Data Breach Today
AUGUST 22, 2024
Logging Best Practices Guidance Aims to Enhance Global Detection and Response The Australian Signals Directorate's Australian Cyber Security Center released joint guidance with a cohort of international cyber agencies that aims to provide baseline standards for event logging and threat detection, amid a wave of high-profile attacks employing "living off the land" techniques.
Krebs on Security
AUGUST 19, 2024
New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
AUGUST 21, 2024
I recently learned all about the state-of-the art of phishing attacks – the hard way. Related: GenAI-powered attacks change the game An email arrived from the head of a PR firm whom I’ve known for 20 years asking me to click on a link to check out a proposal. Foolishly, I did so all too quickly. Within a few minutes, many of my contacts, and even strangers, were receiving a similar malicious email from me.
AIIM
AUGUST 27, 2024
I recently had the pleasure of hosting a conversation with Rob Bogue, the core author of AIIM's new resource " Organizational Readiness for Generative AI: Leveraging Unstructured Data for Success." This assessment focuses on how to prepare unstructured data for AI implementation. In this blog post, I'll share key insights from our discussion and highlight the importance of this tool for information management professionals.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Data Matters
AUGUST 9, 2024
During the King’s Speech on 17 July 2024, the newly appointed UK Prime Minister announced the UK Government’s intention to introduce a new Cyber Security and Resilience Bill to strengthen the UK’s defences against the global rise in cyberattacks and to protect the UK’s critical infrastructure. In background briefing notes published together with the King’s Speech, the UK Government stated that the new Cyber Security and Resilience Bill will “strengthen our defences and ensure that more essential
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Data Breach Today
AUGUST 14, 2024
Maksim Silnikau, aka 'J.P.Morgan,' Charged in New Jersey and Virginia Federal Court A pioneer of the ransomware-as-a-service model appeared in U.S. federal court Tuesday where he faces a slew of charges stemming from a nearly two-decade online career. Poland extradited Maksim Silnikau to the United States on Friday; authorities arrested him in a Spanish seaside town in 2023.
Krebs on Security
AUGUST 15, 2024
A great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named consumer data broker called NationalPublicData.com. This post examines what we know about a breach that has exposed hundreds of millions of consumer records.
The Last Watchdog
AUGUST 12, 2024
LAS VEGAS – Here’s what I discovered last week here at Black Hat USA 2024 : GenAI is very much in the mix as a potent X-factor in cybersecurity. Related: Prioritizing digital resiliency I spoke with over three dozen cybersecurity solution providers. Some of the more intriguing innovations had to do with leveraging GenAI/LLM-equipped chatbots as proprietary force multipliers.
Security Affairs
AUGUST 4, 2024
Jerico Pictures Inc., operating as National Public Data, exposed the personal information of nearly 3 billion individuals in an April data breach. A proposed class action claims that Jerico Pictures Inc., operating with the National Public Data, exposed the personal information of nearly 3 billion individuals in a data breach that occurred in April.
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
KnowBe4
AUGUST 6, 2024
On August 6th, 2024, we celebrate National Social Engineering Day – a new national day established by KnowBe4 and officially recognized by the National Day Calendar. The day aims to educate individuals and organizations about the risks associated with social engineering tactics used in cyber attacks.
WIRED Threat Level
AUGUST 8, 2024
The Smishing Triad network sends up to 100,000 scam texts per day globally. One of those messages went to Grant Smith, who infiltrated their systems and exposed them to US authorities.
Data Breach Today
AUGUST 26, 2024
Texas Credit Union Only Just Notifying 500,000 Members About May 2023 Data Theft Fifteen months after a massive supply-chain attack hit users of MOVEit secure file-transfer software, Texas Dow Employees Credit Union has issued a data breach notification pertaining to 500,474 victims, saying it only discovered last month their personally identifiable information got stolen.
Krebs on Security
AUGUST 27, 2024
Malicious hackers are exploiting a zero-day vulnerability in Versa Director , a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon , a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United States and Asia during any future armed conflict with China.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
eSecurity Planet
AUGUST 20, 2024
A cataclysmic data breach has cast a long shadow over the privacy of billions of individuals. Reports claim that a staggering 2.9 billion records, including Social Security numbers, have been compromised in a cyberattack targeting National Public Data (NPD), a company specializing in background checks. This unprecedented scale of data exposure highlights the vulnerabilities inherent in our interconnected world and the immense value placed on personal information by cybercriminals.
Security Affairs
AUGUST 4, 2024
A China-linked APT, tracked as StormBamboo, compromised an internet service provider (ISP) to poison software update mechanisms with malware. Volexity researchers reported that a China-linked APT group, tracked as StormBamboo (aka Evasive Panda , Daggerfly , and StormCloud), successfully compromised an undisclosed internet service provider (ISP) in order to poison DNS responses for target organizations.
Schneier on Security
AUGUST 29, 2024
The “ long lost lecture ” by Adm. Grace Hopper has been published by the NSA. (Note that there are two parts.) It’s a wonderful talk: funny, engaging, wise, prescient. Remember that talk was given in 1982, less than a year before the ARPANET switched to TCP/IP and the internet went operational. She was a remarkable person. Listening to it, and thinking about the audience of NSA engineers, I wonder how much of what she’s talking about as the future of computing—minia
WIRED Threat Level
AUGUST 14, 2024
Researchers have discovered a way that would allow anyone with a few hundred dollars to hack into a wireless gear-shifting systems used by the top cycling teams for events like the Tour de France.
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
Data Breach Today
AUGUST 27, 2024
Young Consulting Says Health Data Exposed; Ransomware Group Leaked Stolen Data Young Consulting, which develops software for the stop-loss insurance market, is notifying 1 million individuals that their personal information was stolen earlier this year in a hack attack. The BlackSuit ransomware group, a rebrand of Royal, subsequently claimed credit and leaked stolen data.
Krebs on Security
AUGUST 23, 2024
The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which are freely available for anyone to register.
KnowBe4
AUGUST 12, 2024
Most people take a lot of measures to secure their online bank accounts, credit card accounts, retirement accounts and other financial accounts. This often means enabling some form of multi-factor authentication (MFA), using a strong password, or other means of keeping money safe.
Security Affairs
AUGUST 7, 2024
A previously unknown Android Spyware, dubbed LianSpy, has been targeting Russian users since at least 2021. In March 2024, cybersecurity researchers from Kaspersky discovered previously unknown Android spyware dubbed LianSpy. The malware has been active since July 2021, it is designed to capture screencasts, exfiltrate user files, and harvest call logs and app lists.
Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL
Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.
Schneier on Security
AUGUST 16, 2024
The press is reporting a critical Windows vulnerability affecting IPv6. As Microsoft explained in its Tuesday advisory, unauthenticated attackers can exploit the flaw remotely in low-complexity attacks by repeatedly sending IPv6 packets that include specially crafted packets. Microsoft also shared its exploitability assessment for this critical vulnerability, tagging it with an “exploitation more likely” label, which means that threat actors could create exploit code to “consis
WIRED Threat Level
AUGUST 15, 2024
A fix is coming, but data analytics giant Palantir says it’s ditching Android devices altogether because Google’s response to the vulnerability has been troubling.
Data Breach Today
AUGUST 29, 2024
Also: Turn in Volodymyr Kadariya, Get $2.5 Million from Uncle Sam This week, an ex-Verizon employee pleaded guilty, SonicWall fixed critical flaws,South Korean hackers exploited a zero-day, U.S. retailer Dick's Sporting Goods was breached, the U.S. government offered a big reward, Grok AI will send election queries to Vote.gov, and HIPAA is 28 years old.
Krebs on Security
AUGUST 13, 2024
Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attackers. Image: Shutterstock. This month’s bundle of update joy from Redmond includes patches for security holes in Office ,NET , Visual Studio , Azure , Co-Pilot , Microsoft Dynamics , Teams , Secure Boot, and of course Windows itself.
Advertisement
Gearing up for 2025 annual planning? Our latest eBook from the Operators Guild is your ultimate guide. Discover real-world solutions and best practices shared by top CFOs, drawn directly from discussions within OG’s vibrant online community. Learn from senior executives at high-growth tech startups as they outline financial planning strategies, align CEO and board goals, and coordinate budgets across departments.
IT Governance
AUGUST 15, 2024
Common challenges for SAQ A/e-commerce merchants and how to resolve them E-commerce merchants, by definition, accept card payments. So, they’re subject to the PCI DSS (Payment Card Industry Data Security Standard). This standard, currently at v4.0.1 (a limited revision to PCI DSS v4.0 ), contains 277 sub-requirements. However, you can reduce your scope to drastically lower the number of requirements you must meet, thereby significantly reducing your compliance burden.
Security Affairs
AUGUST 16, 2024
Microsoft addressed a critical zero-click Windows remote code execution (RCE) in the TCP/IP stack that impacts all systems with IPv6 enabled. Microsoft urges customers to fix a critical TCP/IP remote code execution (RCE) flaw, tracked as CVE-2024-38063 (CVSS score 9.8), in the TCP/IP stack. The vulnerability impacts all systems with IPv6 enabled (IPv6 is enabled by default).
Schneier on Security
AUGUST 15, 2024
From the Federal Register : After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes: CRYSTALS-Dilithium, FALCON, and SPHINCS+. These algorithms are part of three NIST standards that have been finalized: FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism Standard FIPS 204: Module-Lattice-Base
Expert insights. Personalized for you.
303 
Let's personalize your content