'You need your own bots' to wage war against rogue AI, warns Varonis VP
AI poses both a significant opportunity and threat to organizations, emphasizing the importance of securing data against rogue AI to prevent breaches. [ more ]
New leak site reveals yet two more U.S. medical sector victims
A new leak site called 'DragonForce' has appeared on the dark web, listing data breaches from previous attacks.
Two medical sector victims, Heart of Texas Behavioral Health Network and Greater Cincinnati Behavioral Health Services, were identified on the site. [ more ]
Stealing cookies: Researchers describe how to bypass modern authentication
The article highlights the weaknesses of password-based authentication and the importance of modern authentication methods like FIDO2 in enhancing security in digital systems. [ more ]
Te years since the first corp ransomware and no end in sight
Ransomware attacks on corporations have increased over the past decade, with no sign of slowing down, posing a significant threat to information security. [ more ]
EMEA CISOs must address human factors behind cyber incidents | Computer Weekly
Organizations in EMEA need to address human factors in data breaches, with 87% attributed to human errors, system intrusion, and social engineering. [ more ]
Nearly half of EMEA data breaches were due to internal blunders in 2023
Almost half of EMEA data breaches are internal. Human error is a significant factor. Zero-day vulnerabilities are increasing, with ransomware exploiting them. [ more ]
Google Ad Tech May Break Up; Apple Threaten to Ban Damus Over Bitcoin Tipping
In today's ExchangeWire new's digest: Google may be forced to sell off part of its ad tech business; Apple threatens to remove Damus from the App Store over Bitcoin tipping; and a study finds that the majority of APAC consumers prefer dealing with companies who collect their data directly.Google may have to break up ad business Google may have to sell part of its ad tech business after the EU Commission ruled that it had engaged in anti-competitive practices.
NHS Highland rapped over data breach affecting HIV patients | Computer Weekly
The Information Commissioner's Office (ICO) has issued a reprimand to NHS Highland over a "serious breach of trust" after the health service inadvertently exposed personal details of patients likely to be accessing HIV services.The incident unfolded when someone at the organisation emailed 37 individuals likely to be accessing HIV services, inadvertently copying their email addresses into the carbon copy (CC) field rather than the blind carbon copy (BCC) field.
This is why you want to apply for a position in cyber security - Amazic
Are you looking for an exciting and challenging career that is in high demand?Look no further than cyber security.With the increasing frequency of cyber attacks and data breaches, companies and organizations are in desperate need of skilled cyber security professionals to protect their networks and data.
1Password is announcing today that, one day soon, it will support the option to create and unlock 1Password accounts using biometric-based passkey technology, ditching the feature that is the name of its entire product."For passkeys to be the way forward, it's not enough for them to replace some of your passwords," said 1Password chief product officer Steve Won.
37m T-Mobile US customers hit in yet another privacy breach
T-Mobile US today said someone abused an API to download the personal information of 37 million subscribers.A regulatory filing [PDF] disclosed one or more miscreants were able to access potentially the "name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features" of each affected customer.
When Amazon released Alexa in 2014, the company had big dreams for the technology.The voice assistant, the company suggested, could succeed smartphones as the next essential consumer interface.Alexa, which was embedded in Amazon's voice-activated Echo smart speakers, soon became one of the most popular voice assistants, alongside Apple's Siri and Google's Assistant.
IBM snags Polar Security to boost cloud data practice
IBM acquired the Israeli firm founded in 2021 to grow its relevance in the nascent realm of data security posture management, or DSPM.In an effort to grow its hybrid cloud and artificial intelligence capabilities, IBM announced on Tuesday that it was acquiring Polar Security, an Israel-based company specializing in data security posture management.
8 common security risks associated with cloud-based DevOps and how to mitigate them - Amazic
Cloud-based DevOps has become a popular approach to software development in today's technology-driven world, enabling organizations to build and deploy software faster and more efficiently.However, this new approach also brings a range of security risks that must be considered.Having robust security measures in place is essential when using cloud computing services to facilitate software application development, testing, and deployment.
Mirantis Releases New Version of Openstack for Kubernetes with Improvements in Security and User Experience - Amazic
Mirantis, cloud-native infrastructure expert, just announced the release of the latest version of their virtualized Infrastructure-as-a-Service offering, Mirantis OpenStack for Kubernetes (MOSK), with improved OpenStack security and enhanced user experience.OpenStack, the world's foremost open-source, private cloud IaaS framework, offers a feature-rich environment for hosting virtual machines, networks, and storage.
Microsoft links PaperCut server attacks to Cl0p, LockBit ransomware
Researchers have linked leading ransomware groups Cl0p and LockBit to the ongoing exploitation of critical-rated vulnerabilities in print management software from PaperCut.The vulnerabilities, CVE-2023-27350 and CVE-2023-27351, have a near maximum 9.8 severity score and have enabled remote code execution on vulnerable PaperCut servers since at least January 2023.
NSA Says: Do These Things to Keep Your Home Network Cafe from Cyberattack
Remote working brings benefits for employees, but by working from outside the company's internal network, there's also the added threat that employees are left more vulnerable to cyberattacks.And if hackers can compromise a remote employee by stealing their corporate username and password, or infecting their computer with malware, it could become a costly network security risk for the entire organization.
Uber falls victim to supply chain attack, staff left exposed
Ride-sharing giant Uber, which saw an ex-executive convicted in October for covering up one data loss years ago and got hit with another one in September, is now dealing with the fallout from more information being stolen, this time through one of its vendors.A cybercriminal calling themselves "UberLeaks" over the weekend leaked data on BreachForums, a site that popped up in April after another site, RaidForums, was shut down.
Acer confirms someone broke into one of its servers
Acer has confirmed someone broke into one of its servers after a miscreant put up for sale a 160GB database of what's claimed to be the Taiwanese PC maker's confidential information."We have recently detected an incident of unauthorized access to one of our document servers for repair technicians," an Acer spokesperson told The Register on Tuesday.
Your credit score won't automatically take a hit after a data breach
Millions of Americans have had their personal information compromised this year in various data breaches.One VERIFY reader told us a family member's credit score dropped after they were notified that their information was compromised in a data breach.The reader wondered if there is a connection.If a company has a data breach and I'm on the list of possibly compromised customers, will my credit score drop just based on that?
T-Mobile: 37 million US customers' data breached DW 01/20/2023
TechnologyUnited States of America 01/20/2023January 20, 2023 Less than a year after settling a data leak lawsuit was settled for $350 million, T-Mobile has reported that details of 37 million customers were hacked.The Telecom company T-Mobile revealed on Thursday that the data of 37 million customers was hacked in November 2022.
AI security bill aims to prevent safety breaches of AI models
A new bill, the Secure Artificial Intelligence Act, aims to establish a database to track AI system breaches and focus on counter-AI techniques. [ more ]
France Punishes Clearview AI For Failing To Pay Fine
France's privacy watchdog doled out further penalties to US firm Clearview AI Wednesday for failing to pay a 20-million-euro fine imposed last year over data breaches.The company collects images of faces from the internet without seeking permission and sells access to a trove of billions of pictures to clients, including law enforcement agencies.
Data is rapidly growing, with its value increasing significantly; protecting data is crucial for businesses to prevent cyberattacks and financial loss. [ more ]
AT&T Says Millions Of Customers' Data Was Leaked Online - Here's How To Tell If You Were Affected
AT&T experienced similar breaches in the past without acknowledging them, leading to potential legal consequences.
Consumers can protect themselves by using strong passwords, enabling multifactor authentication, monitoring account activities, and setting up credit freezes and fraud alerts. [ more ]
Data security laws have three types: breach notification, security safeguards, private litigation. Law fails to prevent breaches, focuses on breached organizations, and lacks preventative measures. [ more ]
What is data democratization and why does it matter? - LogRocket Blog
Data is becoming increasingly important for modern businesses.As it becomes more accessible, using data to drive business decisions is no longer a good case practice - it's a new norm.If you don't use data to inform your strategy, you'll be quickly outcompeted by others who do.The ever-increasing importance of data in driving product outcomes led to the birth of new data approaches.
Why health care has become a top target for cybercriminals
Healthcare organizations are increasingly targeted by cyberattacks due to the valuable patient data they hold.
Cybersecurity experts are concerned about the rising number of breaches in the healthcare sector causing disruptions and exposing sensitive information. [ more ]
Can you 'deGoogle' a phone? Murena tried - and added a kill switch
Murena is a phonemaker that claims to have the ultimate pro-privacy smartphone with features like a physical kill switch and an anti-tracking operating system.
Multiple scandals involving government agencies and tech companies mishandling user data highlight the need for privacy-focused smartphones like the Murena 2.
The proliferation of surveillance and the potential misuse of personal data by big tech pose significant threats to average consumers. [ more ]
Data breaches at Viamedis and Almerys impact 33 million in France
Over 33 million people in France have been impacted by data breaches at healthcare payment service providers Viamedis and Almerys.
The breaches exposed sensitive data such as names, dates of birth, insurer details, social security numbers, marital status, civil status, and guarantees open to third-party payment. [ more ]
Mozilla targets scummy data brokers with Monitor Plus removal service
Mozilla has launched an alternative to people-search websites called Mozilla Monitor Plus which automatically monitors and removes personal information from data broker sites and known data breaches.
The Plus version of Mozilla Monitor costs $14 per month or $108 per year, and offers a faster removal process compared to the free version.
Data brokers gather information from online traces left by account sign-ups, advertising, web browsing, and other activities, and sell it to customers like the NSA and FBI. [ more ]
Security Think Tank: What to expect in cyber this year | Computer Weekly
2023 saw increased investment in generative AI (genAI) which will continue in 2024 as businesses embrace rapid experimentation and launch new genAI initiatives.
Organizations need to carefully balance the speed of innovation with governance and accountability in implementing AI-based technologies to mitigate security and privacy risks. [ more ]
Can you 'deGoogle' a phone? Murena tried - and added a kill switch
Murena is a phonemaker that claims to have the ultimate pro-privacy smartphone with features like a physical kill switch and an anti-tracking operating system.
Multiple scandals involving government agencies and tech companies mishandling user data highlight the need for privacy-focused smartphones like the Murena 2.
The proliferation of surveillance and the potential misuse of personal data by big tech pose significant threats to average consumers. [ more ]
Can you 'deGoogle' a phone? Murena tried - and added a kill switch
Murena is a phonemaker that claims to have the ultimate pro-privacy smartphone with features like a physical kill switch and an anti-tracking operating system.
Multiple scandals involving government agencies and tech companies mishandling user data highlight the need for privacy-focused smartphones like the Murena 2.
The proliferation of surveillance and the potential misuse of personal data by big tech pose significant threats to average consumers. [ more ]
If you need to protect sensitive information and follow data privacy regulations, it's critical to obfuscate your log data, which means obscuring personally identifiable information (PII).But effectively concealing PII in logs might take time to implement, can increase compute resources, and might not work well with all types of logs.
T-Mobile discloses 2nd data breach of 2023, this one leaking account PINs and more
T-Mobile on Monday said it experienced a hack that exposed account PINs and other customer data in the company's second network intrusion this year and the ninth since 2018.The intrusion, which started on February 24 and lasted until March 30, affected 836 customers, according to a notification on the website of Maine Attorney General Aaron Frey.
Mortgage fintech Maxwell launches SSO tool for lenders
Maxwell, the mortgage fintech backed by Wells Fargo and Fin Capital, has launched Maxwell Single-Sign On, an SSO (single sign-on) tool for lenders to enhance security and reduce the risk of data breaches, the company announced on Monday.The tool is designed to address the issue of sensitive data being handled by lenders and loan officers on a daily basis, including social security numbers, paystubs, and tax returns.
FBI says it has 'contained' a cybersecurity incident on its network | Engadget
STR/NurPhoto via Getty Images The FBI is dealing with another attack on its digital infrastructure, although the severity isn't yet clear.The law enforcement agency tells CNN it has "contained" a recent cybersecurity incident on its network.The bureau isn't commenting on the perpetrator, scope or damage, but says it's gathering "additional information."
Age Verification Mandates Would Undermine Anonymity Online
Age verification systems are surveillance systems.Mandatory age verification, and with it, mandatory identity verification, is the wrong approach to protecting young people online.It would force websites to require visitors to prove their age by submitting information such as government-issued identification.
International law enforcement agencies have claimed another victory over cyber criminals, after seizing the website, and taking down the infrastructure operated by crims linked to the NetWire remote access trojan (RAT).Police in Croatia on Tuesday arrested a suspect who allegedly administered the worldwiredlabs website, which has sold the NetWire malware for several years.
Top EU bodies ban TikTok on staff phones citing security concerns
The TikTok app is shown on the screen of a smartphone.FRANCE 24 screenshot The European Union's two biggest policy-making institutions have banned TikTok from staff phones for cybersecurity reasons, marking growing concerns about the Chinese short video-sharing app and its users' data.TikTok, which is owned by Chinese firm ByteDance, is under scrutiny from governments and regulators because of concerns that China's government could use its app to harvest users' data or advance its interests.
Gardai and Fastway among those reprimanded by watchdog for data breaches in 2022
An Garda Siochana and the Fastway delivery firm are among the organisations that were reprimanded over data breaches, according to a watchdog's annual report.ardai reported a breach to the Data Protection Commission (DPC) involving the names and addresses of 108 individuals, some of whom were children, processed at Kilmainham Garda Station.
A ransomware attack compromised the data of current and former employees at Canada's biggest bookstore chain, Indigo Books & Music Inc. says.In a statement on its website, Indigo said the breach on Feb. 8 left no indication that personal customer information, such as credit card numbers, had been accessed, but that "some employee data was."
India partners with private firm to monetize railway Wi-Fi
An announcement from Indian government-owned telecom company, RailTel, detailing efforts to monetize existing free railway Wi-Fi in partnership with a private company has drawn criticism that it will lead to data collection, breaches, unwanted ads and more.The five-year agreement with a consortium led by IT company 3i Infotech covers over 6,100 railway stations across India.
Hackers stole encrypted LastPass password vaults, and we're just now hearing about it
/ Last month, the company announced that threat actors had accessed "certain elements" of customer info.Just as many US workers are leaving for a holiday break, the company reveals that meant their encrypted passwords.LastPass has a doozy of an updated announcement about a recent data breach: the company - which promises to keep all your passwords in one, secure place - is now saying that hackers were able to "copy a backup of customer vault data," meaning they theoretically now have access to all those passwords if they can crack the stolen vaults ( via TechCrunch).
The FBI Says Apple's New Encryption Is "Deeply Concerning"
Wall to Wall Apple is planning on broadening its end-to-end data encryption services, closing a privacy loophole that previously allowed law enforcement to access a wide-reaching swath of data, including photos and messages, stored in user iCloud accounts.But while proponents of the change are applauding the change as a win for user privacy, its detractors - which include a little organization known as the FBI - are none too thrilled.