Sat.Aug 17, 2024 - Fri.Aug 23, 2024

article thumbnail

Overcoming Obstacles to Gen AI for Content Services

AIIM

While humans are critical to the success of AI initiatives, they may also present obstacles. In this blog post, we will walk through some of the challenges organizations face when implementing AI for content services.

article thumbnail

Local Networks Go Global When Domain Names Collide

Krebs on Security

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which are freely available for anyone to register.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

2.9 Billion Records Exposed in NPD Breach: How to Stay Safe

eSecurity Planet

A cataclysmic data breach has cast a long shadow over the privacy of billions of individuals. Reports claim that a staggering 2.9 billion records, including Social Security numbers, have been compromised in a cyberattack targeting National Public Data (NPD), a company specializing in background checks. This unprecedented scale of data exposure highlights the vulnerabilities inherent in our interconnected world and the immense value placed on personal information by cybercriminals.

article thumbnail

Black Hat Fireside Chat: User feedback, AI-infused email security are both required to deter phishing

The Last Watchdog

I recently learned all about the state-of-the art of phishing attacks – the hard way. Related: GenAI-powered attacks change the game An email arrived from the head of a PR firm whom I’ve known for 20 years asking me to click on a link to check out a proposal. Foolishly, I did so all too quickly. Within a few minutes, many of my contacts, and even strangers, were receiving a similar malicious email from me.

Phishing 289
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Global Cyber Agencies Unveil New Logging Standards

Data Breach Today

Logging Best Practices Guidance Aims to Enhance Global Detection and Response The Australian Signals Directorate's Australian Cyber Security Center released joint guidance with a cohort of international cyber agencies that aims to provide baseline standards for event logging and threat detection, amid a wave of high-profile attacks employing "living off the land" techniques.

Security 305

More Trending

article thumbnail

Embracing the Role of Educator: Guidance for Information Management Practitioners in the Era of AI

AIIM

As organizations explore the potential of AI, information management practitioners may face the challenge of being perceived as roadblocks rather than facilitators. However, by aligning Generative AI initiatives with business goals and promoting intentional adoption, these professionals can pivot into a critical educator role.

Education 145
article thumbnail

NEWS ANALYSIS Q&A: The early going of Generative AI and LLMs impacting cybersecurity

The Last Watchdog

The art of detecting subtle anomalies, predicting emergent vulnerabilities and remediating novel cyber-attacks is becoming more refined, day by day. Related: GenAI’s impact on elections It turns out that the vast datasets churned out by cybersecurity toolsets happen to be tailor-made for ingestion by Generative AI ( GenAI ) engines and Large Language Models ( LLMs.

article thumbnail

Is AI Making Banking Safer or Just More Complicated?

Data Breach Today

As Banks Combat Fraud, Customers Feel the Strain of Overly Cautious Measures In today’s AI-driven world, banks are becoming increasingly vigilant, often freezing accounts or demanding extensive documentation at the slightest hint of suspicious activity. Sending money, once a straightforward task, is now fraught with complexity.

293
293
article thumbnail

The Mad Liberator ransomware group uses social-engineering techniques

Security Affairs

New cybercrime group Mad Liberator is targeting AnyDesk users and runs a fake Microsoft Windows update screen to conceal data exfiltrating. The Sophos X-Ops Incident Response team warned that a new ransomware group called Mad Liberator is exploiting the remote-access application Anydesk for their attacks. The group was also spotted running a fake Microsoft Windows update screen to conceal data exfiltrating.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

The Pentagon Is Planning a Drone ‘Hellscape’ to Defend Taiwan

WIRED Threat Level

The US Defense Department’s grand strategy for protecting Taiwan from a massive Chinese military offensive involves flooding the zone with thousands of drones.

Military 131
article thumbnail

The Trouble with Procurement Departments, Resellers and Stripe

Troy Hunt

It should be so simple: you're a customer who wants to purchase something so you whip out the credit card and buy it. I must have done this thousands of times, and it's easy! I've bought stuff with plastic credit cards, stuff with Apple Pay on my phone and watch and, like all of us, loads of stuff simply by entering credit card details into a website.

IT 114
article thumbnail

US Authorities Warn Health Sector of Everest Gang Threats

Data Breach Today

Group Claims a NY Surgical Center and a Nevada Medical Center Among Recent Victims U.S. authorities are warning healthcare sector entities of incidents involving Everest, a Russian-speaking ransomware group and initial access broker, which claims to have stolen sensitive patient information in recent attacks, including on two medical care providers in New York and Nevada.

article thumbnail

National Public Data confirms a data breach

Security Affairs

Background check service National Public Data confirms a data breach that exploded millions of social security numbers and other sensitive information. Background check service National Public Data confirms that a threat actor has breached its systems and had access to millions of social security numbers and other sensitive personal information. According to a statement published by the company, exposed data include the name, email address, phone number, social security number, and mailing add

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Is Disabling Clickable URL Links Enough?

KnowBe4

Recently, we had a customer reach out to ask if disabling clickable uniform resource locator (URL) links in emails was enough protection by itself to potentially not need employee security awareness training and simulated phishing.

article thumbnail

How to Use LastPass: Complete Guide for Beginners

eSecurity Planet

Navigating the complexities of password management can be challenging, especially if you’re new to it. LastPass, a leading password manager, offers a robust solution for securely storing and managing your organization’s digital assets. There are many types of network security , so understanding how to use LastPass is essential to managing personal accounts or securing an entire team.

Passwords 112
article thumbnail

ISMG Editors: Social Engineering, Election Defense in AI Era

Data Breach Today

Also: Dangers of Malicious Code Embedded in ML Models; Is Ransomware in Decline? AI's influence on social engineering and election security has become a focal point at Black Hat. ISMG editors discuss how advanced technologies are making it easier to manipulate people and compromise security systems and offer key insights on machine learning vulnerabilities.

article thumbnail

Large-scale extortion campaign targets publicly accessible environment variable files (.env)

Security Affairs

A large-scale extortion campaign compromised multiple organizations by exploiting publicly accessible environment variable files (.env). Palo Alto Unit 42 researchers uncovered a large-scale extortion campaign that successfully compromised and extorted multiple victim organizations by leveraging exposed environment variable files (.env files). The exposed files contained sensitive variables such as credentials belonging to various applications.

Access 140
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Malvertising Campaign Impersonates Dozens of Google Products

KnowBe4

A malvertising campaign is abusing Google ads to impersonate Google’s entire product line, according to researchers at Malwarebytes. The malicious ads are designed to lure victims into a tech support scam.

article thumbnail

The US Government Wants You—Yes, You—to Hunt Down Generative AI Flaws

WIRED Threat Level

The AI ethics nonprofit Humane Intelligence and the US National Institute of Standards and Technology are launching a series of contests to get more people probing for problems in generative AI systems.

article thumbnail

Breach Roundup: Microsoft Fixed Copilot Studio Flaw

Data Breach Today

Also: Microsoft Recall; Microchip Technology Attack; FCC Fine for Deepfake Audio This week, a flaw was found in Microsoft Copilot's Studio, Microsoft announced rollout of the Recall feature, Microchip Technology was hit by a cyberattack, FlightAware data was exposed, Equiniti and Lingo Telecom were fined for cyber-related incidents, and Toyota suffered a third-party breach.

284
284
article thumbnail

From 2018: DeepMasterPrints: deceive fingerprint recognition systems with MasterPrints generated with GANs

Security Affairs

Boffins demonstrated the vulnerability of fingerprint recognition systems to dictionary attacks using ‘MasterPrints, ‘which are fingerprints that can match multiple other prints. A team of researchers from US universities demonstrated how to deceive fingerprint recognition systems through dictionary attacks using ‘MasterPrints,’ which are fingerprints that can match multiple other prints.

Risk 139
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Story of an Undercover CIA Agent who Penetrated Al Qaeda

Schneier on Security

Rolling Stone has a long investigative story (non-paywalled version here ) about a CIA agent who spent years posing as an Islamic radical. Unrelated, but also in the “real life spies” file: a fake Sudanese diving resort run by Mossad.

101
101
article thumbnail

Ransomware Group Known as ‘Royal’ Rebrands as BlackSuit and Is Leveraging New Attack Methods

KnowBe4

Despite changing their stripes, the FBI warns organizations of new tactics used by this known ransomware threat group that are only making them more.

article thumbnail

Addressing the OT SOC Challenges in Industrial Environments

Data Breach Today

EY's Piotr Ciepiela Discusses Key Challenges in Implementing, Maintaining OT SOCs Piotr Ciepiela, EMEIA cybersecurity leader at EY, discusses the challenges of securing OT systems and contrasts them with IT SOC environments. He emphasizes the need for specialized tools, dedicated personnel and strong collaboration with engineering teams to manage OT SOC operations.

article thumbnail

A backdoor in millions of Shanghai Fudan Microelectronics RFID cards allows cloning

Security Affairs

A flaw in millions of RFID cards manufactured by Shanghai Fudan Microelectronics allows these contactless cards to be cloned instantly. Researchers from security firm Quarkslab discovered a backdoor in millions of RFID cards manufactured by the Chinese chip manufacturer Shanghai Fudan Microelectronics. The experts announced the discovery of a hardware backdoor and successfully cracked its key allowing the instantaneous cloning of RFID smart cards. “In this paper, we present several attacks

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

The State of Ransomware

Schneier on Security

Palo Alto Networks published its semi-annual report on ransomware. From the Executive Summary: Unit 42 monitors ransomware and extortion leak sites closely to keep tabs on threat activity. We reviewed compromise announcements from 53 dedicated leak sites in the first half of 2024 and found 1,762 new posts. This averages to approximately 294 posts a month and almost 68 posts a week.

article thumbnail

How to clear the cache on your iPhone (and why you should)

Collaboration 2.0

Cache and cookies can clog your browser and slow your iPhone's performance, but there's a simple way to bring your device back up to speed. Try this today and see the difference.

98
article thumbnail

North Korean Hackers Pivot Away From Public Cloud

Data Breach Today

Kimsuky, or a Related Group, Deploys XenoRAT Variant A North Korean hacking team hastily pivoted from using publicly available cloud computing storage to its own infrastructure after security researchers unmasked a malware campaign. The group shifted from using cloud service including Google Drive, OneDrive, and Dropbox to systems under its control.

Cloud 283