Fri.Oct 25, 2024

article thumbnail

Watermark for LLM-Generated Text

Schneier on Security

Researchers at Google have developed a watermark for LLM-generated text. The basics are pretty obvious: the LLM chooses between tokens partly based on a cryptographic key, and someone with knowledge of the key can detect those choices. What makes this hard is (1) how much text is required for the watermark to work, and (2) how robust the watermark is to post-generation editing.

article thumbnail

Shifting from Business Continuity to Continuous Business in Cyber

Jane Frankland

As cybersecurity matures, the concept of resilience has taken on new dimensions, at least according to Commvault’s CEO, Sanjay Mirchandani. Attending their annual global event series, SHIFT , in London recently, he redefined the future of business resilience in his keynote address and positioned the concept of continuous business—a ground-breaking state of perpetual availability and robustness which revolves around four pivotal elements: 1.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Change Healthcare Cyberattack Exposed Data of Over 100 Million People

Tech Republic Security

Nearly one-third of Americans may have been affected by the ransomware attack, which has been attributed to the BlackCat gang.

article thumbnail

100 MILLION Americans in UnitedHealth PII Breach

Security Boulevard

Not cute: $UNH’s Change Healthcare unit paid a big ransom—its IT was as weak as a kitten. The post 100 MILLION Americans in UnitedHealth PII Breach appeared first on Security Boulevard.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

OnePoint Patient Care data breach impacted 795916 individuals

Security Affairs

US hospice pharmacy OnePoint Patient Care suffered a data breach that exposed the personal info of approximately 800,000 individuals. OnePoint Patient Care is a U.S.-based pharmacy specializing in hospice and palliative care services, providing customized medications and support for patients with advanced illnesses. It partners with healthcare providers to manage and deliver complex medication regimens directly to patients’ homes or care facilities.

article thumbnail

AI scams have infiltrated the knitting and crochet world - why it matters for everyone

Zero Day

Using AI, scammers are creating frustrating - and expensive - problems for makers. Here's how to spot AI-generated patterns - and why anyone who relies on downloaded instructions should pay attention.

Scams 128

More Trending

article thumbnail

Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security

The Hacker News

Apple has publicly made available its Private Cloud Compute (PCC) Virtual Research Environment (VRE), allowing the research community to inspect and verify the privacy and security guarantees of its offering. PCC, which Apple unveiled earlier this June, has been marketed as the "most advanced security architecture ever deployed for cloud AI compute at scale.

article thumbnail

Change Healthcare data breach impacted over 100 million people

Security Affairs

The Change Healthcare data breach in the February 2024 impacted over 100 million, the largest-ever healthcare data breach in the US. UnitedHealth Group announced that the data breach suffered by Change Healthcare in February 2024 impacted more than 100 million individuals. On February 21, a cyber attack disrupted IT operation of the healthcare organization, more than 100 Change Healthcare applications were impacted.

article thumbnail

CISOs Should Be Directing IAM Strategy — Here’s Why 

Security Boulevard

By placing IAM strategy and enforcement under the CISO’s purview, enterprises can ensure that it is treated as a critical component of the overall security strategy. The post CISOs Should Be Directing IAM Strategy — Here’s Why appeared first on Security Boulevard.

CISO 124
article thumbnail

Researchers Discover Command Injection Flaw in Wi-Fi Alliance's Test Suite

The Hacker News

A security flaw impacting the Wi-Fi Test Suite could enable unauthenticated local attackers to execute arbitrary code with elevated privileges. The CERT Coordination Center (CERT/CC) said the vulnerability, tracked as CVE-2024-41992, said the susceptible code from the Wi-Fi Alliance has been found deployed on Arcadyan FMIMG51AX000J routers.

117
117
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Irish Data Protection Commission fined LinkedIn €310M for GDPR infringement

Security Affairs

Irish Data Protection Commission fined LinkedIn €310M for violating user privacy by using behavioral data analysis for targeted advertising. Irish Data Protection Commission fined LinkedIn €310M after finding its use of behavioral data for targeted ads violated privacy laws, requiring compliance changes. The DPC’s inquiry was launched following an initial complaint to the French Data Protection Authority. “The inquiry examined LinkedIn’s processing of personal data for the purposes o

article thumbnail

SonicWall Doubles Down on Edge Security With Risk-Based Connectivity and Threat Protection

Security Boulevard

The number of cybersecurity incidents has doubled since the pandemic and its costing organizations exorbitantly heavy tolls in direct and indirect losses, according to the International Monetary Fund of the United Nations. Close to a million companies are getting impacted by targeted cyberattacks each year. The hasty implementation of the hybrid work model overnight blurred.

Risk 121
article thumbnail

CERT-UA Identifies Malicious RDP Files in Latest Attack on Ukrainian Entities

The Hacker News

The Computer Emergency Response Team of Ukraine (CERT-UA) has detailed a new malicious email campaign targeting government agencies, enterprises, and military entities. "The messages exploit the appeal of integrating popular services like Amazon or Microsoft and implementing a zero-trust architecture," CERT-UA said. "These emails contain attachments in the form of Remote Desktop Protocol ('.

article thumbnail

The Three Pillars of Shift-Left API Security

Security Boulevard

When it comes to proactive API security, there are three critical pillars: API Discovery, API Security Testing, and API Oversight. The post The Three Pillars of Shift-Left API Security appeared first on Security Boulevard.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Eliminating AI Deepfake Threats: Is Your Identity Security AI-Proof?

The Hacker News

Artificial Intelligence (AI) has rapidly evolved from a futuristic concept to a potent weapon in the hands of bad actors. Today, AI-based attacks are not just theoretical threats—they're happening across industries and outpacing traditional defense mechanisms. The solution, however, is not futuristic.

article thumbnail

AWS Seizes Domains Used by Russian Threat Group APT29

Security Boulevard

Cloud computing giant AWS, tipped off by Ukrainian security experts, seized domains that were being used by Russian threat group APT29 to send phishing emails to government officials and enterprises that contained malicious files that would grants the hackers access to the victims' systems. The post AWS Seizes Domains Used by Russian Threat Group APT29 appeared first on Security Boulevard.

Phishing 121
article thumbnail

From Risk Assessment to Action: Improving Your DLP Response

Security Affairs

DLP is key in cybersecurity; a risk assessment identifies data risks, helping turn findings into real-world security improvements. Data loss prevention (DLP) is a cornerstone of any effective cybersecurity strategy. Protecting sensitive data is what cybersecurity is all about. So, how can you conduct a DLP risk assessment? And how can you translate those findings into real-world improvements?

Risk 122
article thumbnail

Sophos Acquires Dell’s Secureworks for $859 Million

Security Boulevard

British security provider Sophos plans to acquire Dell subsidiary Secureworks in an all-cash transaction valued at approximately $859 million. The deal, announced in a joint release on Monday, will grant Sophos control over Secureworks’ Taegis Extended Detection and Response (XDR) platform, a platform aimed at enhancing threat detection for medium to large enterprises.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Enter the World of Ethical Hacking with Confidence

Tech Republic Security

This $44.99 bundle gives you 92 hours of training in penetration testing, network security, and much more.

article thumbnail

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-20481 Cisco ASA and FTD Denial-of-Service Vulnerability CVE-2024-37383 RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability This week, Cisco addressed multiple vulner

VPN 114
article thumbnail

SEC Charges 4 Companies Over Misleading SolarWinds Cyberattack Disclosures

The Hacker News

The U.S. Securities and Exchange Commission (SEC) has charged four current and former public companies for making "materially misleading disclosures" related to the large-scale cyber attack that stemmed from the hack of SolarWinds in 2020.

article thumbnail

Cyber Scams & Why We Fall for Them

Security Boulevard

Gary Perkins, Chief Information Security Officer Social engineers rely on two key psychological triggers: urgency and empathy. When people feel rushed or that they are helping someone in need, their normal critical thinking is often overridden. Attackers don’t just hack systems; they hack people, and they’re exceptionally good at it. In today’s hyper-connected world, cybersecurity […] The post Cyber Scams & Why We Fall for Them appeared first on CISO Global.

Scams 105
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

7 essential password rules to follow in 2024, according to security experts

Zero Day

What makes a password strong now? How long should it be? How often should you change it? Here's what the cybersecurity pros at NIST recommend - some of which may surprise you.

Passwords 141
article thumbnail

EDR Dependency: Ensuring Uninterrupted and Comprehensive Security Coverage

Security Boulevard

By merging EDRs with defense-in-depth technologies such as AMTD, businesses can detect and respond to known threats, as well as those lurking in the cracks. The post EDR Dependency: Ensuring Uninterrupted and Comprehensive Security Coverage appeared first on Security Boulevard.

article thumbnail

This $499 Google Pixel is my favorite Android phone deal right now

Zero Day

With all eyes on Google's newest smartphone - the Pixel 9 - last year's model is seeing some big price cuts. Even better, the Pixel 8 still has some impressive specs.

104
104
article thumbnail

100 million US citizens officially impacted by Change Healthcare data breach

Malwarebytes

In April, we reported that a “substantial proportion” of Americans may have had their health and personal data stolen in the Change Healthcare breach. That was based on a report provided by the UnitedHealth Group after the February cyberattack on its subsidiary Change Healthcare. The attack on Change Healthcare, which processes about 50% of US medical claims, was one of the worst ransomware attacks against American healthcare and caused widespread disruption in payments to doctors and health fac

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

article thumbnail

The tablet I recommend to creatives is not an iPad (but its battery life is just as good)

Zero Day

The Asus ProArt PZ13 is a high-performing tablet/laptop hybrid with a gorgeous 3K OLED screen and a battery that lasts way longer than you'd expect.

105
105
article thumbnail

Social Engineering Stories: One Phish, Two Vish, and Tips for Stronger Defenses

NetSpi Executives

October is Cybersecurity Awareness Month, serving as a crucial reminder of the importance of safeguarding our digital lives. This year’s theme is “Secure Our World” with an emphasis on recognizing phishing and vishing attempts – two prevalent tactics used by bad actors to exploit unsuspecting individuals. Understanding these risks is essential for companies, employees, and consumers alike, as they can lead to identity theft, financial loss, and even emotional distress.

article thumbnail

5 helpful Alexa routines I rely on every day - and how to easily build your own

Zero Day

Ready to unlock your Amazon Echo's true potential? With just a few taps in the Alexa app, Alexa routines can automate your home, simplify tasks, and save you time. Here's how.

98
article thumbnail

UnitedHealth: 100 Million Individuals Affected by the Change Healthcare Data Breach

Heimadal Security

UnitedHealth confirms for the first time that over 100 million people had their personal information and healthcare records stolen during the Change Healthcare ransomware attack. Change Healthcare initially published a data breach notification warning in June, stating that a ransomware attack in February exposed a ‘substantial quantity of data’ for a significant proportion of the […] The post UnitedHealth: 100 Million Individuals Affected by the Change Healthcare Data Breach appeared first

article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.