Krebs on Security

FEBRUARY 7, 2024

In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. The leaked user database shows one of the forum’s founders was an attorney who advised Russia’s top hackers on the legal risks of their work, and what to do if they got caught. A review of this user’s hacker identities shows that during his time on the forums he served as an officer in the special forces of the GRU , the foreign military intelligence agency of the Russian Federation.

Military 276

Military IT Communications Risk 276

Data Breach Today

FEBRUARY 8, 2024

Also: A Widespread Linux Bootloader Vulnerability This week, the U.S. banned AI robocalls, researchers discovered a Linux bootloader flaw, France investigated health sector hackings, the feds offered money for Hive information, Verizon disclosed an insider breach, Germany opened a cybersecurity center, and cyberattack victims reported high costs.

Cybersecurity 302

Cybersecurity 302

WIRED Threat Level

FEBRUARY 8, 2024

In a test at one station, Transport for London used a computer vision system to try and detect crime and weapons, people falling on the tracks, and fare dodgers, documents obtained by WIRED show.

Artificial Intelligence 122

Artificial Intelligence Privacy Security 122

The Last Watchdog

FEBRUARY 5, 2024

Even in the cloud era, Microsoft Exchange Server remains a staple business communications tool across the globe. Related: The need for robust data recovery policies. One critical issue faced by organizations that rely on Exchange Server is the risk of a corrupt Exchange Server database cropping up. Fortunately, effective tools and wise best practices can help mitigate this this exposure enabling companies to indefinitely leverage Exchange Server as a productive, resilient and secure communicatio

Risk 264

Risk Cloud Communications Education 264

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Krebs on Security

FEBRUARY 9, 2024

Until earlier this week, the support website for networking equipment vendor Juniper Networks was exposing potentially sensitive information tied to customer products, including which devices customers bought, as well as each product’s warranty status, service contracts and serial numbers. Juniper said it has since fixed the problem, and that the inadvertent data exposure stemmed from a recent upgrade to its support portal.

Artificial Intelligence 298

Artificial Intelligence Access IT Government 298

AIIM

FEBRUARY 9, 2024

Artificial Intelligence is a key focus of AIIM's new strategy , which the AIIM Board of Directors debuted in January 2024. So it's only fitting that AI take the lead at the AIIM Conference 2024 in San Antonio, Texas, April 3-5.

Artificial Intelligence 191

Artificial Intelligence IT 191

Troy Hunt

FEBRUARY 4, 2024

Ever hear one of those stories where as it unravels, you lean in ever closer and mutter “No way! No way! NO WAY! ” This one, as far as infosec stories go, had me leaning and muttering like never before. Here goes: Last week, someone reached it to me with what they claimed was a Spoutible data breach obtained by exploiting an enumerable API.

Personal data 145

Personal data Passwords Data breaches IT 145

Security Affairs

FEBRUARY 9, 2024

Black Basta ransomware gang claims the hack of the car maker Hyundai Motor Europe and the theft of three terabytes of their data. BleepingComputer reported that the Car maker Hyundai Motor Europe was breached by the Black Basta ransomware gang. The threat actors claim to have stolen three terabytes of data from the company. In January the company experienced IT issues, the outage was likely caused by the ransomware attack, but the company did not disclose it.

Ransomware 143

Ransomware Data breaches Manufacturing Sales 143

Data Breach Today

FEBRUARY 7, 2024

Ongoing Innovation and Sophistication Drive Unparalleled Profits Attackers wielding ransomware collectively earned over $1 billion last year - breaking previous records. Their increasingly sophisticated attacks targeted "high-profile institutions and critical infrastructure, including hospitals, schools and government," reported Chainalysis.

Ransomware 319

Ransomware Government 319

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

AIIM

FEBRUARY 6, 2024

In today's rapidly evolving business landscape, information reigns supreme. A company's ability to manage its information proactively and effectively often dictates its success in the market. However, with the increasing volume and complexity of data, it becomes imperative to have a solid framework in place to process and protect this vital asset. Enter Standard Operating Procedures (SOPs).

Marketing 176

Marketing IT 176

Data Matters

FEBRUARY 9, 2024

Last week, the U.S. Department of Commerce published a notice of proposed rulemaking ( NPRM ) implementing Executive Orders (EO) 13984 and 14110 to prevent “foreign malicious cyber actors” from accessing U.S. infrastructure as a service products 1 (IaaS Rule). The IaaS Rule seeks to strengthen the U.S. government’s ability to track “foreign malicious cyber actors” who have relied on U.S.

Cloud 156

Cloud Privacy Access Security 156

Security Affairs

FEBRUARY 4, 2024

Resecurity identified bad actors offering a significant number of AnyDesk customer credentials for sale on the Dark Web. Such information being available for cybercriminals could act as a catalyst for new attacks, including targeted phishing campaigns. Having additional context about a particular customer, the probability of a successful compromise could increase significantly.

Sales 142

Sales Passwords Phishing Cybersecurity 142

Data Breach Today

FEBRUARY 7, 2024

Banking Fraud Heads Say Facebook Marketplace Is Teeming With Scammers Meta-owned online marketplaces are swarming with scammers who use deceptive ads to defraud banking customers, fraud prevention heads at leading British banks testified before a U.K. Parliament committee. They called on the social media giant to roll out stronger fraud prevention measures.

290

290

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

The Last Watchdog

FEBRUARY 8, 2024

Kenilworth, NJ, Feb. 8, 2024 – Diversified , a leading global technology solutions provider, today announced a partnership and trio of solutions with GroCyber. Together, the companies are empowering AV and media companies to improve their cybersecurity stance by providing a “clean bill of health” for their digital media environments, ensuring hardware and software are current, and protecting media storage and devices against the threat of malware.

Cybersecurity 100

Cybersecurity Marketing Risk Security 100

Hunton Privacy

FEBRUARY 5, 2024

In November 2023, the UK Information Commissioner’s Office (“ICO”) wrote to organizations operating 53 of the UK’s biggest websites regarding their compliance with data protection laws when using cookies. On January 31, 2024, the ICO released a statement on such action noting that it received “an overwhelmingly positive response” with 38 of those organizations having changed their cookie banners in order to come into compliance.

Compliance 121

Compliance IT Privacy 121

Security Affairs

FEBRUARY 8, 2024

26 key cyber security stats for 2024 that every user should know, from rising cyber crime rates to the impact of AI technolog y. Cyber Crime Surge: During COVID-19 , cyber crimes shot up by 600%, showing how threats adapt to global changes. Phishing Attacks: Phishing is the top cyber attack, causing 90% of data breaches. Shockingly, 96% of these attacks come through email.

Security 142

Security Phishing IoT Ransomware 142

Data Breach Today

FEBRUARY 8, 2024

Authorities Hacked the End-to-End Encryption Platform in 2020 The Dominican Republic earlier this month extradited to France a suspected administrator of now-defunct encrypted messaging service EncroChat. The extradition is the latest in a series of actions European authorities have been taking against EncroChat users since authorities penetrated its network.

Encryption 294

Encryption IT 294

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Schneier on Security

FEBRUARY 7, 2024

Interesting research: “ Sleeper Agents: Training Deceptive LLMs that Persist Through Safety Training “: Abstract: Humans are capable of strategically deceptive behavior: behaving helpfully in most situations, but then behaving very differently in order to pursue alternative objectives when given the opportunity. If an AI system learned such a deceptive strategy, could we detect it and remove it using current state-of-the-art safety training techniques?

Security 121

Security IT Paper 121

WIRED Threat Level

FEBRUARY 3, 2024

Plus: Russia was likely behind widespread GPS outages, Vault 7 leaker was sentenced, police claim to trace Monero cryptocurrency, and more.

Security 136

Security 136

Security Affairs

FEBRUARY 6, 2024

Google released Android ’s February 2024 security patches to address 46 vulnerabilities, including a critical remote code execution issue. Google released Android February 2024 security patches to address 46 vulnerabilities, including a critical remote code execution flaw tracked as CVE-2024-0031. The vulnerability resides in the System and impacts Android Open Source Project (AOSP) versions 11, 12, 12L, 13, and 14. “Source code patches for these issues have been released to the Android Op

Security 142

Security Information Security IT 142

Data Breach Today

FEBRUARY 7, 2024

OnDemand | The Tools & Technology You Need to Meet Google/Yahoo Email Authentication Requirements Our email authentication experts will be on hand to provide their insight and a demonstration of how exactly Proofpoint Email Fraud Defense can help identify and close requirement gaps.

Authentication 298

Authentication 298

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Schneier on Security

FEBRUARY 5, 2024

A deepfake video conference call—with everyone else on the call a fake— fooled a finance worker into sending $25M to the criminals’ account.

123

123

eSecurity Planet

FEBRUARY 9, 2024

A next generation firewall (NGFW) performs deep packet inspection to check the contents of the data flowing through the firewall. Unlike more basic firewalls that only check the header of data packets, NGFWs examine and evaluate the payload data within the packet. This deep packet inspection provides the basis for the various NGFW features that improve malware blocking.

Encryption 113

Encryption Cloud Security Risk 113

Security Affairs

FEBRUARY 7, 2024

Fortinet warns of two critical OS command injection vulnerabilities in FortiSIEM that could allow remote attackers to execute arbitrary code Cybersecurity vendor Fortinet warned of two critical vulnerabilities in FortiSIEM, tracked as CVE-2024-23108 and CVE-2024-23109 (CVSS score 10), which could lead to remote code execution. “Multiple improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiSIEM supervisor may allow a remote unauthenticated attacke

Cybersecurity 141

Cybersecurity IT Information Security Security 141

Data Breach Today

FEBRUARY 9, 2024

US, UK, South Korea and India Most Targeted for Election Interference, Experts Warn With over 1 billion people across more than 50 countries - including the U.S., the U.K. and India - due to hold elections this year, one open question remains: How can nations combat adversaries who attempt to influence elections or otherwise interfere via physical, cyber or operational means?

293

293

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

KnowBe4

FEBRUARY 5, 2024

Check out this one line for a moment.“ duped into attending a video call with what he thought were several other members of staff, but all of whom were in fact deepfake recreations.

118

118

eSecurity Planet

FEBRUARY 5, 2024

Critical multi-platform vulnerabilities impacting diverse systems dominated the past week’s cybersecurity headlines. Juniper Networks released updates for the high-severity flaws in SRX and EX Series. A coding vulnerability in Microsoft’s Azure Pipelines affected 70,000 open-source projects. Linux distros faced a heap-based buffer overflow issue.

Risk 113

Risk Authentication Cybersecurity Access 113

Security Affairs

FEBRUARY 5, 2024

Scammers stole HK$200 million (roughly $25,5 million) from a multi-national company using a deepfake conf call to trick an employee into transferring the funds. Scammers successfully stole HK$200 million (approximately $25.5 million) from a multinational company in Hong Kong by employing a deepfake video call to deceive an employee into transferring the funds.

Information Security 142

Information Security IT Security 142