Weissman's World

APRIL 3, 2024

My work keeps me in touch with a lot of organizations, some already Doing Information Right™ but many more that have only gotten as far as to know they have to do SOMETHING, but haven’t yet figured out what. Too often, they just kick the can down the road, not understanding that not making a… Read More » No Decision IS a Decision in Information Governance The post No Decision IS a Decision in Information Governance appeared first on Holly Group.

Information governance 156

Information governance Government Records Management 156

WIRED Threat Level

APRIL 1, 2024

To settle a years-long lawsuit, Google has agreed to delete “billions of data records” collected from users of “Incognito mode,” illuminating the pitfalls of relying on Chrome to protect your privacy.

Privacy 141

Privacy Security 141

Data Breach Today

APRIL 1, 2024

GSA Establishes Framework for Security Regulations Covering Federal Acquisitions The federal government aims to streamline its information security and supply chain security procurement policies as part of an effort to better safeguard federal systems. It published a rule establishing a new section in the Federal Acquisition Regulation to consolidate cybersecurity requirements.

Information Security 278

Information Security Government Security Cybersecurity 278

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. In January 2024, The Manipulaters pleaded with this author to unpublish previous stories about their work, claiming the group had turned over a new leaf and gone legitimate.

Phishing 244

Phishing Passwords Risk Sales 244

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

The Last Watchdog

APRIL 1, 2024

The technology and best practices for treating cybersecurity as a business enabler, instead of an onerous cost-center, have long been readily available. Related: Data privacy vs data security However, this remains a novel concept at most companies. Now comes a Forrester Research report that vividly highlights why attaining and sustaining a robust cybersecurity posture translates into a competitive edge.

Cybersecurity 235

Cybersecurity Privacy Risk B2B 235

Data Breach Today

MARCH 30, 2024

Data of 75 Million Individuals, Including SSNs, Posted On Criminal Forum AT&T did an about-face Saturday, saying that a leaked tranche of data pertaining to 73 million individuals does in fact reveal sensitive information of current and former customers of America's largest wireless phone carrier. The company isn't necessarily taking responsibility for the breach.

327

327

Krebs on Security

APRIL 4, 2024

A cybercrook who has been setting up websites that mimic the self-destructing message service privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers.

Phishing 239

Phishing Blockchain Manufacturing Encryption 239

The Last Watchdog

APRIL 2, 2024

It’s a digital swindle as old as the internet itself, and yet, as the data tells us, the vast majority of security incidents are still rooted in the low-tech art of social engineering. Related: AI makes scam email look real Fresh evidence comes from Mimecast’s “The State of Email and Collaboration Security” 2024 report. The London-based supplier of email security technology, surveyed 1,100 information technology and cybersecurity professionals worldwide and found: •Human risk remains a

Security 211

Security Communications Risk Phishing 211

The Guardian Data Protection

APRIL 4, 2024

Exclusive: senior party officials worked on commercial venture that would allow brands to sell products to supporters Senior Conservative party officials worked on plans to hand over its entire membership database for a commercial venture that promised to make tens of millions of pounds, the Guardian can reveal. Leaked documents show Tory executives discussed exploiting members’ personal data to build a mobile phone app that could track users’ locations and allow big brands to advertise to Conse

Sales 145

Sales Personal data IT 145

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Data Breach Today

APRIL 5, 2024

A Fake Software Library Made Up by a ChatBot Was Downloaded More Than 35,000 Times Generative artificial intelligence is good at sounding authoritative - even when it's making stuff up. One community that thinks so-called AI hallucinations are actually a good thing: hackers. Especially when developers use AI tools that hallucinate entire software libraries.

Artificial Intelligence 319

Artificial Intelligence Libraries IT 319

Security Affairs

MARCH 30, 2024

AT&T confirmed that a data breach impacted 73 million current and former customers after its data were leaked on a cybercrime forum. In March 2024, more than 70,000,000 records from an unspecified division of AT&T were leaked onto Breached forum, vx-underground researchers reported. Today 70,000,000+ records from an unspecified division of AT&T were leaked onto Breached.

Data breaches 144

Data breaches Archiving Sales Access 144

Thales Cloud Protection & Licensing

APRIL 3, 2024

Luna HSMs FIPS 140-3 Validation sparsh Wed, 04/03/2024 - 07:52 FIPS 140-3 and You, Part Two Awhile back, we shared that Thales Luna HSMs were about to kick-off the process of moving towards Federal Information Processing Standard (FIPS) 140-3 Level 3, the newest security standard to accredit cryptographic modules. Security standards, like technology, are always evolving, making compliance challenging for customers and vendors alike.

Compliance 133

Compliance Encryption Marketing Security 133

WIRED Threat Level

APRIL 4, 2024

As “P4x,” Alejandro Caceres single-handedly disrupted the internet of an entire country. Then he tried to show the US military how it can—and should—adopt his methods.

Military 142

Military IT Security 142

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Data Breach Today

APRIL 4, 2024

Bugs Allowed Device Unlocking and Memory Access Google addressed two zero-day vulnerabilities in Pixel mobile phones that forensic firms exploited to bypass PINs and access stored data on the device. The bugs allowed attackers to unlock and access Pixel's device memory with physical access.

Access 298

Access 298

Security Affairs

MARCH 31, 2024

A Linux variant of the DinodasRAT backdoor used in attacks against users in China, Taiwan, Turkey, and Uzbekistan, researchers from Kaspersky warn. Researchers from Kaspersky uncovered a Linux version of a multi-platform backdoor DinodasRAT that was employed in attacks targeting China, Taiwan, Turkey, and Uzbekistan. DinodasRAT (aka XDealer ) is written in C++ and supports a broad range of capabilities to spy on users and steal sensitive data from a target’s system.

Libraries 145

Libraries Encryption Communications Government 145

Schneier on Security

APRIL 2, 2024

The cybersecurity world got really lucky last week. An intentionally placed backdoor in xz Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have been incorporated into both Debian and Red Hat Linux. From ArsTehnica : Malicious code added to xz Utils versions 5.6.0 and 5.6.1 modified the way the software functions.

Encryption 135

Encryption Libraries Cybersecurity IT 135

WIRED Threat Level

APRIL 3, 2024

The thwarted XZ Utils supply chain attack was years in the making. Now, clues suggest nation-state hackers were behind the persona that inserted the malicious code.

Security 141

Security 141

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Data Breach Today

APRIL 5, 2024

Acquiring Baselime Will Give Developers Better Visibility Into Serverless Platforms Cloudflare purchased an observability startup founded by an aerospace dynamics expert to enhance the developer experience on serverless platforms. Baselime will allow developers to optimize performance, investigate bugs and regressions, and identify when a release needs to be rolled back.

308

308

Security Affairs

MARCH 30, 2024

Red Hat warns of a backdoor in XZ Utils data compression tools and libraries in Fedora development and experimental versions. Red Hat urges users to immediately stop using systems running Fedora development and experimental versions because of a backdoor in the latest versions of the “xz” tools and libraries. Red Hat Information Risk and Security and Red Hat Product Security determined that Fedora Linux 40 beta does use two versions of xz libraries – xz-libs-5.6.0-1.fc40.x86_64.rpm and xz-

Libraries 140

Libraries Authentication Access Risk 140

Schneier on Security

APRIL 4, 2024

The ProtonMail people are accusing Microsoft’s new Outlook for Windows app of conducting extensive surveillance on its users. It shares data with advertisers, a lot of data: The window informs users that Microsoft and those 801 third parties use their data for a number of purposes, including to: Store and/or access information on the user’s device Develop and improve products Personalize ads and content Measure ads and content Derive audience insights Obtain precise geolocation data

Access 133

Access IT Data collection Privacy 133

KnowBe4

APRIL 3, 2024

A trojanized version of the McAfee Security app is installing the Android banking Trojan “Vultur,” according to researchers at Fox-IT. The attackers are spreading links to the malicious app via text messages and phone calls.

Security 122

Security IT Phishing 122

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Data Breach Today

APRIL 4, 2024

New IACS Rules to Secure Onboard Digital Systems, Equipment Go Into Effect July 1 IT and OT security experts say threats to shipping underscore the need for more stringent regulations for passenger, cargo and high-speed vessels by the International Association of Classification Societies. The new IACS cybersecurity and resilience requirements will go into effect July 1.

Cybersecurity 310

Cybersecurity IT Security 310

Security Affairs

APRIL 2, 2024

A cross-site scripting vulnerability (XXS) in the WordPress WP-Members Membership plugin can lead to malicious script injection. Researchers from Defiant’s Wordfence research team disclosed a cross-site scripting vulnerability (XXS) in the WordPress WP-Members Membership plugin that can lead to malicious script injection. The Unauthenticated Stored Cross-Site Scripting vulnerability was reported to Wordfence by the WordPress developer Webbernaut as part of the company Bug Bounty Extravaganza.

Access 138

Access IT Information Security Security 138

Schneier on Security

MARCH 31, 2024

Ross Anderson unexpectedly passed away Thursday night in, I believe, his home in Cambridge. I can’t remember when I first met Ross. Of course it was before 2008, when we created the Security and Human Behavior workshop. It was well before 2001, when we created the Workshop on Economics and Information Security. (Okay, he created both—I helped.

Paper 125

Paper Encryption Information Security Cybersecurity 125

eSecurity Planet

APRIL 1, 2024

Vendors and researchers disclosed a wide range of vulnerabilities this week from common Cisco IOS, Fortinet, and Windows Server issues to more focused flaws affecting developers (PyPI), artificial intelligence (Ray, NVIDIA), and industrial controls (Rockwell Automation). While most issues can be fixed through prompt patching and updating, a few remain unfixed and may require more significant changes to the security stack to block possible attacks.

Libraries 109

Libraries Authentication Artificial Intelligence Cloud 109

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

Data Breach Today

APRIL 1, 2024

Chinese Hackers Have Used DinodasRAT Hackers are using a new version of a backdoor to target Linux servers and gain and maintain access in what appears to be an espionage campaign, warn researchers from Kaspersky. The hallmark of DinodasRAT's strategy is its sophisticated victim identification and persistence mechanisms.

Access 310

Access IT 310

Security Affairs

APRIL 1, 2024

The OWASP Foundation disclosed a data breach that impacted some members due to a misconfiguration of an old Wiki web server. The OWASP Foundation has disclosed a data breach that impacted some of its members. No joke, we did have a data breach in late March involving the resumes of our earliest members. Rest assured, all current membership data remains secure.

Data breaches 142

Data breaches Archiving Security Risk 142

Schneier on Security

APRIL 2, 2024

Through a 2010 FOIA request (yes, it took that long), we have copies of the NSA’s KRYPTOS Society Newsletter, “ Tales of the Krypt ,” from 1994 to 2003. There are many interesting things in the 800 pages of newsletter. There are many redactions. And a 1994 review of Applied Cryptography by redacted : Applied Cryptography, for those who don’t read the internet news, is a book written by Bruce Schneier last year.

FOIA 118

FOIA IT Security 118