Mon.Feb 19, 2024

article thumbnail

Zenlayer Exposes 384 Million Records

Data Breach Today

Exposed Database at Network Services Firm Included Server Log Details A global data center provider Zenlayer exposed an internal database accessible on the internet, revealing approximately 384 million records. A spokesperson said no internal or customer operational data, credentials or network traffic was impacted.

Access 283
article thumbnail

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

Security Affairs

An APT group, tracked as TAG-70, linked to Belarus and Russia exploited XSS flaws in Roundcube webmail servers to target over 80 organizations. Researchers from Recorded Future’s Insikt Group identified a cyberespionage campaign carried out by an APT group, tracked as TAG-70, linked to Belarus and Russia. The nation-state actors are known to carry out cyber-espionage against targeting government, military, and national infrastructure entities in Europe and Central Asia since at least December 20

Military 106
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

LockBit Infrastructure Seized By US, UK Police

Data Breach Today

LockBit Ransomware Operations Is Latest to Fall in Series of Takedowns An international law enforcement operation seized the infrastructure of Russian-speaking cybercriminal group LockBit, a prolific ransomware-as-a-service operation, marking the latest in a series of digital takedowns. The group’s dark web leak site now displays a seizure notice.

article thumbnail

How BRICS Got “Rug Pulled” – Cryptocurrency Counterfeiting is on the Rise

Security Affairs

Resecurity has identified an increasing trend of cryptocurrency counterfeiting, the experts found several tokens impersonating major brands, government organizations and national fiat currencies. Resecurity has identified an increasing trend of cryptocurrency counterfeiting. Ongoing brand protection for Fortune 100 companies by cybersecurity company uncovered several tokens impersonating major brands, government organizations and even national fiat currencies.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Ransomware Experts See Problems With Banning Ransom Payments

Data Breach Today

Would Criminals Care? Might Victims Still Pay? Would Hospitals Be Exempt? As the damage caused by ransomware and profits flowing to attackers reaches record levels, a panel of cybersecurity and policy experts reviewed what it might take to ban ransom payments and whether such a ban might take a bite out of cybercrime or have unwelcome consequences.

More Trending

article thumbnail

LockBit Infrasttructure Seized By US, UK Police

Data Breach Today

LockBit Ransomware Operations Is Latest to Fall in Series of Takedowns An international law enforcement operation seized the infrastructure of Russian-speaking cybercriminal group LockBit, a prolific ransomware-as-a-service operation, marking the latest in a series of digital takedowns. The group’s dark web leak site now displays a seizure notice.

article thumbnail

Only 7% of Organizations Can Restore Data Processes within 1-3 Days After a Ransomware Attack

KnowBe4

New data on how organizations are able to respond to ransomware attacks also shows that paying a ransom is highly likely, despite having a policy of “Do Not Pay.

article thumbnail

NIST Offers Concrete Steps for Secure Software Development

Data Breach Today

New Guidelines Include 'Absolutely Crucial' Steps to Enhance Security, Experts Say The National Institute of Standards and Technology issued new guidelines to help software developers integrate software supply chain security into every phase of the software development life cycle as experts say organizations are seeking comprehensive guidance on how to accomplish federal mandates.

Security 242
article thumbnail

Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric

Security Affairs

The Cactus ransomware gang claims the theft of 1.5TB of data from the Energy management and industrial automation firm Schneider Electric. The Cactus ransomware group claims responsibility for pilfering 1.5TB of data from the Energy management and industrial automation giant Schneider Electric. Schneider Electric is a multinational company that specializes in energy management, industrial automation, and digital transformation.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Protecting EHR Systems Against Attacks and Compromises

Data Breach Today

Why Are EHRs So Vulnerable and How Can Organizations Get Better at Protecting Them? When a hospital or clinic is hit with a cyberattack, it often seems as if the electronic health record systems just can't win. Even if the EHR system is not the prime target of the attack, it's still frequently taken off line as the organization responds to the incident.

IT 242
article thumbnail

Anatsa Android banking Trojan expands to Slovakia, Slovenia, and Czechia

Security Affairs

The Android banking trojan Anatsa resurged expanding its operation to new countries, including Slovakia, Slovenia, and Czechia. In November 2023, researchers from ThreatFabric observed a resurgence of the Anatsa banking Trojan, aka TeaBot and Toddler. Between November and February, the experts observed five distinct waves of attacks, each focusing on different regions.

Access 97
article thumbnail

Ukrainian Extradited to US Over Alleged Raccoon Stealer Ties

Data Breach Today

Mark Sokolovsky Has Fought Extradition From the Netherlands Since March 2022 Arrest A Dutch court extradited a Ukrainian national to the United States, where he faces criminal charges related to his role in the malware-as-a-service Raccoon Stealer. The extradition of Mark Sokolovsky, 28, comes nearly two years after Netherlands police arrested him in March 2022.

233
233
article thumbnail

VulnRecap 2/19/2024: News from Microsoft, Zoom, SolarWinds

eSecurity Planet

While this week was a little light on vulnerability news, it’s still been significant, with Microsoft’s Patch Tuesday happening as well as updates for major products, like Zoom. Akira ransomware vulnerabilities have also surfaced in older Cisco products, and SolarWinds patched some remote code execution flaws in its Access Rights Manager product.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Tech Giants Pledge to Curb AI-Made Election Misinformation

Data Breach Today

AI's Speed and Scale of Deception Is 'Unprecedented," Says US Senator Twenty technology giants including Google and Meta pledged Friday to combat the presence of artificially generated deepfake content meant to deceive voters as more than 4 billion people in more than 70 countries prepare for elections this year.

208
208
article thumbnail

A Ukrainian Raccoon Infostealer operator is awaiting trial in the US

Security Affairs

The Raccoon Infostealer operator, Mark Sokolovsky , was extradited to the US from the Netherlands to appear in a US court. In October 2020, the US Justice Department charged a Ukrainian national, Mark Sokolovsky (28), with computer fraud for allegedly infecting millions of computers with the Raccoon Infostealer. The man was held in the Netherlands, and he was charged for his alleged role in the international cybercrime operation known as Raccoon Infostealer.

Sales 89
article thumbnail

State-Sponsored Threat Actors Targeting European Union Entities With Spear Phishing Campaigns

KnowBe4

Numerous state-sponsored threat actors frequently launched spear phishing attacks against European Union entities last year, according to a new report from the EU’s Emergency Response Team (CERT-EU).

article thumbnail

Streamlining supply chain management: Strategies for the future

IBM Big Data Hub

In today’s complex global business environment, effective supply chain management (SCM) is crucial for maintaining a competitive advantage. The pandemic and its aftermath highlighted the importance of having a robust supply chain strategy , with many companies facing disruptions due to shortages in raw materials and fluctuations in customer demand.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

The IT Pro's How-to Guide to Building a Strong Security Culture

KnowBe4

The thought of building and improving your organization’s security culture can seem like a daunting task. How can you influence an entire culture? With the right plan, buy-in and content, we assure you it IS possible… and maybe even easier than you thought!

IT 87
article thumbnail

The Clock To Q-Day Is Ticking: InfoSec Global and Thales Provide Collaborative Path to Quantum Readiness

Thales Cloud Protection & Licensing

The Clock To Q-Day Is Ticking: InfoSec Global and Thales Provide Collaborative Path to Quantum Readiness madhav Tue, 02/20/2024 - 05:16 Blair Canavan, Thales & Dr. Vladimir Soukharev, InfoSec Global The advent of quantum computers poses a substantial threat to various industries due to their potential to compromise standard encryption methods that protect global data, communications, and transactions.

article thumbnail

The Scarcity of the Long-Term via The Technium

IG Guru

Check out the post here. The post The Scarcity of the Long-Term via The Technium first appeared on IG GURU.

article thumbnail

Unlocking financial benefits through data monetization

IBM Big Data Hub

Data monetization empowers organizations to use their data assets and artificial intelligence (AI) capabilities to create tangible economic value. This value exchange system uses data products to enhance business performance, gain a competitive advantage, and address industry challenges in response to market demand. Financial benefits include increased revenue through the creation of adjacent industry business models, accessing new markets to establish more revenue streams, and growing existing

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

New Guides Aim to Help Health Sector Beef Up Cyber, Privacy

Data Breach Today

HHS OCR, NIST Finalize HIPAA Cyber Guide; HSCC Issues Security, Privacy Resource Two new guidance resources - one from regulators and the other from an industry council - aim to help healthcare firms strengthen their protection of sensitive patient information and critical IT systems. The publications come as the Biden administration is pushing the sector to up its cyber game.

Privacy 234
article thumbnail

When PKI Excels for Passwordless Authentication

HID Global

PKI benefits passwordless authentication because it provides a set of tools that can verify a single entity’s identity across multiple security domains.

article thumbnail

EU Court of Human Rights Rejects Encryption Backdoors

Schneier on Security

The European Court of Human Rights has ruled that breaking end-to-end encryption by adding backdoors violates human rights : Seemingly most critically, the [Russian] government told the ECHR that any intrusion on private lives resulting from decrypting messages was “necessary” to combat terrorism in a democratic society. To back up this claim, the government pointed to a 2017 terrorist attack that was “coordinated from abroad through secret chats via Telegram.” The govern