Sat.May 06, 2023 - Fri.May 12, 2023

article thumbnail

How To Delete Your Data From ChatGPT

WIRED Threat Level

OpenAI has new tools that give you more control over your information—although they may not go far enough.

article thumbnail

Feds Take Down 13 More DDoS-for-Hire Services

Krebs on Security

The U.S. Federal Bureau of Investigation (FBI) this week seized 13 domain names connected to “ booter ” services that let paying customers launch crippling distributed denial-of-service (DDoS) attacks. Ten of the domains are reincarnations of DDoS-for-hire services the FBI seized in December 2022, when it charged six U.S. men with computer crimes for allegedly operating booters.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Feds Dismember Russia's 'Snake' Cyberespionage Operation

Data Breach Today

Operation Medusa: FBI Tool Instructs Turla Group's Malware to Self-Destruct Federal officials say a global operation has disrupted Snake, the Russian government's "foremost cyberespionage tool," wielded by its Turla nation-state hacking group. The sophisticated malware has been tied to the theft of secret and classified information from numerous governments and businesses.

article thumbnail

GUEST ESSAY: How to close the skills gap by dipping into hidden pools of cybersecurity talent

The Last Watchdog

There is no doubt there is a constant and growing concern amongst CEO’s, and particularly CISO’s, concerning the hiring of the cybersecurity talent their organizations require to safeguard against cyberattacks. According to Cybersecurity Ventures, by 2025 there will exist a gap of over 3.5 million unfilled cybersecurity positions. Moreover, of the current worldwide workforce, surveys conducted by PwC have shown that there is only a 38 percent ‘availability of key skills ’, considering the new an

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Elementary Data Breach Questions Remain, My Dear Capita

Data Breach Today

Beyond $25M in Estimated Cleanup Costs, The Game Remains Afoot for Victim Details In the annals of attempting to downplay the impact of a data breach, here's a new one: British outsourcing giant Capita says the hackers who hit it - steling data pertaining to customers, suppliers and employees - accessed "less than 0.1% of its server estate.

More Trending

article thumbnail

European Parliament Adopts EU-U.S. Data Privacy Framework Resolution

Hunton Privacy

On May 11, 2023, at a plenary session, the European Parliament voted to adopt a resolution on the adequacy of the protection afforded by the EU-U.S. Data Privacy Framework (the “Framework”) which calls on the European Commission (the “Commission”) to continue negotiations with its U.S. counterparts with the aim of creating a mechanism that would ensure equivalence and provide the adequate level of protection required by EU data protection law.

article thumbnail

RSAC Fireside Chat: Keeping persistent email threats at bay requires deeper, cloud-layer vigilance

The Last Watchdog

Email remains by far the no.1 business communications tool. Meanwhile, weaponized email continues to pose a clear and present threat to all businesses. Related: The need for timely training At RSA Conference 2023 , I learned all about a new category of email security — referred to as integrated cloud email security ( ICES ) – that is helping companies more effectively keep email threats in check.

Cloud 214
article thumbnail

Data Breach Roundup: Attempted Extortion Attack on Dragos

Data Breach Today

Also: Twitter Hacker Pleads Guilty, Seoul National University Hospital and Sysco In this week's data breach, the spotlight was on Dragos, a guilty plea from a Twitter hacker and cryptocurrency thief and North Korean hackers. Also, Sysco, a Ukrainian border truck queuing system and an update on Western Digital. Plus, a new tool for decrypting partially encrypted files.

article thumbnail

Twitter’s Encrypted DMs Are Deeply Inferior to Signal and WhatsApp

WIRED Threat Level

The social network's new privacy feature is technically flawed, opt-in, and limited in its functionality. All this for just $8 a month.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Leak of Intel Boot Guard Keys Could Have Security Repercussions for Years

Dark Reading

While Intel is still investigating the incident, the security industry is bracing itself for years of potential firmware insecurity if the keys indeed were exposed.

Security 138
article thumbnail

MY TAKE: DigiCert and Oracle partner to extend digital trust and scalable infrastructure globally

The Last Watchdog

One meeting I had at RSA Conference 2023 , was a briefing about a new partnership , announced this morning, between a top-rung Silicon Valley tech giant and the leading provider of digital trust. Related: Centralizing control of digital certificates I had the chance to sit down with Deepika Chauhan , DigiCert’s Chief Product Officer, and Mike Cavanagh , Oracle’s Group Vice President, ISV Cloud for North America.

Cloud 195
article thumbnail

Toyota Exposed Auto Location of 2M Japanese Customers

Data Breach Today

Undetected Cloud Misconfiguration Exposed Vehicle Information for Over Ten Years Toyota on Friday disclosed that it exposed online for a decade car location data belonging to more than two million Japanese customers. The data by itself cannot be used to identify individual car owners, the carmaker said. Also exposed: video taken outside the vehicle with an onboard recorder.

Cloud 283
article thumbnail

Building Trustworthy AI

Schneier on Security

We will all soon get into the habit of using AI tools for help with everyday problems and tasks. We should get in the habit of questioning the motives, incentives, and capabilities behind them, too. Imagine you’re using an AI chatbot to plan a vacation. Did it suggest a particular resort because it knows your preferences, or because the company is getting a kickback from the hotel chain?

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

FBI Disarms Russian FSB 'Snake' Malware Network

Dark Reading

Operation "Medusa" disabled Turla's Snake malware with an FBI-created tool called Perseus.

134
134
article thumbnail

Texas Legislature Passes Texas Data Privacy and Security Act

Hunton Privacy

On May 10, 2023, the Texas Senate passed H.B. 4 , also known as the Texas Data Privacy and Security Act (“TDPSA”). The TDPSA now heads to Texas Governor Greg Abbott for a final signature. If the TDPSA is signed into law, Texas could become the tenth state to enact comprehensive privacy legislation. The final text of the TDPSA closely follows H.B. 1844 , which we previously reported on when it was introduced in the Texas House in February.

article thumbnail

Hackers Leak Private Keys; Many MSI Products at Risk

Data Breach Today

Leak Includes Intel Boot Guard and OEM Image Signing Keys for Over 200 Products The security of hundreds of MSI products is at risk due to hackers leaking private code signing keys stolen during a data breach last month. The signing keys allow an attacker to push malicious firmware updates under the guise of regular BIOS update processes with MSI update tools.

Risk 264
article thumbnail

Introducing the technology behind watsonx.ai, IBM’s AI and data platform for enterprise

IBM Big Data Hub

We stand on the frontier of an AI revolution. Over the past decade, deep learning arose from a seismic collision of data availability and sheer compute power, enabling a host of impressive AI capabilities. But we’ve faced a paradoxical challenge: automation is labor intensive. It sounds like a joke, but it’s not, as anyone who has tried to solve business problems with AI may know.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Microsoft Patches 2 Zero-Day Vulnerabilities

Dark Reading

The 49 CVE's in Microsoft's May security update is the lowest volume in nearly two years.

Security 126
article thumbnail

FBI Disables Russian Malware

Schneier on Security

Reuters is reporting that the FBI “had identified and disabled malware wielded by Russia’s FSB security service against an undisclosed number of American computers, a move they hoped would deal a death blow to one of Russia’s leading cyber spying programs.” The headline says that the FBI “sabotaged” the malware, which seems to be wrong.

Security 123
article thumbnail

Ubiquiti Insider Hacker Sentenced to 6 Years in Prison

Data Breach Today

Nickolas Sharp, 37, Must Also Pay $1.6 Million In Restitution Nickolas Sharp, a one-time employee of Ubiquity who pleaded guilty to insider hacking received Wednesday a six year prison sentence. He admitted guilt on Feb. 2 to three criminal counts including transmitting a program to a protected computer that intentionally caused damage.

263
263
article thumbnail

CJEU Determines that a Mere Infringement of the GDPR is not Sufficient to Require Compensation

Hunton Privacy

On May 4, 2023, the Court of Justice of the European Union (“CJEU”) issued a judgment in the Österreichische Post case (C-300/21). In the decision, the CJEU clarified that a mere infringement of the EU General Data Protection Regulation (“GDPR”) is not sufficient to give data subjects the right to receive compensation under Article 82 of the GDPR. Article 82 provides that “ any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have th

GDPR 118
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Multiple Ransomware Groups Adapt Babuk Code to Target ESXi VMs

Dark Reading

Two years ago, a popular ransomware-as-a-service group's source code got leaked. Now other ransomware groups are using it for their own purposes.

article thumbnail

Ted Chiang on the Risks of AI

Schneier on Security

Ted Chiang has an excellent essay in the New Yorker : “Will A.I. Become the New McKinsey?” The question we should be asking is: as A.I. becomes more powerful and flexible, is there any way to keep it from being another version of McKinsey? The question is worth considering across different meanings of the term “A.I.” If you think of A.I. as a broad set of technologies being marketed to companies to help them cut their costs, the question becomes: how do we keep those technologies fro

Risk 119
article thumbnail

LockBit 3.0 Leaks 600 GBs of Data Stolen From Indian Lender

Data Breach Today

Data Leak Comes After Fullerton India Refused to Negotiate With Ransomware Group The LockBit 3.0 ransomware group on Monday leaked 600 gigabytes of critical data stolen from Indian lender Fullerton India two weeks after the group demanded a $3 million ransom from the company. The stolen data includes "loan agreements with individuals and legal companies.

article thumbnail

Comprehensive Anti-Phishing Mitigations: A Quick Overview

KnowBe4

The evidence is clear – there is nothing most people and organizations can do to vastly lower cybersecurity risk than to mitigate social engineering attacks. Social engineering is involved in 70%-90% of all successful attacks. No other root cause of initial breach comes close (unpatched software is involved in 20% to 40% of attacks and everything else is in the single digits).

Phishing 118
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Microsoft Fixes Failed Patch for Exploited Outlook Vulnerability

Dark Reading

Adding a single character to a function in the previous Outlook patch rendered that fix useless, researchers say.

117
117
article thumbnail

New York Attorney General Proposes Crypto Regulation, Protection, Transparency, and Oversight (CRPTO) Act

Hunton Privacy

On May 5, 2023, New York Attorney General Letitia James released proposed legislation that seeks to regulate all facets of the cryptocurrency industry. Entitled the “Crypto Regulation, Protection, Transparency, and Oversight (CRPTO) Act,” if enacted the bill would substantially expand New York’s oversight of crypto enterprises conducting business in the Empire State, including as to matters involving privacy and cybersecurity.

article thumbnail

Microsoft Fixes BlackLotus Vulnerability, Again

Data Breach Today

May Patch Tuesday Fixes 38 Bugs Including 3 Zero Days Microsoft issued an optional patch Tuesday as part of its monthly dump of fixes that addresses for the second time a Secure Boot zero-day vulnerability exploited by BlackLotus UEFI malware. The patch is optional since the attacker must have admin privileges or physical access to the device.

Access 262