Sat.Jul 15, 2023 - Fri.Jul 21, 2023

article thumbnail

Google Categorizes 6 Real-World AI Attacks to Prepare for Now

Dark Reading

The models powering generative AI like ChatGPT are open to several common attack vectors that organizations need to understand and get ready for, according to Google's dedicated AI Red Team.

85
article thumbnail

MY TAKE: As network perimeters shift and ecosystems blend, the role of MSSPs solidifies

The Last Watchdog

Deepening interoperability of AI-infused systems – in our buildings, transportation grids, communications systems and medical equipment — portend amazing breakthroughs for humankind. Related: The coming of optical infrastructure But first businesses must come to grips with the quickening convergence of their internal and external computing resources.

Cloud 244
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Combat IT Team Burnout by Embracing Automation

Data Breach Today

Expel VP Chris Waynforth on How Security Researchers Can Reduce False Positives Unnecessary cyber alerts are a threat that can overwhelm defenders, leading to burnout and reduced efficiency within the team. Chris Waynforth, vice president and general manager at Expel, said adopting automation solutions to filter and prioritize alerts allows for more effective incident response.

IT 246
article thumbnail

Few Fortune 100 Firms List Security Pros in Their Executive Ranks

Krebs on Security

Many things have changed since 2018, such as the names of the companies in the Fortune 100 list. But one aspect of that vaunted list that hasn’t shifted much since is that very few of these companies list any security professionals within their top executive ranks. The next time you receive a breach notification letter that invariably says a company you trusted places a top priority on customer security and privacy, consider this: Only four of the Fortune 100 companies currently list a sec

Security 215
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Introducing: Ruminant AI (You Heard it Here First)

Weissman's World

It is my pleasure and honor to introduce to you a new buzzword. It’s “Ruminant AI,” which I invented just last week and named after animals like cows and sheep that chew on previously ingested material (the cud). Here’s why: AI engines like ChatGPT ingest information from as many sources as they can be provided… Read More » Introducing: Ruminant AI (You Heard it Here First) The post Introducing: Ruminant AI (You Heard it Here First) appeared first on Holly Group.

IT 156

More Trending

article thumbnail

Federal Reserve's FedNow Goes Live With Fast Payments

Data Breach Today

Program Expected to Modernize Country's Payment Systems FedNow, the Federal Reserve's first instant payment service, officially launched on Thursday. FedNow so far has 35 banks and credit unions and 16 service providers certified to use the service including community banks and large lenders such as JPMorgan Chase and Bank of New York Mellon.

246
246
article thumbnail

News Alert: HostingAdvice poll finds one in three Americans hacked upon visiting sketchy websites

The Last Watchdog

Gainesville, Fla., July 18, 2022 – Around 30,000 websites get hacked every day , with the majority of those cyberattacks due to human error. This has projected costs associated with cybercrimes to hit the tens of trillions by 2025, highlighting the vital need for web hosts to implement staunch security. A new study by HostingAdvice, the premier authority on web hosting, found that 32% of Americans say they’ve gotten hacked from visiting a sketchy website and of those, 53% got a computer virus

Phishing 100
article thumbnail

Living Off the Land Attacks: LOTL Definition & Prevention

eSecurity Planet

Living off the land (LOTL) attacks use legitimate programs that already exist on a computer, rather than installing malware from an external source onto a system. The stealthy nature of these attacks can make them effective — and difficult for security teams to detect and prevent. To prevent LOTL attacks, security teams must use sophisticated detection methods, as well as closing loops in popular computer programs with known vulnerabilities.

article thumbnail

Digital Is Killing Serendipity

John Battelle's Searchblog

The buildings are the same, but the information landscape has changed, dramatically. Today I’m going to write about the college course booklet, an artifact of another time. I hope along the way we might learn something about digital technology, information design, and why we keep getting in our own way when it comes to applying the lessons of the past to the possibilities of the future.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

JumpCloud Hackers Likely Targeting GitHub Accounts Too

Data Breach Today

Targets Include Blockchain, Crypto, Online Gambling and Cybersecurity Sectors Suspected North Korean hackers who targeted enterprise software firm JumpCloud are likely behind a social engineering campaign targeting the personal GitHub accounts of employees from major technology firms - including those in the cybersecurity sector.

article thumbnail

OCR and FTC Issue a Joint Letter Suggesting Enforcement Actions May Be in the Pipeline

Data Protection Report

On July 20, 2023 HHS and the Federal Trade Commission (“FTC”) issued a joint letter to approximately 130 companies regarding their online data collection processes. The letter follows the much discussed December 1, 2022, Bulletin that expanded the kinds of websites and applications governed by HIPAA (you can read about our analysis of the bulletin here ).

article thumbnail

7 Steps to the Incident Response Process & Frameworks

eSecurity Planet

Incident response frameworks and practices are detailed action plans to resolve security breaches inside a business or organization. They give the business a thorough and proactive approach to security by methodically recording every aspect of an incident, including how it happened and the measures that were taken, and describing the subsequent steps to prevent such incidents in the future.

article thumbnail

G2 Summer 2023 Report

Jamf

The phrase “lightning never strikes the same place twice” is a commonly held belief that holds little grounding in science. In fact, lightning can and does strike the same place multiple times and nowhere is that as evident as Jamf solutions once again scoring top marks in G2’s Summer 2023 report.

98
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Spanish Police End a Decade on the Run for Ukrainian Hacker

Data Breach Today

Police Also Apprehend a Smishing Fraudster and Break Up a Phishing Nexus Spanish law enforcement officers scored several recent wins against cybercriminals this month. Police nabbed a Ukrainian hacker on the run for 10 years, arrested a fraudster known to have run a smishing campaign that amassed 1.2 million euros, and broke up a phishing nexus - all in two weeks.

Phishing 245
article thumbnail

Embracing responsible AI in the move from automation to creation

CGI

As a data scientist and AI practitioner, I am excited to see so many positive AI use cases happening and being leveraged to bring quick information and insights to experts and business people – the potential of the rapidly evolving AI technology is truly limitless.

98
article thumbnail

Kevin Mitnick, Hacker Turned Cybersecurity Leader, Dies at 59

eSecurity Planet

Kevin Mitnick, who turned legendary hacking exploits and two prison terms into a career as an esteemed cybersecurity leader, died Sunday at age 59 after a 14-month battle with pancreatic cancer, KnowBe4 revealed today. A memorial will be held August 1 in Las Vegas. Once dubbed “the world’s most wanted hacker” after his youthful exploits attacking Digital Equipment Corporation and Pacific Bell, Mitnick completed his decade-long transition to cybersecurity luminary when he joined

article thumbnail

Improving government services with Collibra Data Quality & Observability: A closer look at the food stamp program

Collibra

In our data-driven age, data quality is crucial for any organization — but it’s particularly vital for citizens who rely on government agencies to provide essential services. Government programs of all kinds can benefit from the use of Collibra Data Quality & Observability. For example, Collibra can help government agencies improve their services to constituents and make more informed decisions about program improvements.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Count of Organizations Breached via MOVEit Campaign Hits 400

Data Breach Today

20 Million Individuals' Details Collectively Stolen, Based on 20% of Victim Reports The count of organizations affected by the Clop ransomware group's attack on MOVEit file-transfer software users continues to grow, now numbering over 400 organizations that were directly or indirectly impacted. More than 20 million individuals' personal details were stolen in the attacks.

article thumbnail

Teaching with technology is more than web access

Jamf

Unifying the devices in your classroom lets you take advantage of more than what the internet has to offer. Leveraging the capabilties and accessibility of Apple devices gives students, teachers and parents the tools they need to foster a creative education environment — read this blog to learn more.

Access 98
article thumbnail

Top API Security Tools 2023

eSecurity Planet

APIs (application programming interfaces) allow applications to communicate with each other, a critically important function in the digital age. Their importance also makes them an attractive target for cyber criminals — according to Akamai, API and application attacks tripled last year. API security tools help protect the integrity of APIs and keep them safe from common attack vectors like local file inclusion (LFI), cross-site scripting ( XSS ) and SQL injection (SQLi).

article thumbnail

Russia-linked APT Gamaredon starts stealing data from victims between 30 and 50 minutes after the initial compromise

Security Affairs

Ukraine’s Computer Emergency Response Team (CERT-UA) states that Russia-linked APT Gamaredon starts stealing data 30 minutes after the initial compromise. Ukraine’s Computer Emergency Response Team (CERT-UA) is warning that the Russia-linked APT group Gamaredon (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa) use to steal data from victims’ networks in less than an hour after the initial compromise.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Security Alert: Exploit Chain Actively Hits ColdFusion

Data Breach Today

Attackers Drop Web Shell; Flaw Is Not Fixed, But Latest Patch Offers Protection Warning: Hackers are actively exploiting a flaw in Adobe's ColdFusion rapid web application development platform to execute malicious code. While Adobe attempted to patch the flaw, researchers say attackers appear to have found a way to bypass it by chaining together multiple flaws.

Security 244
article thumbnail

Evaluating your data catalog’s success

Collibra

If you’ve ever ventured on a road trip without a GPS or a good old-fashioned map, you probably know how essential they are to reaching your destination. Like navigating unfamiliar terrain, managing a chaotic data landscape requires a guide. At Collibra, we know that the best guide is a data catalog. But how do you know if your data catalog is doing its job well?

article thumbnail

Microsoft Unsure How Chinese Hackers Stole MSA Key to Breach U.S. Agencies

eSecurity Planet

Microsoft has hardened security following a Chinese hack of U.S. government agency email accounts, but some details remain a mystery. Even as the threat has passed, Microsoft officials are still analyzing how a Chinese threat group was able to access U.S. government accounts using a stolen inactive Microsoft account (MSA) consumer signing key. Chinese hacker group Storm-0558 breached an undisclosed number of email accounts belonging to 25 organizations, including U.S. government agencies, over t

article thumbnail

Adobe warns customers of a critical ColdFusion RCE exploited in attacks

Security Affairs

Adobe is warning customers of a critical ColdFusion pre-authentication RCE bug, tracked as CVE-2023-29300, which is actively exploited. Adobe warns customers of a critical ColdFusion pre-authentication remote code execution vulnerability, tracked as CVE-2023-29300 (CVSS score 9.8), that is actively exploited in attacks in the wild. “Adobe is aware that CVE-2023-29300 has been exploited in the wild in very limited attacks targeting Adobe ColdFusion,” reads a statement sent by the comp

article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

Florida Hospital Says Data Theft Attack Affects 1.2 Million

Data Breach Today

Tampa General Hospital Says Incident Involved Thwarted Ransomware Encryption Attempt A Florida hospital is notifying 1.2 million patients that their information was stolen by hackers in a cybersecurity incident that spanned for nearly three weeks in May as attackers tried to encrypt the entity's systems with ransomware. The hospital repelled the attack but couldn't stop the breach.

article thumbnail

E-commerce and EDI: What’s the difference?

OpenText Information Management

There are lots of different terms used to describe B2B process automation. These terms can be confusing, partly because they are so inter-related. This article will go into detail on these terms to dispel some of the confusion and explain common terms used within B2B process automation, including the differences between Ecommerce and EDI. First, … The post E-commerce and EDI: What’s the difference?

B2B 95
article thumbnail

Norwegian DPA Adopts Measures Regarding Meta’s Behavioral Advertising Activities

Hunton Privacy

On July 14, 2023, the Norwegian Data Protection Authority (“DPA”) ordered Meta Platforms Ireland Limited and Facebook Norway AS (jointly, “Meta”) to temporarily cease the processing of personal data of data subjects in Norway for the purpose of targeting ads on the basis of “observed behavior,” when relying on either the contractual necessity legal basis (Article 6(1)b)) or the legitimate interests legal basis (Article 6(1)(f)) of the GDPR.

GDPR 95