Krebs on Security

AUGUST 22, 2023

In large metropolitan areas, tourists are often easy to spot because they’re far more inclined than locals to gaze upward at the surrounding skyscrapers. Security experts say this same tourist dynamic is a dead giveaway in virtually all computer intrusions that lead to devastating attacks like data theft and ransomware, and that more organizations should set simple virtual tripwires that sound the alarm when authorized users and devices are spotted exhibiting this behavior.

Honeypots 192

Honeypots Ransomware Access Cloud 192

The Last Watchdog

AUGUST 21, 2023

Phone number spoofing involves manipulating caller ID displays to mimic legitimate phone numbers, giving scammers a deceptive veil of authenticity. Related: The rise of ‘SMS toll fraud’ The Bank of America scam serves as a prime example of how criminals exploit this technique. These scammers impersonate Bank of America representatives, using the genuine bank’s phone number (+18004321000) to gain trust and deceive their targets.

Authentication 246

Authentication Risk Security IT 246

Data Breach Today

AUGUST 21, 2023

GuidePoint Security's Mark Lance on Ways to Delay and Gather Info on Cybercriminals Conventional wisdom recommends to never negotiate with ransomware actors. They can't be trusted. But Mark Lance at GuidePoint Security recently made the case that organizations can gather important information through negotiations, slow down the process and even lower the ransom demand.

Ransomware 234

Ransomware Security 234

Elie

AUGUST 20, 2023

We introduce a hybrid digital signature scheme based on two building blocks: a classically-secure scheme, ECDSA, and a post-quantum secure one, Dilithium. Our hybrid scheme maintains the guarantees of each underlying building block even if the other one is broken, thus being resistant to classical and quantum attacks.

Security 117

Security 117

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Krebs on Security

AUGUST 25, 2023

Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services in their ongoing bankruptcy proceedings. And there are indications that fraudsters may already be exploiting the stolen data in phishing attacks.

Phishing 204

Phishing Passwords Data breaches Authentication 204

Data Breach Today

AUGUST 25, 2023

Fresh Lawsuits Target Prudential, Plus Charles Schwab and Subsidiary TD Ameritrade Two financial services giants hit by the mass attack on MOVEit file-sharing software - Prudential and Schwab - are the latest victims to face lawsuits from affected individuals. The suit filed against Prudential seeks 10 years of prepaid identity theft monitoring services instead of the usual two.

Data breaches 244

Data breaches Financial Services 244

Collibra

AUGUST 23, 2023

As the data intelligence company, we’ve long anticipated broad adoption of AI, and Collibrians with data science and machine learning expertise have been working diligently on ways to apply AI/ML. Disruptive technologies such as ChatGPT , Bard , and other generative AI technologies suddenly made AI accessible to everyone, regardless of their level of data science expertise.

Communications 98

Communications Data science Marketing Artificial Intelligence 98

eSecurity Planet

AUGUST 23, 2023

Spear phishing is a more targeted and effective phishing technique that attempts to exploit specific individuals or groups within an organization. While phishing uses a broader range of tactics, such as mass emailing to random recipients, spear phishing is often well-researched and tailored to high-value targets. A typical spear phishing attack follows a familiar pattern of emails with attachments.

Phishing 98

Phishing Authentication Security awareness Passwords 98

The Last Watchdog

AUGUST 22, 2023

Fremont, Calif., Aug. 22, 2023 — AVer Information Inc. USA , the award-winning provider of video collaboration and education solutions, announces a technology collaboration with Nureva to streamline hybrid meeting room connectivity. The plug-and-play hybrid meeting bundles include AVer’s CAM550 , a 4K dual lens PTZ camera, and Nureva’s HDL300 audio system , an integrated microphone and speaker bar.

Artificial Intelligence 100

Artificial Intelligence Education Communications IT 100

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Data Breach Today

AUGUST 24, 2023

Fraudster Users Call Victims 'Mammoths,' Leading Eset to Dub Them 'Neanderthals' A likely Russian toolkit dubbed Telekopye by security researchers lets thieves concentrate on honing their social engineering without having to worry about the technical side of online scamming. Users dub victims "Mammoths," leading security firm Eset to christen Telekopye customers "Neanderthals.

Security 243

Security 243

DLA Piper Privacy Matters

AUGUST 22, 2023

Helpful guidance on some previously uncertain areas of China data protection compliance programmes have been provided by the Administrative Measures for Personal Information Protection Compliance Audit (Draft for Comment) (“ Draft Measures ”), which were published for public consultation on 3 August 2023 by the Cyberspace Administration of China (“ CAC ”).

Compliance 98

Compliance Personal data Privacy Government 98

eSecurity Planet

AUGUST 23, 2023

IT asset management software helps IT teams track and manage all the assets their company uses in its IT infrastructure. ITAM tools track hardware and software lifecycles so IT teams know how to best protect and use those assets. ITAM can also play an important role in cybersecurity by discovering and updating assets as part of the vulnerability management and patching process.

IT 98

IT IoT Compliance Cybersecurity 98

The Last Watchdog

AUGUST 21, 2023

Boston, Mass, Aug. 22, 2023 – airSlate , a leader in document workflow automation solutions, today announced the launch of QuickStart in collaboration with partner Forthright Technology Providers , a leading provider of user-centric IT solutions and services. The comprehensive package, available at a fixed price, combines airSlate’s automation tools, including customizable workflows and built-in eSignatures, with Forthright’s professional services, enabling organizations to streamline business

Digital transformation 100

Digital transformation Compliance Sales Communications 100

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Data Breach Today

AUGUST 25, 2023

Also: Global Privacy Trends; Tornado Cash Founders Charged In the latest weekly update, ISMG editors discuss the shifting dynamics of cyber insurance, why APAC is approaching privacy regulations around emerging technologies, and how U.S. authorities charged the co-founders of cryptocurrency mixer Tornado Cash with money laundering.

Insurance 242

Insurance Privacy 242

DLA Piper Privacy Matters

AUGUST 21, 2023

Authors: Carolyn Bigg and Amanda Ge Businesses who must follow the China SCCs route to legitimize their cross-border transfers of personal data must file their signed China SCCs together with the supporting personal information impact assessment (“PIIA”) report with their local CAC branch by no later than 30 November 2023. This requires significant effort, and so businesses must act now to meet the filing deadline.

Compliance 98

Compliance Personal data IT Security 98

eSecurity Planet

AUGUST 21, 2023

Secure remote access protects remote business communications that are otherwise susceptible to network and remote protocol exploits. Remote access plays an important role for businesses with remote workforces, geographically disparate branch offices, and limited technical resources. Because it creates connections between a client device and a host device, remote access must be secured.

Access 98

Access Security Passwords Cybersecurity 98

Security Affairs

AUGUST 20, 2023

Understanding cybersecurity aspects addressed by Cloud Access Security Broker (CASB) and Secure Access Service Edge ( SASE ) In an increasingly digital world, where businesses rely on cloud services and remote access, cybersecurity has become paramount. As organizations strive to safeguard their data, applications, and networks, two prominent concepts have emerged as vital components of modern cybersecurity: Cloud Access Security Broker (CASB) and Secure Access Service Edge ( SASE ).

Cybersecurity 98

Cybersecurity Cloud Access Authentication 98

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Data Breach Today

AUGUST 25, 2023

Madrid Touts Strategy for 'Inclusive, Sustainable, Citizen-Focused' AI Spain is set to launch Europe's first-ever artificial intelligence regulatory agency as the trading bloc finalizes legislation meant to mitigate risks and ban AI applications considered too risky. Madrid said its goal is to foster AI that is "inclusive, sustainable, and centered on citizens.

Artificial Intelligence 237

Artificial Intelligence Risk IT 237

National Archives Records Express

AUGUST 22, 2023

This is the next post in a series supporting the publication of 36 CFR section 1236 subpart E – Digitizing Permanent Records. All of the posts have been collected under the 36 CFR Section 1236 category. Photo imagery interpreter SGT Ted Johnson identifies a target as SSGT Doug Lucia plots it during the 1988 Worldwide Reconnaissance Air Meet (RAM ’88).

Manufacturing 94

Manufacturing Analytics Archiving IT 94

eSecurity Planet

AUGUST 22, 2023

Cybersecurity can be difficult to implement, and to make matters worse, the security professionals needed to do it right are in short supply. Managed IT security service providers (MSSPs) make life easier for organizations by providing outsourced expertise and tools at a fraction of the cost, time, and trouble of doing it yourself. This article will explore the nature of MSSPs and how they can help businesses, nonprofits, governments, and other organizations have better security with less effort

Security 98

Security Cybersecurity Cloud Access 98

Security Affairs

AUGUST 22, 2023

Snatch gang claims the hack of the Department of Defence South Africa and added the military organization to its leak site. The Snatch ransomware group added the Department of Defence South Africa to its data leak site. The mission of the Department of Defence is to provide, manage, prepare and employ defence capabilities commensurate with the needs of South Africa, as regulated by the Constitution, national legislation, parliamentary and executive direction.

Computer and Electronics 98

Computer and Electronics Military Ransomware Personal data 98

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Data Breach Today

AUGUST 22, 2023

Whistleblower Leaks Included Information on 75,735 Current and Former Employees Tesla says it is suing two former employees for perpetrating a May data breach that exposed personal information for 75,735 current and former employees. The information was contained in a massive set of data leaked to a publication on whistleblowing grounds.

Data breaches 236

Data breaches IT 236

Hunton Privacy

AUGUST 22, 2023

Stephen Mathias from Kochhar & Co. reports that in early August 2023, the Indian Parliament passed the Digital Personal Data Protection Act (the “Act”), bringing to a close a 5-year process to enact an omnibus data privacy law in India. The Act was ratified by the President of India and will come into effect once notified by the Government. The Act significantly updates a previous draft, and departs substantially from the GDPR model of privacy laws.

Personal data 90

Personal data Data breaches GDPR Government 90

eSecurity Planet

AUGUST 22, 2023

With the ever-present threat of data breaches, organizations need to adopt best practices to help prevent breaches and to respond to them when they occur to limit any damage. And breaches will occur – because bad guys make a living by figuring out ways to circumvent security best practices. Here are some data breach prevention and response practices that have stood the test of time, followed by a reference list of some vendor resources that can help you improve your own cybersecurity and inciden

Data breaches 98

Data breaches Big data Cybersecurity Security 98

Security Affairs

AUGUST 25, 2023

Experts observed the SmokeLoader malware delivering a new Wi-Fi scanning malware strain dubbed Whiffy Recon. Secureworks Counter Threat Unit (CTU) researchers observed the Smoke Loader botnet dropping a new Wi-Fi scanning malware named Whiffy Recon. The malicious code triangulates the positions of the infected systems using nearby Wi-Fi access points as a data point for Google’s geolocation API. “The scan results are mapped to a JSON structure (see Figure 5) that is sent to the Googl

File names 98

File names Access Encryption IT 98

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

Data Breach Today

AUGUST 24, 2023

The Gulf Coast Provider Is Among the Regional Health Systems Hit Recently A three-hospital health system serving the Mississippi Gulf Coast has resorted to paper charting and other manual processes for patient care as it deals with a cyberattack that forced it to take systems offline. The incident is the latest disruptive attack on a regional medical provider.

Paper 235

Paper IT 235

Hanzo Learning Center

AUGUST 22, 2023

Since the emergence of Chat GPT, the legal industry's response to artificial intelligence (AI) language models has been mixed, ranging from excitement about the potential efficiency gains to concerns about accuracy, privacy and security, and ethical implications.

Artificial Intelligence 88

Artificial Intelligence Privacy Security Information governance 88

eSecurity Planet

AUGUST 21, 2023

Normally, ‘ace’ implies something great, such as to ace an exam or to draw an ace in Blackjack. Unfortunately, arbitrary code execution (ACE) means that an attacker can use a vulnerability to execute any code they want on a device. In the vulnerabilities covered this week, attackers used an ACE vulnerability to install webshells and similar backdoors on vulnerable systems.

Archiving 98

Archiving Cybersecurity Encryption Security 98