Krebs on Security

OCTOBER 5, 2022

A recent proliferation of phony executive profiles on LinkedIn is creating something of an identity crisis for the business networking site, and for companies that rely on it to hire and screen prospective employees. The fabricated LinkedIn identities — which pair AI-generated profile photos with text lifted from legitimate accounts — are creating major headaches for corporate HR departments and for those managing invite-only LinkedIn groups.

Artificial Intelligence 295

Artificial Intelligence Authentication IT Communications 295

Dark Reading

OCTOBER 4, 2022

Responding to cyberattacks is extraordinarily stressful, but better planning, frequent practice, and the availability of mental health services can help IR professionals, a survey finds.

132

132

OpenText Information Management

OCTOBER 4, 2022

Most Professional Services engagements with OpenText™ follow a traditional design, built, test and deploy project methodology. OpenText software is well suited for the waterfall project model. A notable exception is OpenText™ Magellan™ and our Data Science projects. In these cases, customers can expect an approach which simply adds refinement iterations to the build phase or … The post An agile approach to Data Science appeared first on OpenText Blogs.

Data science 116

Data science Artificial Intelligence Analytics 116

Data Breach Today

OCTOBER 1, 2022

Department Paid $110,000 in Rewards for Submitted Vulnerability Reports The U.S. Department of Defense uncovered almost 350 vulnerabilities in the department's networks as part of its experimental bug bounty program launched on American Independence Day. The week-long bug bounty challenge called "Hack U.S." ran from July 4 to July 11.

IT 264

IT 264

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

IBM Big Data Hub

OCTOBER 4, 2022

It is well known that Artificial Intelligence (AI) has progressed, moving past the era of experimentation. Today, AI presents an enormous opportunity to turn data into insights and actions, to amplify human capabilities, decrease risk and increase ROI by achieving break through innovations. While the promise of AI isn’t guaranteed and doesn’t always come easy, adoption is no longer a choice.

Government 97

Government Artificial Intelligence Metadata Data science 97

The Last Watchdog

OCTOBER 3, 2022

How did America and Americans regress to being much less secure than before the Internet? Everyone knows the many amazing conveniences, benefits, and advances the Internet has enabled. What everyone doesn’t know is how irrational the Internet’s utopian founding premises have proven to be concerning America’s and Americans’ security over the last quarter century.

Government 170

Government Authentication Communications Privacy 170

Data Breach Today

OCTOBER 6, 2022

But Payments to 540,000 Class Members in Breach Settlement Capped at $800,000 A Baltimore, Maryland-based healthcare organization has agreed to spend nearly $8 million improving and maintaining its data security as "injunctive relief" to settle a class action lawsuit involving two data breaches that affected a total of about 540,000 individuals.

Data breaches 246

Data breaches Security IT 246

Data Matters

OCTOBER 1, 2022

On September 22, 2022, the Federal Energy Regulatory Commission (FERC) issued a Notice of Proposed Rulemaking (NOPR) regarding Incentives for Advanced Cybersecurity Investment, requesting comment on proposed revisions to regulations implementing the Federal Power Act (FPA). The revisions would provide incentive-based rate treatments for the transmission of electric energy in interstate commerce and the sale of electric energy at wholesale in interstate commerce by utilities for certain voluntary

Energy and Utilities 157

Energy and Utilities Cybersecurity Sales Privacy 157

Krebs on Security

OCTOBER 1, 2022

Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server , a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime, it is urging a subset of Exchange customers to enable a setting that could help mitigate ongoing attacks.

Passwords 186

Passwords Phishing Authentication Access 186

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Schneier on Security

OCTOBER 3, 2022

This is interesting research : In this paper, we develop a new mechanism for detecting audio deepfakes using techniques from the field of articulatory phonetics. Specifically, we apply fluid dynamics to estimate the arrangement of the human vocal tract during speech generation and show that deepfakes often model impossible or highly-unlikely anatomical arrangements.

Paper 145

Paper Artificial Intelligence IT 145

Data Breach Today

OCTOBER 6, 2022

UK Insurance Marketplace Gauging Best Options for Reconnecting Systems Put Offline Lloyd's of London is probing a possible cybersecurity incident that led it to yank some systems offline. Details are scarce at the moment, including whether the incident is malicious or involves ransomware and who may have instigated the incident.

Insurance 245

Insurance Ransomware Cybersecurity IT 245

IT Governance

OCTOBER 3, 2022

Welcome to our September 2022 list of data breaches and cyber attacks. Compared to August, it was a comparatively quiet month, as we identified 88 publicly disclosed security incidents and 35,566,046 compromised records. As always, you can find the full list below – although, perhaps for the last time, they are broken down into their respective categories.

Data breaches 140

Data breaches Ransomware Education Phishing 140

Security Affairs

OCTOBER 3, 2022

The Finnish Security Intelligence Service ( SUPO ) warns Russia will highly likely intensify its cyber activity over the winter. The Finnish Security Intelligence Service ( Suojelupoliisi or SUPO ) warn of a highly likely intensification of cyberespionage activities conducted by Russia-linked threat actors over the winter. According to the SUPO, future NATO membership will make the country a privileged target for Russian intelligence and influence operations.

Manufacturing 142

Manufacturing Access Security Government 142

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

eSecurity Planet

OCTOBER 1, 2022

Vietnamese security firm GTSC published a blog post this week warning of a new zero-day remote code execution (RCE) flaw in Microsoft Exchange Server, which it said has been actively exploited at least since early August. GTSC submitted the vulnerability to the Zero Day Initiative , which verified two flaws on September 8 and 9: ZDI-CAN-18333 and ZDI-CAN-18802, with CVSS scores of 8.8 and 6.3, respectively.

Government 134

Government Cybersecurity Security IT 134

Data Breach Today

OCTOBER 7, 2022

CSI Laboratories Says Recent Phishing Incident Affected 245,000 Patients A Georgia-based cancer testing laboratory has reported to federal regulators a phishing breach affecting the sensitive information of nearly 245,000 individuals. It is the lab's second hacking breach affecting hundreds of thousands of individuals reported over the last six months.

Phishing 263

Phishing IT 263

Thales Cloud Protection & Licensing

OCTOBER 4, 2022

Cybersecurity Awareness Month: Resilient Multi-factor Authentication (MFA) and Strong Passwords. divya. Tue, 10/04/2022 - 05:20. Historically, October has always been an important month for the cybersecurity community and a month of major cybersecurity events. So in 2004, the President of the United States designated October as Cybersecurity Awareness Month.

Authentication 127

Authentication Passwords Cybersecurity Personal data 127

Security Affairs

OCTOBER 1, 2022

Microsoft confirmed that two recently disclosed zero-day flaws in Microsoft Exchange are being actively exploited in the wild. Microsoft confirmed that two zero-day vulnerabilities in Microsoft Exchange recently disclosed by researchers at cybersecurity firm GTSC are being actively exploited in the wild. The IT giant has promptly started the investigation into the two zero-day vulnerabilities that impacts Microsoft Exchange Server 2013, 2016, and 2019.

Authentication 139

Authentication Cybersecurity Access Risk 139

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

eSecurity Planet

OCTOBER 6, 2022

DCSO CyTec researchers Johann Aydinbas and Axel Wauer are warning of new backdoor malware they’re calling “Maggie,” which targets Microsoft SQL servers. Maggie, the researchers say, has already affected at least 285 servers in 42 countries, with a particular focus on South Korea, India, Vietnam, China, and Taiwan. The malware offers a wide range of functionality, including the ability to change file permissions, run commands, and act as a network bridge into the infected server.

Unstructured data 130

Unstructured data Cybersecurity Security IT 130

Data Breach Today

OCTOBER 7, 2022

CISA, FBI and NSA List 20 Common Vulnerabilities Used by Beijing Count Log4Shell among Chinese hackers' favorite vulnerabilities, federal agencies say in a compilation of top exploits used by Beijing for state-sponsored cyber theft and espionage. Chinese state-sponsored hacking remains "one of the largest and most dynamic threats," warn the FBI, NSA and CISA.

243

243

IT Governance

OCTOBER 6, 2022

This October is Cyber Security Awareness Month, an event designed to educate people about information security and the steps they can take to stay safe online. Now in its nineteenth year, the campaign provides tools and resources to help people learn more about the cyber security industry and the ways they can get involved. This year’s event focuses on phishing and ransomware – two of the biggest threats that organisations currently face.

Security awareness 129

Security awareness Security Phishing Passwords 129

WIRED Threat Level

OCTOBER 7, 2022

Blockchain investigators have uncovered at least $4 million—and counting—in cryptocurrency fundraising has reached Russia's violent militia groups.

Blockchain 141

Blockchain Security 141

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

eSecurity Planet

OCTOBER 3, 2022

ZINC, a sub-group of the notorious North Korean Lazarus hacking group, has implanted malicious payloads in open-source software to infiltrate corporate networks, Microsoft’s threat hunting team has reported. PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and the muPDF/Subliminal Recording software installer have been backdoored to perform a wide range of social engineering campaigns that started in April 2022.

IT 128

IT Phishing Encryption Archiving 128

Data Breach Today

OCTOBER 4, 2022

Hong Kong Privacy Office Says It Is 'Disappointed' With Breach Notification Upscale Asian hotelier Shangri-La Group has copped to a data breach incident that may affect hundreds of thousands of guests. The hotel detected unauthorized access to its guest database in July but didn't notify guests or regulators until September.

Data breaches 241

Data breaches Privacy Access IT 241

Security Affairs

OCTOBER 3, 2022

The Italian luxury sports car manufacturer Ferrari confirmed the availability of internal documents online, but said it has no evidence of cyber attack. Documents belonging to the Italian luxury sports car manufacturer Ferrari are circulating online, the company confirmed their authenticity stating it is not aware of cyber attacks. Ferrari is investigating the leak of the internal documents and announced it will implement all the necessary actions.

Manufacturing 130

Manufacturing Ransomware Authentication IT 130

Dark Reading

OCTOBER 7, 2022

The group has been operating for over a year, promoting their tools in hacking forums, stealing credit card information, and using typosquatting techniques to target open source software flaws.

124

124

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

eSecurity Planet

OCTOBER 1, 2022

With two high-profile breaches this year, Okta, a leader in identity and access management (IAM) , made the kind of headlines that security vendors would rather avoid. After seeing headlines like these, some executives and customers lose faith that multifactor authentication (MFA) technology, particularly Okta’s, will protect their organizations, but should they?

Phishing 126

Phishing Passwords Authentication Access 126

Data Breach Today

OCTOBER 6, 2022

19-Year-Old From Sydney Suburbs Allegedly Sent Extortion SMS to Data Breach Victims Police arrested a teenager in his suburban Sydney home for allegedly attempting to extort AU$2,000 from victims of the Optus data breach. The unnamed 19-year-old allegedly threatened to conduct financial crimes using the information of 93 individuals unless he received a payout.

Data breaches 234

Data breaches 234

Security Affairs

OCTOBER 1, 2022

A cyberespionage group, tracked as Witchetty, used steganography to hide a previously undocumented backdoor in a Windows logo. Broadcom’s Symantec Threat Hunter Team observed a threat actor, tracked as Witchetty, using steganography to hide a previously undocumented backdoor in a Windows logo. The group used the backdoor in attacks against Middle Eastern governments.

Manufacturing 137

Manufacturing Government Cybersecurity IT 137