Sat.Mar 11, 2023 - Fri.Mar 17, 2023

article thumbnail

GUEST ESSAY: Could CISOs be on the verge of disproving the ‘security-as-a-cost-center’ fallacy?

The Last Watchdog

This year has kicked off with a string of high-profile layoffs — particularly in high tech — prompting organizations across all sectors to both consider costs and plan for yet another uncertain 12 or more months. Related: Attack surface management takes center stage. So how will this affect chief information security officers (CISOs) and security programs?

Security 203
article thumbnail

Why Security Practitioners Should Understand Their Business

Dark Reading

The sooner CISOs become proactive in understanding the flip side of the organizations they protect, the better they'll be at their jobs.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The risk of pasting confidential company data into ChatGPT

Security Affairs

Experts warn that employees are providing sensitive corporate data to the popular artificial intelligence chatbot model ChatGPT. Researchers from Cyberhaven Labs analyzed the use of ChatGPT by 1.6 million workers at companies across industries. They reported that 5.6% of them have used it in the workplace and 4.9% have provided company data to the popular chatbot model since it launched.

Risk 98
article thumbnail

A Spy Wants to Connect With You on LinkedIn

WIRED Threat Level

Russia, North Korea, Iran, and China have been caught using fake profiles to gather information. But the platform’s tools to weed them out only go so far.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

A Rise in Dynamic Phishing

KnowBe4

Attackers are increasingly using techniques to prevent their phishing pages from being detected by security firms, a new report from BlueVoyant has found. The report found that in 2022 there was a 240% increase in phishing pages that attempted to redirect potential security researchers and bots away from the sites.

More Trending

article thumbnail

Magniber Ransomware Group Exploiting Microsoft Zero Day

Data Breach Today

Microsoft Patches Another SmartScreen Signature-Based Vulnerability A financial motivated hacking group has been exploiting a now-patched zero-day vulnerability in the Windows operating system to deliver ransomware. Google Threat Analysis Group attributed the campaign to Magniber ransomware group. Microsoft issued a patch in its March dump of fixes.

article thumbnail

EDPB Guidelines on international transfers: 6 key takeways

Data Protection Report

EDPB Guidelines on the interplay between Article 3 and the provisions in Chapter V of the General Data Protection Regulation on international data transfers On 14 February 2023, the European Data Protection Board ( EDPB ) published its Guidelines on the interplay between Article 3 and the provisions in Chapter V of the General Data Protection Regulation ( GDPR ) on international data transfers (the Guidelines ).

GDPR 142
article thumbnail

Understanding DMARC Better

KnowBe4

I talk and present often about DMARC (and SPF and DKIM), including here. A lot of people who think they understand how DMARC works, do not really understand it as well as they think they do. This post is aimed to help clarify some common misunderstandings.

IT 136
article thumbnail

Two U.S. Men Charged in 2022 Hacking of DEA Portal

Krebs on Security

Two U.S. men have been charged with hacking into a U.S. Drug Enforcement Agency (DEA) online portal that taps into 16 different federal law enforcement databases. Both are alleged to be part of a larger criminal organization that specializes in using fake emergency data requests from compromised police and government email accounts to publicly threaten and extort their victims.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

European Digital Identity Bill Heads to Final Negotiations

Data Breach Today

European Parliament and Council of the EU Set to Engage in Trilogue The European Parliament approved Thursday legislation creating a continentwide framework for digital identity that European leaders hope will diminish the role of big tech companies such as Google and Apple. Members of the European Parliament have pushed for additional privacy measures.

Privacy 276
article thumbnail

How AI Could Write Our Laws

Schneier on Security

By Nathan E. Sanders & Bruce Schneier Nearly 90% of the multibillion-dollar federal lobbying apparatus in the United States serves corporate interests. In some cases, the objective of that money is obvious. Google pours millions into lobbying on bills related to antitrust regulation. Big energy companies expect action whenever there is a move to end drilling leases for federal lands, in exchange for the tens of millions they contribute to congressional reelection campaigns.

article thumbnail

UK ICO Issues Updated Guidance on AI and Data Protection

Hunton Privacy

On March 15, 2023, the UK Information Commissioner’s Office (“ICO”) published an updated version of its guidance on AI and data protection (the “updated guidance”), following requests from UK industry to clarify requirements for fairness in AI. The key updates are summarized as follows: The updated guidance has been restructured using the data protection principles as the core of the structure.

article thumbnail

Microsoft Patch Tuesday, March 2023 Edition

Krebs on Security

Microsoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software. Two of those flaws are already being actively attacked, including an especially severe weakness in Microsoft Outlook that can be exploited without any user interaction. The Outlook vulnerability ( CVE-2023-23397 ) affects all versions of Microsoft Outlook from 2013 to the newest.

Passwords 252
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Microsoft, CrowdStrike Lead Endpoint Protection Gartner MQ

Data Breach Today

Cybereason Enters Leaders Quadrant While Trellix Falls From Leader to Niche Player Microsoft and CrowdStrike once again dominate Gartner's Magic Quadrant for Endpoint Protection. Cybereason has risen to the leaders quadrant and Trellix has fallen to a niche player. The endpoint protection market has rapidly matured in recent years - 50% of organizations have already adopted EDR.

Marketing 283
article thumbnail

34 Most Common Types of Network Security Protections

eSecurity Planet

Whether you’re operating a global enterprise network or a small family business, your network’s security needs to be optimized with tools, teams, and processes to protect customer data and valuable business assets. Network security is an umbrella term for all facets of your network’s cybersecurity posture, with an emphasis on developing and using policies, procedures, best practices and tools that safeguard every piece of your network’s overall infrastructure.

Security 120
article thumbnail

Access Control Gap in Microsoft Active Directory Widens Enterprise Attack Surface

Dark Reading

One researcher thinks trust is broken in AD. Microsoft disagrees that there's a security vulnerability. But enterprise IT environments should be aware of an authentication gap either way.

Access 117
article thumbnail

SEC Brings Cyber Disclosure Enforcement Action

Hunton Privacy

On March 9, 2023, the U.S. Securities and Exchange Commission (SEC) announced settled administrative charges against Blackbaud Inc. The case stems from disclosures Blackbaud made to investors regarding a 2020 ransomware attack that targeted donor data management software the company provides to non-profit organizations. The SEC’s order alleges that Blackbaud initially announced details of the incident on the company’s website and notified impacted customers in July 2020.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Healthcare Leaders Call for Cybersecurity Standards

Data Breach Today

Also: Please Help the Sector Pay for Cybersecurity, Execs Tell Senate Panel Healthcare executives called on Congress to ensure minimum cybersecurity standards, saying a wholly voluntary approach is failing clinics and hospitals. Gaps are widest at small rural hospitals, testified a former hospital CISO before the Senate Homeland Security and Governmental Affairs Committee.

article thumbnail

Microsoft Warns of Business Email Compromise Attacks Taking Hours

KnowBe4

According to Microsoft's Security Intelligence team, a recent business email compromise attack (BEC) has shown that threat actors are quickening the pace of these attacks, with certain elements only taking a few minutes.

Security 116
article thumbnail

Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector

Dark Reading

Over the weekend, cybercriminals laid the groundwork for Silicon Valley Bank-related fraud attacks that they're now starting to cash in on. Businesses are the targets and, sometimes, the enablers.

111
111
article thumbnail

Colorado Finalizes Rules Implementing the Colorado Privacy Act   

Hunton Privacy

On March 15, 2023, the Colorado Attorney General’s Office finalized rules implementing the Colorado Privacy Act (“CPA”). The finalized rules were released with an official redline that reflects prior revisions of the rules dated December 21, 2022 , January 27, 2023 , and February 23, 2023. The rules will be published in the Colorado Register later this month and will go into effect on July 1, 2023, when the CPA takes effect.

Privacy 114
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Emotet Is Back Again!

Data Breach Today

Malware Reemerges With Improved Evasion and Appreciation of 19th-Century Literature Emotet malware is again active. Researchers marked the latest sighting of the Microsoft Office-loving Trojan in what's becoming a cycle of reemergence and hibernation. Among its improved evasion techniques: pasting a chunk of "Moby Dick" to bulk up the word count of macro-laden Word documents.

IT 244
article thumbnail

10 Network Security Threats Everyone Should Know

eSecurity Planet

Network security threats weaken the defenses of an enterprise network, endangering proprietary data, critical applications, and the entire IT infrastructure. Because businesses face an extensive array of threats, they should carefully monitor and mitigate the most critical threats and vulnerabilities. This guide to major network security threats covers detection methods as well as mitigation strategies for your organization to follow.

Security 109
article thumbnail

Threat Actors are Using FINRA Impersonation For Their Attacks

KnowBe4

DomainTools warns that a sophisticated West Africa-based fraud group is impersonating the Financial Industry Regulatory Authority (FINRA) to target users in the United States, according to researchers at DomainTools. The threat actors are attempting to trick investors into providing sensitive documents in order to verify their identities. Users can avoid falling for these attacks if they’re familiar with FINRA’s legitimate roles.

article thumbnail

If These Walls Could Talk: A Century of Scandals and Secrets Behind the Oldest House in Beverly Hills

Information Governance Perspectives

The home I grew up in, Beverly Hills, California, figures prominently in my new memoir, The Bastard of Beverly Hills. I can't reveal too much because the setting is part of the book's mystery, but I can share some other odd facts about the home's history and it's owners that might blow your mind. The post If These Walls Could Talk: A Century of Scandals and Secrets Behind the Oldest House in Beverly Hills appeared first on The Bastard's Blog.

IT 105
article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

MKS Instruments Ransomware Attack Results in $200M Sales Hit

Data Breach Today

Attack Removed MKS' Ability to Process Orders, Ship Products or Provide Services MKS Instruments expects a $200 million revenue hit from February's ransomware attack after the hack removed the company's ability to process orders or ship products. The Feb. 3 ransomware attack required the company to temporarily suspend operations at some MKS Instruments facilities.

article thumbnail

Microsoft Targets Critical Outlook Zero-Day Flaw

eSecurity Planet

Microsoft’s Patch Tuesday for March 2023 includes patches for more than 70 vulnerabilities, including zero-day flaws in Outlook and in Windows SmartScreen. According to Crowdstrike researchers , 40 percent of the patched vulnerabilities are remote code execution flaws, down from 48 percent last month; 31 percent are elevation of privilege flaws, up from almost 16 percent last month; and 22 percent are information disclosure flaws, up from 10 percent last month.

article thumbnail

79% of Employee-Reported Phishing Emails Go Completely Undetected by Cybersecurity Solutions

KnowBe4

As cybercriminals increasingly turn to malwareless phishing attacks, the ability for security solutions to correctly identify a malicious email is becoming more and more difficult.

Phishing 104