Wed.Dec 06, 2023

article thumbnail

CISA Urges Software Developers to Prioritize Memory Safe Coding

Data Breach Today

CISA, NSA, FBI and Global Partners Urge Manufacturers to Make Memory Safe Road Maps The U.S. Cybersecurity and Infrastructure Security Agency is urging software developers to implement memory safe coding as part of an effort to address critical vulnerabilities in programming languages and further shift security responsibilities away from end users.

article thumbnail

ICANN Launches Service to Help With WHOIS Lookups

Krebs on Security

More than five years after domain name registrars started redacting personal data from all public domain registration records, the non-profit organization overseeing the domain industry has introduced a centralized online service designed to make it easier for researchers, law enforcement and others to request the information directly from registrars.

Phishing 269
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Biden Administration Issues Cyber Strategy for Health Sector

Data Breach Today

HHS Is Proposing New Cyber Regs for Hospitals and a HIPAA Security Rule Update The U.S. Department of Health and Human Services on Wednesday released a sweeping strategy document proposing how the Biden administration intends to push the healthcare sector - through new requirements, incentives and enforcement - into improving the state of its cybersecurity.

article thumbnail

Police Can Spy on Your iOS and Android Push Notifications

WIRED Threat Level

Governments can access records related to push notifications from mobile apps by requesting that data from Apple and Google, according to details in court records and a US senator.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Hackers Hit Medical Imaging Services Centers in NY, Texas

Data Breach Today

East River Medical Imaging Says Nearly 606,000 Affected A New York medical imaging services provider is notifying nearly 606,000 individuals that their information was potentially accessed and copied in a recent hacking incident. The entity is one of several medical imaging centers that have reported major hacking breaches in recent weeks and months.

Access 287

More Trending

article thumbnail

New iPhone Exploit Technique Evades Lockdown Mode Function

Data Breach Today

Researchers Find Way to Hack Apple's Most Extreme Security Feature for iPhones Researchers from Jamf Threat Labs said they have managed to manipulate the code in a compromised iPhone to effectively make it appear as if the device is entering Lockdown Mode - but "without any of the protections that would normally be implemented by the service.

Security 287
article thumbnail

CISA adds Qualcomm flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds four Qualcomm vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Qualcomm vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below is the list of the issues added to the catalog: CVE-2023-33106 Qualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset Vulnerability CVE-2023-33063 Qualcomm Multiple Chipsets Use-After-Free Vuln

IT 141
article thumbnail

How to Jailbreak Machine Learning With Machine Learning

Data Breach Today

Researchers Automate Tricking LLMs Into Providing Harmful Information A small group of researchers says it has identified an automated method for jailbreaking OpenAI, Meta and Google large language models with no obvious fix. Just like the algorithms that researchers can force into giving dangerous or undesirable responses, the technique depends on machine learning.

IT 283
article thumbnail

Experts demonstrate a post-exploitation tampering technique to display Fake Lockdown mode

Security Affairs

Researchers devised a new post-exploitation tampering technique to trick users into believing that their iPhone is in Lockdown Mode. Researchers from Jamf Threat Labs devised a new post-exploit tampering technique to trick users that their compromised iPhone is running in Lockdown Mode while they are performing malicious activities. The researchers pointed out that the issue is not a flaw in the feature or an iOS vulnerability.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Supporting CISA - The 'Focal Point of Our Defensive Efforts'

Data Breach Today

On Nov. 8, Tenable Chairman and CEO Amit Yoran wrote a letter to Congress in support of CISA. In this episode of "Cybersecurity Insights," Yoran calls the agency the "primary focal point of our defensive efforts" and discusses why the country needs to stay unified on defeating cyberthreats.

article thumbnail

Atlassian addressed four new RCE flaws in its products

Security Affairs

Australian Software giant Atlassian addressed four critical Remote Code Execution (RCE) vulnerabilities in its products. Atlassian released security patches to address four critical remote code execution vulnerabilities in its products. Below is the list of vulnerabilities addressed by the vendor: CVE-2022-1471 (CVSS score: 9.8) – SnakeYAML library RCE Vulnerability that impacts multiple products.

IT 138
article thumbnail

The Binance Crackdown Will Be an 'Unprecedented' Bonanza for Crypto Surveillance

WIRED Threat Level

Binance’s settlement requires it to offer years of transaction data to US regulators and cops, exposing the company—and its customers—to a “24/7, 365-days-a-year financial colonoscopy.

IT 138
article thumbnail

Don't Be Fooled By This Sneaky Disney+ Scam

KnowBe4

A phishing campaign is impersonating Disney+ with phony invoices, according to researchers at Abnormal Security. The phishing emails targeted individuals at 22 organizations in September.

Phishing 132
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Security Analysis of a Thirteenth-Century Venetian Election Protocol

Schneier on Security

Interesting analysis : This paper discusses the protocol used for electing the Doge of Venice between 1268 and the end of the Republic in 1797. We will show that it has some useful properties that in addition to being interesting in themselves, also suggest that its fundamental design principle is worth investigating for application to leader election protocols in computer science.

Security 132
article thumbnail

The Alarming Threat of Ransomware: Insights from the Secureworks State of the Threat Report 2023

KnowBe4

In the ever-evolving landscape of cybersecurity, the battle against ransomware has taken a concerning turn. According to the latest findings from Secureworks annual State of the Threat Report , the deployment of ransomware is now occurring within just one day of initial access in more than half of all engagements.

article thumbnail

Leveraging Generative AI in eDiscovery: The Art and Science of Prompt Engineering

Hanzo Learning Center

The use of generative AI in eDiscovery is opening new avenues for efficiency and precision. But, as is often the case with powerful tools, the devil is in the details. A significant part of those details? Prompt engineering. Let's take a look.

113
113
article thumbnail

New York Unit of Worlds Largest Bank Becomes Ransomware Victim

KnowBe4

The ransomware attack on ICBC Financial Services caused disruption of trading of U.S. Treasuries and marked a new level of breach that could have massive repercussions.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Reskilling your workforce in the time of AI

IBM Big Data Hub

As the adoption of AI and other technologies continues to expand, it will transform how we perform work with the potential to disrupt 83 million jobs globally and create 69 million new roles by 2025, according to the World Economic Forum. Like other groundbreaking technologies before it, the evolution of AI will create opportunities for new industries, new jobs and new approaches to existing ones.

IT 92
article thumbnail

Securing the Cloud Frontier: Navigating the Complexities of SaaS Data Protection in the Multi-Cloud Era

Thales Cloud Protection & Licensing

Securing the Cloud Frontier: Navigating the Complexities of SaaS Data Protection in the Multi-Cloud Era madhav Thu, 12/07/2023 - 05:34 In the rapidly evolving digital landscape, Software as a Service (SaaS) has emerged as a cornerstone of modern business operations. Valued at nearly $200 billion and projected to dominate the enterprise-software market, SaaS offers unparalleled business opportunities and efficiencies.

Cloud 83
article thumbnail

Latest Developments on AI in the EU: the Saga Continues

Data Matters

EU AI Act Up until recently, political agreement on the final text of the EU Artificial Intelligence Regulation (AI Act) was expected on 6 December 2023. However, latest developments indicated roadblocks in the negotiations due to three key discussion points – please see our previous blog post here. EU officials are reported to be meeting twice this week to discuss a compromise mandate on EU governments’ position on the text, in preparation of the political meeting on 6 December.

article thumbnail

Dragos Community Defense Program Helps Small Utilities Facing Cyber Attacks

The Security Ledger

Dragos Security on Wednesday unveiled a "Community Defense Program" to provide free cybersecurity software for small utilities providing water, electric, and natural gas in the United States. The post Dragos Community Defense Program Helps Small Utilities Facing Cyber Attacks appeared first on The Security Ledger with Paul F. Roberts.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Value based care set to drive 2024 healthcare technology adoption

OpenText Information Management

In the ever-evolving landscape of healthcare, the focus is shifting from a fee-for-service model to a value-based healthcare system. This transformation places an emphasis on delivering high-quality care while controlling costs. To navigate this paradigm and shift successfully, healthcare organizations are turning to cutting-edge technologies. For 2024 there are five technologies that are driving the … The post Value based care set to drive 2024 healthcare technology adoption appeared firs

article thumbnail

What it Takes to Be Your Organisation’s DPO or Data Privacy Lead

IT Governance

‘GDPR’ has become a familiar term. We recognise the visible and consumer-facing aspects of it in our everyday lives. As privacy professionals, we see consumers exercising their rights to withdraw consent to their data being processed via ‘opt out’ or ‘unsubscribe’ buttons, for example. What’s not so evident is whether organisations are keeping their practices fully up to date and in line with the GDPR.

article thumbnail

Fortify and Mobb join forces for faster fixes in SAST 

OpenText Information Management

As developers, we’re always striving to ship our code quickly while still maintaining the highest security standards. This balancing act can be tricky, as discovering and fixing vulnerabilities is a time-intensive process. In order to address this pain point, OpenTextâ„¢ Fortify, the longest running leader in application security testing, is thrilled to announce a new … The post Fortify and Mobb join forces for faster fixes in SAST appeared first on OpenText Blogs.

article thumbnail

World’s first living robots can now reproduce, scientists say via CNN

IG Guru

Check out the article here. The post World’s first living robots can now reproduce, scientists say via CNN first appeared on IG GURU.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.