Sat.Jul 06, 2024 - Fri.Jul 12, 2024

article thumbnail

AI and Information Management: Navigating the Intersection of Human Input and Technology

AIIM

As a former Jeopardy Champion, I've experienced firsthand the importance of memorizing and recalling vast amounts of information. This skill set has not only served me well on the game show but has also informed my perspective on the relationship between human input and artificial intelligence (AI) in the realm of information management.

article thumbnail

Reverse-Engineering Ticketmaster’s Barcode System

Schneier on Security

Interesting : By reverse-engineering how Ticketmaster and AXS actually make their electronic tickets, scalpers have essentially figured out how to regenerate specific, genuine tickets that they have legally purchased from scratch onto infrastructure that they control. In doing so, they are removing the anti-scalping restrictions put on the tickets by Ticketmaster and AXS.

109
109
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

From Policy to Practice in Security Culture: What Security Frameworks Recommend

KnowBe4

Recently I had to prepare for a governance, risk and compliance conference. I promptly realized that although I used to be quite immersed in this field as an ISO 27k implementation consultant and even a short stint as a Payment Card Industry (PCI QSA) auditor years ago, it has been a while since I looked into this.

Security 119
article thumbnail

Hackers Steal Phone, SMS Records for Nearly All AT&T Customers

Krebs on Security

AT&T Corp. disclosed today that a new data breach has exposed phone call and text message records for roughly 110 million people — nearly all of its customers. AT&T said it delayed disclosing the incident in response to “national security and public safety concerns,” noting that some of the records included data that could be used to determine where a call was made or text message sent.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

How CISA Plans to Measure Trust in Open-Source Software

Data Breach Today

Agency Is in 2nd Phase of Its Open-Source Software Security Road Map The U.S. Cybersecurity and Infrastructure Security Agency provided details on Monday about a framework it's currently developing to measure and evaluate the trustworthiness of open-source software security, including funding a new open-source tool to make the framework scalable and implementable.

More Trending

article thumbnail

Apache fixed a source code disclosure flaw in Apache HTTP Server

Security Affairs

The Apache Foundation addressed a critical source code disclosure vulnerability, tracked as CVE-2024-39884, in the HTTP Server. The Apache Software Foundation has addressed multiple vulnerabilities in its popular Apache HTTP Server. The vulnerabilities include denial-of-service (DoS), remote code execution, and unauthorized access issues. One of these vulnerabilities is a critical source code disclosure vulnerability tracked as CVE-2024-39884. “A regression in the core of Apache HTTP Serve

Access 144
article thumbnail

The Stark Truth Behind the Resurgence of Russia’s Fin7

Krebs on Security

The Russia-based cybercrime group dubbed “ Fin7 ,” known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. authorities. But experts say Fin7 has roared back to life in 2024 — setting up thousands of websites mimicking a range of media and technology companies — with the help of Stark Industries Solutions , a sprawling hosting provider that is a persistent source of cyberat

Phishing 294
article thumbnail

Australia Flags Persistent Chinese Cyberespionage Hacking

Data Breach Today

Nation-State Group APT40 Routinely Exploits Publicly Known Software Flaws The Australian cybersecurity agency is blaming a Chinese state-backed cyberespionage group, tracked as APT40, for persistent cyberattacks on Australian organizations to steal sensitive information. The group exploits known software vulnerabilities to compromise networks.

article thumbnail

The $11 Billion Marketplace Enabling the Crypto Scam Economy

WIRED Threat Level

Deepfake scam services. Victim data. Electrified shackles for human trafficking. Crypto tracing firm Elliptic found all were available for sale on an online marketplace linked to Cambodia’s ruling family.

Sales 143
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

Security Affairs

Multiple threat actors exploit a recently disclosed security PHP flaw CVE-2024-4577 to deliver multiple malware families. The Akamai Security Intelligence Response Team (SIRT) warns that multiple threat actors are exploiting the PHP vulnerability C VE-2024-4577 to deliver multiple malware families, including Gh0st RAT , RedTail cryptominers, and XMRig. “Threat actors continued the speedy-time-from-disclosure-to-exploitation trend and were quick to leverage this new vulnerability — we obser

Honeypots 142
article thumbnail

Microsoft Patch Tuesday, July 2024 Edition

Krebs on Security

Microsoft Corp. today issued software updates to plug at least 139 security holes in various flavors of Windows and other Microsoft products. Redmond says attackers are already exploiting at least two of the vulnerabilities in active attacks against Windows users. The first Microsoft zero-day this month is CVE-2024-38080 , a bug in the Windows Hyper-V component that affects Windows 11 and Windows Server 2022 systems.

article thumbnail

US Busts Russian AI-Driven Disinformation Operation

Data Breach Today

Meliorator Software Generates Social Media Bots U.S. federal authorities seized two web domains they said supported an artificial intelligence-driven disinformation network run by the Russian domestic intelligence agency and affiliates of a state-run propaganda broadcaster. Authorities searched nearly 1,000 accounts on social media platform X.

article thumbnail

The Sweeping Danger of the AT&T Phone Records Breach

WIRED Threat Level

Telecom giant AT&T says a major data breach has exposed the call and text records of “nearly all” of its customers, epitomizing the dire state of data security.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

AI-Powered Russia’s bot farm operates on X, US and its allies warn

Security Affairs

The US and its allies disrupted an AI-powered Russia-linked bot farm on the social media platform X relying on the Meliorator AI software. The U.S. FBI and Cyber National Mission Force, along with Dutch and Canadian intelligence and security agencies, warned social media companies about Russian state-sponsored actors using covert AI software, Meliorator, in disinformation campaigns.

IT 142
article thumbnail

Ransomware Attacks on Healthcare Is Costing Lives

KnowBe4

Ransomware is more prolific and expensive than ever. Depending on the source you read, the average or median ransomware payment was at least several hundred thousand dollars to well over several million in 2023. Marsh, a leader in cybersecurity insurance, wrote that its customers paid an average of $6.5 million in ransom in 2023 (after just paying an average of $1.4 million in 2023).

article thumbnail

Experts: Federal Privacy Law Needed to Curb AI Data Misuse

Data Breach Today

New Bill Would Create Data Minimization Measures, Express Permission Requirements Experts warned in congressional testimony to the Senate Commerce Committee on Thursday that the absence of a comprehensive privacy bill in the United States is hindering economic competition for technology companies and jeopardizing the privacy of the American public.

Privacy 303
article thumbnail

Passwordless 360°: Unblocking the Challenges of FIDO Key Management

Thales Cloud Protection & Licensing

Passwordless 360°: Unblocking the Challenges of FIDO Key Management josh.pearson@t… Mon, 07/08/2024 - 23:25 Identity & Access Management Access Control Gregory Vigroux | Senior Product Manager More About This Author > With sensitive data and apps dispersed across fragmented computing environments, multi-factor authentication (MFA) has emerged as the best way to authenticate and protect our digital identities in the zero-trust security framework.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Alabama State Department of Education suffered a data breach following a blocked attack

Security Affairs

Alabama’s education superintendent disclosed a data breach following a hacking attempt on the Alabama State Department of Education. The Alabama State Department of Education announced it had thwarted a ransomware attack on June 17, however, threat actors accessed some data and disrupted services before the attack was stopped. Superintendent Eric Mackey, who disclosed the attack, said they are working to determine the exact scope of the data breach.

Education 142
article thumbnail

GUEST ESSAY: How cybercriminals are using ‘infostealers’ to sidestep passwordless authentication

The Last Watchdog

Passwords have been the cornerstone of basic cybersecurity hygiene for decades. Related: Passwordless workpace long way off However, as users engage with more applications across multiple devices, the digital security landscape is shifting from passwords and password managers towards including passwordless authentication, such as multi-factor authentication (MFA), biometrics, and, as of late, passkeys.

article thumbnail

After Customers Get Breached, Snowflake Refines Security

Data Breach Today

Mandatory Multifactor Authentication Among New Features Given to Administrators In the wake of multiple customers of Snowflake collectively losing terabytes of data to attackers, the cloud-based data warehousing platform has rolled out a swath of cybersecurity improvements, including allowing administrators to make multifactor authentication mandatory for all users.

article thumbnail

Notorious Hacker Kingpin ‘Tank’ Is Finally Going to Prison

WIRED Threat Level

The cybercrime boss, who helped lead the prolific Zeus malware gang and was on the FBI’s “most wanted” list for years, has been sentenced to 18 years and ordered to pay more than $73 million.

Security 123
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

U.S. CISA adds Microsoft Windows and Rejetto HTTP File Server bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows and Rejetto HTTP File Server bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-23692 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability CVE-2024-38080 Microsoft Windows Hyper-V Privilege Esc

IT 142
article thumbnail

Russian Spear Phishing Campaigns Target NATO Entities

KnowBe4

Researchers at Mandiant (part of Google Cloud) warn that Russian government threat actors continue to target NATO member countries with spear phishing attacks. APT29 in particular has been targeting the technology sector in order to launch supply chain attacks.

Phishing 122
article thumbnail

Taking an AI-First Approach to Securing Your Organization

Data Breach Today

Securing an organization often requires making fast decisions, said Tom Corn of Ontinue, and AI can gather information that you can use to answer the questions you have about how to handle a security problem. Corn discusses operationalizing an AI-first approach to security.

Security 298
article thumbnail

Pressure Grows in Congress to Treat Crypto Investigator Tigran Gambaryan, Jailed in Nigeria, as a Hostage

WIRED Threat Level

A new resolution echoes what 16 members of Congress have already said to the White House: It must do more to free one of the most storied crypto-focused federal agents in history.

IT 123
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

CISA adds Cisco NX-OS Command Injection bug to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco NX-OS Command Injection bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco NX-OS Command Injection Vulnerability, tracked as CVE-2024-20399 , to its Known Exploited Vulnerabilities (KEV) catalog. This week, Cisco addressed an NX-OS zero-day, tracked as CVE-2024-20399 (CVSS score of 6.0), that the China-linked group Velvet Ant exploited to depl

IT 142
article thumbnail

Amazon-Related Scams Spike Ahead of Prime Day

KnowBe4

Researchers at Check Point observed more than a thousand newly registered malicious or suspicious web domains related to Amazon last month. The criminals are likely gearing up to target users during Amazon Prime Day next week.

Phishing 122
article thumbnail

Reports: Florida Health Department Dealing With Data Heist

Data Breach Today

RansomHub Group Claims It Began Leaking 100 Gigabytes of Stolen Information The Florida Department of Health is dealing with an attack involving the theft of sensitive information. RansomHub claims that it began to publish 100 gigabytes of data stolen in the hack after the state refused to pay extortionists. The incident is the latest involving a public health department.

IT 291