Security News

Bob February 23, 2024 11:47 AM. I actually gave a presentation recently where I pointed out that it is inevitable that AI will be used to carry out attacks that change by the nanosecond, and that's going to be happening sooner than later. We currently find ourselves in the early stages of a brand new arms race.

U-Haul has started informing customers that a hacker used stolen account credentials to access an internal system for dealers and team members to track customer reservations. The breach exposed customer records that include personal information but payment details have not been impacted.

Identity and Access Management is all about establishing the identity of a user and verifying that the user has the right to access certain applications and types of information. According to Gartner's definition, "Identity and Access Management is a security and business discipline that includes multiple technologies and business processes to help the right people or machines to access the right assets at the right time for the right reasons, while keeping unauthorized access and fraud at bay."

Webinar Dealing with the double trouble of relentless cyber threats and regular technology refresh cycles can stretch already overworked security practitioners. Multi cloud might bring flexibility, but it can also increase the risk of misconfiguration and malicious attacks for example.

Microsoft's Windows Photos app now has its own generative erase tool that enables users to replace unwanted objects with AI-generated content. This feature is rolling out to Windows Insiders in all channels today, including systems running Windows 10 in the Release Preview Channel.

Microsoft has released an open access automation framework called PyRIT (short for Python Risk Identification Tool) to proactively identify risks in generative artificial intelligence (AI)...

The Federal Trade Commission will require software provider Avast to pay $16.5 million and prohibit the company from selling or licensing any web browsing data for advertising purposes to settle charges that the company and its subsidiaries sold such information to third parties after promising that its products would protect consumers from online tracking. From 2014 to 2020, Jumpshot sold browsing information that Avast had collected from consumers to a variety of clients including advertising, marketing and data analytics companies and data brokers, according to the complaint.

US healthcare giant UnitedHealth Group announced that its subsidiary Optum suffered a cyberattack by "Nation-state" hackers on the Change Healthcare platform, forcing the company to shut down IT systems and various services.Its subsidiary, Optum Solutions, operates the Change Healthcare platform, which is the largest payment exchange platform between doctors, pharmacies, healthcare providers, and patients in the US healthcare system.

In nearly 85% of attacks on critical sectors, compromise could have been mitigated with patching, MFA, or least-privilege principals - indicating that what the security industry historically described as "Basic security" may be harder to achieve than portrayed. Ransomware attacks on enterprises saw a nearly 12% drop last year, as larger organizations opt against paying and decrypting, in favor of rebuilding their infrastructure.

The global government affairs team at X has suspended some accounts and posts in India after receiving executive orders to do so from the country's government, backed by threat of penalties including significant fines and imprisonment. The team revealed its actions on Thursday, writing "In compliance with the orders, we will withhold these accounts and posts in India alone; however, we disagree with these actions and maintain that freedom of expression should extend to these posts." X has appealed the order and notified impacted users.