Sat.Feb 11, 2023 - Fri.Feb 17, 2023

article thumbnail

ChatGPT Subs In as Security Analyst, Hallucinates Only Occasionally

Dark Reading

Incident response triage and software vulnerability discovery are two areas where the large language model has demonstrated success, although false positives are common.

Security 111
article thumbnail

GUEST ESSAY: Data loss prevention beccomes paramount — expecially in the wake of layoffs

The Last Watchdog

When a company announces layoffs, one of the last things most employees or even company owners worry about is data loss. Related: The importance of preserving trust in 2023 Valuable or sensitive information on a computer is exposed to theft or to getting compromised. This can happen due to intentional theft, human error, malware, or even physical destruction of servers.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Cybercriminals are Using Geotargeted Phishing to Target Victims

KnowBe4

Attackers are abusing a legitimate service called “GeoTargetly” to launch localized phishing attacks, according to Jeremy Fuchs at Avanan. GeoTargetly is meant to be used by advertisers to display ads in countries’ local languages. Avanan observed a phishing campaign that’s using phishing emails to target multiple countries in South America.

Phishing 110
article thumbnail

ChatGPT Is Ingesting Corporate Secrets

Schneier on Security

Interesting : According to internal Slack messages that were leaked to Insider , an Amazon lawyer told workers that they had “already seen instances” of text generated by ChatGPT that “closely” resembled internal company data. This issue seems to have come to a head recently because Amazon staffers and other tech workers throughout the industry have begun using ChatGPT as a “ coding assistant ” of sorts to help them write or improve strings of code, the report

IT 144
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Automated Security and Compliance Attracts Venture Investors

eSecurity Planet

In 2013, Adam Markowitz founded Portfolium, an edtech startup that matched college students and graduates with employers. “I remember the first time we were asked for a SOC 2 report, which quickly became the minimum bar requirement in our industry for proof of an effective security program,” he said. The process for creating the report was time-consuming, manual and costly.

More Trending

article thumbnail

Check Point Boosts AppSec Focus With CNAPP Enhancements

Dark Reading

Established network security players like Check Point are responding to the shift to cloud-native applications, which have exposed more vulnerabilities in open source software supply chains.

Cloud 120
article thumbnail

The Curse of Cybersecurity Knowledge

KnowBe4

The curse of knowledge is a cognitive bias that occurs when someone is trying to communicate information to another person, but falsely assumes that the other person has the same level of knowledge or understanding of the topic. This can lead to the communicator overestimating the other person's understanding of the subject, and thus not providing enough detail or explanation.

article thumbnail

Microsoft Patch Tuesday Includes Three Exploited Zero-Day Vulnerabilities

eSecurity Planet

Microsoft’s February 2023 Patch Tuesday fixes 75 vulnerabilities, nine of them rated critical, and three (all rated important) that are being exploited. “This is only the second Patch Tuesday of the year, and we have already tripled the number of weaponized threats that need to be fixed in this release,” Syxsense CEO and founder Ashley Leonard told eSecurity Planet. “We also have five patches that resolve vulnerabilities with a CVSS score of more than 9 (critical), which

article thumbnail

Chinese Threat Group Leaks Hacking Secrets in Failed Attack

Data Breach Today

The Tonto Team Used Spear-Phishing Emails to Target Group-IB Employees Group-IB says a July 2022 spear-phishing attempt on its own employees came from the Chinese threat actor known variously as Tonto Team and CactusPete. Tonto Team may be a unit of China's People's Liberation Army. Malwarebytes says the group has ramped up spying against Russian government agencies.

Phishing 325
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Data Breaches: The Complete WIRED Guide

WIRED Threat Level

Everything you need to know about the past, present, and future of data security—from Equifax to Yahoo—and the problem with Social Security numbers.

article thumbnail

European Parliament Committee Opposes Adequacy Under EU-U.S. Data Privacy Framework in Draft Opinion

Hunton Privacy

On February 14, 2023, in a Draft Motion for a Resolution on the adequacy of the protection afforded by the proposed EU-U.S. Data Privacy Framework (the “Framework”), the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (the “Committee”) urged the European Commission not to adopt adequacy based on the Framework, on the basis that it “fails to create actual equivalence” with the EU in the level of data protection that it provides.

article thumbnail

Jamf Threat Labs analyzes the exploited in-the-wild WebKit vulnerability CVE-2022-42856

Jamf

Jamf Threat Labs investigated a WebKit vulnerability that was exploited in the wild. Attackers can exploit CVE-2022-42856 to control code execution within WebKit, giving them the ability to read/write files. This blog explores what the vulnerability looked like in the code and the patches Apple applied.

105
105
article thumbnail

Play Ransomware Lists A10 Networks on its Leak Site

Data Breach Today

Group Says It Has Confidential Data, Tech Docs; A10 Says Operations Not Impacted The Play ransomware group listed networking hardware manufacturer A10 Networks in its leak site, after briefly gaining access to its IT infrastructure, according to data breach notifications firm BetterCyber. The group says it has confidential data, technical documentation and more.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Master modern work with intelligent, connected, secure and responsible experiences

OpenText Information Management

No matter your industry or business function, whether you’re dealing with highly complex and regulated processes like clinical trials; simply need to automate manual data entry into everyday tools; or want a fast track to the cloud, seamlessly connecting content to process is essential to meet the demands of modern work. With Cloud Edition (CE) … The post Master modern work with intelligent, connected, secure and responsible experiences appeared first on OpenText Blogs.

Security 105
article thumbnail

OT Network Security Myths Busted in a Pair of Hacks

Dark Reading

How newly exposed security weaknesses in industrial wireless, cloud-based interfaces, and nested PLCs serve as a wake-up call for hardening the physical process control layer of the OT network.

Security 105
article thumbnail

What Is the CIA Triad and Why Is It Important?

IT Governance

Confidentiality, integrity and availability. These are the three components of the CIA triad, an information security model designed to protect sensitive information from data breaches. The CIA triad is a widely accepted principle within the industry, and is used in ISO 27001 , the international standard for information security management. It’s also referenced in the GDPR (General Data Protection Regulation) , with Article 32 stating that organisations must “implement appropriate technical and

IT 105
article thumbnail

Spanish Police Bust Phishing Ring That Defrauded Thousands

Data Breach Today

Group Targeted American Victims and Pocketed Over 5 Million Euros Police busted nine members of a cyber fraud gang that targeted mainly Americans. Spanish police arrested eight members, and U.S. authorities arrested one. In less than a year, the ring pocketed 5 million euros in scammed funds, say the Spanish National Police.

Phishing 279
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Fortinet fixes critical vulnerabilities in FortiNAC and FortiWeb

Security Affairs

Cybersecurity vendor Fortinet has addressed two critical vulnerabilities impacting its FortiNAC and FortiWeb products. Cybersecurity firm Fortinet has released security updates to address two critical vulnerabilities in FortiNAC and FortiWeb solutions. The two vulnerabilities, tracked as CVE-2022-39952 and CVE-2021-42756 , are respectively an external control of file name or path in Fortinet FortiNAC and a collection of stack-based buffer overflow issues in the proxy daemon of FortiWeb.

article thumbnail

Novel Spy Group Targets Telecoms in 'Precision-Targeted' Cyberattacks

Dark Reading

The primary victims so far have been employees of telcos in the Middle East, who were hit with custom backdoors via the cloud, in a likely precursor to a broader attack.

Cloud 105
article thumbnail

Is Pepsi Okay? Bottling Plant Suffers Malware Attack

IT Governance

Pepsi Bottling Ventures confirmed this week that vast quantities of personal data were stolen in a cyber attack. The incident began late last year, after criminal hackers broke into the organisation’s systems and installed malware. It took almost three weeks for Pepsi Bottling Ventures, the largest bottler of Pepsi-Cola in the US, to spot the intrusion, during which time the attackers had widespread access to its internal systems.

article thumbnail

Kia and Hyundai Fix TikTok Security Challenge

Data Breach Today

Vulnerability Potentially Caused Deaths and Thousands of Thefts in the US Hyundai and Kia are rolling out a software update aimed at stopping an outbreak of car thefts caused by a trend on social media app TikTok. The "Kia Challenge" went viral in mid-2022 after users discovered how to steal certain cars using a screwdriver and a male USB Type A connector.

Security 278
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

CISA adds Cacti, Office, Windows and iOS bugs to its Known Exploited Vulnerabilities Catalog

Security Affairs

US CISA added actively exploited flaws in Cacti framework, Microsoft Office, Windows, and iOS to its Known Exploited Vulnerabilities Catalog. US CISA added the following actively exploited flaws to its Known Exploited Vulnerabilities Catalog : CVE-2022-46169 – Cacti is an open-source platform that provides a robust and extensible operational monitoring and fault management framework for users.

IT 98
article thumbnail

Is OWASP at Risk of Irrelevance?

Dark Reading

A growing group of OWASP members and board leaders are calling for the AppSec group to make big changes to stay apace with modern development.

Risk 115
article thumbnail

How Important Are Collaboration Platforms In Large Enterprises (And How Does This Affect Ediscovery)

Hanzo Learning Center

In the 2022 Collaboration Data Benchmarking Report , just over a third (38%) of organizations said that they could not live without collaboration tools, while another 35% said that some of their teams could not live without collaboration tools. When asked how important collaboration tools will be 12 months down the road, 16% of organizations said they wouldn’t be able to live without them, while 37% said they will become more dependent on them.

98
article thumbnail

GoDaddy Fingers Hacking Campaign for 3-Year Run of Breaches

Data Breach Today

The Campaign Installed Malware on Internal Systems and Obtained Source Code Internet domain registrar GoDaddy says it is the victim of a yearslong hacking campaign that installed malware on internal systems and obtained source code. The hackers' "apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution," the company says.

Phishing 265
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Cisco fixed critical RCE bug in ClamAV Open-Source Antivirus engine

Security Affairs

Cisco addressed a critical vulnerability in the ClamAV open source antivirus engine that can lead to remote code execution on vulnerable devices. Cisco fixed a critical flaw, tracked as CVE-2023-20032 (CVSS score: 9.8), in the ClamAV open source antivirus engine. The vulnerability resides in the residing in the HFS+ file parser component, an attacker can trigger the issue to gain remote code execution on vulnerable devices or trigger a DoS condition.

article thumbnail

9 New Microsoft Bugs to Patch Now

Dark Reading

78 new CVEs patched in this month's batch — nearly half of which are remotely executable and three of which attackers already are exploiting.

115
115
article thumbnail

How we built Arbor: Collibra’s new frontend component design system and architecture

Collibra

If you’re a Collibra user, you may have noticed in our recent releases that some areas look a little different — modern and even more user-friendly. That’s thanks to Arbor — Collibra’s newest design system. Arbor is a React-based system that was built on a solid foundation of Material UI v5 components and has now evolved to encompass so much more.