Data Breach Today
AUGUST 22, 2024
Logging Best Practices Guidance Aims to Enhance Global Detection and Response The Australian Signals Directorate's Australian Cyber Security Center released joint guidance with a cohort of international cyber agencies that aims to provide baseline standards for event logging and threat detection, amid a wave of high-profile attacks employing "living off the land" techniques.
Krebs on Security
AUGUST 19, 2024
New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
AUGUST 21, 2024
I recently learned all about the state-of-the art of phishing attacks – the hard way. Related: GenAI-powered attacks change the game An email arrived from the head of a PR firm whom I’ve known for 20 years asking me to click on a link to check out a proposal. Foolishly, I did so all too quickly. Within a few minutes, many of my contacts, and even strangers, were receiving a similar malicious email from me.
Weissman's World
AUGUST 6, 2024
You know as well as I that people-related issues – not those related to technology – tend to be the ones that stand most in the way of information governance success. Our problem is that we need them to understand, to make time for us, to change their thinking. To help them get there, we… Read More » Make it Personal When People Slow Your InfoGov Roll The post Make it Personal When People Slow Your InfoGov Roll appeared first on Holly Group.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
AIIM
AUGUST 27, 2024
I recently had the pleasure of hosting a conversation with Rob Bogue, the core author of AIIM's new resource " Organizational Readiness for Generative AI: Leveraging Unstructured Data for Success." This assessment focuses on how to prepare unstructured data for AI implementation. In this blog post, I'll share key insights from our discussion and highlight the importance of this tool for information management professionals.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Data Breach Today
AUGUST 26, 2024
Texas Credit Union Only Just Notifying 500,000 Members About May 2023 Data Theft Fifteen months after a massive supply-chain attack hit users of MOVEit secure file-transfer software, Texas Dow Employees Credit Union has issued a data breach notification pertaining to 500,474 victims, saying it only discovered last month their personally identifiable information got stolen.
Krebs on Security
AUGUST 15, 2024
A great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named consumer data broker called NationalPublicData.com. This post examines what we know about a breach that has exposed hundreds of millions of consumer records.
The Last Watchdog
AUGUST 12, 2024
LAS VEGAS – Here’s what I discovered last week here at Black Hat USA 2024 : GenAI is very much in the mix as a potent X-factor in cybersecurity. Related: Prioritizing digital resiliency I spoke with over three dozen cybersecurity solution providers. Some of the more intriguing innovations had to do with leveraging GenAI/LLM-equipped chatbots as proprietary force multipliers.
Security Affairs
AUGUST 18, 2024
New cybercrime group Mad Liberator is targeting AnyDesk users and runs a fake Microsoft Windows update screen to conceal data exfiltrating. The Sophos X-Ops Incident Response team warned that a new ransomware group called Mad Liberator is exploiting the remote-access application Anydesk for their attacks. The group was also spotted running a fake Microsoft Windows update screen to conceal data exfiltrating.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
AIIM
AUGUST 22, 2024
While humans are critical to the success of AI initiatives, they may also present obstacles. In this blog post, we will walk through some of the challenges organizations face when implementing AI for content services.
WIRED Threat Level
AUGUST 15, 2024
A fix is coming, but data analytics giant Palantir says it’s ditching Android devices altogether because Google’s response to the vulnerability has been troubling.
Data Breach Today
AUGUST 29, 2024
Also: Turn in Volodymyr Kadariya, Get $2.5 Million from Uncle Sam This week, an ex-Verizon employee pleaded guilty, SonicWall fixed critical flaws,South Korean hackers exploited a zero-day, U.S. retailer Dick's Sporting Goods was breached, the U.S. government offered a big reward, Grok AI will send election queries to Vote.gov, and HIPAA is 28 years old.
Krebs on Security
AUGUST 27, 2024
Malicious hackers are exploiting a zero-day vulnerability in Versa Director , a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon , a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United States and Asia during any future armed conflict with China.
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
The Last Watchdog
AUGUST 3, 2024
When Tanisha Martin, a veteran software quality assurance analyst, sought to move over to a security team a few years ago, the doors should have been wide open, given the much-ballyhooed cybersecurity skills shortage. Related: Modernizing security training Instead, she ran into a rigid wall of shortsightedness. So, Martin taught herself ethical hacking skills and then founded Black Girls Hack to guide others down the trail she blazed.
Security Affairs
AUGUST 24, 2024
Recently, researchers warned vacuum and lawn mower robots made by Ecovacs could be hacked to spy on their owners, the company will fix it. During the recent Def Con hacking conference, security researchers Dennis Giese and Braelynn explained that attackers can exploit flaws in vacuum and lawn mower robots made by Ecovacs to spy on their owners. The researchers analyzed the following devices: Ecovacs Deebot 900 Series, Ecovacs Deebot N8/T8, Ecovacs Deebot N9/T9, Ecovacs Deebot N10/T10, Ecovacs De
AIIM
AUGUST 13, 2024
AIIM research shows that many organizations feel ready for AI, but encounter obstacles to implementation, especially a lack of available use cases. Where do organization start with Generative AI (Gen AI)?
WIRED Threat Level
AUGUST 14, 2024
Researchers have discovered a way that would allow anyone with a few hundred dollars to hack into a wireless gear-shifting systems used by the top cycling teams for events like the Tour de France.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Data Breach Today
AUGUST 27, 2024
Young Consulting Says Health Data Exposed; Ransomware Group Leaked Stolen Data Young Consulting, which develops software for the stop-loss insurance market, is notifying 1 million individuals that their personal information was stolen earlier this year in a hack attack. The BlackSuit ransomware group, a rebrand of Royal, subsequently claimed credit and leaked stolen data.
Krebs on Security
AUGUST 23, 2024
The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which are freely available for anyone to register.
The Last Watchdog
AUGUST 20, 2024
The art of detecting subtle anomalies, predicting emergent vulnerabilities and remediating novel cyber-attacks is becoming more refined, day by day. Related: GenAI’s impact on elections It turns out that the vast datasets churned out by cybersecurity toolsets happen to be tailor-made for ingestion by Generative AI ( GenAI ) engines and Large Language Models ( LLMs.
Security Affairs
AUGUST 25, 2024
Researchers spotted a new stealthy Linux malware named sedexp that uses Linux udev rules to achieve persistence and evade detection. Aon’s Cyber Solutions spotted a new malware family, called sedexp, that relies on a lesser-known Linux persistence technique. The malware has been active since at least 2022 but remained largely undetected for years. The experts pointed out that the persistence method employed by this malware is currently undocumented by MITRE ATT&CK.
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
AIIM
AUGUST 19, 2024
As organizations explore the potential of AI, information management practitioners may face the challenge of being perceived as roadblocks rather than facilitators. However, by aligning Generative AI initiatives with business goals and promoting intentional adoption, these professionals can pivot into a critical educator role.
WIRED Threat Level
AUGUST 16, 2024
Social Security numbers, physical addresses, and more—all available online. After months of confusion, leaked information from a background-check firm underscores the long-term risks of data breaches.
Data Breach Today
AUGUST 14, 2024
Maksim Silnikau, aka 'J.P.Morgan,' Charged in New Jersey and Virginia Federal Court A pioneer of the ransomware-as-a-service model appeared in U.S. federal court Tuesday where he faces a slew of charges stemming from a nearly two-decade online career. Poland extradited Maksim Silnikau to the United States on Friday; authorities arrested him in a Spanish seaside town in 2023.
Krebs on Security
AUGUST 13, 2024
Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attackers. Image: Shutterstock. This month’s bundle of update joy from Redmond includes patches for security holes in Office ,NET , Visual Studio , Azure , Co-Pilot , Microsoft Dynamics , Teams , Secure Boot, and of course Windows itself.
Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL
Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.
The Last Watchdog
AUGUST 19, 2024
President Biden’s call for the mainstreaming of Software Bill of Materials (SBOMs) is a major step forward. Related: Europe mandates resiliency Requiring a formal inventory of all components, libraries and modules in all business applications can help lock down software supply chains, especially in light of the SolarWinds and Colonial Pipeline attacks.
Security Affairs
AUGUST 16, 2024
Many Google Pixel devices shipped since September 2017 have included a vulnerable app that could be exploited for malicious purposes. Many Google Pixel devices shipped since September 2017 have included dormant software that could be exploited by attackers to compromise them. Researchers form mobile security firm iVerify reported that the issue stems from a pre-installed Android app called “Showcase.apk,” which runs with excessive system privileges, allowing it to remotely execute co
KnowBe4
AUGUST 6, 2024
On August 6th, 2024, we celebrate National Social Engineering Day – a new national day established by KnowBe4 and officially recognized by the National Day Calendar. The day aims to educate individuals and organizations about the risks associated with social engineering tactics used in cyber attacks.
Expert insights. Personalized for you.
309 
Let's personalize your content