

Fake Lockdown Mode: A post-exploitation tampering technique

Jamf

JTL security researchers discover how Lockdown Mode on iOS can be manipulated by a threat actor on compromised or jailbroken iPhones to trick users into believing that their device is protected by Lockdown Mode when in reality when in fact, it's not.

Security 107
article thumbnail

How Embedded Analytics Gets You to Market Faster with a SAAS Offering

Start-ups & SMBs launching products quickly must bundle dashboards, reports, & self-service analytics into apps. Customers expect rapid value from your product (time-to-value), data security, and access to advanced capabilities. Traditional Business Intelligence (BI) tools can provide valuable data analysis capabilities, but they have a barrier to entry that can stop small and midsize businesses from capitalizing on them.

article thumbnail

Financial Institutions are the Most Affected by Phishing Attacks and Scams

KnowBe4

New data shows how the overwhelming majority of phishing attacks on financial institutions dwarf every other industry sector by as much as a factor of 30-to-1.

Phishing 105
article thumbnail

A New Trick Uses AI to Jailbreak AI Models—Including GPT-4

WIRED Threat Level

Adversarial algorithms can systematically probe large language models like OpenAI’s GPT-4 for weaknesses that can make them misbehave.

article thumbnail

Retailers can tap into generative AI to enhance support for customers and employees

IBM Big Data Hub

As the retail industry witnesses a shift towards a more digital, on-demand consumer base, AI is becoming the secret weapon for retailers to better understand and cater to this evolving consumer behavior. With the rise of highly personalized online shopping, direct-to-consumer models, and delivery services, generative AI can help retailers further unlock a host of benefits that can improve customer care, talent transformation and the performance of their applications.

Retail 95
article thumbnail

Agreement Reached on the EU’s Data Act

Data Matters

On 27 November 2023, the Council adopted the final text of the Data Act which facilitates (and in certain cases, mandates) the access to (personal and non-personal) data. The Data Act was originally proposed by the European Commission in 2022. Alongside the EU Data Governance Act (which came into force in June 2022) the Data Act forms part of the EU’s Data Strategy which aims to “ make the EU a leader in a data-driven society ”.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

PDFs: Friend or Phishing Foe? Don't Get Caught by the Latest Scam Tactic

KnowBe4

Researchers at McAfee warn that attackers are increasingly utilizing PDF attachments in email phishing campaigns.

article thumbnail

Beyond basics: Six tips for an exceptional customer service strategy

IBM Big Data Hub

Enhancing the customer experience through customer service is among the most important disciplines for any organization for one simple reason: without customers, organizations would fail overnight. Customer service, sometimes called customer care or customer support, relates to the activities organizations take to ensure their customers’ needs are being met.

article thumbnail

CyberheistNews Vol 13 #49 Top Four Security Tips for Cyber Safety on National Computer Security Day

KnowBe4

Top Four Security Tips for Cyber Safety on National Computer Security Day

Security 104
article thumbnail

Public Company CISOs Beware: The SEC Is No Longer Playing Nice

Daymark

On October 30, 2023, the US Securities and Exchange Commission (SEC) announced fraud charges against SolarWinds and its former chief information security officer (CISO), alleging that “ SolarWinds’ public statements about its cybersecurity practices and risks were at odds with its internal assessments.” This comes on the heels of the SEC’s newly implemented rules for disclosures relating to cyber risk.

article thumbnail

Embedding BI: Architectural Considerations and Technical Requirements

While data platforms, artificial intelligence (AI), machine learning (ML), and programming platforms have evolved to leverage big data and streaming data, the front-end user experience has not kept up. Holding onto old BI technology while everything else moves forward is holding back organizations. Traditional Business Intelligence (BI) aren’t built for modern data platforms and don’t work on modern architectures.

article thumbnail

Statement to Department for Communities on funding shortfall of approximately £1.75 million

CILIP

Statement to Department for Communities on funding shortfall of approximately £1.75 million This statement is issued by CILIP, the Chartered Institute of Library and Information Professionals, the national body representing librarians and information professionals in Northern Ireland and the UK, in response to the lack of adequate funding for public library services.

article thumbnail

Key AI governance principles for enterprises

Collibra

Today, AI is reshaping industries with its unprecedented scale and transformative impact. At the heart of the AI revolution is the principle of ‘trusted data,’ a cornerstone for successful AI initiatives. Trusted data — characterized by its accuracy, reliability and integrity — is not just a requirement but a catalyst for transformative changes across organizations.

article thumbnail

Success Criteria for Digitizing Permanent Records

National Archives Records Express

Newly commissioned officers toss their hats into the air in celebration of their graduation from the U.S. Naval Academy. National Archives Identifier: 6466552 We are pleased to announce the release of the Success Criteria for Digitizing Permanent Records. This guidance supports the National Archives and Records Administration’s (NARA) regulation concerning digitization standards for permanent records ( 36 CFR 1236 Subpart E ).