Sat.Jun 29, 2024 - Fri.Jul 05, 2024

article thumbnail

Evolve Ransomware Hack Affects Affirm and Fintech Companies

Data Breach Today

Startups and Evolve Client Are Monitoring the Situation for Potential Fallout A ransomware attack against Evolve Bank & Trust triggered a small cascade of secondary breach notifications by current and past clients of the banking-as-a-service company. Russian-speaking ransomware-as-a-service operation LockBit attacked the Tennessee company in May.

article thumbnail

Evaluating GenAI on Forms Management: The Ongoing Need for Human Insight

AIIM

The age of artificial intelligence (AI) has advanced rapidly with the release of tools like ChatGPT becoming available to the end user. These tools can compile information from various sources to answer questions on a wide range of topics. But how accurately can they comprehend truly complex disciplines that require years of specialized expertise?

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The State of Data Breaches, Part 2: The Trilogy of Players

Troy Hunt

Last week, I wrote about The State of Data Breaches and got loads of feedback. It was predominantly sympathetic to the position I find myself in running HIBP, and that post was mostly one of frustration: lack of disclosure, standoffish organisations, downplaying breaches and the individual breach victims themselves making it worse by going to town on the corporate victims.

article thumbnail

New Tech Q&A: Adaptiva – CrowdStrike alliance highlights trend of blending IT and security systems

The Last Watchdog

The coalescing of the next-gen security platforms that will carry us forward continues. Related: Jump starting vulnerability management Adaptiva, a leader in autonomous endpoint management, recently announced the launch of OneSite Patch for CrowdStrike. This new solution integrates with CrowdStrike’s Falcon XDR platform to improve the efficiency and speed of patching critical vulnerabilities in enterprise systems.

IT 278
article thumbnail

Signal-Based Selling: How to Leverage 4 Key Buying Signals

As prospects define their problem, search for solutions, and even change jobs, they are generating high-value signals that the best go-to-market teams can leverage to close more deals. This is where signal-based selling comes into play. ZoomInfo CEO Henry Schuck recently broke down specific ways to put four key buying signals into action with the experts from 30 Minutes to President’s Club.

article thumbnail

Millions Affected by Prudential Ransomware Hack in February

Data Breach Today

Insurance Giant Says Hackers Stole Data of 2.5 Million Individuals A February ransomware attack against Prudential Financial affected 2.5 million customers, the financial giant disclosed after initially calculating the totally as 36,000. In an emailed statement, Prudential said the tally shouldn't increase a second time.

More Trending

article thumbnail

New Open SSH Vulnerability

Schneier on Security

It’s a serious one : The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration. […] This vulnerability, if exploited, could lead to full system compromise where an attacker can execute arbitrary code with the highest privileges, resulting in a complete syste

article thumbnail

RSAC Fireside Chat: Amplifier Security taps LLMs to help organizations foster a security culture

The Last Watchdog

Security teams rely on an ever-growing stack of cybersecurity tools to keep their organization safe. Related: The worst year ever for breaches Yet there remains a glaring disconnect between security systems and employees. Now comes a start-up, Amplifier Security , with a bold new approach to orchestrate security actions. Just after RSAC 2024 , I spoke with Thomas Donnelly , Amplifier’s co-founder and CTO, about how that they’re utilizing large language models (LLMs) and to emphasize continual em

Security 130
article thumbnail

OpenAI Did Not Disclose 2023 Breach to Feds, Public: Report

Data Breach Today

Hacker had Unauthorized Access to Data on Designs for New AI Use Cases A hacker reportedly stole information on OpenAI's new technologies last year by breaking into the company's internal messaging systems. The messages comprised details of designs for new AI technologies, the New York Times said. The hacker did not access systems housing or building its applications.

Access 311
article thumbnail

Prudential Financial data breach impacted over 2.5 million individuals

Security Affairs

Prudential Financial confirmed that more than 2.5 million individuals were affected by the data breach it suffered in February 2024. The insurance company Prudential Financial confirmed that the data breach it suffered in February 2024 affected over 2.5 million individuals. The incident occurred on February 4, 2024, and was discovered on February 5, 2024.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Sextortion Epidemic Targeting Teenagers Calls for Urgent Action

KnowBe4

A few weeks ago I was privileged to visit the 8th grade of a high-school here in Cape Town and talk to the students about cybersecurity, social media, and emerging technology. It was a very rewarding experience but also an eye-opener with regards to the level of cyber awareness amongst adolescents.

article thumbnail

How Apple Intelligence’s Privacy Stacks Up Against Android’s ‘Hybrid AI’

WIRED Threat Level

Generative AI is seeping into the core of your phone, but what does that mean for privacy? Here’s how Apple’s unique AI architecture compares to the “hybrid” approach adopted by Samsung and Google.

Privacy 110
article thumbnail

Breach Roundup: FBI Warns of US Renewable Energy Sector Threats

Data Breach Today

Google Offers $250,000 Reward for KVM Vulns; CocoaPods Flaws Expose Apple Apps This week: FBI warns of cyberthreats to U.S. renewable energy sector; Indonesia data center hacker apologizes; Google Pixel 6 series devices bricked, critical vulnerability in EoL D-Link routers, Google offers $250,000 reward for KVM vulnerabilities, NCA disrupts global Cobalt Strike supply chain.

306
306
article thumbnail

Hackers compromised Ethereum mailing list and launched a crypto draining attack

Security Affairs

Hackers compromised Ethereum ‘s mailing list provider and sent phishing messages to the members attempting to drain their crypto funds. Hackers compromised Ethereum’s mailing list provider and on the night of June 23, they sent an email to the 35,794 addresses. The email was sent from the address ‘updates@blog.ethereum.org’ and included a link to a malicious site running a crypto drainer. “This website had a crypto drainer running in the background, and if a user initiate

Phishing 143
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Ransomware Attack on U.K. Health Service Laboratory Disrupts Major London Hospital Services

KnowBe4

What likely started as a quick ransomware “smash and grab” has turned into a headline case resulting in responses from both U.K. and U.S. law enforcement.

article thumbnail

The Tech Crash Course That Trains US Diplomats to Spot Threats

WIRED Threat Level

The US State Department is training diplomats in cybersecurity, privacy, telecommunications, and other technology issues, allowing them to advance US policy abroad.

Privacy 108
article thumbnail

Purple Teaming: Evaluate the Efficacy of Security Controls

Data Breach Today

Red teaming is not effective for evaluating the efficacy of preventative or detective security controls, said Jared Atkinson of Specter Ops, but purple teaming is. Purple teaming as "the evaluation of security control efficacy through atomic testing, using deliberately selected test cases.

Security 295
article thumbnail

Russia-linked group APT29 likely breached TeamViewer’s corporate network

Security Affairs

Russia-linked APT group, reportedly APT29, is suspected to be behind a hack of TeamViewer ‘s corporate network. TeamViewer discovered that a threat actor has breached its corporate network and some reports attribute the intrusion to the Russia-linked APT group APT29 (aka SVR group , BlueBravo , Cozy Bear , Nobelium , Midnight Blizzard , and The Dukes ).

Access 144
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Phishing Attacks Themed Around Popular Weight Loss Drugs Increase 183%

KnowBe4

As popularity grows for these proven methods of weight loss, scammers have taken note and have placed a significant focus on separating victims from their money.

Phishing 110
article thumbnail

Public Surveillance of Bars

Schneier on Security

This article about an app that lets people remotely view bars to see if they’re crowded or not is filled with commentary—on both sides—about privacy and openness.

Privacy 107
article thumbnail

Meta, YouTube Update AI Content Policies

Data Breach Today

Meta Changes AI Content Labelling, YouTube Updates Privacy Guidelines Meta and YouTube updated their artificial intelligence policies to address the altered content appearing on their platform. The changes come as part of industry effort to distinguish real content from fake, especially in the middle of a global election year.

article thumbnail

Critical unauthenticated remote code execution flaw in OpenSSH server

Security Affairs

A critical flaw in the OpenSSH server can be exploited to achieve unauthenticated remote code execution with root privileges in glibc-based Linux systems. OpenSSH maintainers addressed a critical vulnerability, tracked as CVE-2024-6387, that can lead to unauthenticated remote code execution with root privileges in glibc-based Linux systems. OpenSSH maintained have addressed the vulnerability with the release of version 9.8 on July 01, 2024. “A critical vulnerability in sshd(8) was present

Risk 143
article thumbnail

Activating Intent Data for Sales and Marketing

Sales and marketing leaders have reached a tipping point when it comes to using intent data — and they’re not looking back. More than half of all B2B marketers are already using intent data to increase sales, and Gartner predicts this figure will grow to 70 percent. The reason is clear: intent can provide you with massive amounts of data that reveal sales opportunities earlier than ever before.

article thumbnail

Hacked Customer Support Portal Being Used to Send Phishing Emails

KnowBe4

A hacked customer support portal belonging to router manufacturer Mercku is being used to respond to customer queries with phishing emails, BleepingComputer reports.

Phishing 107
article thumbnail

Model Extraction from Neural Networks

Schneier on Security

A new paper , “Polynomial Time Cryptanalytic Extraction of Neural Network Models,” by Adi Shamir and others, uses ideas from differential cryptanalysis to extract the weights inside a neural network using specific queries and their results. This is much more theoretical than practical, but it’s a really interesting result. Abstract: Billions of dollars and countless GPU hours are currently spent on training Deep Neural Networks (DNNs) for a variety of tasks.

Paper 105
article thumbnail

Cryptohack Roundup: JPEX Case Update

Data Breach Today

Also: SEC's Lawsuit Against Silvergate, Suspected Bittensor Exploit Every week, ISMG rounds up cybersecurity incidents in digital assets. This week's stories include singer Nine Chen’s potential prosecution in the JPEX case, SEC's lawsuit Silvergate, a suspected Bittensor exploit, and Q2 crypto scam stats.

article thumbnail

China-linked APT exploited Cisco NX-OS zero-day to deploy custom malware

Security Affairs

Cisco fixed an actively exploited NX-OS zero-day, the flaw was exploited to install previously unknown malware as root on vulnerable switches. Cisco addressed an NX-OS zero-day, tracked as CVE-2024-20399 (CVSS score of 6.0), that the China-linked group Velvet Ant exploited to deploy previously unknown malware as root on vulnerable switches. The flaw resides in the CLI of Cisco NX-OS Software, an authenticated, local attacker can exploit the flaw to execute arbitrary commands as root on the und

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Collibra AI Governance and de-risking unstructured data at Ohalo

Collibra

It seems like a day doesn’t pass without some AI-powered innovation making headlines, rousing markets and occasionally causing public worry. Make no mistake: Whether hype-driven or otherwise, this is the age of AI, and everyone wants a piece of the action. But as most businesses recognize, innovation is nothing without the right governance to ensure that risks don’t get out of hand.

article thumbnail

Your KnowBe4 Compliance Plus Fresh Content Updates from June 2024

KnowBe4

Check out the June updates in Compliance Plus so you can stay on top of featured compliance training content.

article thumbnail

Why Zero Trust Is Critical in Health and Government Sectors

Data Breach Today

Implementing a zero trust security approach is critical to avoid the types of major IT disruptions and massive data compromises seen in recent cyberattacks that affected the healthcare, public health and government sectors, said Clinton McCarty, CISO at National Government Services.