Sat.Oct 05, 2024 - Fri.Oct 11, 2024

article thumbnail

How AI Shields Enterprises from Advanced Email Attacks

Data Breach Today

SEGs have performed admirably for many years, but they’re no match for this new generation of email attacks, and relying on outdated tools can have catastrophic consequences. By upgrading to a behavioral AI-based solution, you can defend against emerging threats and become more proactive in the fight against cybercrime.

287
287
article thumbnail

Internet Archive Breach Exposes 31 Million Users

WIRED Threat Level

The hack exposed the data of 31 million users as the embattled Wayback Machine maker scrambles to stay online and contain the fallout of digital—and legal—attacks.

Archiving 112
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Series wrap – The rise of the threat hunter

OpenText Information Management

As we reach the conclusion of the Threat Hunters blog series, it’s clear that the role of these cybersecurity specialists has never been more important. Over the past several weeks, we’ve delved into the world of threat hunters—exploring their day-to-day activities, the challenges they face, and the unique skills that set them apart. This series has highlighted how threat hunters are at the frontline, proactively defending organizations against increasingly sophisticated and evolving cyber threa

article thumbnail

News alert: SpyCloud accelerates supply chain risk analysis with new ‘IDLink’ correlation capability

The Last Watchdog

Austin, TX, Oct. 10th, 2024, CyberNewswire — SpyCloud, the leader in Identity Threat Protection, announced that its SaaS Investigations solution has been enhanced with identity analytics that illuminate the scope of digital identities and accelerate successful outcomes of complex investigations from days or hours to minutes. SpyCloud Investigations is a powerful cybercrime and identity threat investigation solution used by analysts and investigators to discover and act on threats by naviga

Risk 286
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Internet Archive Data Breach Exposes 31 Million Accounts

Data Breach Today

Nonprofit Digital Archive Also Suffers Denial-of-Service Attacks, Defacement The nonprofit Internet Archive has been hit by hackers, who stole usernames and for 31 million accounts, including email addresses and bcrypt-hashed passwords. In recent days, the digital archive has also suffered defacement and repeat denial-of-service attacks.

Archiving 304

More Trending

article thumbnail

Unstructured Data Defense: Navigating AI Compliance and Secure Data Architecture

AIIM

At the AIIM Information and Data Leadership Symposium on October 1, 2024, in Arlington, VA, James Crifasi (COO & CTO, RedZone Technologies) and Jay Leask (Principal Technical Architect, Microsoft) engaged in a fascinating discussion about defending and protecting unstructured data.

article thumbnail

Secure Your World with Phishing Resistant Passkeys

Thales Cloud Protection & Licensing

Secure Your World with Phishing Resistant Passkeys madhav Thu, 10/10/2024 - 05:12 As we celebrate Cybersecurity Awareness Month 2024 with the theme "Secure Our World," exploring innovative technologies is crucial to help us achieve this goal. One such advancement that's revolutionizing online security and user authentication is passkeys. Passkeys represent a significant leap forward in creating a safer digital landscape, aligning perfectly with the mission to secure our world.

Phishing 133
article thumbnail

US DOJ Developing Guidelines for AI Use in Law Enforcement

Data Breach Today

Justice Department Aiming to Emphasize Privacy and Security in AI Deployment The U.S. Department of Justice is drafting new guidelines for law enforcement on the use of artificial intelligence and facial recognition tools to enhance public safety while safeguarding civil rights and ensuring ethical deployment, a senior official said Wednesday.

article thumbnail

Patch Tuesday, October 2024 Edition

Krebs on Security

Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Also, Adobe plugged 52 security holes across a range of products, and Apple has addressed a bug in its new macOS 15 “ Sequoia ” update that broke many cybersecurity tools.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

WordPress LiteSpeed Cache plugin flaw could allow site takeover

Security Affairs

A high-severity flaw in the WordPress LiteSpeed Cache plugin could allow attackers to execute arbitrary JavaScript code under certain conditions. A high-severity security flaw, tracked as CVE-2024-47374 (CVSS score 7.2), in the LiteSpeed Cache plugin for WordPress could allow attackers to execute arbitrary JavaScript. The vulnerability is a stored cross-site scripting (XSS) issue impacting versions up to 6.5.0.2.

Access 137
article thumbnail

Passwordless Authentication without Secrets!

Thales Cloud Protection & Licensing

Passwordless Authentication without Secrets! divya Fri, 10/11/2024 - 08:54 As user expectations for secure and seamless access continue to grow, the 2024 Thales Consumer Digital Trust Index (DTI) research revealed that 65% of users feel frustrated with frequent password resets. This highlights an increasing demand for advanced authentication methods like passkeys and multi-factor authentication (MFA), which provide robust security for most use cases.

article thumbnail

DOD Unveils Final CMMC Rule for Defense Contractors

Data Breach Today

New Cybersecurity Maturity Model Certification Rule Paves Way for Implementation The Department of Defense is set to implement significant changes to the Cybersecurity Maturity Model Certification program, effective October 15, streamlining compliance for contractors by introducing a tiered system while enhancing security standards.

article thumbnail

Hurricane Deepfakes Flood Social Media

KnowBe4

As the recent hurricane Helene caused major damage and as hurricane Milton is expected to make landfall in Florida soon, deepfakes are spreading misinformation on social media.

117
117
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems

Security Affairs

China-linked APT group Salt Typhoon breached U.S. broadband providers, potentially accessing systems for lawful wiretapping and other data. China-linked APT group Salt Typhoon (also known as FamousSparrow and GhostEmperor ) breached U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, potentially accessing systems for lawful wiretapping and other data.

article thumbnail

Chinese Hackers Breach US Wiretapping Data, Expose Vulnerabilities

eSecurity Planet

In a significant cybersecurity breach — not as big as the NPD breach , though — Chinese hackers recently infiltrated the networks of major U.S. telecom providers, accessing highly sensitive wiretapping data. Companies like Verizon, AT&T, and Lumen Technologies were targeted in this attack, allowing unauthorized access to critical systems used for court-authorized wiretapping — a tool vital for law enforcement surveillance.

article thumbnail

Australia May Require Businesses to Report Ransom Payments

Data Breach Today

Cyber Bill Says the Government Can't Use Information to Prosecute Victims Ransom payments are typically tightly held secrets between cybercriminals and their victims, but the Australian government has introduced a cybersecurity bill in Parliament that would require require larger businesses to report ransom payments to the government.

article thumbnail

69,000 Bitcoins Are Headed for the US Treasury—While the Agent Who Seized Them Is in Jail

WIRED Threat Level

The $4.4 billion in crypto is set to be the largest pile of criminal proceeds ever sold off by the US. The former IRS agent who seized the recording-breaking sum, meanwhile, languishes in a Nigerian jail cell.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Iran and China-linked actors used ChatGPT for preparing attacks

Security Affairs

OpenAI disrupted 20 cyber and influence operations in 2023, revealing Iran and China-linked actors used ChatGPT for planning ICS attacks. OpenAI announced the disruption of over 20 cyber and influence operations this year, involving Iranian and Chinese state-sponsored hackers. The company uncovered the activities of three threat actors abusing ChatGPT to launch cyberattacks.

Phishing 137
article thumbnail

Vulnerability Recap 10/8/24 – Thousands of Routers & Servers at Risk

eSecurity Planet

DrayTek routers and Linux servers are in particular danger this week, with fourteen vulnerabilities plaguing the routers and a malware strain threatening the servers. Additionally, keep an eye out for new iOS and iPadOS updates, and get ready to review system logs if you’ve had Okta Classic since July. Check your vendors’ security bulletins regularly, and make sure your team is prepared to fix vulnerabilities when they’re made known.

Risk 109
article thumbnail

DHS Warns Election Security Risks May Persist Into 2025

Data Breach Today

DHS Says Adversaries May Stoke Voter Fraud Fears Long After Election Day The latest Homeland Security threat assessment lists this year’s election cycle as a top concern for 2025 and a potential trigger for domestic terrorism. The agency says foreign adversaries and violent extremists may take advantage of the outcome to further sow discord in the United States.

Risk 298
article thumbnail

China Possibly Hacking US “Lawful Access” Backdoor

Schneier on Security

The Wall Street Journal is reporting that Chinese hackers (Salt Typhoon) penetrated the networks of US broadband providers, and might have accessed the backdoors that the federal government uses to execute court-authorized wiretap requests. Those backdoors have been mandated by law—CALEA—since 1994. It’s a weird story. The first line of the article is: “A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers.” This

Access 105
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Mozilla issued an urgent Firefox update to fix an actively exploited flaw

Security Affairs

Mozilla released an urgent Firefox update to fix a critical use-after-free vulnerability actively exploited in ongoing attacks. Mozilla released an emergency security update for its Firefox browser to address a critical use-after-free vulnerability, tracked as CVE-2024-9680, that is actively exploited in attacks. The vulnerability CVE-2024-9680 resides in Animation timelines.

Security 138
article thumbnail

Beyond Compliance: The Power of Proactive, Year-Round Network Pen Testing

eSecurity Planet

IT leaders know that the reason regulators and cybersecurity insurers require them to conduct network penetration testing is to ensure they’re protecting their networks from being accessed by attackers. But hackers don’t operate on the same schedule as regulators. Compliance-focused network penetration testing — conducted annually or quarterly — only helps organizations identify weaknesses that are present at the specific points in time when they’re undertaking testing.

article thumbnail

Hackers Prowling For Unencrypted BIG-IP Cookies, Warns CISA

Data Breach Today

Agency Says Cookies Could Help Attackers Find Network Assets, Vulnerabilities Unencrypted cookies tied to a suite of secure gateway technology from F5 are gateways for hackers to reach internal devices on corporate networks, warns the Cybersecurity and Infrastructure Security Agency. BIG-IP uses persistent cookies as a traffic load-balancing convenience.

article thumbnail

Deebot Robot Vacuums Are Using Photos and Audio to Train Their AI

Schneier on Security

An Australian news agency is reporting that robot vacuum cleaners from the Chinese company Deebot are surreptitiously taking photos and recording audio, and sending that data back to the vendor to train their AIs. Ecovacs’s privacy policy— available elsewhere in the app —allows for blanket collection of user data for research purposes, including: The 2D or 3D map of the user’s house generated by the device Voice recordings from the device’s microphone Photos or vide

Privacy 103
article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

FBCS data breach impacted 238,000 Comcast customers

Security Affairs

238,000 Comcast customers were impacted by the FBCS data breach following the February ransomware attack, Comcast reports. Telecommunications giant Comcast is notifying approximately 238,000 customers impacted by the Financial Business and Consumer Solutions (FBCS) data breach. FBCS, a third-party debt collection agency, collects personal information from its clients to facilitate debt collection activities on behalf of those clients.

article thumbnail

Top 6 Best Enpass Alternatives: Features & Reviews

eSecurity Planet

Password management products that are competitors of Enpass offer plenty of features, strong security, and support for multiple devices and browsers. Some of the most common password manager features include multi-factor authentication, browser autofill, secure sharing, and strong password generators. I reviewed Enpass’s main competitors to determine the top performers with the best features, pricing, system support, and security.

Passwords 104
article thumbnail

Marriott Pays $52M to Settle US States' Breach Litigation

Data Breach Today

World's Biggest Hotel Chain Also Settles with Federal Trade Commission The world's largest hotel chain agreed Wednesday to pay $52 million and submit to 20 years of third-party monitoring of its cybersecurity program to settle a rash of data breaches affecting millions of guests. The sizeable payout is part of a settlement reached with 50 U.S. attorneys general.