Tue.Jan 25, 2022

article thumbnail

Attackers are actively targeting critical RCE bug in SonicWall Secure Mobile Access

Security Affairs

Threat actors are actively exploiting a critical flaw (CVE-2021-20038) in SonicWall’s Secure Mobile Access (SMA) gateways addressed in December. Threat actors are actively exploiting a critical flaw, tracked as CVE-2021-20038 , in SonicWall’s Secure Mobile Access (SMA) gateways addressed by the vendor in December. The vulnerability is an unauthenticated stack-based buffer overflow that was reported by Jacob Baines , lead security researcher at Rapid7.

Access 90
article thumbnail

Scary Fraud Ensues When ID Theft & Usury Collide

Krebs on Security

What’s worse than finding out that identity thieves took out a 546 percent interest payday loan in your name? How about a 900 percent interest loan? Or how about not learning of the fraudulent loan until it gets handed off to collection agents? One reader’s nightmare experience spotlights what can happen when ID thieves and hackers start targeting online payday lenders.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Privacy in a Parallel Digital Universe: The Metaverse

Data Protection Report

For many years, the immersive three-dimensional digital world has been left to the cinematic experience. However, the emergence of the metaverse presents an opportunity to translate everyday activities – working, attending a concert, travelling, shopping, socializing – into a parallel digital universe. The metaverse is an abstract concept that uses a digital environment to permeate the boundaries of our physical world.

Privacy 116
article thumbnail

Who We Are – Rand LeMarinel: Chief Operating Officer

Record Nations

Do you know Record Nations? Whether we’ve worked with you for years, or you’re new to the business, we thought it was high time we introduced you to some of the people behind the brand. While we may have been in business for roughly two decades, a lot has changed over the years. We’ve incorporated […]. The post Who We Are – Rand LeMarinel: Chief Operating Officer appeared first on Record Nations.

IT 97
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Cyber-Physical Security: What It Is and What You Should Do

Dark Reading

Ancillary installations like the Internet of Things, operational technology, and industrial control systems enable lots of great functionality, and they face most of the same risks as IT infrastructure.

IT 88

More Trending

article thumbnail

Striking a Balance Between Cybersecurity Awareness and Anxiety

Dark Reading

Employees don't have to be paralyzed by fear to keep the company safe. They just have to understand what threats look like and how to stop them.

article thumbnail

Sophisticated attackers used DazzleSpy macOS backdoor in watering hole attacks

Security Affairs

Experts found an undocumented macOS backdoor, dubbed DazzleSpy, that was employed in watering hole attacks aimed at politically active individuals in Hong Kong. Researchers from ESET have spotted an undocumented macOS backdoor, dubbed DazzleSpy, that was employed in watering hole attacks aimed at politically active individuals in Hong Kong. The investigation started in November after Google TAG published a blogpost about watering-hole attacks targeting macOS users in Hong Kong.

article thumbnail

4 Steps Toward Knowing Your Exploitable Attack Surface

Dark Reading

Actionable steps you can take today to identify the true risk your organization faces — learn how to separate the exploitable vulnerabilities from the rest.

Risk 87
article thumbnail

PrinterLogic fixes high severity flaws in Printer Management Suite

Security Affairs

PrinterLogic has addressed nine vulnerabilities in Web Stack and Virtual Appliance, including three high severity flaws. PrinterLogic has released security updates to address nine vulnerabilities in Web Stack and Virtual Appliance, the most severe ones, tracked as CVE-2021-42631, CVE-2021-42635, and CVE-2021-42638, are rated as high severity flaws (CVSS base score of 8.1).

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

8 Security Startups to Watch in 2022

Dark Reading

Cloud security, API security, and incident response are among the issues up-and-coming security companies are working on.

Security 100
article thumbnail

UK NCSC is going to release Nmap scripts to find unpatched vulnerabilities

Security Affairs

The UK NCSC cybersecurity agency is going to release a collection of NMAP scripts that can allow defenders to find unpatched vulnerabilities. The United Kingdom’s National Cyber Security Centre (NCSC) announced the release of NMAP Scripting Engine scripts that can help defenders to scan their infrastructure to find and fix unpatched vulnerabilities impacting them.

article thumbnail

Safari Flaws Exposed Webcams, Online Accounts, and More

WIRED Threat Level

Apple awarded a $100,500 bug bounty to the researcher who discovered the latest major vulnerability in its browser.

IT 98
article thumbnail

E-Waste Is a Cybersecurity Problem, Too via IEEE Spectrum

IG Guru

Toxic chemicals can leach out of old devices—but so can sensitive data. The post E-Waste Is a Cybersecurity Problem, Too via IEEE Spectrum appeared first on IG GURU.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Why the Belarus Railways Hack Marks a First for Ransomware

WIRED Threat Level

The politically motivated attack represents a new frontier for hacktivists—and won’t be the last of its kind.

article thumbnail

Merck Wins Insurance Lawsuit re NotPetya Attack

Schneier on Security

The insurance company Ace American has to pay for the losses: On 6th December 2021, the New Jersey Superior Court granted partial summary judgment (attached) in favour of Merck and International Indemnity, declaring that the War or Hostile Acts exclusion was inapplicable to the dispute. Merck suffered US$1.4 billion in business interruption losses from the Notpetya cyber attack of 2017 which were claimed against “all risks” property re/insurance policies providing coverage for losses

article thumbnail

Biometrics in Retail: Beyond Loss Prevention

HID Global

Biometrics in Retail: Beyond Loss Prevention. rfournier. Tue, 01/25/2022 - 09:57.

Retail 98
article thumbnail

Cyberattacks on Squid Game Minecraft Tourney Take Down Andorra’s Internet

Threatpost

Some of the bursts of traffic reached up to 10Gbps, reports noted, overwhelming the country's only ISP, and crippling Andorran Squidcraft gamers along with the rest of the population.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Link11 Sets New Standards in DDoS Protection as Test Winner

Dark Reading

In a recent performance test, cybersecurity provider Link11 was benchmarked against leading international security vendors and emerged as the winner. The study by Frost & Sullivan emphasized the importance of precise detection and speed in mitigating DDoS (Distributed Denial of Service) attacks.

article thumbnail

BRATA Android Trojan Updated with ‘Kill Switch’ that Wipes Devices

Threatpost

Researchers identify three new versions of the banking trojan that include various new features, including GPS tracking and novel obfuscation techniques.

article thumbnail

Conquering the Procure-to-Pay (P2P) process

OpenText Information Management

The challenges of the Procure-to-Pay (P2P) process: complexity, content and collaboration Procure-to-Pay is one of the most common finance business processes used in the Microsoft® Dynamics 365™ finance business application. This critical process involves content such as purchase requisitions, purchase orders, contracts, and proof of delivery and more.

article thumbnail

Segway Hit by Magecart Attack Hiding in a Favicon

Threatpost

Visitors who shopped on the company's eCommerce website in January will likely find their payment-card data heisted, researchers warned.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Threat Actors Use Microsoft OneDrive for Command-and-Control in Attack Campaign

Dark Reading

Signs hint at Russia's APT28, aka Fancy Bear, being behind the attacks, according to new research.

85
article thumbnail

MacOS Malware ‘DazzleSpy’ Used in Watering-Hole Attacks

Threatpost

A pro-democracy Hong Kong site was used to launch watering-hole attacks that planted a powerful macOS backdoor that researchers dubbed DazzleSpy.

article thumbnail

Test Your Team, Not Just Your Disaster Recovery Plan

Dark Reading

Cyberattacks imperil business continuity, but there is a much more common security threat — unintentional human error.

article thumbnail

The Role of Functional Testing in Application Security

ForAllSecure

Application Security Testing (AST) is a vital component of the software development process. It ensures that applications are built to specification and can be used reliably in production environments. This article explores one type of software testing called functional testing. Functional Testing is an important part of application security as it verifies that features work as intended without exposing sensitive information or attack vectors to hackers.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Revelstoke Launches With SOAR Platform to Automate SOCs

Dark Reading

The SOAR platform helps CISOs automate the security operations center via a low-code/no-code platform.

article thumbnail

Smartsheet Provides Dynamic Work Management Solutions for Businesses

Adapture

Smartsheet provides dynamic work management solutions for businesses. Many Smartsheet customers may be missing out on opportunities to improve their operations. ADAPTURE delivers optimized Smartsheet products and services to our clients. Experience The ADAPTURE team has the right balance of business and Smartsheet experience to implement effective Smartsheet solutions.

article thumbnail

How Does Threat Modeling Work in Software Development?

Dark Reading

Threat modeling should be a continuous process alongside development, not a one-time project.

81