Mon.Jul 15, 2024

article thumbnail

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

Krebs on Security

At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered, merely by supplying an email address tied to an existing domain.

Security 256
article thumbnail

Hacktivists Dump Disney Slack Data Online Over AI Projects

Data Breach Today

Disney’s Data Targeted for Using Artists’ Work in AI Systems, Hacking Group Says An apparent hacktivist group known as NullBulge claimed to have released a major data trove of sensitive information from Disney’s third-party digital workplace collaboration platform, Slack, after reportedly targeting the tech giant for its use of artists' work in training advanced AI systems.

IT 292
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

MY TAKE: Study shows most folks haven’t considered bequeathing their ‘digital’ inheritances

The Last Watchdog

In our digital age, managing passwords effectively is crucial not just for our security while we’re alive, but also for ensuring our digital legacies are secure after we’re gone. Related : Understanding digital footprints A recent study by All About Cookies sheds light on the alarming lack of preparation most internet users have for their digital assets.

Passwords 130
article thumbnail

Why Google Is Eyeing a $23B Buy of Cloud Security Phenom Wiz

Data Breach Today

Largest Deal in Cyber History Would Help Google Rival Microsoft, Limit Partnerships Despite all the platformization buzz, there are very few vendors with market-leading capabilities in at least three disparate security technology categories. That could change if Google forges ahead with buying cloud security firm Wiz for a reported $23 billion just two years after buying Mandiant.

Cloud 300
article thumbnail

The Tumultuous IT Landscape is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Ransomware groups target Veeam Backup & Replication bug

Security Affairs

Multiple ransomware groups were spotted exploiting a vulnerability, tracked as CVE-2023-27532, in Veeam Backup & Replication. The vulnerability CVE-2023-275327 (CVSS score of 7.5) impacts the Veeam Backup & Replication component. An attacker can exploit the issue to obtain encrypted credentials stored in the configuration database, potentially leading to gaining access to the backup infrastructure hosts.

More Trending

article thumbnail

Hackers Claim to Have Leaked 1.1 TB of Disney Slack Messages

WIRED Threat Level

A hacker group called “NullBulge” says it stole more than a terabyte of Disney’s internal Slack messages and files from nearly 10,000 channels in an apparent protest over AI-generated art.

IT 121
article thumbnail

AT&T Allegedly Pays Ransom After Snowflake Account Breach

Data Breach Today

Paying Criminals for a Promise to Delete Data Is Part of the Problem What will it take for victims of ransomware, extortion and other types of cybercrime to stop directly funding their attackers? The latest breached business to pay a ransom to its attackers appears to be AT&T, which reportedly paid Shiny Hunters over $350,000 for a promise to delete stolen data.

article thumbnail

AT&T paid a $370,000 ransom to prevent stolen data from being leaked

Security Affairs

Wired attributes the recently disclosed AT&T data breach to a hacker living in Turkey and reported the company paid a $370,000 ransom. An American hacker who lives in Turkey claimed responsibility for the recently disclosed AT&T data breach. The man also said the company paid a ransom to ensure that stolen data would be deleted, reported Wired.

article thumbnail

DOD Failing to Fix Critical Cybersecurity Gaps, Report Says

Data Breach Today

GAO: Department Lacks Cybersecurity Strategies for Major Business IT Programs The U.S. Department of Defense still hasn't addressed a series of critical cybersecurity gaps in its information technology business programs, according to an annual assessment conducted by the Government Accountability Office, despite years of warnings from the government watchdog.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Vulnerability Recap 7/15/24 – Industry Patches vs Flaw Exploits

eSecurity Planet

Last week’s vulnerability news highlighted major flaws across industries, urging quick patch response. The majority of incidents involved malicious threat actors exploiting vulnerabilities in several software and systems. Gogs’ security issues caused command execution and file deletion. Microsoft patched 143 vulnerabilities. OpenSSH and PHP exposed an RCE issue, and RADIUS protocols became susceptible to MitM attacks.

article thumbnail

Synnovis Attack Halts 8,000 NHS Patient Procedures So Far

Data Breach Today

Ransomware Hit on Pathology Firm Still Disrupting Organ Transplants, Blood Supply Nearly 8,000 National Health Service patient procedures including organ transplants and cancer treatments have been canceled, postponed or diverted to other facilities in London over the past six weeks since a ransomware attack disrupted blood testing firm Synnovis.

article thumbnail

US Senators Secretly Work to Block Safeguards Against Surveillance Abuse

WIRED Threat Level

Senator Mark Warner is trying to pass new limits on when the government can wiretap Americans. At least two senators are quietly trying to stop him.

article thumbnail

Enhancing Cyber Defense with AI-Powered SOCs

Data Breach Today

Driven Technologies Chief Operating Officer Vinu Thomas provides an in-depth look at how AI and automation are enhancing cybersecurity. He talks about the shift to distributed environments, the integration of security tools, and the effectiveness of AI in threat detection and response.

article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

article thumbnail

You can snag my favorite Bose noise-canceling headphones for $80 off right before Prime Day

Collaboration 2.0

The Bose QuietComfort Ultra headphones top every 'best headphones' list I've written, and for good reason. They're on sale for $80 off ahead of Amazon Prime Day 2024.

Sales 97
article thumbnail

Cybersecurity Can Be a Businesses Enabler

Data Breach Today

Andres Andreu Discusses How to Make an Organization Secure - and Successful To make cybersecurity a business enabler, cybersecurity teams need to focus on opening things up in a secure fashion so that the functionality and productivity of the business can flourish. Hearst's Andres Andreu discusses the areas in which this can be done.

article thumbnail

Ontario government introduces new bill for strengthening cybersecurity and for responsible AI

Data Protection Report

The Government of Ontario recently introduced the Strengthening Cyber Security and Building Trust in the Public Sector Act, 2024 (Bill 194) seeking to strengthen cybersecurity programs in the public sector and provide the groundwork for the responsible use of artificial intelligence (AI) among various public sector entities. If passed, Bill 194 will enact the Enhancing Digital Security and Trust Act, 2024 (the Act) and significantly amend the Freedom of Information and Protection of Privacy Act

article thumbnail

Employees Say OpenAI Shields Whistleblowers From Regulators

Data Breach Today

Complaint Seeks SEC Investigation of Whistleblower Practices, Financial Penalty Whistleblowers from OpenAI have reportedly complained to the Securities and Exchange Commission that the company unlawfully restricted employees from alerting regulators of the artificial intelligence technology's potential risks to humanity.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

4 ways to use AI to shop on Amazon Prime Day

Collaboration 2.0

AI tools can help you generate text, images, and code, but they can also work as a great shopping assistant this Prime Day. Here's how.

97
article thumbnail

Phishing Continues to Be the Primary Entry to Ransomware Attacks

KnowBe4

Phishing remains a top initial access vector for ransomware actors, according to researchers at Cisco Talos. The threat actors often use phishing to steal legitimate credentials so they can use employee accounts without raising suspicion.

article thumbnail

The Blink Video Doorbell for $30 is the ultimate smart home Prime Day deal yet

Collaboration 2.0

Prime Day is one of the few times a year when you can buy a video doorbell for the price of a trip to a fast-food restaurant.

98
article thumbnail

How to observe data quality for better, more reliable AI

Collibra

“With our automated world, every second thousands of decisions hinge on your data. Poor data quality doesn’t just mean mistakes—it means mistakes at lightning speed.” – Kirk Haslbeck, Founder of Collibra Data Quality, Inventor of Automated Rules State and local governments (SLED) are leveraging AI to enhance public safety, streamline operations, and improve citizen services.

article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

This all-in-one robot vacuum and mop is only $440 on Prime Day

Collaboration 2.0

The Yeedi Cube almost does everything: strong suction, self-emptying, and self-cleaning. And it's one of the most affordable robot vacuums and mops to combine all these features.

IT 85
article thumbnail

How to securely manage local admin passwords with Jamf Pro and LAPS

Jamf

Jamf Pro’s implementation of Local Administrator Password Solution (LAPS) is now finalized. William Smith takes a deep dive into how it works and how to implement it.

article thumbnail

Buy a Samsung Frame TV for up to $1,000 off right now at Best Buy

Collaboration 2.0

Forget Prime Day -- Best Buy has Samsung's popular TV that doubles as a work of art on deep discount right now.

98
article thumbnail

From Reactive to Proactive: Cyber Insurance is Driving Optimal Security Investments for Organizations

KnowBe4

New data shows that only 3 percent of organizations are solely relying on their current cyber defenses when adding on cyber insurance, indicating that organizations are beginning to understand the true value and place of a cyber insurance policy.

article thumbnail

Launching LLM-Based Products: From Concept to Cash in 90 Days

Speaker: Christophe Louvion, Chief Product & Technology Officer of NRC Health and Tony Karrer, CTO at Aggregage

Christophe Louvion, Chief Product & Technology Officer of NRC Health, is here to take us through how he guided his company's recent experience of getting from concept to launch and sales of products within 90 days. In this exclusive webinar, Christophe will cover key aspects of his journey, including: LLM Development & Quick Wins 🤖 Understand how LLMs differ from traditional software, identifying opportunities for rapid development and deployment.

article thumbnail

My favorite 12-in-1 electric screwdriver is less than $50 for Prime Day

Collaboration 2.0

I use this electric screwdriver with its built-in light all the time. Grab one on sale for Amazon Prime Day now.

Sales 94
article thumbnail

Navigating FedRAMP Compliance and Cloud Complexity for the Defense Industrial Base

Daymark

Companies performing work in the Defense Industrial Base (DIB) often contemplate whether they should use a cloud service provider for their business, then wonder which version of the cloud service they should consider. The rules and regulations passed down to the DIB from the Federal Government are quite confusing when it comes to trying to figure out what their requirements are.

Cloud 62
article thumbnail

5 ways to make the Xfce desktop more enjoyable to use

Collaboration 2.0

Give these Xfce tweaks a try if you want a lightning-fast desktop operating system that's as user-friendly as possible.

91