Data Breach Today
SEPTEMBER 10, 2024
RAM-Based Radio Signal Attack Allows Attackers to Exfiltrate Data A novel side-channel attack exploits radio signals emitted by random access memory in air-gapped computers, presenting a new threat to highly secure networks. One of the most effective ways to mitigate the risk is to cover sensitive machines with Faraday shielding.
The Last Watchdog
SEPTEMBER 10, 2024
Singapore, Sept. 10, 2024, CyberNewsWire — Seventh Sense , a pioneer in advanced cybersecurity solutions, announces the launch of SenseCrypt , a revolutionary new platform that sets a new standard in secure, privacy-preserving identity verification. SenseCrypt introduces a first-of-its-kind face-based public key infrastructure (PKI) and electronic identity (eID) solution.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
SEPTEMBER 10, 2024
Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused some Windows 10 PCs to remain dangerously unpatched against actively exploited vulnerabilities for several months this year.
AIIM
SEPTEMBER 10, 2024
As someone who works closely with information management and AI, I get asked a lot whether or not we should trust the outputs from generative AI. I've come to the conclusion that trustworthiness is not a realistic goal when it comes to AI-generated content. Instead, we should approach everything AI produces with a sense of mistrust and use critical analysis skills in how we approach generative AI output.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Data Breach Today
SEPTEMBER 12, 2024
Also: Critical WHOIS Vulnerability Exposes Internet Security Flaw in.mobi Domains This week, cyberthreats rising in Mexico; FBI warned of BEC scams; U.K. police arrested hacking suspect; Avis, Slim CD, Medicare and Fortinet disclosed breaches; Highline public schools reopened after cyberattack; a critical flaw was found in WHOIS; and Konni upped attacks on Russia, South Korea.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Schneier on Security
SEPTEMBER 12, 2024
Microsoft is updating SymCrypt , its core cryptographic library, with new quantum-secure algorithms. Microsoft’s details are here. From a news article : The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum standards formalized last month by the National Institute of Standards and Technology (NIST).
KnowBe4
SEPTEMBER 11, 2024
Researchers at Bitdefender warn that law firms are high-value targets for ransomware gangs and other criminal threat actors. Attackers frequently use phishing to gain initial access to an organization’s networks.
Data Breach Today
SEPTEMBER 12, 2024
Also: Angel Drainer Resurfaces; Russia's Sanctions Evasion Ploy This week, Indodax was hacked, Angel Drainer resurfaced, Russia developed Infra crypto, GS Partners settled with U.S. states, Caroline Ellison to be sentenced Sept. 24, FCA prosecuted first unregistered crypto case, Nigeria set new crypto regulations, and India may approve offshore crypto firms.
Security Affairs
SEPTEMBER 13, 2024
Researchers uncovered an Android malware, dubbed Vo1d, that has already infected nearly 1.3 million Android devices in 197 countries. Doctor Web researchers uncovered a malware, tracked as Vo1d , that infected nearly 1.3 million Android-based TV boxes belonging to users in 197 countries. The malicious code acts as a backdoor and allows attackers to download and install third-party software secretly.
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
Schneier on Security
SEPTEMBER 9, 2024
In 2018, Australia passed the Assistance and Access Act, which—among other things—gave the government the power to force companies to break their own encryption. The Assistance and Access Act includes key components that outline investigatory powers between government and industry. These components include: Technical Assistance Requests (TARs): TARs are voluntary requests for assistance accessing encrypted data from law enforcement to teleco and technology companies.
eSecurity Planet
SEPTEMBER 13, 2024
Cyber security in banking has become the frontline defense against an ever-growing wave of digital threats. With billions of dollars and sensitive data at risk, banks are under constant pressure to stay one step ahead of cybercriminals. So, what are the biggest threats facing the banking sector, and how are institutions safeguarding your financial future?
Data Breach Today
SEPTEMBER 9, 2024
Expect Ransomware Groups to Abuse Critical-Severity Bug to Steal Data, Experts Warn Security experts are urging all Veeam Backup & Replication users to immediately update their software to patch a flaw that attackers can remotely exploit to take full control of a system. Experts say ransomware groups likely will target the critical-severity vulnerability for double extortion.
Security Affairs
SEPTEMBER 11, 2024
Adobe addressed tens of vulnerabilities, including critical issues that could allow attackers to execute arbitrary code on Windows and macOS. Adobe Patch Tuesday security updates addressed multiple vulnerabilities in its products, including critical flaws that could allow attackers to execute arbitrary code on Windows and macOS systems. The most severe vulnerabilities are two critical memory corruption flaws in Acrobat and PDF Reader, tracked as CVE-2024-41869 (CVSS score of 7.8) and CVE-2024-45
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
WIRED Threat Level
SEPTEMBER 13, 2024
The federal indictment of two alleged members of the Terrorgram Collective, a far-right cell accused of inspiring “lone wolf” attacks, reveals the US is now using a “forgotten” legal strategy.
eSecurity Planet
SEPTEMBER 10, 2024
Air-gapped systems have long been the go-to solution for sensitive operations, especially in sectors like defense, finance, and critical infrastructure. These systems, disconnected from external networks, are believed to be nearly impervious to cyberattacks. However, the evolving landscape of cybersecurity threats has brought new methods to breach even these fortified digital fortresses.
Data Breach Today
SEPTEMBER 10, 2024
'We Don't Know How It's All Going to Shake Out,' Says CFO, 6 Weeks Post-Outage Cybersecurity firm CrowdStrike has yet to see any lawsuits get filed against it by customers, following its July 19 faulty software update crashing systems worldwide. Does that speak to the company having run a well-executed crisis management strategy?
Security Affairs
SEPTEMBER 8, 2024
Russian And Kazakhstani men indicted for operating the Dark Web cybercriminals marketplace WWH Club and other crime forums and markets. Alex Khodyrev (35) from Kazakhstan) and Pavel Kublitskii (37) from Russia have been indicted in Tampa, Florida, for conspiracy to commit access device fraud and wire fraud. Between 2014 and 2024, the duo operated the dark web marketplace WWH Club (wwh-club[.]ws) which focused on selling stolen personal data and conducting illegal activities.
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
KnowBe4
SEPTEMBER 11, 2024
South Africa’s cybersecurity workforce shortage mirrors global trends, but also faces local factors like underinvestment in basic education, underserved communities, digital literacy gaps and challenges with data access.
eSecurity Planet
SEPTEMBER 9, 2024
Industrial control systems (ICS) are the backbone of critical infrastructure, powering essential operations in the energy, manufacturing, water treatment, and transportation sectors. These systems ensure the seamless functioning of processes that keep industries running smoothly and efficiently. However, as ICSs become more integrated with digital networks, their vulnerability to cyberthreats grows, making robust security measures essential to safeguarding these vital operations.
Data Breach Today
SEPTEMBER 12, 2024
Company Focused on Safe Deployment Practices, Reducing Kernel Mode Dependencies Cutting kernel mode dependencies and adopting safe deployment practices will make endpoint systems more resilient and secure for Windows customers. Tuesday's meeting came two months after a faulty CrowdStrike update disrupted 8.5 million Windows machines and caused $5.4 billion in direct losses.
Security Affairs
SEPTEMBER 11, 2024
Researchers observed the RansomHub ransomware group using the TDSSKiller tool to disable endpoint detection and response (EDR) systems. The RansomHub ransomware gang is using the TDSSKiller tool to disable endpoint detection and response (EDR) systems, Malwarebytes ThreatDown Managed Detection and Response (MDR) team observed. TDSSKiller a legitimate tool developed by the cybersecurity firm Kaspersky to remove rootkits, the software could also disable EDR solutions through a command line script
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
WIRED Threat Level
SEPTEMBER 12, 2024
The Vision Pro uses 3D avatars on calls and for streaming. These researchers used eye tracking to work out the passwords and PINs people typed with their avatars.
eSecurity Planet
SEPTEMBER 9, 2024
Last week’s vulnerability news highlighted major security problems that affect a wide range of technologies. These vulnerabilities represent significant dangers for end users and organizations — from the remote code execution vulnerabilities in Veeam Backup & Replication and Apache OFBiz to the severe access control issues in SonicWall and Google Android.
Data Breach Today
SEPTEMBER 11, 2024
Report: North Korean, Russian, Chinese, Iranian Actors Are Targeting Research Orgs Russian state hackers are targeting think tanks studying strategic interests and the defense sector, warned the French cyber agency. A hacking group that officially is Unit 26165 of the Russian Main Intelligence Directorate appears to be Russia's most prolific targeter of think tanks.
Security Affairs
SEPTEMBER 12, 2024
Fortinet disclosed a data breach after a threat actor claimed the theft of 440GB of files from the company’s Microsoft Sharepoint server. Today, Fortinet told Cyber Daily that a threat actor gained unauthorized access to a third-party service it used. “An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number of Fortinet customers, and
Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL
Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.
WIRED Threat Level
SEPTEMBER 11, 2024
Private Cloud Compute is an entirely new kind of infrastructure that, Apple’s Craig Federighi tells WIRED, allows your personal data to be “hermetically sealed inside of a privacy bubble.
Schneier on Security
SEPTEMBER 11, 2024
New research evaluating the effectiveness of reward modeling during Reinforcement Learning from Human Feedback (RLHF): “ SEAL: Systematic Error Analysis for Value ALignment.” The paper introduces quantitative metrics for evaluating the effectiveness of modeling and aligning human values: Abstract : Reinforcement Learning from Human Feedback (RLHF) aims to align language models (LMs) with human values by training reward models (RMs) on binary preferences and using these RMs to fine-tu
Collaboration 2.0
SEPTEMBER 11, 2024
Try or gift Xbox Game Pass for three months for 28% off and play over 100 games including Starfield, Forza Motorsport, and Football Manager 2024 on your Xbox, PC, or mobile device.
Expert insights. Personalized for you.
277 
Let's personalize your content