Sat.Jul 08, 2023 - Fri.Jul 14, 2023

article thumbnail

[Discovered] An evil new AI disinformation attack called 'PoisonGPT'

KnowBe4

PoisonGPT works completely normally, until you ask it who the first person to walk on the moon was.

IT 73
article thumbnail

MY TAKE: ‘IOWN’ makes the business case for fostering diversity, respecting individual privacy

The Last Watchdog

To tap the full potential of massively interconnected, fully interoperable digital systems we must solve privacy and cybersecurity, to be sure. Related: Using ‘Big Data’ to improve health and well-being But there’s yet another towering technology mountain to climb: we must also overcome the limitations of Moore’s Law. After 30 years, we’ve reached the end of Moore’s Law , which states that the number of transistors on a silicon-based semiconductor chip doubles approximately eve

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Apple & Microsoft Patch Tuesday, July 2023 Edition

Krebs on Security

Microsoft Corp. today released software updates to quash 130 security bugs in its Windows operating systems and related software, including at least five flaws that are already seeing active exploitation. Meanwhile, Apple customers have their own zero-day woes again this month: On Monday, Apple issued (and then quickly pulled) an emergency update to fix a zero-day vulnerability that is being exploited on MacOS and iOS devices.

article thumbnail

Healthcare Summit: Securing Life Sciences, Genomic Data

Data Breach Today

ISMG Summit Speaker Phil Englert of H-ISAC on Emerging Security Healthcare Issues Life sciences firms, including pharmaceutical companies, are facing growing challenges in securing complex sets of sensitive data, including genomic information, said H-ISAC's Phil Englert, one of many high-profile speakers who will discuss industry trends at ISMG's upcoming Healthcare Summit 2023.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

The 4th Wave of IDP is Here

AIIM

Since the earliest forays into  optical character recognition  (OCR) by Ray Kurzweil in the early 1970s, software developers have been on a mission to teach computers how to do the paperwork for us. What if the computer could replace the interminable number of hours needed each day in offices around the globe for humans to read documents, understand the meaning, and extract the right data for the next step in a work process?

More Trending

article thumbnail

World Youth Skills Day 2023: Engaging Youth with Cybersecurity

Thales Cloud Protection & Licensing

World Youth Skills Day 2023: Engaging Youth with Cybersecurity madhav Thu, 07/13/2023 - 04:56 In 2014, the United Nations General Assembly declared 15 July as World Youth Skills Day to celebrate the strategic importance of equipping young people with skills for employment, decent work, and entrepreneurship. “Young people are drivers of change and must be fully engaged in decisions affecting their future,” said UN Secretary-General António Guterres.

article thumbnail

China-Based Hacker Hijacked EU, US Government Emails

Data Breach Today

26 Countries Hit by Espionage Group Storm-0558 Through Microsoft Outlook Flaw Security experts say China-based hackers are "leading their peers in the deployment of zero-days" in the wake of another wide-ranging attack that abused a flaw in Microsoft Outlook and used forged authentication tokens to access email accounts of governments in the United States and Western Europe.

article thumbnail

FTC’s New Biometric Policy Statement Articulates New Governance Standards and an Expansive View of Biometric Data

Data Matters

On May 18, 2023, the Federal Trade Commission (“FTC”) issued its 2023 Policy Statement on Biometric Information and Section 5 of the FTC Act (the “Policy Statement”) describing the agency’s concerns about these fast-proliferating technologies and articulating a set of compliance obligations for businesses that develop or use biometric technologies. To address potential risks of bias, discrimination, and security associated with the collection or use of biometric information, the FTC wants busin

article thumbnail

GUEST ESSAY: 7 tips for protecting investor data when it comes to alternative asset trading

The Last Watchdog

When it comes to alternative asset trading, protecting investor data is of critical importance. Related: Preserving the privacy of the elderly As more traders and investors engage in these investment avenues, it is crucial to adopt robust security measures to safeguard sensitive and regulated information. Here are seven tips to protect investor data in alternative asset trading.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Banking Firms Under Attack by Sophisticated 'Toitoin' Campaign

Dark Reading

An attack involves a multi-stage infection chain with custom malware hosted on Amazon EC2 that ultimately steals critical system and browser data; so far, targets have been located in Latin America.

113
113
article thumbnail

Belarus Hackers Targeting Poland, Ukraine With RAT, Phishing

Data Breach Today

State-Linked Spear-Phishing Campaign Targeting Government, Military Personnel Belarus state-linked hackers are targeting government and military entities in both Ukraine and Poland with spear-phishing campaigns that deliver remote access Trojans. Ukrainian authorities say the adversary is focusing on information stealing and remote control of targeted systems.

Phishing 204
article thumbnail

Cybersecurity and Environmental Fraud Top Priorities of U.S. Commodity Futures Trading Commission Division of Enforcement

Data Matters

Just before Americans began their Fourth of July holiday, the U.S. Commodity Futures Trading Commission (CFTC) Division of Enforcement Director announced that the division has established two key task forces: the Cybersecurity and Emerging Technologies and the Environmental Fraud Task Force. 1 Both task forces will be staffed with attorneys and investigators across the Division of Enforcement with the goal of serving as subject matter experts and prosecuting cases.

article thumbnail

News alert: Zluri raises $20M funding round for SaaS management as identity features take off

The Last Watchdog

Santa Clara, Calif. and Bangalore, India – July 13, 2023 — Large companies are typically using over 1100 SaaS applications to run their operations and the number of companies adopting this trend is rapidly growing 20% every year but this presents a number of risks. Helping them manage their SaaS estates and mitigate risks, SaaS operations(SaaSOps) platform Zluri is today announcing a $20M funding round.

Marketing 188
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Microsoft Discloses 5 Zero-Days in Voluminous July Security Update

Dark Reading

Fixes for more than 100 vulnerabilities affect numerous products, including Windows, Office,Net, and Azure Active Directory, among others.

Security 128
article thumbnail

Spanish Police Arrest Phishing Ring Targeting Bank Customers

Data Breach Today

Police Say Cybercrime Group Defrauded Banking Customers out of 100,000 Euros Spanish law enforcement authorities said they have brought down a cybercriminal ring that deployed a range of hacking techniques to target banking customers. The group operators extorted 100,000 euros and offered crime as a service to other criminals, the police said.

Phishing 189
article thumbnail

BREAKING: EU Commission Adopts EU-U.S. Data Privacy Framework Adequacy Decision

Hunton Privacy

On July 10, 2023, the European Commission formally adopted a new adequacy decision on the EU-U.S. Data Privacy Framework (the “Adequacy Decision”). The adoption of this Adequacy Decision follows years of intense negotiations between the EU and the U.S., after the invalidation of the EU-U.S. Privacy Shield by the Court of Justice of the European Union (“CJEU”) in the Schrems II case.

article thumbnail

News Alert: Utimaco finds regional disparities in consumers’ level of trust in digital security

The Last Watchdog

Aachen, Germany, July 10, 2023 – Utimaco , a leading global provider of IT security solutions that is celebrating its 40th year pioneering trusted cybersecurity and compliance solutions and services to customers across the globe, has released a new whitepaper, ‘ Circles of Trust 2023: Exploring Consumer Trust in the Digital Society ’, that takes a deep look at how consumers view trust in an increasingly digital world.

IoT 189
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Deepfake Quantum AI Investment Scam Pops Up on Facebook

Dark Reading

A consumer finance journalist and television personality took to Twitter to warn his followers about advertisements using his name and face to scam victims.

109
109
article thumbnail

ISMG Editors: Why Is the US Behind in Securing Credit Cards?

Data Breach Today

Also: The Latest Generative AI Use Cases; Software Consolidation Trends In the latest weekly update, ISMG editors discuss the complex task of phasing out magnetic stripe payment cards and why the United States lags behind, the great debate over best of breed vs. a single platform vendor approach, and AI insights from Palo Alto CIO Meerah Rajavel.

Security 185
article thumbnail

The source code of the BlackLotus UEFI Bootkit was leaked on GitHub

Security Affairs

The source code for the BlackLotus UEFI bootkit has been published on GitHub and experts warn of the risks of proliferation of custom versions. Researchers from ESET discovered in March a new stealthy Unified Extensible Firmware Interface ( UEFI ) bootkit, named BlackLotus , that is able to bypass Secure Boot on Windows 11. Secure Boot is a security feature of the latest Unified Extensible Firmware Interface (UEFI) 2.3.1 designed to detect tampering with boot loaders, key operating system fi

Sales 98
article thumbnail

News Alert: Oxeye provides remediation guidance for ‘Owncast’ and ‘EaseProbe’ vulnerabilities

The Last Watchdog

Tel Aviv, Israel– July 12, 2023 – Oxeye , the provider of an award-winning cloud-native application security platform, has uncovered two critical security vulnerabilities and recommending immediate action be taken to mitigate risk. The vulnerabilities were discovered in Owncast ( CVE-2023-3188 ) and EaseProbe ( CVE-2023-33967), two open-source platforms written in Go.

Risk 186
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Becoming data-driven requires being people-driven

CGI

An organization’s culture can “make or break” its transformation into a data-driven enterprise. This is because becoming data-driven is, first and foremost, about people. Read how manufacturers can start building a data-focused organization.

article thumbnail

Ukrainian Agencies, NATO Targeted With RATs Ahead of Summit

Data Breach Today

Attackers Using RomCom, PicassoLoader and njRAT Malware to Steal Credentials The threat actor behind the remote access Trojan called RomCom RAT and other pro-Russian groups are targeting Ukrainian agencies and allies ahead of the NATO Summit this week in Vilnius, Lithuania, using weaponized Microsoft documents and typosquatting techniques to deliver the malware.

Access 195
article thumbnail

New AVrecon botnet remained under the radar for two years while targeting SOHO Routers

Security Affairs

A new malware dubbed AVrecon targets small office/home office (SOHO) routers, it infected over 70,000 devices from 20 countries. Lumen Black Lotus Labs uncovered a long-running hacking campaign targeting SOHO routers with a strain of malware dubbed AVrecon. The malware was spotted the first time in May 2021, but has been operating under the radar for more than two years. “Lumen Black Lotus Labs identified another multi-year campaign involving compromised routers across the globe.

article thumbnail

News Alert: CybSafe CEO Oz Alashe MBE recognized as “Security Industry Innovator” for 2023

The Last Watchdog

Boston, July 7, 2023 — CybSafe, the human risk management platform, has today announced CEO Oz Alashe MBE has been named as a SecurityInfoWatch.com , Security Business and Security Technology Executive magazines’ 2023 Security Industry Innovator Award winner. CybSafe’s human-centric, behavioral approach to cyber security and risk mitigation has positioned Alashe and his team as security leaders to watch through 2023 and into 2024.

Security 178
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Jamf releases a new API connector for Okta workflows

Jamf

Learn about Jamf’s two API connectors for Okta Workflows and how they empower Jamf + Okta customers to extend capabilities while automating actions with minimal coding knowledge required.

98
article thumbnail

Web-Browsing Glitch Prompts Apple to Withdraw Zero-Day Fix

Data Breach Today

The Latest Rapid Security Response Might Prevent Websites From Displaying Properly Apple is advising users to remove the software patch released on Monday aimed at fixing a zero-day vulnerability being exploited in the wild. The tech giant said the patch might prevent some websites from displaying properly and that it hopes to release a new patch soon.

Security 147
article thumbnail

US CISA warns of Rockwell Automation ControlLogix flaws

Security Affairs

The U.S. CISA warns of two flaws impacting Rockwell Automation ControlLogix that can lead to remote code execution and DoS attacks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of two vulnerabilities affecting Rockwell Automation ControlLogix EtherNet/IP (ENIP) communication module models that could be exploited to achieve remote code execution and trigger a denial-of-service condition.