April, 2024

article thumbnail

The Difference Between Unstructured Data and Structured Data

AIIM

If you are new to AIIM, you might be wondering what AIIM means when we say "information," which we admittedly say a lot. My favorite explanation of information is from Steve Weissman, CIP, who told me that he simply refers to information as "stuff in a box." Information represents all the data you manage within your organization. Information means both structured and unstructured data.

article thumbnail

Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers

Krebs on Security

On April 9, Twitter/X began automatically modifying links that mention “twitter.com” to read “x.com” instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links — such as fedetwitter[.]com , which until very recently rendered as fedex.com in tweets.

Phishing 320
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Hackers Can Use AI Hallucinations to Spread Malware

Data Breach Today

A Fake Software Library Made Up by a ChatBot Was Downloaded More Than 35,000 Times Generative artificial intelligence is good at sounding authoritative - even when it's making stuff up. One community that thinks so-called AI hallucinations are actually a good thing: hackers. Especially when developers use AI tools that hallucinate entire software libraries.

article thumbnail

Tories planned to make millions from members’ data with ‘True Blue’ app

The Guardian Data Protection

Exclusive: senior party officials worked on commercial venture that would allow brands to sell products to supporters Senior Conservative party officials worked on plans to hand over its entire membership database for a commercial venture that promised to make tens of millions of pounds, the Guardian can reveal. Leaked documents show Tory executives discussed exploiting members’ personal data to build a mobile phone app that could track users’ locations and allow big brands to advertise to Conse

Sales 145
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

The Rise of Large-Language-Model Optimization

Schneier on Security

The web has become so interwoven with everyday life that it is easy to forget what an extraordinary accomplishment and treasure it is. In just a few decades, much of human knowledge has been collectively written up and made available to anyone with an internet connection. But all of this is coming to an end. The advent of AI threatens to destroy the complex online ecosystem that allows writers, artists, and other creators to reach human audiences.

More Trending

article thumbnail

New Study Reveals Crucial Role of Information Management in AI Success

AIIM

It cannot be argued that good decisions come from good information. So, in a world of rapid generative AI adoption, what does this mean for organizations who want to take advantage of this exciting new technology, while also maintaining the integrity of their information and, of course, their business decisions?

IT 209
article thumbnail

Crickets from Chirp Systems in Smart Lock Key Leak

Krebs on Security

The U.S. government is warning that “smart locks” securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock’s maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021. Meanwhile, Chirp’s parent company, RealPage, Inc. , is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents.

Analytics 287
article thumbnail

DinodasRAT Backdoor Targeting Linux Machines Worldwide

Data Breach Today

Chinese Hackers Have Used DinodasRAT Hackers are using a new version of a backdoor to target Linux servers and gain and maintain access in what appears to be an espionage campaign, warn researchers from Kaspersky. The hallmark of DinodasRAT's strategy is its sophisticated victim identification and persistence mechanisms.

Access 281
article thumbnail

Linux variant of Cerber ransomware targets Atlassian servers

Security Affairs

Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. At the end of October 2023, Atlassian warned of a critical security flaw, tracked as CVE-2023-22518 (CVSS score 9.1), that affects all versions of Confluence Data Center and Server. The vulnerability is an improper authorization issue that can lead to significant data loss if exploited by an unauthenticated attacker.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

xz Utils Backdoor

Schneier on Security

The cybersecurity world got really lucky last week. An intentionally placed backdoor in xz Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have been incorporated into both Debian and Red Hat Linux. From ArsTehnica : Malicious code added to xz Utils versions 5.6.0 and 5.6.1 modified the way the software functions.

article thumbnail

The Incognito Mode Myth Has Fully Unraveled

WIRED Threat Level

To settle a years-long lawsuit, Google has agreed to delete “billions of data records” collected from users of “Incognito mode,” illuminating the pitfalls of relying on Chrome to protect your privacy.

Privacy 138
article thumbnail

Luna HSMs FIPS 140-3 Validation

Thales Cloud Protection & Licensing

Luna HSMs FIPS 140-3 Validation sparsh Wed, 04/03/2024 - 07:52 FIPS 140-3 and You, Part Two Awhile back, we shared that Thales Luna HSMs were about to kick-off the process of moving towards Federal Information Processing Standard (FIPS) 140-3 Level 3, the newest security standard to accredit cryptographic modules. Security standards, like technology, are always evolving, making compliance challenging for customers and vendors alike.

article thumbnail

FCC Fines Major U.S. Wireless Carriers for Selling Customer Location Data

Krebs on Security

The U.S. Federal Communications Commission (FCC) today levied fines totaling nearly $200 million against the four major carriers — including AT&T , Sprint , T-Mobile and Verizon — for illegally sharing access to customers’ location information without consent. The fines mark the culmination of a more than four-year investigation into the actions of the major carriers.

Access 272
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

New Rules for Shipbuilding Focus on IT/OT Cybersecurity

Data Breach Today

New IACS Rules to Secure Onboard Digital Systems, Equipment Go Into Effect July 1 IT and OT security experts say threats to shipping underscore the need for more stringent regulations for passenger, cargo and high-speed vessels by the International Association of Classification Societies. The new IACS cybersecurity and resilience requirements will go into effect July 1.

article thumbnail

Cisco warns of XSS flaw in end-of-life small business routers

Security Affairs

Cisco warns customers of Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Cross-Site scripting flaw. Cisco warns of a Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 routers Cross-Site scripting (XSS) flaw. The medium severity issue, tracked as CVE-2024-20362 (CVSS score 6.1), resides in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers.

Access 140
article thumbnail

Surveillance by the New Microsoft Outlook App

Schneier on Security

The ProtonMail people are accusing Microsoft’s new Outlook for Windows app of conducting extensive surveillance on its users. It shares data with advertisers, a lot of data: The window informs users that Microsoft and those 801 third parties use their data for a number of purposes, including to: Store and/or access information on the user’s device Develop and improve products Personalize ads and content Measure ads and content Derive audience insights Obtain precise geolocation data

Access 141
article thumbnail

The US Government Has a Microsoft Problem

WIRED Threat Level

Microsoft has stumbled through a series of major cybersecurity failures over the past few years. Experts say the US government’s reliance on its systems means the company continues to get a free pass.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

12 Data Loss Prevention Best Practices (+ Real Success Stories)

eSecurity Planet

Data loss prevention (DLP) best practices are principles that help prevent intentional or unintentional data erasure. By following these guidelines, organizations can reduce the detrimental impact of data loss and quickly resume operations after an incident. This also protects sensitive data and minimizes legal and reputational issues. Explore some real-world instances below and discover when and how to use DLP procedures for optimal data security.

article thumbnail

Jamf named CVE Numbering Authority

Jamf

Jamf has been authorized by the Common Vulnerabilities and Exposures (CVE) program as a CVE Numbering Authority! Learn more about the CVE program and what this means for Jamf.

122
122
article thumbnail

Secure by Design: UK Enforces IoT Device Cybersecurity Rules

Data Breach Today

Law Bans Universal Default Passwords; Requires Bug-Reporting Channels, Update Plan Say goodbye to buying internet of things devices in Britain with a default or hardcoded password set to "12345," as the country has banned manufacturers from shipping internet-connected and network-connected devices that don't comply with minimum cybersecurity standards.

article thumbnail

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

Security Affairs

The Ukrainian hacking group Blackjack used a destructive ICS malware dubbed Fuxnet in attacks against Russian infrastructure. Industrial and enterprise IoT cybersecurity firm Claroty reported that the Ukrainian Blackjack hacking group claims to have damaged emergency detection and response capabilities in Moscow and beyond the Russian capital using a destructive ICS malware dubbed Fuxnet.

IoT 136
article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

Security Vulnerability of HTML Emails

Schneier on Security

This is a newly discovered email vulnerability: The email your manager received and forwarded to you was something completely innocent, such as a potential customer asking a few questions. All that email was supposed to achieve was being forwarded to you. However, the moment the email appeared in your inbox, it changed. The innocent pretext disappeared and the real phishing email became visible.

Phishing 140
article thumbnail

The Mystery of ‘Jia Tan,’ the XZ Backdoor Mastermind

WIRED Threat Level

The thwarted XZ Utils supply chain attack was years in the making. Now, clues suggest nation-state hackers were behind the persona that inserted the malicious code.

Security 144
article thumbnail

LastPass Warns of Deepfake Phishing Attempt

KnowBe4

LastPass has warned that one of its employees was targeted by a social engineering attack that used an audio deepfake that impersonated the company’s CEO. Fortunately, the employee grew suspicious and avoided falling for the attack.

Phishing 113
article thumbnail

Machine vs. machine

OpenText Information Management

Greetings from Mav, trusted partner for your AI journey. This AI-generated moose has been on the hunt for threats and keeping security top of mind. Every technology has dual usage and Mav is here to keep us all informed. You: How has AI evolved the landscape of security? MAV: Unfortunately, the amount and frequency of fake information has skyrocketed.

article thumbnail

How Top Tech CFOs Solve Annual Planning’s Biggest Challenges

Gearing up for 2025 annual planning? Our latest eBook from the Operators Guild is your ultimate guide. Discover real-world solutions and best practices shared by top CFOs, drawn directly from discussions within OG’s vibrant online community. Learn from senior executives at high-growth tech startups as they outline financial planning strategies, align CEO and board goals, and coordinate budgets across departments.

article thumbnail

Cloudflare Enters Observability Space With Baselime Purchase

Data Breach Today

Acquiring Baselime Will Give Developers Better Visibility Into Serverless Platforms Cloudflare purchased an observability startup founded by an aerospace dynamics expert to enhance the developer experience on serverless platforms. Baselime will allow developers to optimize performance, investigate bugs and regressions, and identify when a release needs to be rolled back.

282
282
article thumbnail

Google fixed critical Chrome vulnerability CVE-2024-4058

Security Affairs

Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics layer engine. Google addressed four vulnerabilities in the Chrome web browser, including a critical vulnerability tracked as CVE-2024-4058. The vulnerability CVE-2024-4058 is a Type Confusion issue that resides in the ANGLE graphics layer engine.

Security 132
article thumbnail

Other Attempts to Take Over Open Source Projects

Schneier on Security

After the XZ Utils discovery, people have been examining other open-source projects. Surprising no one, the incident is not unique: The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails. These emails implored OpenJS to take action to update one of its popular JavaScript projects to “address any critical vulnerabilities,” yet cited no specifics.