Sat.Feb 11, 2023 - Fri.Feb 17, 2023

article thumbnail

ChatGPT Subs In as Security Analyst, Hallucinates Only Occasionally

Dark Reading

Incident response triage and software vulnerability discovery are two areas where the large language model has demonstrated success, although false positives are common.

article thumbnail

GUEST ESSAY: Data loss prevention beccomes paramount — expecially in the wake of layoffs

The Last Watchdog

When a company announces layoffs, one of the last things most employees or even company owners worry about is data loss. Related: The importance of preserving trust in 2023 Valuable or sensitive information on a computer is exposed to theft or to getting compromised. This can happen due to intentional theft, human error, malware, or even physical destruction of servers.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Cybercriminals are Using Geotargeted Phishing to Target Victims

KnowBe4

Attackers are abusing a legitimate service called “GeoTargetly” to launch localized phishing attacks, according to Jeremy Fuchs at Avanan. GeoTargetly is meant to be used by advertisers to display ads in countries’ local languages. Avanan observed a phishing campaign that’s using phishing emails to target multiple countries in South America.

Phishing 124
article thumbnail

ChatGPT Is Ingesting Corporate Secrets

Schneier on Security

Interesting : According to internal Slack messages that were leaked to Insider , an Amazon lawyer told workers that they had “already seen instances” of text generated by ChatGPT that “closely” resembled internal company data. This issue seems to have come to a head recently because Amazon staffers and other tech workers throughout the industry have begun using ChatGPT as a “ coding assistant ” of sorts to help them write or improve strings of code, the report

IT 145
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Automated Security and Compliance Attracts Venture Investors

eSecurity Planet

In 2013, Adam Markowitz founded Portfolium, an edtech startup that matched college students and graduates with employers. “I remember the first time we were asked for a SOC 2 report, which quickly became the minimum bar requirement in our industry for proof of an effective security program,” he said. The process for creating the report was time-consuming, manual and costly.

More Trending

article thumbnail

Microsoft Patch Tuesday, February 2023 Edition

Krebs on Security

Microsoft is sending the world a whole bunch of love today, in the form of patches to plug dozens of security holes in its Windows operating systems and other software. This year’s special Valentine’s Day Patch Tuesday includes fixes for a whopping three different “zero-day” vulnerabilities that are already being used in active attacks.

article thumbnail

Data Breaches: The Complete WIRED Guide

WIRED Threat Level

Everything you need to know about the past, present, and future of data security—from Equifax to Yahoo—and the problem with Social Security numbers.

article thumbnail

The Curse of Cybersecurity Knowledge

KnowBe4

The curse of knowledge is a cognitive bias that occurs when someone is trying to communicate information to another person, but falsely assumes that the other person has the same level of knowledge or understanding of the topic. This can lead to the communicator overestimating the other person's understanding of the subject, and thus not providing enough detail or explanation.

article thumbnail

Government Sanctions: No Ransomware Please, We're British

Data Breach Today

UK Toughens Anti-Cybercrime Stance by Sanctioning Accused Operators for First Time As ransomware continues to disrupt British organizations, the U.K. for the first time has sanctioned alleged cybercriminals, including accused Conti and TrickBot operators. Ransomware victims must conduct due diligence before paying any ransom, as violating sanctions carries severe penalties.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Check Point Boosts AppSec Focus With CNAPP Enhancements

Dark Reading

Established network security players like Check Point are responding to the shift to cloud-native applications, which have exposed more vulnerabilities in open source software supply chains.

Cloud 120
article thumbnail

Microsoft Patch Tuesday Includes Three Exploited Zero-Day Vulnerabilities

eSecurity Planet

Microsoft’s February 2023 Patch Tuesday fixes 75 vulnerabilities, nine of them rated critical, and three (all rated important) that are being exploited. “This is only the second Patch Tuesday of the year, and we have already tripled the number of weaponized threats that need to be fixed in this release,” Syxsense CEO and founder Ashley Leonard told eSecurity Planet. “We also have five patches that resolve vulnerabilities with a CVSS score of more than 9 (critical), which

article thumbnail

[INFOGRAPHIC] 9 Cognitive Biases Hackers Exploit the Most

KnowBe4

Cybersecurity is not just a technological challenge, but increasingly a social and behavioral one.

article thumbnail

Play Ransomware Lists A10 Networks on its Leak Site

Data Breach Today

Group Says It Has Confidential Data, Tech Docs; A10 Says Operations Not Impacted The Play ransomware group listed networking hardware manufacturer A10 Networks in its leak site, after briefly gaining access to its IT infrastructure, according to data breach notifications firm BetterCyber. The group says it has confidential data, technical documentation and more.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Is OWASP at Risk of Irrelevance?

Dark Reading

A growing group of OWASP members and board leaders are calling for the AppSec group to make big changes to stay apace with modern development.

Risk 115
article thumbnail

Crypto Buyers Beware: 1 in 4 New Tokens of Any Value Is a Scam

WIRED Threat Level

And according to tracing firm Chainalysis, one very prolific scammer ran at least 264 of those scams in 2022 alone.

article thumbnail

European Parliament Committee Opposes Adequacy Under EU-U.S. Data Privacy Framework in Draft Opinion

Hunton Privacy

On February 14, 2023, in a Draft Motion for a Resolution on the adequacy of the protection afforded by the proposed EU-U.S. Data Privacy Framework (the “Framework”), the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (the “Committee”) urged the European Commission not to adopt adequacy based on the Framework, on the basis that it “fails to create actual equivalence” with the EU in the level of data protection that it provides.

article thumbnail

Kia and Hyundai Fix TikTok Security Challenge

Data Breach Today

Vulnerability Potentially Caused Deaths and Thousands of Thefts in the US Hyundai and Kia are rolling out a software update aimed at stopping an outbreak of car thefts caused by a trend on social media app TikTok. The "Kia Challenge" went viral in mid-2022 after users discovered how to steal certain cars using a screwdriver and a male USB Type A connector.

Security 278
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

9 New Microsoft Bugs to Patch Now

Dark Reading

78 new CVEs patched in this month's batch — nearly half of which are remotely executable and three of which attackers already are exploiting.

115
115
article thumbnail

Jamf Threat Labs analyzes the exploited in-the-wild WebKit vulnerability CVE-2022-42856

Jamf

Jamf Threat Labs investigated a WebKit vulnerability that was exploited in the wild. Attackers can exploit CVE-2022-42856 to control code execution within WebKit, giving them the ability to read/write files. This blog explores what the vulnerability looked like in the code and the patches Apple applied.

105
105
article thumbnail

Will AI and Deepfakes Weaken Biometric MFA

KnowBe4

You should use phishing-resistant multi-factor authentication (MFA) when you can to protect valuable data and systems. But most biometrics and MFA are not as strong as touted and much of it can easily be hacked and bypassed. It doesn’t necessarily mean you shouldn’t use it, just pick strong, more trustworthy implementations and don’t ever think they can’t be hacked.

Phishing 105
article thumbnail

Spanish Police Bust Phishing Ring That Defrauded Thousands

Data Breach Today

Group Targeted American Victims and Pocketed Over 5 Million Euros Police busted nine members of a cyber fraud gang that targeted mainly Americans. Spanish police arrested eight members, and U.S. authorities arrested one. In less than a year, the ring pocketed 5 million euros in scammed funds, say the Spanish National Police.

Phishing 278
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Master modern work with intelligent, connected, secure and responsible experiences

OpenText Information Management

No matter your industry or business function, whether you’re dealing with highly complex and regulated processes like clinical trials; simply need to automate manual data entry into everyday tools; or want a fast track to the cloud, seamlessly connecting content to process is essential to meet the demands of modern work. With Cloud Edition (CE) … The post Master modern work with intelligent, connected, secure and responsible experiences appeared first on OpenText Blogs.

Security 105
article thumbnail

OT Network Security Myths Busted in a Pair of Hacks

Dark Reading

How newly exposed security weaknesses in industrial wireless, cloud-based interfaces, and nested PLCs serve as a wake-up call for hardening the physical process control layer of the OT network.

Security 105
article thumbnail

[HEADS UP] Russian Hacker Group Launches New Spear Phishing Campaign with Targets in US and Europe

KnowBe4

The Russian-based hacking group Seaborgium is at it again with increased spear phishing attacks targeting US and European countries in the last year.

Phishing 105
article thumbnail

GoDaddy Fingers Hacking Campaign for 3-Year Run of Breaches

Data Breach Today

The Campaign Installed Malware on Internal Systems and Obtained Source Code Internet domain registrar GoDaddy says it is the victim of a yearslong hacking campaign that installed malware on internal systems and obtained source code. The hackers' "apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution," the company says.

Phishing 264
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

What Is the CIA Triad and Why Is It Important?

IT Governance

Confidentiality, integrity and availability. These are the three components of the CIA triad, an information security model designed to protect sensitive information from data breaches. The CIA triad is a widely accepted principle within the industry, and is used in ISO 27001 , the international standard for information security management. It’s also referenced in the GDPR (General Data Protection Regulation) , with Article 32 stating that organisations must “implement appropriate technical and

IT 105
article thumbnail

Novel Spy Group Targets Telecoms in 'Precision-Targeted' Cyberattacks

Dark Reading

The primary victims so far have been employees of telcos in the Middle East, who were hit with custom backdoors via the cloud, in a likely precursor to a broader attack.

Cloud 105
article thumbnail

New Survey Reveals Employees are the Attack Surface

KnowBe4

A survey by Tanium has found that IT security professionals in the UK say that 64% of avoidable cyber attacks are due to human error, which usually involves falling for phishing attacks. More than half of the respondents said that loss of productivity would be their main concern following a cyber attack.

Phishing 105