Sat.Aug 10, 2024 - Fri.Aug 16, 2024

article thumbnail

How to Get Started with Gen AI for Information Management

AIIM

AIIM research shows that many organizations feel ready for AI, but encounter obstacles to implementation, especially a lack of available use cases. Where do organization start with Generative AI (Gen AI)?

article thumbnail

NIST Releases First Post-Quantum Encryption Algorithms

Schneier on Security

From the Federal Register : After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes: CRYSTALS-Dilithium, FALCON, and SPHINCS+. These algorithms are part of three NIST standards that have been finalized: FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism Standard FIPS 204: Module-Lattice-Base

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Breach Roundup: Microsoft's August Patch Contains 90 Fixes

Data Breach Today

Also: Azure Health Bot Vulnerabilities Expose Risks in Cloud-Based Chatbots This week, Microsoft released its August patch of 90 fixes, flaws were discovered in Azure Health Bot, Orion lost $60 million in a BEC scam, Schlatter Industries was hit by malware, Microsoft said it will discontinue Paint 3D in November and Russia restricted access to Signal.

Cloud 182
article thumbnail

NationalPublicData.com Hack Exposes a Nation’s Data

Krebs on Security

A great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named consumer data broker called NationalPublicData.com. This post examines what we know about a breach that has exposed hundreds of millions of consumer records.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

MY TAKE: Black Hat USA 2024’s big takeaway – GenAI factors into the quest for digital resiliency

The Last Watchdog

LAS VEGAS – Here’s what I discovered last week here at Black Hat USA 2024 : GenAI is very much in the mix as a potent X-factor in cybersecurity. Related: Prioritizing digital resiliency I spoke with over three dozen cybersecurity solution providers. Some of the more intriguing innovations had to do with leveraging GenAI/LLM-equipped chatbots as proprietary force multipliers.

More Trending

article thumbnail

Suspected Ransom Cartel Operator Extradited to the US

Data Breach Today

Maksim Silnikau, aka 'J.P.Morgan,' Charged in New Jersey and Virginia Federal Court A pioneer of the ransomware-as-a-service model appeared in U.S. federal court Tuesday where he faces a slew of charges stemming from a nearly two-decade online career. Poland extradited Maksim Silnikau to the United States on Friday; authorities arrested him in a Spanish seaside town in 2023.

article thumbnail

Six 0-Days Lead Microsoft’s August 2024 Patch Push

Krebs on Security

Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attackers. Image: Shutterstock. This month’s bundle of update joy from Redmond includes patches for security holes in Office ,NET , Visual Studio , Azure , Co-Pilot , Microsoft Dynamics , Teams , Secure Boot, and of course Windows itself.

Security 272
article thumbnail

Want to Win a Bike Race? Hack Your Rival’s Wireless Shifters

WIRED Threat Level

Researchers have discovered a way that would allow anyone with a few hundred dollars to hack into a wireless gear-shifting systems used by the top cycling teams for events like the Tour de France.

Security 135
article thumbnail

Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

Security Affairs

Many Google Pixel devices shipped since September 2017 have included a vulnerable app that could be exploited for malicious purposes. Many Google Pixel devices shipped since September 2017 have included dormant software that could be exploited by attackers to compromise them. Researchers form mobile security firm iVerify reported that the issue stems from a pre-installed Android app called “Showcase.apk,” which runs with excessive system privileges, allowing it to remotely execute co

Retail 143
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Revoked DigiCert Digital Certificates: 27% Not Yet Replaced

Data Breach Today

Many Customers Apparently Still Struggling to Reissue Certificates, Researchers Say Thousands of organizations appear to still be struggling to comply with a forced, mass revocation of thousands of digital certificates issued by DigiCert using a buggy verification mechanism. Researchers recently said 27% of the 83,267 revoked certificates have yet to be reissued by customers.

200
200
article thumbnail

EU Governments Sign-off Proposed Reforms to GDPR Procedural Rules and Council Reaches Common Member States’ Position

Data Matters

On 24 May 2024, the Council of the European Union (the “Council”) released new details of a proposed reform of the General Data Protection Regulation’s (“GDPR”) procedural rules, which representatives of EU national governments approved on 29 May 2024. On 13 June 2024, the Council issued a press release detailing its agreed common Member States’ position that maintains the general thrust of the original proposed reforms, but which seeks to: (i) introduce clearer timelines; (ii) improve efficienc

GDPR 116
article thumbnail

Nearly All Google Pixel Phones Exposed by Unpatched Flaw in Hidden Android App

WIRED Threat Level

A fix is coming, but data analytics giant Palantir says it’s ditching Android devices altogether because Google’s response to the vulnerability has been troubling.

Analytics 140
article thumbnail

Microsoft Patch Tuesday security updates for August 2024 addressed six actively exploited bugs

Security Affairs

Microsoft’s August 2024 Patch Tuesday addressed 90 vulnerabilities, including six that are actively exploited. Patch Tuesday security updates for August 2024 addressed 90 vulnerabilities in Microsoft products including Windows and Windows Components; Office and Office Components; NET and Visual Studio; Azure; Co-Pilot; Microsoft Dynamics; Teams; and Secure Boot and others, bringing the total to 102 when including third-party bugs.

Security 140
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Russian Sentenced to 3 Years for Selling Stolen Identities

Data Breach Today

FBI Sting Identified Georgy Kavzharadze as Vendor on Illicit Slilpp Markplace Russian national Georgy Kavzharadze, 27, has been sentenced to serve 40 months in U.S. prison after pleading guilty to earning over $200,000 by selling stolen U.S. bank account access credentials via the illicit Slilpp stolen-credential marketplace.

Access 162
article thumbnail

Asia-Pacific Regulations Keep Pace With Rapid Evolution of Artificial Intelligence Technology

Data Matters

Regulation of artificial intelligence (AI) technology in the Asia-Pacific region (APAC) is developing rapidly, with at least 16 jurisdictions having some form of AI guidance or regulation. Some countries are implementing AI-specific laws and regulation, while others take a more “soft” law approach in reliance on nonbinding principles and standards. While regulatory approaches in the region differ, policy drivers feature common principles including responsible use, data security, end-user protect

article thumbnail

The Slow-Burn Nightmare of the National Public Data Breach

WIRED Threat Level

Social Security numbers, physical addresses, and more—all available online. After months of confusion, leaked information from a background-check firm underscores the long-term risks of data breaches.

article thumbnail

Crooks took control of a cow milking robot causing the death of a cow

Security Affairs

Crooks took control of a cow milking robot and demanded a ransom from a farmer who refused to pay it, resulting in the death of a cow. An extortion attempt had a tragic outcome, cybercriminals took control of a cow milking robot and demanded a ransom from a farmer, but he did not pay, resulting in the death of a cow. In November 2023, farmer Vital Bircher received a message from his milking robot on his phone, then he noticed that the device’s display was blank and was missing essential da

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Deep Dive: Why Can't We Solve API Security?

Data Breach Today

CISOs, Analysts Explore Solutions to Visibility, Governance and Incident Response APIs are the connections that make digital business happen. Companies on average rely on more than 15,000 APIs, but these interfaces pose security risks. In this "Deep Dive" special report, ISMG's Anna Delaney explores how security leaders are tackling API security.

Security 162
article thumbnail

The Post-Quantum Cryptography Algorithms are finalized! Now what?

Thales Cloud Protection & Licensing

The Post-Quantum Cryptography Algorithms are finalized! Now what? josh.pearson@t… Tue, 08/13/2024 - 16:11 With the recent release from NIST about their final, published Post-Quantum Cryptography (PQC) algorithms (ML-KEM (formerly Kyber), ML-DSA (formerly Dilithium), SLH-DSA (formerly SPHINCS+) and with it the imminent end-of-life of the encryption foundations we have relied upon for decades, many organizations are left wondering exactly what they should do next.

article thumbnail

New Windows IPv6 Zero-Click Vulnerability

Schneier on Security

The press is reporting a critical Windows vulnerability affecting IPv6. As Microsoft explained in its Tuesday advisory, unauthenticated attackers can exploit the flaw remotely in low-complexity attacks by repeatedly sending IPv6 packets that include specially crafted packets. Microsoft also shared its exploitability assessment for this critical vulnerability, tagging it with an “exploitation more likely” label, which means that threat actors could create exploit code to “consis

IT 120
article thumbnail

Microsoft found OpenVPN bugs that can be chained to achieve RCE and LPE

Security Affairs

Microsoft found four bugs in OpenVPN that could be chained to achieve remote code execution and local privilege escalation. During the Black Hat USA 2024 conference, Microsoft researchers disclosed multiple medium-severity bugs in the open-source project OpenVPN that could be chained to achieve remote code execution (RCE) and local privilege escalation (LPE).

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Iran Still Attempting to Hack US Elections: Google

Data Breach Today

Computing Giant Says APT42 Behind 'Small But Steady Cadence' of Phishing Emails Iranian nation-state hackers are continuing a campaign to infiltrate the U.S. presidential election by penetrating the email inboxes of campaign and election officials, Google said Wednesday. The Iranian cyberespionage group tracked as APT42 started "a small but steady cadence" of phishing emails.

Phishing 162
article thumbnail

Hacker Stories: A Facebook Physical Threat

KnowBe4

Most people take a lot of measures to secure their online bank accounts, credit card accounts, retirement accounts and other financial accounts. This often means enabling some form of multi-factor authentication (MFA), using a strong password, or other means of keeping money safe.

Passwords 124
article thumbnail

Online Merchants: PCI DSS Compliance Tips When Outsourcing

IT Governance

Common challenges for SAQ A/e-commerce merchants and how to resolve them E-commerce merchants, by definition, accept card payments. So, they’re subject to the PCI DSS (Payment Card Industry Data Security Standard). This standard, currently at v4.0.1 (a limited revision to PCI DSS v4.0 ), contains 277 sub-requirements. However, you can reduce your scope to drastically lower the number of requirements you must meet, thereby significantly reducing your compliance burden.

article thumbnail

SolarWinds addressed a critical RCE in all Web Help Desk versions

Security Affairs

SolarWinds addressed a critical remote code execution vulnerability in its Web Help Desk solution for customer support. SolarWinds fixed a critical vulnerability, tracked as CVE-2024-28986 (CVSS score 9.8), in SolarWinds’ Web Help Desk solution for customer support. The flaw is a Java deserialization issue that an attacker can exploit to run commands on a vulnerable host leading to remote code execution.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

FBI Seizes Servers Powering Dispossessor Ransomware Group

Data Breach Today

Feds Also File Criminal Complaint Against 'Brain,' Alleged Leader of the Operation The FBI said it led the disruption of a ransomware group called Dispossessor, aka Radar, that amassed victims in dozens of countries. An international dismantling of the group's alleged infrastructure seized servers in the U.S., the U.K. and Germany, as well as multiple domain names.

article thumbnail

Microsoft Discovers Critical OpenVPN Vulnerabilities

eSecurity Planet

OpenVPN has long been a popular choice for creating secure point-to-point or site-to-site connections over the internet. Its open-source nature and robust encryption capabilities have made it a staple in many organizations’ and individuals’ security arsenals. However, a recent discovery by Microsoft researchers has unveiled a critical flaw in this widely trusted software.

article thumbnail

DORA – ESAs Publish Draft Technical Standards on ICT Subcontracting

Data Matters

On 26 July 2024, the European Supervisory Authorities (EBA, EIOPA and ESMA, collectively, the “ESAs”) published their joint final report on the draft Regulatory Technical Standards (“RTS”) specifying the elements that a financial entity should determine and assess when subcontracting ICT services supporting critical or important functions under Article 30(5) of the Digital Operational Resilience Act (“DORA”).