Security Affairs
JANUARY 24, 2024
Thousands of GitLab servers are vulnerable to zero-click account takeover attacks exploiting the flaw CVE-2023-7028. GitLab has recently released security updates to address two critical vulnerabilities impacting both the Community and Enterprise Edition. The most critical vulnerability, tracked as CVE-2023-7028 (CVSS score 10), is an account takeover via Password Reset.
Security Affairs
JANUARY 22, 2024
Cybersecurity researcher Bob Dyachenko and CyberNews researchers discovered the largest data leak ever discovered. The supermassive leak contains data from numerous previous breaches, comprising an astounding 12 terabytes of information, spanning over a mind-boggling 26 billion records. The leak is almost certainly the largest ever discovered. There are data leaks, and then there’s this.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Data Breach Today
JANUARY 22, 2024
Customers 'Sensitive Personal Information' Stolen, Large Mortgage Lender Reports Non-bank mortgage lending giant LoanDepot says hackers stole "sensitive personal information" pertaining to 16.6 million customers when they breached its systems earlier this month as part of a ransomware attack. The company said it will directly notify all affected customers.
Krebs on Security
JANUARY 25, 2024
Google continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications. The malicious ads, which appear above organic search results and often precede links to legitimate sources of the same software, can make searching for software on Google a dicey affair.
Advertiser: ZoomInfo
AI adoption is reshaping sales and marketing. But is it delivering real results? We surveyed 1,000+ GTM professionals to find out. The data is clear: AI users report 47% higher productivity and an average of 12 hours saved per week. But leaders say mainstream AI tools still fall short on accuracy and business impact. Download the full report today to see how AI is being used — and where go-to-market professionals think there are gaps and opportunities.
Thales Cloud Protection & Licensing
JANUARY 21, 2024
Data Privacy: Why It Matters To The Rest Of Us madhav Mon, 01/22/2024 - 04:47 It seems that there are no limits to the number of data breaches. Company size is not a determinant of victimization, nor is industry or sector. All are equally viable targets. Some of the events are newsworthy, while others stay below the public’s awareness or attention. Most companies must grapple with difficult questions of how to recover from a breach; however, when the typical person hears about a data breach, the
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
WIRED Threat Level
JANUARY 22, 2024
Leaked records reveal what appears to be the first known instance of a police department attempting to use facial recognition on a face generated from crime-scene DNA. It likely won’t be the last.
Data Breach Today
JANUARY 20, 2024
Computing Giant Says Hackers Did Not Access Customer Data or Production Systems Russian state hackers obtained access to the inboxes of senior Microsoft executives for at least six weeks, the computing giant disclosed late Friday afternoon. "There is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems.
AIIM
JANUARY 23, 2024
I love information management! I love the information governance, records management, and data governance fields. Most of my family and friends think I’m crazy and I would agree with them. This work doesn’t excite everyone. I didn’t always use to be in this field though. Before entering the information management field, I spent 25 years in higher education.
Security Affairs
JANUARY 23, 2024
The Black Basta ransomware gang claimed to have hacked the UK water utility Southern Water, a major player in the UK water industry. Southern Water is a private utility company responsible for collecting and treating wastewater in Hampshire, the Isle of Wight, West Sussex, East Sussex and Kent, and for providing public water supply to approximately half of this area.
Speaker: Ben Epstein, Stealth Founder & CTO | Tony Karrer, Founder & CTO, Aggregage
When tasked with building a fundamentally new product line with deeper insights than previously achievable for a high-value client, Ben Epstein and his team faced a significant challenge: how to harness LLMs to produce consistent, high-accuracy outputs at scale. In this new session, Ben will share how he and his team engineered a system (based on proven software engineering approaches) that employs reproducible test variations (via temperature 0 and fixed seeds), and enables non-LLM evaluation m
WIRED Threat Level
JANUARY 26, 2024
A California teenager who allegedly used the handle Torswats to carry out a nationwide swatting campaign is being extradited to Florida to face felony charges, WIRED has learned.
Data Breach Today
JANUARY 26, 2024
Postmortem: Multiple Customers Also Targeted by Russian Nation-State Attackers A nation-state hacking group run by Russian intelligence gained access to a Microsoft "legacy, non-production test tenant account" and used it to authorize malicious Office 365 OAuth applications, access Outlook, and steal Microsoft and customers' emails and attachments, Microsoft said.
IT Governance
JANUARY 24, 2024
Expert insight from Leon Teale into the implications of this historic data breach The security researcher Bob Diachenko and investigators from Cybernews have discovered an open instance with more than 26 billion data records, mostly compiled from previous breaches – although it likely also includes new data. Organisations associated with these data records include: Tencent QQ – 1.4 billion records; Weibo – 504 million records; Myspace – 360 million records; X/Twitter – 281 million records; Deeze
Security Affairs
JANUARY 26, 2024
Jenkins maintainers addressed several security vulnerabilities, including a critical remote code execution (RCE) flaw. Jenkins is the most popular open source automation server, it is maintained by CloudBees and the Jenkins community. The automation server supports developers build, test and deploy their applications, it has hundreds of thousands of active installations worldwide with more than 1 million users.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
WIRED Threat Level
JANUARY 23, 2024
The company says it wants to protect you from “viruses.” Experts are skeptical.
Data Breach Today
JANUARY 24, 2024
U.S.-Led Sanctions Do Little to Curtail North Korea's Development of AI South Korea's intelligence agency has reported that North Korean hackers are using generative AI to conduct cyberattacks and search for hacking targets. Experts believe North Korea's AI capabilities are robust enough for more precise attacks on South Korea.
Schneier on Security
JANUARY 24, 2024
New research into poisoning AI models : The researchers first trained the AI models using supervised learning and then used additional “safety training” methods, including more supervised learning, reinforcement learning, and adversarial training. After this, they checked if the AI still had hidden behaviors. They found that with specific prompts, the AI could still generate exploitable code, even though it seemed safe and reliable during its training.
Security Affairs
JANUARY 22, 2024
Researchers warn of a spike in attacks exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell. Trustwave researchers observed a surge in attacks exploiting a now-patched flaw in Apache ActiveMQ, in many cases aimed at delivering a malicious code that borrows the code from the open-source web shell Godzilla. Threat actors conceal the web shell within an unknown binary format evading security and signature-based scanners.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
WIRED Threat Level
JANUARY 25, 2024
From repeatedly crippling thousands of gas stations to setting a steel mill on fire, Predatory Sparrow’s offensive hacking has now targeted Iranians with some of history's most aggressive cyberattacks.
Data Breach Today
JANUARY 25, 2024
Identity Theft Resource Center's James E. Lee Calls for Uniform Breach Reporting Supply chain attacks and zero-day exploits surged in 2023, helping to set yet another record for data breaches tracked by the Identity Theft Resource Center. James E. Lee, COO of the group, explained why the number of compromises grew so dramatically - from 1,801 incidents in 2022 to 3,205 in 2023.
KnowBe4
JANUARY 22, 2024
BleepingComputer describes a phishing scam that’s been running rampant on Facebook for the past several months, in which threat actors use hacked accounts to post links to phony articles implying that someone has been killed in an accident.
Security Affairs
JANUARY 21, 2024
Researchers warned that pirated applications have been employed to deliver a backdoor to Apple macOS users. Jamf Threat Labs researchers warned that pirated applications have been utilized to distribute a backdoor to Apple macOS users. The researchers noticed that the apps appear similar to ZuRu malware, they allow operators to download and execute multiple payloads to compromise machines in the background.
Advertiser: ZoomInfo
ZoomInfo customers aren’t just selling — they’re winning. Revenue teams using our Go-To-Market Intelligence platform grew pipeline by 32%, increased deal sizes by 40%, and booked 55% more meetings. Download this report to see what 11,000+ customers say about our Go-To-Market Intelligence platform and how it impacts their bottom line. The data speaks for itself!
WIRED Threat Level
JANUARY 22, 2024
Apple’s iOS 17.3 introduces Stolen Device Protection to iPhones, which could stop phone thieves from taking over your accounts. Here’s how to enable it right now.
Data Breach Today
JANUARY 20, 2024
'Pompompurin' Sentenced to Supervised Release, Banned From Internet for 1 Year A federal judge sentenced "Pompompurin," the administrator of a now-defunct data breach marketplace, to 20 years of supervised release. The Peekskill, N.Y. man avoided a recommended 15-year prison sentence for his role in BreachForums, once considered the largest English-language data breach forum of its kind.
Schneier on Security
JANUARY 26, 2024
For most of history, communicating with a computer has not been like communicating with a person. In their earliest years, computers required carefully constructed instructions, delivered through punch cards; then came a command-line interface, followed by menus and options and text boxes. If you wanted results, you needed to learn the computer’s language.
Security Affairs
JANUARY 25, 2024
Cisco addressed a critical flaw in its Unified Communications and Contact Center Solutions products that could lead to remote code execution. Cisco released security patches to address a critical vulnerability, tracked as CVE-2024-20253 (CVSS score of 9.9), impacting multiple Unified Communications and Contact Center Solutions products. An unauthenticated, remote attacker can exploit the flaw to execute arbitrary code on an affected device.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
WIRED Threat Level
JANUARY 24, 2024
The Amazon-owned home surveillance company says it is shuttering a feature in its Neighbors app that allows police to request footage from users. But it’s not shutting out the cops entirely.
Data Breach Today
JANUARY 24, 2024
Voluntary Rules Will Set Baseline Security Requirement for Software Vendors, Users The U.K. government is mulling the rollout of a voluntary set of rules urging software vendors to responsibly disclose vulnerabilities in their systems. The measure comes as the government continues to face criticism over poor management of legacy infrastructure.
KnowBe4
JANUARY 25, 2024
The surge in Ransomware -as-a-Service affiliates is likely the reason behind the dramatic increase in the number of victimized organizations, with all indicators suggesting that this trend will persist into 2024.
Expert insights. Personalized for you.
357 
Let's personalize your content