Thu.Sep 01, 2022

article thumbnail

OneCoin Cryptocurrency Scam Suspect Faces Extradition to US

Data Breach Today

International Fraudulent Cryptocurrency Pyramid Scheme Netted $4 Billion Christopher Hamilton, an alleged participant in the multi-billion OneCoin cryptocurrency scheme, faces extradition to the United States from Great Britain. The scheme was allegedly headed by "Cryptoqueen" Ruja Ignatova, who is on the run from law enforcement.

246
246
article thumbnail

List of Data Breaches and Cyber Attacks in August 2022 – 97 Million Records Breached

IT Governance

August 2022 has been a lesson in being careful with whom you provide sensitive information. In a month that saw the former US president accused of misappropriating classified government documents, there were also a spate of malicious insiders compromising their employer’s systems. Meanwhile, the bastion of password security, LastPass, announced that its systems had been breached – although the organisation is confident that customers’ details remain secure.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Okta-Auth0 Sales Integration Falters, Fueling Staff Turnover

Data Breach Today

Okta CEO Todd McKinnon on How SMS Tokens Put Customers in Danger During Twilio Hack There’s been an unintended effect from Okta’s acquisition of customer identity giant Auth0. It confused its own sales force with similar CIAM products. Salespeople quit. Okta CEO says the company will work on better sales integration of Auth0.

Sales 259
article thumbnail

IT Governance Podcast Episode 7: Apple zero-day, NHS ransomware update and 0ktapus phishing campaign

IT Governance

This week, we discuss two zero-day vulnerabilities affecting Apple devices, the further effects of a ransomware attack on an NHS digital services provider and a large-scale phishing campaign affecting users of secure services such as Okta, Authy and Signal. The post IT Governance Podcast Episode 7: Apple zero-day, NHS ransomware update and 0ktapus phishing campaign appeared first on IT Governance UK Blog.

Phishing 105
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Banning Ransoms: The Evolving State of Ransomware Response

Data Breach Today

The latest edition of the ISMG Security Report explores the possible unintended consequences of banning ransom payments, the challenges of opening a cyber intel firm during wartime, and the need for more clarity in the regulation of cryptocurrency firms.

More Trending

article thumbnail

Tenable CEO on What's New in Cyber Exposure Management

Data Breach Today

Amit Yoran Shares Why Tenable Has Doubled Down on Analytics and OT Security Tenable wants to help the cybersecurity industry move away from traditional vulnerability management focused on giving customers a list of vulnerabilities. Instead, CEO Amit Yoran wants to help customers understand their exposure and how they can effectively manage and reduce risk.

Analytics 250
article thumbnail

Threat Actor Phishing PyPI Users Identified

Dark Reading

"JuiceLedger" has escalated a campaign to distribute its information stealer by now going after developers who published code on the widely used Python code repository.

article thumbnail

Clearwater Acquires CynergisTek to Protect Healthcare Firms

Data Breach Today

Hospitals and Physicians Will Access More Services After CynergisTek Acquisition Clearwater has completed its purchase of healthcare cyber firm CynergisTek to give hospitals and physicians a broader range of security technology and services. Joining forces will give clients access to Clearwater's endpoint and logging technology and risk analysis and schematic services.

Risk 237
article thumbnail

1,859 Android and iOS apps were containing hard-coded Amazon AWS credentials

Security Affairs

Researchers discovered 1,859 Android and iOS apps containing hard-coded Amazon Web Services (AWS) credentials. Researchers from Broadcom Symantec’s Threat Hunter team discovered 1,859 Android and iOS apps containing hard-coded Amazon Web Services (AWS) credentials that allowed access to private cloud services. The experts pointed out that most of the apps containing hard-coded Amazon Web Services were iOS apps (98%), this is a trend that the researchers have been tracking for years. 47% of

Cloud 96
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Sound Off: Will Tornado Cash Sanctions Shake the DeFi World?

Data Breach Today

Ari Redbord Sounds Off on 'Exceptional' Tornado Cash Sanctions Federal officials recently froze the assets of Ethereum blockchain cryptocurrency mixer Tornado Cash, stating that civil and potentially criminal penalties await those who use the service. On this week's "Sound Off," crypto expert Ari Redbord explains why the sanctions are "exceptional.

article thumbnail

Code-Injection Bugs Bite Google, Apache Open Source GitHub Projects

Dark Reading

The insecurities exist in CI/CD pipelines and can be used by attackers to subvert modern development and roll out malicious code at deployment.

103
103
article thumbnail

Clever Phishing Scam Uses Legitimate PayPal Messages

Schneier on Security

Brian Krebs is reporting on a clever PayPal phishing scam that uses legitimate PayPal messaging. Basically, the scammers use the PayPal invoicing system to send the email. The email lists a phone number to dispute the charge, which is not PayPal and quickly turns into a request to download and install a remote-access tool.

article thumbnail

(ISC)(2) Launches 'Certified in Cybersecurity' Entry-Level Certification to Address Global Workforce Gap

Dark Reading

After a rigorous pilot program, the association's newest certification is officially operational. More than 1,500 pilot participants who passed the exam are on the path to full certification.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Apple released patches for recently disclosed WebKit zero-day in older iPhones and iPads

Security Affairs

Apple released new security updates for older iPhone and iPad devices addressing recently fixed WebKit zero-day. Apple has released new updates to backport patches released this month to older iPhone and iPad devices addressing the CVE-2022-32893 flaw. The CVE-2022-32893 flaw is an out-of-bounds issue that impacts WebKit. An attacker can trigger the flaw by tricking target devices into processing maliciously crafted web content to achieve arbitrary code execution.

article thumbnail

Careless Errors in Hundreds of Apps Could Expose Troves of Data

WIRED Threat Level

Researchers found that mobile applications contain keys that could provide access to both user information and private files from unconnected apps.

Access 86
article thumbnail

Ragnar Locker ransomware gang claims to have stolen data from TAP Air Portugal

Security Affairs

The Ragnar Locker ransomware gang claims to have hacked the Portuguese state-owned flag carrier airline TAP Air Portugal and stolen customers’ data. The Ragnar Locker ransomware added the Portuguese state-owned flag carrier airline TAP Air Portugal to its leak site and claims to have stolen customers’ data. On August 26, the Portugues company announced via Twitter that it was hit by a cyber attack and that it was able to neutralize it.

article thumbnail

The US May Soon Learn What a ‘Kid-Friendly’ Internet Looks Like

WIRED Threat Level

The California Age-Appropriate Design Code would launch a huge online privacy experiment. And it won’t just affect children.

Privacy 82
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Real-World Cloud Attacks: The True Tasks of Cloud Ransomware Mitigation

Dark Reading

Cloud breaches are inevitable — and so is cloud ransomware. (Second of two parts.

Cloud 99
article thumbnail

Employee Spotlight Rusty Reese: Living a life of resilience, love, and grit

Synergis Software

From Farm to Computer Coder: Living a life of resilience, love, and grit. Whenever I interview someone for a Spotlight Post, I’m surprised, even awestruck by their life stories. Talking with Rusty Reese, we covered so many remarkable and even miraculous segments of his life’s journey: From his childhood on a small organic vegetable farm to his adult obsession with baseball and baseball collectables; to his deeply personal journey of fatherhood; and his multi-faceted career at Synergis.

52
article thumbnail

Extended Planning and Analysis (xP&A) in action

IBM Big Data Hub

Extended Planning and Analysis (xP&A), is not a new concept for IBM clients who use IBM Planning Analytics with Watson , formerly known as Cognos TM1. For the past several years, clients have embraced the need to tie operational decisions to the financial impact from both planning and analysis perspectives. For instance, a Director of Operations may want to increase production for the upcoming selling season, but they must first understand the impact on the business overall.

article thumbnail

Employee Spotlight: Rusty Reese

Synergis Software

From Farm to Computer Coder: Living a life of resilience, love, and grit. Whenever I interview someone for a Spotlight Post, I’m surprised, even awestruck by their life stories. Talking with Rusty Reese, we covered so many remarkable and even miraculous segments of his life’s journey: From his childhood on a small organic vegetable farm to his adult obsession with baseball and baseball collectables; to his deeply personal journey of fatherhood; and his multi-faceted career at Synergis.

52
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

FBI is helping Montenegro in investigating the ongoing cyberattack

Security Affairs

A team of cybersecurity experts from the US FBI will help the authorities in Montenegro to investigate the recent massive cyberattack. A team of cybersecurity experts from the FBI is heading to Montenegro to help local authorities in investigating the recent massive cyber attack that hit the government infrastructure last week. “This is another confirmation of the excellent cooperation between the United States of America and Montenegro and a proof that we can count on their support in any situa

article thumbnail

Teacher empowerment: Focused learning for distracting times

Jamf

By leveraging the power of the Jamf Teacher app, educators can keep student learning on track in the classroom and at home while unlocking student genius.

article thumbnail

Attorney General Bonta Announces Settlement with Sephora as Part of Ongoing Enforcement of California Consumer Privacy Act

IG Guru

Check out the article here.

Privacy 81
article thumbnail

A flaw in TikTok Android app could have allowed the hijacking of users’ accounts

Security Affairs

Microsoft discovered a vulnerability in the TikTok app for Android that could lead to one-click account hijacking. Microsoft researchers discovered a high-severity flaw ( CVE-2022-28799 ) in the TikTok Android app, which could have allowed attackers to hijack users’ accounts with a single click. The experts state that the vulnerability would have required the chaining with other flaws to hijack an account.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

The Wright Military Flyer Soars on Celluloid: Uncovering the Story of Our Oldest Government Film

Unwritten Record

The National Archives and Records Administration (NARA) is well known for preserving the first written records of our nation. People come from around the world to see the Declaration of Independence , Constitution , and Bill of Rights. But what about the first government films? The oldest known government-produced film in our holdings is First Army Aeroplane Flight, Fort Myer, Virginia , which captured daring test flights of the Wright Military Flyer.