Sat.Sep 14, 2024 - Fri.Sep 20, 2024

article thumbnail

The Rising Importance of Information Management in the Age of AI

AIIM

As the potential of Generative AI (Gen AI) continues to unfold, one resounding theme emerges: better AI starts with better information management. The ability of Gen AI to deliver reliable and valuable outputs is directly contingent upon the quality and curation of the underlying data.

article thumbnail

This Windows PowerShell Phish Has Scary Potential

Krebs on Security

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While it’s unlikely that many programmers fell for this scam, it’s notable because less targeted versions of it are likely to be far more successful against the average Windows use

Phishing 305
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

What's Next for Secure Communication After Exploding Pagers?

Data Breach Today

No OpSec Measure Is Bulletproof to the Effects of a Corrupted Supply Chain Secure communications in an age of network insecurity has focused mostly on encryption and fears of surveillance tracking. But as this week revealed to the dismay of terrorists and criminals alike, no OpSec measure is bulletproof to the effects of a corrupted supply chain.

article thumbnail

Tor Project responded to claims that law enforcement can de-anonymize Tor users

Security Affairs

The maintainers of the Tor Project have responded to claims that German police have devised a technique to deanonymize users. The maintainers of the Tor Project have responded to claims that German law enforcement has devised a technique to deanonymize its users. According to German media, law enforcement has infiltrated the anonymizing network and in at least one case they unmasked a criminal.

Privacy 141
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

The Mystery of Hezbollah’s Deadly Exploding Pagers

WIRED Threat Level

At least eight people have been killed and more than 2,700 people have been injured in Lebanon by exploding pagers. Experts say the blasts point toward a supply chain compromise, not a cyberattack.

Security 137

More Trending

article thumbnail

Australian Police Arrest Alleged Head of Ghost Encrypted App

Data Breach Today

International Law Enforcement Dismantles End-to-End Encrypted Messaging Service An international law enforcement operation dismantled the Ghost encrypted messaging service in a takedown that resulted in the arrest of 51 suspects across three continents including alleged members of the Italian Mafia and motorcycle gangs. Australian police arrested Ghost's alleged administrator.

article thumbnail

Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024

Security Affairs

Microsoft warns that a recently patched Windows flaw, tracked as CVE-2024-43461, was actively exploited as a zero-day before July 2024. Microsoft warns that attackers actively exploited the Windows vulnerability CVE-2024-43461 as a zero-day before July 2024. The vulnerability CVE-2024-43461 is a Windows MSHTML platform spoofing issue. MSHTML is a platform used by Internet Explorer.

Archiving 137
article thumbnail

Clever Social Engineering Attack Using Captchas

Schneier on Security

This is really interesting. It’s a phishing attack targeting GitHub users, tricking them to solve a fake Captcha that actually runs a script that is copied to the command line. Clever.

Phishing 101
article thumbnail

Vulnerability Recap 9/16/24 – Critical Endpoint Flaws Emerged

eSecurity Planet

Recent vulnerability news disclosed significant endpoint vulnerabilities, including side-channel attacks, command injection, remote code execution (RCE), SQL injection, and keystroke interference. Notable events last week include the RAMBO attack, command injection problems in Progress Software’s LoadMaster, and several zero-day vulnerabilities in Microsoft products that may cause privilege escalation and RCE.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Cryptohack Roundup: Delta Prime, Ethena Exploits

Data Breach Today

Also: US SEC Settles With Prager Metis, Rari Capital This week, Delta Prime and Ethena were hacked, Lazarus' funds were frozen, the SEC settled with Prager Metis and Rari Capital, Sam Bankman-Fried sought a new trial, the SEC accused NanoBit and CoinW6 of scams, the CTFC sought to fight pig butchering, and Wormhole integrated World ID and Solana.

287
287
article thumbnail

Experts warn of China-linked APT’s Raptor Train IoT Botnet

Security Affairs

Researchers warn of a new IoT botnet called Raptor Train that already compromised over 200,000 devices worldwide. Cybersecurity researchers from Lumen’s Black Lotus Labs discovered a new botnet, named Raptor Train, composed of small office/home office (SOHO) and IoT devices. The experts believe the botnet is controlled by a Chine-linked APT group Flax Typhoon (also called Ethereal Panda or RedJuliett).

IoT 137
article thumbnail

Python Developers Targeted with Malware During Fake Job Interviews

Schneier on Security

Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware. From a news article These particular attacks from North Korean state-funded hacking team Lazarus Group are new, but the overall malware campaign against the Python development community has been running since at least August of 2023, when a number of popular open source Python tools were maliciously duplicated with added malware.

IT 101
article thumbnail

From Dreams to Reality: The Magic of 3D Printing, with Elle Hunt

Troy Hunt

I was in my mid-30s before I felt comfortable standing up in front of an audience and talking about technology. Come to think of it, "comfortable" isn't really the right word, as, frankly, it was nerve-racking. This, with my obvious bias as her father, makes it all the more remarkable that Elle was able to do it at NDC Oslo when she was just 11 years old.

IT 100
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

UK Orgs Tout Government Help in Ransomware Incidents

Data Breach Today

Former Royal Mail and Manchester University CISOs Talk Ransomware Response Timely notification of ransomware incidents to British law enforcement agencies played a crucial role in understanding the threats and in developing mitigation strategies, the former security heads of Royal Mail and the University of Manchester said.

article thumbnail

SolarWinds fixed critical RCE CVE-2024-28991 in Access Rights Manager

Security Affairs

SolarWinds addressed a critical remote code execution vulnerability, tracked as CVE-2024-28991, in Access Rights Manager. SolarWinds released security updates to address a critical-severity remote code execution vulnerability, tracked as CVE-2024-28991 (CVSS score of 9.0), in SolarWinds Access Rights Manager (ARM) The flaw is a deserialization of untrusted data remote code execution vulnerability that impacts ARM 2024.3 and prior versions. “SolarWinds Access Rights Manager (ARM) was found

Access 135
article thumbnail

FBI Shuts Down Chinese Botnet

Schneier on Security

The FBI has shut down a botnet run by Chinese hackers: The botnet malware infected a number of different types of internet-connected devices around the world, including home routers, cameras, digital video recorders, and NAS drives. Those devices were used to help infiltrate sensitive networks related to universities, government agencies, telecommunications providers, and media organizations… The botnet was launched in mid-2021, according to the FBI, and infected roughly 260,000 devices as

article thumbnail

I thought this new VisionOS 2 feature was just a gimmick - until it made me cry into my Vision Pro

Collaboration 2.0

Apple Vision Pro's 3D photo conversion 'realified' my old snapshots in a way I was completely unprepared for. Here's how it could transform the way you view your old memories.

IT 98
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

US FTC Reveals Social Media and Streaming's Vast Surveillance

Data Breach Today

New Report Accuses 9 Platforms of Surveillance of Users, Points to Privacy Concerns The U.S. Federal Trade Commission on Thursday published a report detailing how the largest social media and streaming services surveil both users and nonusers across the web while collecting vast troves of data, pointing to significant privacy concerns for children and teens.

Privacy 277
article thumbnail

U.S. CISA adds new Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Ivanti Cloud Services Appliance a path traversal vulnerability CVE-2024-8190 (CVSS score of 9.4) to its Known Exploited Vulnerabilities (KEV) catalog.

Cloud 128
article thumbnail

Legacy Ivanti Cloud Service Appliance Being Exploited

Schneier on Security

CISA wants everyone—and government agencies in particular—to remove or upgrade an Ivanti Cloud Service Appliance (CSA) that is no longer being supported. Welcome to the security nightmare that is the Internet of Things.

Cloud 99
article thumbnail

How I used this portable power station to bring electricity to a caveman

Collaboration 2.0

What's the best way to test a power station's longevity and durability? Take it back in time! I exposed a Jackery Explorer Kit 4000 to the ultimate challenge. See the results.

IT 98
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

How Mastercard Benefits From the $2.65B Recorded Future Deal

Data Breach Today

EVP Johan Gerber on How Threat Intelligence Can Prevent Fraud, Protect Payments Mastercard's proposed purchase of Recorded Future for $2.65 billion will bring advanced threat intelligence into its payment systems. EVP Johan Gerber explains how this move improves fraud detection and prevention and strengthens Mastercard's cybersecurity in an evolving digital payments landscape.

article thumbnail

Antivirus firm Dr.Web disconnected all servers following a cyberattack

Security Affairs

Russian anti-virus firm Doctor Web (Dr.Web) disconnected all servers following a cyberattack over the weekend. This week, the Russian anti-malware firm Doctor Web (Dr.Web) announced that it had disconnected all servers following a cyberattack on Saturday, September 14. The company revealed it has detected “signs of unauthorised interference” to its IT infrastructure.

IT 137
article thumbnail

Beyond Analyst Reports: KnowBe4's Undeniable Leadership in Human Risk Management

KnowBe4

Analyst reports aim to provide market insights. But when it comes to Human Risk Management (HRM), we’ve noticed that they often fall short of capturing the full picture. You already know that we are the undisputed leader in the essential areas that have been standard features in the security awareness market for years. Those capabilities are why we’ve become the largest vendor in the space.

Risk 103
article thumbnail

The 4 most impactful new health features Apple just announced

Collaboration 2.0

An overarching theme in Apple's new line of products was new actionable health insights for users, including the ability for the AirPods Pro 2 to double as over-the-counter hearing aids.

98
article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

Cyber Insurers Are Intensely Scrutinizing Healthcare Clients

Data Breach Today

As threat actors continue to evolve their attacks to circumvent security measures, cyber insurers are raising the bar for prospective healthcare security clients. Underwriters are increasing their scrutiny and adding new coverage requirements, said Chris Henderson of cybersecurity company Huntress.

Insurance 276
article thumbnail

U.S. CISA adds Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Ivanti Cloud Services Appliance OS Command Injection Vulnerability CVE-2024-8190 (CVSS score of 7.2) to its Known Exploited Vulnerabilities (KEV) catalog.

Cloud 133
article thumbnail

Walkie-Talkies Explode in New Attack on Hezbollah

WIRED Threat Level

In a second attack on Hezbollah members, two-way radios detonated around Lebanon on Wednesday, causing injuries and multiple deaths.

Security 114