Sat.May 04, 2024 - Fri.May 10, 2024

article thumbnail

Why Your VPN May Not Be As Secure As It Claims

Krebs on Security

Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target’s traffic off of the protection provided by their VPN without triggering any alerts to the user.

IT 267
article thumbnail

LockBitSupp's Identity Revealed: Dmitry Yuryevich Khoroshev

Data Breach Today

Russian National Faces US Criminal Indictment, Sanctions The Russian national known as LockBitSupp, head of ransomware-as-a-service group LockBit, came under indictment Tuesday in U.S. federal court and faces sanctions from the U.S. Department of the Treasury. Prosecutors say LockBitSupp's real identity is Dmitry Yuryevich Khoroshev.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Lessons Learned from Developing Secure AI Workflows at Google

Elie

This talk discuss through concrete examples how to use the Google Security AI Framework (SAIF) to protect AI systems and workflows

Security 149
article thumbnail

News alert: Security Risk Advisors offers free workshop to help select optimal OT security tools

The Last Watchdog

Philadelphia, Pa., May 8, 2024, CyberNewsWire — Security Risk Advisors (SRA) announces the launch of their OT/XIoT Detection Selection Workshop, a complimentary offering designed to assist organizations in selecting the most suitable operational technology (OT) and Extended Internet of Things (XIoT) security tools for their unique environments.

Risk 130
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Top FBI Official Urges Agents to Use Warrantless Wiretaps on US Soil

WIRED Threat Level

An internal email from FBI deputy director Paul Abbate, obtained by WIRED, tells employees to search for “US persons” in a controversial spy program's database that investigators have repeatedly misused.

Privacy 144

More Trending

article thumbnail

Ransomware drama: Law enforcement seized Lockbit group’s website again

Security Affairs

Law enforcement seized the Lockbit group’s Tor website again and announced they will reveal more identities of its operators Law enforcement seized the Lockbit group’s Tor website again. The authorities resumed the Lockbit seized leak site and mocked its administrators. According to the countdown active on the seized, law enforcement that are currently controlling the website will reveal the identities of the LockBitSupps and other members of the gang on May 7, 2024, at 14:00:00 UTC.

article thumbnail

RSAC Fireside Chat: AT&T, WillJam Ventures partner to launch new MSSP — LevelBlue

The Last Watchdog

SAN FRANCISCO – The already simmering MSSP global market just got hotter. Related: The transformative power of GenAI/LLM This week at RSA Conference 2024 , AT&T announced the launch of LevelBlue – a top-tier managed security services business formed by an alliance with AT&T and WillJam Ventures. I had the chance to sit down earlier with Theresa Lanowitz , Chief Evangelist of AT&T Cybersecurity /Agent at LevelBlue, to discuss this alliance.

article thumbnail

Apple’s iPhone Spyware Problem Is Getting Worse. Here’s What You Should Know

WIRED Threat Level

The iPhone maker has detected spyware attacks against people in more than 150 countries. Knowing if your device is infected can be tricky—but there are a few steps you can take to protect yourself.

Privacy 143
article thumbnail

The State of Ransomware 2024

Data Breach Today

How Attacks Have Changed; New Insights Into How an Attack Affects the Business The fifth annual Sophos State of Ransomware Report combines year-on-year insights with brand-new areas of study. It includes a deep dive into ransom demands and ransom payments and shines new light on the role of law enforcement in ransomware remediation.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Citrix warns customers to update PuTTY version installed on their XenCenter system manually

Security Affairs

Citrix urges customers to manually address a PuTTY SSH client flaw that could allow attackers to steal a XenCenter admin’s private SSH key. Versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR used PuTTY, a third-party component, for SSH connections to guest VMs. However, PuTTY inclusion was deprecated with XenCenter version 8.2.6, and any versions after 8.2.7 will not include PuTTY.

article thumbnail

New Attack on VPNs

Schneier on Security

This attack has been feasible for over two decades: Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering. TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet traffic in an encrypted tunnel and to cloa

article thumbnail

An in-depth review of the Kandji platform from Rocketman Tech

Jamf

Rocketman Tech helps organizations succeed with Jamf, offering consulting and tools to simplify the management process. In this blog, Chris Schasse — Founder, Owner and Lead Engineer at Rocketman Tech — recaps his in-depth comparison of Kandji and Jamf Pro.

126
126
article thumbnail

Hackers Steal Credit Card Data of Deal-Seeking Shoppers

Data Breach Today

China-Linked Criminals Processed Orders Worth $50M: Security Research Labs Hackers linked to Chinese fraudsters are targeting online shoppers to steal credit card information, likely making off with about $50 million from victims in the United States and Western Europe who order premium shoes at discount prices on fraudulent deal websites.

Security 247
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

El Salvador suffered a massive leak of biometric data

Security Affairs

Resecurity found a massive leak involving the exposure of personally identifiable information (PII) of over five million citizens of El Salvador on the Dark Web. Resecurity identified a massive leak of the personally identifiable information (PII) of over five million citizens from El Salvador on the Dark Web , impacting more than 80% of the country’s population.

article thumbnail

A (Strange) Interview the Russian-Military-Linked Hackers Targeting US Water Utilities

WIRED Threat Level

Despite Cyber Army of Russia’s claims of swaying US “minds and hearts,” experts say the cyber sabotage group appears to be hyping its hacking for a domestic audience.

Military 128
article thumbnail

Microsoft + Jamf introduce new AI tool: Copilot for Security

Jamf

Learn what Microsoft Copilot for Security is, how you can leverage Jamf management and security, and what it means when tools and expertise combine to make your devices much more secure.

Security 124
article thumbnail

ISMG Editors: Opening Day Overview of RSA Conference 2024

Data Breach Today

Ransomware, AI Technology and the Art of the Possible Are Hot Topics This Year ISMG editors are live at RSA Conference 2024 in San Francisco with an overview of opening-day speakers and hot topics including the dismal ransomware landscape, the unbridled growth of AI, security product innovation and deals, and regulatory trends. Join us for daily updates from RSA.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

New TunnelVision technique can bypass the VPN encapsulation

Security Affairs

TunnelVision is a new VPN bypass technique that enables threat actors to spy on users’ traffic bypassing the VPN encapsulation. Leviathan Security researchers recently identified a novel attack technique, dubbed TunnelVision, to bypass VPN encapsulation. A threat actor can use this technique to force a target user’s traffic off their VPN tunnel using built-in features of DHCP (Dynamic Host Configuration Protocol).

article thumbnail

The Alleged LockBit Ransomware Mastermind Has Been Identified

WIRED Threat Level

Law enforcement officials say they’ve identified, sanctioned, and indicted the person behind LockBitSupp, the administrator at the heart of LockBit’s $500 million hacking rampage.

article thumbnail

How Criminals Are Using Generative AI

Schneier on Security

There’s a new report on how criminals are using generative AI tools: Key Takeaways: Adoption rates of AI technologies among criminals lag behind the rates of their industry counterparts because of the evolving nature of cybercrime. Compared to last year, criminals seem to have abandoned any attempt at training real criminal large language models (LLMs).

article thumbnail

Ransomware Attack Shuts Down Kansas City Systems

Data Breach Today

Phones, Wi-Fi, Digital Payments Are Among the Affected Systems The city administration of Kansas's largest city shut down IT systems and switched to cash transactions in the wake of a ransomware attack detected on Sunday. Municipal officials from the city of Wichita said Tuesday that no timetable yet exists for the restoration of systems.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Google fixes fifth actively exploited Chrome zero-day this year

Security Affairs

Since the start of the year, Google released an update to fix the fifth actively exploited zero-day vulnerability in the Chrome browser. Google this week released security updates to address a zero-day flaw, tracked as CVE-2024-467, in Chrome browser. The vulnerability is the fifth zero-day flaw in the Google browser that is exploited in the wild since the start of the year.

Access 123
article thumbnail

Digital Doppelgängers: AI-Generated Celeb Fashion Takes Over the Met Gala on Social Media

KnowBe4

The Met Gala, fashion's biggest night, was not just the A-list attendees who stole the spotlight—digital imposters in the form of AI-generated superstars sent social media into a frenzy.

article thumbnail

New Lawsuit Attempting to Make Adversarial Interoperability Legal

Schneier on Security

Lots of complicated details here: too many for me to summarize well. It involves an obscure Section 230 provision—and an even more obscure typo. Read this.

IT 120
article thumbnail

LevelBlue Leverages AI For Threat Intel Following AT&T Split

Data Breach Today

AI Investments and Global Expansion Set to Propel Growth After Separating From AT&T As Level Blue separates from AT&T, it focuses on harnessing artificial intelligence for advanced threat intelligence, targeting significant growth in international markets, and evaluating potential merger and acquisition opportunities to expand its geographic or technological footprint.

article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

UK Ministry of Defense disclosed a third-party data breach exposing military personnel data 

Security Affairs

The UK Ministry of Defense disclosed a data breach at a third-party payroll system that exposed data of armed forces personnel and veterans. The UK Ministry of Defense disclosed a data breach impacting a third-party payroll system that exposed data of approximately 272,000 armed forces personnel and veterans. The Ministry of Defence revealed that a malign actor gained access to part of the Armed Forces payment network, which is an external system completely separate to MOD’s core network.

article thumbnail

Phishing-as-a-Service Platform LabHost Disrupted by Law Enforcement Crackdown

KnowBe4

One of the largest phishing-as-a-service platforms, LabHost, was severely disrupted by law enforcement in 19 countries during a year-long operation that resulted in 37 arrests.

Phishing 101
article thumbnail

FPGA vs. GPU: Which is better for deep learning?

IBM Big Data Hub

Underpinning most artificial intelligence (AI) deep learning is a subset of machine learning that uses multi-layered neural networks to simulate the complex decision-making power of the human brain. Beyond artificial intelligence (AI) , deep learning drives many applications that improve automation , including everyday products and services like digital assistants, voice-enabled consumer electronics, credit card fraud detection and more.