Sat.Sep 07, 2024 - Fri.Sep 13, 2024

article thumbnail

RAM Signals Expose Air-Gapped Networks to Attacks

Data Breach Today

RAM-Based Radio Signal Attack Allows Attackers to Exfiltrate Data A novel side-channel attack exploits radio signals emitted by random access memory in air-gapped computers, presenting a new threat to highly secure networks. One of the most effective ways to mitigate the risk is to cover sensitive machines with Faraday shielding.

Risk 290
article thumbnail

News alert: Seventh Sense unveils a revolutionary privacy solution — face-based PKI and ‘eID’

The Last Watchdog

Singapore, Sept. 10, 2024, CyberNewsWire — Seventh Sense , a pioneer in advanced cybersecurity solutions, announces the launch of SenseCrypt , a revolutionary new platform that sets a new standard in secure, privacy-preserving identity verification. SenseCrypt introduces a first-of-its-kind face-based public key infrastructure (PKI) and electronic identity (eID) solution.

Privacy 278
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Bug Left Some Windows PCs Dangerously Unpatched

Krebs on Security

Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused some Windows 10 PCs to remain dangerously unpatched against actively exploited vulnerabilities for several months this year.

article thumbnail

Trustworthiness Is Not a Realistic Goal for AI and Here’s Why

AIIM

As someone who works closely with information management and AI, I get asked a lot whether or not we should trust the outputs from generative AI. I've come to the conclusion that trustworthiness is not a realistic goal when it comes to AI-generated content. Instead, we should approach everything AI produces with a sense of mistrust and use critical analysis skills in how we approach generative AI output.

IT 159
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Breach Roundup: Mexico in Hacker Spotlight

Data Breach Today

Also: Critical WHOIS Vulnerability Exposes Internet Security Flaw in.mobi Domains This week, cyberthreats rising in Mexico; FBI warned of BEC scams; U.K. police arrested hacking suspect; Avis, Slim CD, Medicare and Fortinet disclosed breaches; Highline public schools reopened after cyberattack; a critical flaw was found in WHOIS; and Konni upped attacks on Russia, South Korea.

Security 297

More Trending

article thumbnail

My Experience is Your Best Teacher

Weissman's World

Julius Caesar had it right when he observed that “experience is the best teacher, and the worst experiences teach the best lessons.” How do I know? Because I’ve been helping organizations Do Information Right™ for a long time and have learned a great many lessons that you can benefit from without having to learn them the hard way. The post My Experience is Your Best Teacher appeared first on Holly Group.

IT 156
article thumbnail

Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries

Security Affairs

Researchers uncovered an Android malware, dubbed Vo1d, that has already infected nearly 1.3 million Android devices in 197 countries. Doctor Web researchers uncovered a malware, tracked as Vo1d , that infected nearly 1.3 million Android-based TV boxes belonging to users in 197 countries. The malicious code acts as a backdoor and allows attackers to download and install third-party software secretly.

article thumbnail

Patch Alert Issued for Veeam Backup & Replication Software

Data Breach Today

Expect Ransomware Groups to Abuse Critical-Severity Bug to Steal Data, Experts Warn Security experts are urging all Veeam Backup & Replication users to immediately update their software to patch a flaw that attackers can remotely exploit to take full control of a system. Experts say ransomware groups likely will target the critical-severity vulnerability for double extortion.

article thumbnail

Apple Vision Pro’s Eye Tracking Exposed What People Type

WIRED Threat Level

The Vision Pro uses 3D avatars on calls and for streaming. These researchers used eye tracking to work out the passwords and PINs people typed with their avatars.

Passwords 142
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

News alert: Aembit raises $25M Series A funding for non-human Identity and Access Management

The Last Watchdog

Silver Spring, MD, Sept.12, 2024, CyberNewsWire – – Aembit , the leading non-human identity and access management (IAM) company, has secured $25 million in Series A funding, bringing its total capital raised to nearly $45 million. Acrew Capital led the round, with participation from existing investors Ballistic Ventures, Ten Eleven Ventures, Okta Ventures, and CrowdStrike Falcon Fund.

Access 130
article thumbnail

Cybersecurity giant Fortinet discloses a data breach

Security Affairs

Fortinet disclosed a data breach after a threat actor claimed the theft of 440GB of files from the company’s Microsoft Sharepoint server. Today, Fortinet told Cyber Daily that a threat actor gained unauthorized access to a third-party service it used. “An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number of Fortinet customers, and

article thumbnail

Cryptohack Roundup: $20.5M Indodax Theft

Data Breach Today

Also: Angel Drainer Resurfaces; Russia's Sanctions Evasion Ploy This week, Indodax was hacked, Angel Drainer resurfaced, Russia developed Infra crypto, GS Partners settled with U.S. states, Caroline Ellison to be sentenced Sept. 24, FCA prosecuted first unregistered crypto case, Nigeria set new crypto regulations, and India may approve offshore crypto firms.

288
288
article thumbnail

‘Terrorgram’ Charges Show US Has Had Tools to Crack Down on Far-Right Terrorism All Along

WIRED Threat Level

The federal indictment of two alleged members of the Terrorgram Collective, a far-right cell accused of inspiring “lone wolf” attacks, reveals the US is now using a “forgotten” legal strategy.

Security 141
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

News alert: INE Security launches initiative to help SMBs foster a proactive cybersecurity culture

The Last Watchdog

Cary, NC, Sept. 10, 2024, CyberNewsWire — As cyber threats grow, small to medium-sized businesses (SMBs) are disproportionately targeted. According to the recent Hiscox annual cyber readiness report , 41% of SMBs in the US fell victim to a cyberattack in 2023, a figure that has nearly doubled since 2021. INE Security , a global leader in cybersecurity training and certifications, recognizes this as a critical issue and is leading an initiative for change by working with SMBs to bridge the

article thumbnail

Adobe Patch Tuesday security updates fixed multiple critical issues in the company’s products

Security Affairs

Adobe addressed tens of vulnerabilities, including critical issues that could allow attackers to execute arbitrary code on Windows and macOS. Adobe Patch Tuesday security updates addressed multiple vulnerabilities in its products, including critical flaws that could allow attackers to execute arbitrary code on Windows and macOS systems. The most severe vulnerabilities are two critical memory corruption flaws in Acrobat and PDF Reader, tracked as CVE-2024-41869 (CVSS score of 7.8) and CVE-2024-45

Security 144
article thumbnail

CrowdStrike Has Yet to See Any Customer Lawsuits Over Outage

Data Breach Today

'We Don't Know How It's All Going to Shake Out,' Says CFO, 6 Weeks Post-Outage Cybersecurity firm CrowdStrike has yet to see any lawsuits get filed against it by customers, following its July 19 faulty software update crashing systems worldwide. Does that speak to the company having run a well-executed crisis management strategy?

article thumbnail

Apple Intelligence Promises Better AI Privacy. Here’s How It Actually Works

WIRED Threat Level

Private Cloud Compute is an entirely new kind of infrastructure that, Apple’s Craig Federighi tells WIRED, allows your personal data to be “hermetically sealed inside of a privacy bubble.

Privacy 141
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Microsoft Is Adding New Cryptography Algorithms

Schneier on Security

Microsoft is updating SymCrypt , its core cryptographic library, with new quantum-secure algorithms. Microsoft’s details are here. From a news article : The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum standards formalized last month by the National Institute of Standards and Technology (NIST).

Libraries 129
article thumbnail

Experts demonstrated how to bypass WhatsApp View Once feature

Security Affairs

Users are exploiting a privacy flaw in WhatsApp to bypass the app’s “View once” feature, allowing them to re-view messages. The ‘View Once ‘ feature in WhatsApp allows users to send photos, videos, and voice messages that can only be viewed once by the recipient. Recipients cannot forward, share, or copy the “View Once” media, and they cannot take screenshots or screen recordings of it.

Privacy 144
article thumbnail

Kernel Mode Under the Microscope at Windows Security Summit

Data Breach Today

Company Focused on Safe Deployment Practices, Reducing Kernel Mode Dependencies Cutting kernel mode dependencies and adopting safe deployment practices will make endpoint systems more resilient and secure for Windows customers. Tuesday's meeting came two months after a faulty CrowdStrike update disrupted 8.5 million Windows machines and caused $5.4 billion in direct losses.

Security 189
article thumbnail

What You Need to Know About Grok AI and Your Privacy

WIRED Threat Level

xAI's generative AI tool, Grok AI, is unhinged compared to its competitors. It's also scooping up a ton of data people post on X. Here's how to keep your posts out of Grok—and why you should.

Privacy 136
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Legal Firms Increasingly Targeted by Phishing Attacks, Ransomware

KnowBe4

Researchers at Bitdefender warn that law firms are high-value targets for ransomware gangs and other criminal threat actors. Attackers frequently use phishing to gain initial access to an organization’s networks.

Phishing 126
article thumbnail

Feds indicted two alleged administrators of WWH Club dark web marketplace

Security Affairs

Russian And Kazakhstani men indicted for operating the Dark Web cybercriminals marketplace WWH Club and other crime forums and markets. Alex Khodyrev (35) from Kazakhstan) and Pavel Kublitskii (37) from Russia have been indicted in Tampa, Florida, for conspiracy to commit access device fraud and wire fraud. Between 2014 and 2024, the duo operated the dark web marketplace WWH Club (wwh-club[.]ws) which focused on selling stolen personal data and conducting illegal activities.

article thumbnail

French Cyber Agency Warns of APT28 Hacks Against Think Tanks

Data Breach Today

Report: North Korean, Russian, Chinese, Iranian Actors Are Targeting Research Orgs Russian state hackers are targeting think tanks studying strategic interests and the defense sector, warned the French cyber agency. A hacking group that officially is Unit 26165 of the Russian Main Intelligence Directorate appears to be Russia's most prolific targeter of think tanks.

189
189
article thumbnail

Australia Threatens to Force Companies to Break Encryption

Schneier on Security

In 2018, Australia passed the Assistance and Access Act, which—among other things—gave the government the power to force companies to break their own encryption. The Assistance and Access Act includes key components that outline investigatory powers between government and industry. These components include: Technical Assistance Requests (TARs): TARs are voluntary requests for assistance accessing encrypted data from law enforcement to teleco and technology companies.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Forget the Talent Gap – It’s an Experience Gap

KnowBe4

South Africa’s cybersecurity workforce shortage mirrors global trends, but also faces local factors like underinvestment in basic education, underserved communities, digital literacy gaps and challenges with data access.

Education 124
article thumbnail

TIDRONE APT targets drone manufacturers in Taiwan

Security Affairs

A previously undocumented threat actor tracked TIDRONE targets organizations in military and satellite industries in Taiwan. Trend Micro spotted an allegedly China-linked threat actor, tracked TIDRONE, targeting drone manufacturers in Taiwan. The group, which was previously undocumented, uses enterprise resource planning (ERP) software and remote desktops to deploy advanced malware, including CXCLNT and CLNTEND.

article thumbnail

Mastercard Buys Threat Intel Firm Recorded Future for $2.65B

Data Breach Today

Deal Will Help Mastercard Offer Greater Protection, Trust for Digital Transactions Mastercard plans to buy threat intelligence firm Recorded Future for $2.65 billion to enhance cyber resilience and offer greater protection and trust around digital transactions. The deal will enhance Mastercard's identity, fraud prevention services by helping businesses identify and mitigate risk.

Risk 182