Krebs on Security

NOVEMBER 13, 2021

The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities.

Access 362

Access Security Communications IT 362

Data Breach Today

NOVEMBER 1, 2021

This Flaw Could Lead to an Attack Like SolarWinds Two researchers from the University of Cambridge have discovered a vulnerability that affects most computer code compilers and many software development environments, according to a new research paper. The bug could cause a SolarWinds-like open-source supply chain attack scenario, they say.

Paper 274

Paper 274

The Last Watchdog

NOVEMBER 3, 2021

Last Watchdog’s mission is to foster useful understanding about emerging cybersecurity and privacy exposures. Related article: The road to a Pulitzer. While I no longer concern myself with seeking professional recognition for doing this, it’s, of course, always terrific to receive peer validation that we’re steering a good course. That’s why I’m thrilled to point out that Last Watchdog has been recognized, once again, as a trusted source of information on cybersecurity and privacy topics.

Cybersecurity 277

Cybersecurity Privacy Data breaches Ransomware 277

Thales Cloud Protection & Licensing

NOVEMBER 2, 2021

Quantum Resistant Encryption – Are You Ready? madhav. Tue, 11/02/2021 - 09:10. . Some good news and a couple of tips for being prepared. Over the past few months, a handful of Thales CPL clients have mentioned their concern regarding the future threat of quantum computing to their data security frameworks. If you take a good hard look at the risks arising from Quantum, there is bad news and good news.

Encryption 156

Encryption Risk Cybersecurity Compliance 156

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

Security Affairs

NOVEMBER 21, 2021

Researchers discovered 11 malicious Python packages in the PyPI repository that can steal Discord access tokens, passwords, and conduct attacks. JFrog researchers have discovered 11 malicious Python packages in the Python Package Index (PyPI) repository that can steal Discord access tokens, passwords, and even carry out dependency confusion attacks.

Communications 144

Communications Passwords Access Security 144

Krebs on Security

NOVEMBER 10, 2021

Most of us have probably heard the term “smishing” — which is a portmanteau for traditional ph ishing scams sent through SMS text messages. Smishing messages usually include a link to a site that spoofs a popular bank and tries to siphon personal information. But increasingly, phishers are turning to a hybrid form of smishing — blasting out linkless text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text

Phishing 353

Phishing Security IT 353

Data Breach Today

NOVEMBER 1, 2021

Operators Left Exposed After Overreaching, Says McAfee Enterprise’s John Fokker How is the ransomware ecosystem set to evolve? Since some operations overreached - notably with DarkSide's hit on Colonial Pipeline - "what we're seeing … is that there is going to be a power balance shift," says McAfee's John Fokker, with more affiliates, not gang leaders, calling the shots.

Ransomware 326

Ransomware 326

Threatpost

NOVEMBER 5, 2021

CISA is urging vendors to patch, given the release of public exploit code & a proof of concept tool for bugs that open billions of devices – phones, PCs, toys, etc. – to DoS & code execution.

Security 141

Security 141

Thales Cloud Protection & Licensing

NOVEMBER 15, 2021

How encryption can help address Cloud misconfiguration. divya. Tue, 11/16/2021 - 06:15. Cloud service providers (CSPs) try to make it simple and easy for their users to comply with data privacy regulations and mandates. Still, as all of us who work in technology know, you reduce access to granular controls when you simplify a process. On the flip side, if you allow access to granular controls, the person setting the controls needs to be an expert to set them correctly.

Encryption 143

Encryption Cloud Access Privacy 143

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Security Affairs

NOVEMBER 16, 2021

Maintainers of the npm package manager for the JavaScript programming language disclosed multiple flaws that were recently addressed. GitHub disclosed two major vulnerabilities in the npm that have been already addressed. The first vulnerability can be exploited by an attacker to publish new versions of any npm package using an account without proper authorization.

Authentication 143

Authentication Security IT Access 143

WIRED Threat Level

NOVEMBER 5, 2021

DDoSecrets published the trove Friday afternoon. Privacy advocates say it shows how pervasive law enforcement's eye has become, and how lax its data protection can be.

Privacy 145

Privacy IT Security 145

Krebs on Security

NOVEMBER 4, 2021

The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a lure about a wayward package that needs redelivery. Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients. One of dozens of FedEx-themed phishing sites currently being advertised via SMS spam.

Phishing 299

Phishing Insurance Passwords Privacy 299

Micro Focus

NOVEMBER 30, 2021

Micro Focus’ innovation in the modernization space continues to gather pace. Eddie Houghton, Enterprise Product Director explains the latest developments in mainframe workload modernization with AWS and Micro Focus. The Rich Micro Focus Heritage in Mainframe Modernization Most large enterprises and public institutions run business-critical applications on mainframe environments that execute vast numbers of transactions.

139

139

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Dark Reading

NOVEMBER 24, 2021

The convergence and integration of OT and IT has resulted in a growing number of cyber-risks for critical infrastructure. Here are some of the ways attackers are targeting operational technology systems.

Risk 139

Risk IT 139

IT Governance

NOVEMBER 4, 2021

BEC (business email compromise) scams are a type of phishing attack in which fraudsters trick people into handing over money or corporate data. Unlike most phishing attacks, they are highly targeted. The scammer will take the time to compromise or replicate the email address of an organisation’s CEO or another high-level executive, and then email an employee with their request.

Phishing 134

Phishing Education Authentication Access 134

Security Affairs

NOVEMBER 10, 2021

South Korean users have been targeted with a new sophisticated Android spyware, tracked as PhoneSpy, as part of an ongoing campaign. Researchers from Zimperium zLabs uncovered an ongoing campaign aimed at infecting the mobile phones of South Korean users with new sophisticated android spyware dubbed PhoneSpy. The malware already hit more than a thousand South Korean victims.

Phishing 143

Phishing Access Communications IT 143

DLA Piper Privacy Matters

NOVEMBER 18, 2021

Author: Sinead Lynch. At DLA Piper we advise clients that develop or create technology, are enabled by technology, or whose business model is fundamentally based on technology. From start-ups, to fast growing and mid-market businesses, to mature global enterprises, DLA Piper supports innovative businesses and new ventures. It is at the heart of what we do.

Privacy 133

Privacy Digital transformation Government Financial Services 133

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Krebs on Security

NOVEMBER 8, 2021

The U.S. Department of Justice today announced the arrest of Ukrainian man accused of deploying ransomware on behalf of the REvil ransomware gang, a Russian-speaking cybercriminal collective that has extorted hundreds of millions from victim organizations. The DOJ also said it had seized $6.1 million in cryptocurrency sent to another REvil affiliate, and that the U.S.

Ransomware 282

Ransomware Passwords Systems administration IT 282

Schneier on Security

NOVEMBER 17, 2021

I received email from two people who told me that Microsoft Edge enabled synching without warning or consent, which means that Microsoft sucked up all of their bookmarks. Of course they can turn synching off, but it’s too late. Has this happened to anyone else, or was this user error of some sort? If this is real, can some reporter write about it?

Passwords 131

Passwords Privacy IT 131

Dark Reading

NOVEMBER 4, 2021

Hiring managers must rethink old-school practices to find the right candidates and be ready to engage in meaningful conversations about their company's values. Here are three ways to start.

Cybersecurity 132

Cybersecurity 132

IT Governance

NOVEMBER 24, 2021

Cloud services are an integral part of modern business. They provide a cost-effective way to store data; and with the rise in hybrid workforces, they deliver a reliable way for employees to access information remotely. But as is often the case with technological solutions, the benefits of convenience comes with security risks. In this blog, we look at the top five Cloud security challenges that organisations face, and provide tips on how to overcome them. 1.

Cloud 133

Cloud Risk Security Data breaches 133

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

Customer Experience

Security Affairs

NOVEMBER 2, 2021

Researchers devised a new attack method called ‘Trojan Source’ that allows hide vulnerabilities into the source code of a software project. Trojan Source is a new attack technique demonstrated by a group of Cambridge researchers that can allow threat actors to hide vulnerabilities in the source code of a software project. The technique could be exploited to inject stealth malware without impacting the semantics of the source code while changing its logic. “We present a new type

Paper 143

Paper Risk IT Security 143

Threatpost

NOVEMBER 10, 2021

The distributed computing vendor patched the flaw, affecting Citrix ADC and Gateway, along with another flaw impacting availability for SD-WAN appliances.

Access 138

Access Cloud Security 138

OpenText Information Management

NOVEMBER 26, 2021

Who’d have thought the humble invoice was a superhero? Yet, slip a digital cloak on it and it becomes the scourge of tax fraud. Governments worldwide have recognized this; today there are more than 50 e-Invoicing mandates worldwide, and many more coming into force over the next few years. The day is fast approaching when, … The post Why e-Invoicing has become a global superhero appeared first on OpenText Blogs.

Government 126

Government IT Manufacturing 126

Hunton Privacy

NOVEMBER 3, 2021

On October 28, 2021, the European Parliament’s Committee on Industry, Research and Energy adopted a draft directive on cybersecurity (“NIS2 Directive”). The NIS2 Directive will broaden the scope of the existing NIS Directive to apply to “important sectors,” such as waste management, postal services, chemicals, food, medical device manufacturers, digital providers and producers of electronics, in addition to “essential sectors.

Cybersecurity 126

Cybersecurity Manufacturing Encryption Security 126

Advertisement

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

Analytics

Dark Reading

NOVEMBER 29, 2021

Despite heightened concerns over ransomware, fewer organizations in a Dark Reading survey reported being an actual victim of a ransomware attack over the past year.

Data breaches 137

Data breaches Phishing Ransomware 137

Schneier on Security

NOVEMBER 22, 2021

I have long been annoyed that the word “crypto” has been co-opted by the blockchain people, and no longer refers to “cryptography.” I’m not the only one.

Blockchain 124

Blockchain 124

Security Affairs

NOVEMBER 26, 2021

Resecurity researchers found a zero-day vulnerability in the TP-Link enterprise device with model number TL-XVR1800L. Resecurity, a Los Angeles-based cybersecurity company has identified an active a zero-day vulnerability in the TP-Link device with model number TL-XVR1800L (Enterprise AX1800 Dual Band Gigabit Wi-Fi 6 Wireless VPN Router), which is primarily suited to enterprises.

IoT 142

IoT Honeypots Cybersecurity Sales 142