Data Breach Today

MAY 23, 2023

With data distributed across multiple clouds serving an increasingly remote workforce, can existing data protection programs truly be successful? Most data protection solutions have been built on a foundation of legacy technologies and operations that only drive up complexity and costs. A best-in-class data protection program should be easy to operate, reduce costs, and ultimately drive down data loss risk.

Cloud 247

Cloud Risk 247

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. What follows is an interview with a Russian hacker responsible for a series of aggressive crypto spam campaigns that recently prompted several large Mastodon communities to temporarily halt new registrations.

Data science 267

Data science IoT Manufacturing Paper 267

The Last Watchdog

MAY 24, 2023

Hackers can hurt your business or organization in many ways. First and foremost, cyberattacks can lead to data breaches in which sensitive information is stolen. If a cyber-criminal uses you as a way to get at your customers, suppliers, or employees, these vital business relationships can turn sour. Related: Tapping hidden pools of security talent Sometimes hackers can encrypt your systems, holding them hostage and asking you to pay money to regain access to them.

Cybersecurity 202

Cybersecurity Security awareness Access Data breaches 202

Jamf

MAY 22, 2023

Learn about the discovery of a novel threat vector on iPhone that allows attackers to circumvent security mitigations by exploiting under-protected co-processors, leveraging access to further compromise the iOS kernel.

Access 145

Access Security 145

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Dark Reading

MAY 24, 2023

Any new cybersecurity technology should be not just a neutral addition to a security stack but a benefit to the other technologies or people managing them.

Cybersecurity 94

Cybersecurity Security 94

Krebs on Security

MAY 26, 2023

The number of phishing websites tied to domain name registrar Freenom dropped precipitously in the months surrounding a recent lawsuit from social networking giant Meta , which alleged the free domain name provider has a long history of ignoring abuse complaints about phishing websites while monetizing traffic to those abusive domains. The volume of phishing websites registered through Freenom dropped considerably since the registrar was sued by Meta.

Phishing 284

Phishing Mining IT 284

The Last Watchdog

MAY 24, 2023

Zero trust networking architecture (ZTNA) is a way of solving security challenges in a cloud-first world. Related: The CMMC sea change NIST SP 800-207A (SP 207A), the next installment of Zero Trust guidance from the National Institute of Standards and Technology (NIST), has been released for public review. This special publication was written for security architects and infrastructure designers; it provides useful guidance when designing ZTNA for cloud-native application platforms, especially th

Cloud 223

Cloud Authentication Encryption Communications 223

WIRED Threat Level

MAY 22, 2023

In response to an EU proposal to scan private messages for illegal material, the country's officials said it is “imperative that we have access to the data.

Encryption 145

Encryption Access IT Privacy 145

Data Breach Today

MAY 22, 2023

Dictionary Attack Plus Neural Network Fools Security Checks, Researchers Find Security researchers have demonstrated a practical attack that can be used to defeat biometric fingerprint checks and log into a target's Android - but not Apple - smartphone. Dubbed "BrutePrint," the brute force attack is inexpensive and practical to deploy at a large scale.

Security 287

Security 287

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

AIIM

MAY 25, 2023

I was in Brazil recently to keynote the Information Show in Sao Paulo. Traveling to and speaking at Information Management conferences is endlessly fascinating. One might think that, except for language and location, Brazilian information management professional would be similar to their counterparts in North America and Europe, and in some regards, they are, but the differences can be surprising.

ECM 104

ECM Marketing Records Management Data Privacy 104

The Last Watchdog

MAY 25, 2023

The inadequacy of siloed security solutions is well-documented. Related: Taking a security-first path The good news is that next-gen security platforms designed to unify on-prem and cloud threat detection and remediation are, indeed, coalescing. At RSA Conference 2023 I visited with Elias Terman , CMO, and Sudarsan Kannan , Director of Product Management, from Uptycs , a Walthan, Mass.

Cloud 214

Cloud Security IT 214

Dark Reading

MAY 26, 2023

Informants have released data that includes thousands of safety complaints the company has received about its self-driving capability, as well as sensitive information regarding current and past employees.

IT 123

IT 123

Data Breach Today

MAY 22, 2023

Tejay Fletcher Made It Easy for Scammers to Impersonate Phone Numbers The mastermind behind a criminal website that sold tools for scammers who defrauded victims globally of more than 115 million euros received a 13-year, four-month prison sentence in the United Kingdom just months after law enforcement seized the site.

IT 263

IT 263

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

WIRED Threat Level

MAY 20, 2023

From USB worms to satellite-based hacking, Russia’s FSB hackers, known as Turla, have spent 25 years distinguishing themselves as “adversary number one.

Security 135

Security 135

The Last Watchdog

MAY 20, 2023

The ransomware plague endures — and has arisen as a potent weapon in geopolitical conflicts. Related: The Golden Age of cyber espionage Cyber extortion remains a material threat to organizations of all sizes across all industries. Ransomware purveyors have demonstrated their capability to endlessly take advantage of a vastly expanded network attack surface – one that will only continue to expand as the shift to massively interconnected digital services accelerates.

Ransomware 203

Ransomware Security IT Privacy 203

Dark Reading

MAY 22, 2023

Techniques used in cyber warfare can be sold to anyone — irrespective of borders, authorities, or affiliations. We need to develop strategies to respond at scale.

124

124

Data Breach Today

MAY 24, 2023

Local Authority Finds Sensitive Data Was Exposed Despite Assurances to the Contrary Breach notifications from British outsourcing giant Capita mount amid signs the multibillion-pound company doesn't have a firm grip on how much data it exposed. For a company that trumpets its ability to "achieve better outcomes," Capita's inability to grasp the impact of its breaches is ironic.

IT 250

IT 250

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

National Archives Records Express

MAY 23, 2023

Digital Imaging Lab [technologies] at Archives 2–[photographed for] Prologue use. National Archives Identifier: 184340999 We continue our series of posts to support the publication of 36 CFR section 1236 subpart E – Digitizing Permanent Records , which provides the requirements for digitizing permanent records. Records management is a crucial part of any agency operation, and the rise of digital technology has led many agencies to digitize their records for improved efficiency and ac

Records Management 117

Records Management Archiving Access Security 117

The Last Watchdog

MAY 23, 2023

As digital transformation accelerates, Application Programming Interfaces (APIs) have become integral to software development – especially when it comes to adding cool new functionalities to our go-to mobile apps. Related: Collateral damage of T-Mobile hack Yet, APIs have also exponentially increased the attack vectors available to malicious hackers – and the software community has not focused on slowing the widening of this security gap.

Digital transformation 200

Digital transformation Financial Services Encryption Communications 200

Schneier on Security

MAY 25, 2023

Interesting essay on the poisoning of LLMs—ChatGPT in particular: Given that we’ve known about model poisoning for years, and given the strong incentives the black-hat SEO crowd has to manipulate results, it’s entirely possible that bad actors have been poisoning ChatGPT for months. We don’t know because OpenAI doesn’t talk about their processes, how they validate the prompts they use for training, how they vet their training data set, or how they fine-tune ChatGPT.

Paper 111

Paper IT Artificial Intelligence 111

Data Breach Today

MAY 20, 2023

TurkoRat Capable of Credential Harvesting, Possesses Features Like Wallet Grabber Researchers have identified two legitimate-looking malicious npm packages that concealed an open-source infostealer for two months before being detected and removed. Developers downloaded the TurkoRat malware about 1,200 times from open-source repositories.

242

242

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

eSecurity Planet

MAY 22, 2023

Security researchers recently published a paper detailing an attack they say can be used to bypass smartphone fingerprint authentication. Yiling He of China’s Zhejiang University and Yu Chen of Tencent Security’s Xuanwu Lab are calling the attack BrutePrint , which they say can be used to hijack fingerprint images. An attack like BrutePrint could present a significant threat to passkeys , an increasingly popular way to replace passwords with authentication methods like fingerprint au

Authentication 109

Authentication Encryption Passwords Manufacturing 109

Dark Reading

MAY 25, 2023

Ukraine's head of cybersecurity Victor Zhora says the world needs "efficient legal instruments to confront cyber terrorism.

Cybersecurity 131

Cybersecurity 131

Information Governance Perspectives

MAY 25, 2023

In T he Bastard of Beverly Hills , I tell a crazy story about the time my mother was married to restaurateur Tony Roma, and though it’s true to the best of my recollection, people shouldn’t get the wrong impression about him. Tony was a fine man. He was driven, charismatic, funny, and, like me, a bit of a romantic. You can read more about exactly what happened between us in the book, but the bottom line is that the chef didn’t deserve the hell I put him through during the short

IT 105

IT 105

Data Breach Today

MAY 24, 2023

Vulnerable Small to Midsized Organizations Are Now Favored Victims of APT Actors State-aligned hackers are increasingly targeting small and medium-sized businesses worldwide, as SMBs are more likely to be under-protected against cybersecurity threats such as phishing campaigns, according to a new report by cybersecurity firm Proofpoint.

Phishing 234

Phishing Cybersecurity 234

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

Lenny Zeltser

MAY 25, 2023

Despite years of public shaming by security professionals , some SaaS vendors only offer Single Sign-On (SSO) in high-end "enterprise" product tiers. By withholding this capability from smaller organizations, they put customers' security at risk. Moreover, they base a pricing strategy on a weak signal and miss an opportunity to lower their own security risk.

Security 105

Security Authentication Risk Marketing 105

Hanzo Learning Center

MAY 24, 2023

In-House Legal Departments, like any other business function, must be efficient and effective to deliver the best possible results. They must balance their workload, comply with regulatory requirements, and provide legal counsel to their organization in a cost-effective and streamlined manner. That’s where a Legal Operations professional can help, particularly by prioritizing strategic planning, technology, and information governance to ensure the department runs efficiently and provides the bes

Information governance 104

Information governance Government 104

eSecurity Planet

MAY 24, 2023

The DomainKeys Identified Mail (DKIM) email authentication standard enables email servers to check incoming emails to verify the sender and detect email message alterations. This standard solves the problem of determining if emails have been intercepted and modified in transit and helps to detect SPAM and spoofed emails. By implementing DKIM, an organization improves the reputation of its own emails and enables receiving email servers to improve their own email security.

Encryption 102

Encryption Security Authentication File names 102