Thu.Sep 17, 2020

article thumbnail

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

Krebs on Security

The U.S. Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and “supply chain” attacks to steal data from companies and their customers. One of the alleged hackers was first profiled here in 2012 as the owner of a Chinese antivirus firm.

article thumbnail

Ransomware Attack at Hospital Leads to Patient's Death

Data Breach Today

Attack Reportedly Was Intended to Hit University A ransomware attack that reportedly was directed at a German university but shut down emergency services at an affiliated hospital likely contributed to the death of a patient who needed urgent treatment but instead had to be transported to another hospital, delaying care, according to a news report.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Maze ransomware uses Ragnar Locker virtual machine technique

Security Affairs

The Maze ransomware operators now use a virtual machine to encrypt a computer, a tactic previously adopted by the Ragnar Locker malware. The Maze ransomware operators have adopted a new tactic to evade detection, their malware now encrypts a computer from within a virtual machine. This technique was first adopted by Ragnar Locker gang in May, at the time the Ragnar Locker was deploying Windows XP virtual machines to encrypt victim’s files while bypassing security measures.

article thumbnail

Dunkin' Data Breach Settlement Paves the Way for More Suits

Data Breach Today

Donut Shop Company Agrees to Issue Refunds, Pay Fines Dunkin' Brands' settlement with the New York state attorney general of a lawsuit tied to a 5-year-old data breach affecting its Perks rewards cardholders could open the door to suits by other states - as well as customers.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Top 6 Benefits of Automating End-to-End Data Lineage

erwin

Replace manual and recurring tasks for fast, reliable data lineage and overall data governance. It’s paramount that organizations understand the benefits of automating end-to-end data lineage. Critically, it makes it easier to get a clear view of how information is created and flows into, across and outside an enterprise. The importance of end-to-end data lineage is widely understood and ignoring it is risky business.

Metadata 143

More Trending

article thumbnail

New Bluetooth Vulnerability

Schneier on Security

There’s a new unpatched Bluetooth vulnerability : The issue is with a protocol called Cross-Transport Key Derivation (or CTKD, for short). When, say, an iPhone is getting ready to pair up with Bluetooth-powered device, CTKD’s role is to set up two separate authentication keys for that phone: one for a “Bluetooth Low Energy” device, and one for a device using what’s known as the “Basic Rate/Enhanced Data Rate” standard.

article thumbnail

Researcher Describes Risks Posed by Posting Boarding Passes

Data Breach Today

Former Australian PM's Instagram Shot Led to Personal Data An Instagram post by one of Australia's former prime ministers led to a security researcher finding his passport and phone number due to a coding error in a widely used airline ticketing system. The bug has been fixed, but it's another warning to avoid posting photos of boarding passes.

Risk 278
article thumbnail

SunCrypt ransomware operators leak data of University Hospital New Jersey

Security Affairs

University Hospital New Jersey (UHNJ) has suffered a ransomware attack, SunCrypt ransomware operators also leaked the data they have stolen. Systems at the University Hospital New Jersey (UHNJ) were encrypted with the SunCrypt ransomware, threat actors also stolen documents from the institution and leaked it online. The incident took place in September.

article thumbnail

5 Chinese Suspects Charged in Connection With 100 Breaches

Data Breach Today

Prosecutors Says Members of APT41 Stole Source Code, Account Data Federal prosecutors on Wednesday unsealed indictments that charge five Chinese suspects - alleged members of the APT41 hacking group - with breaching more than 100 companies, government agencies and other organizations around the world.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Defending Against Deepfakes: From Tells to Crypto

Dark Reading

Detecting doctored media has become tricky -- and risky -- business. Here's how organizations can better protect themselves from fake video, audio, and other forms of content.

136
136
article thumbnail

Maze Ransomware Attack Borrows RagnarLocker Hacking Move

Data Breach Today

Ransomware Gang Cross-Pollination Continues as LockBit Launches Its Own Leaks Site Stop me if you think you've heard this one before: Some ransomware attackers are hiding attack code in virtual machines or creating new leaking sites to pressure victims into paying.

article thumbnail

Major Duesseldorf hospital infected with ransomware, patient died for consequences

Security Affairs

A major hospital in Duesseldorf was hit by a cyber attack, a woman who needed urgent admission died after she had to be hijacked to another city. The news is shocking, German authorities revealed that a cyber attack hit a major hospital in Duesseldorf, the Duesseldorf University Clinic, and a woman who needed urgent admission died after she had to be taken to another city for treatment. “The Duesseldorf University Clinic’s systems have been disrupted since last Thursday.” states the

article thumbnail

2 Iranians Indicted for Lengthy Hacking Campaign

Data Breach Today

DOJ: Suspects Sold Data and Gave It to Iranian Government Two Iranian nationals have been charged with participating in a years-long hacking campaign that targeted vulnerable networks in the U.S., Europe and the Middle East to steal "hundreds of terabytes" of data, according to the U.S. Department of Justice.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Drupal addressed XSS and information disclosure flaws

Security Affairs

Drupal maintainers addressed several information disclosure and cross-site scripting (XSS) flaws in the popular content management system (CMS). Drupal maintainers addressed several information disclosure and cross-site scripting (XSS) vulnerabilities in the popular content management system (CMS). The most severe issue, tracked as CVE-2020-13668, is a critical reflected XSS issue affecting Drupal 8 and 9.

CMS 130
article thumbnail

DOJ: 2 Russians Defrauded Cryptocurrency Exchanges

Data Breach Today

Suspects Allegedly Used Phishing Techniques to Help Steal Over $16 Million Two Russian nationals have been charged with using phishing techniques and spoofed domains to steal over $16 million from three cryptocurrency exchanges in 2017 and 2018, according to the U.S. Justice Department.

Phishing 159
article thumbnail

Don't Fall for It! Defending Against Deepfakes

Dark Reading

Detecting doctored media has become tricky -- and risky -- business. Here's how organizations can better protect themselves from fake video, audio, and other forms of content.

IT 126
article thumbnail

APT41 actors charged for attacks on more than 100 victims globally

Security Affairs

US Department of Justice announced indictments against 5 Chinese nationals alleged members of a state-sponsored hacking group known as APT41. The United States Department of Justice this week announced indictments against five Chinese nationals believed to be members of the cyber-espionage group known as APT41 ( Winnti , Barium , Wicked Panda and Wicked Spider ).

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Time for CEOs to Stop Enabling China's Blatant IP Theft

Dark Reading

Protecting intellectual property in the name of US economic and national security should be part of every company's fiduciary duty.

Security 136
article thumbnail

Trusted partnerships to power your Work Anywhere strategy

Jamf

In just a few months, companies have seen transformations that would have normally taken years. Creating a tightly integrated IT stack allows an organization to fully automate on-boarding and off-boarding while saving time and beefing up security.

article thumbnail

Google Play Bans Stalkerware and ‘Misrepresentation’

Threatpost

The official app store is taking on spy- and surveillance-ware, along with apps that could be used to mount political-influence campaigns.

Privacy 111
article thumbnail

Why has there been increase in cyber risks for the education sector?

IT Governance

The coronavirus pandemic has arguably affected the education sector more than any other, with schools, colleges and universities around the globe having been forced to close their doors and deliver classes remotely. Most of the discussion surrounding this has focused on the logistical problems of setting up e-learning platforms, parents balancing their workloads with home-schooling and students completing exams.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Cyber Alert: Technical Approaches to Uncovering Remediating Malicious Activity

IG Guru

September 8, 2020 Cyber Alert: Technical Approaches to Uncovering and Remediating Malicious Activity OCR is sharing an update with our listserv from the Cybersecurity and Infrastructure Security Agency (CISA), highlighting technical approaches to uncovering malicious activity and implementing mitigation best practices. This resource provides information that can help organizations identify artifacts that could indicate potential […].

article thumbnail

How breach detection tools can help organisations save money and protect their reputation

IT Governance

An organisation’s ability to respond promptly to security incidents has a huge impact on the costs it incurs. According to Ponemon Institute’s Cost of a Data Breach Report 2020 , organisations that are able to detect and respond to an incident within 200 days save about $1 million (about £770,000) on average. This fact – along with the alarming news that 1.5 million businesses in the UK suffered a data breach in 2019 – means that organisations must prioritise data breach identification.

article thumbnail

California Elementary Kids Kicked Off Online Learning by Ransomware

Threatpost

The attack on the Newhall District in Valencia is part of a wave of ransomware attacks on the education sector, which shows no sign of dissipating.

article thumbnail

How to successfully upgrade to iPadOS 14 and iOS 14

Jamf

OS upgrade season is one of the busiest times of the year, so let’s focus on you and how you can seamlessly rollout your upgrades.

90
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Ransomware Gone Awry Has Fatal Consequences

Dark Reading

An attack that knocked hospital systems offline reportedly ends in death for patient who had to be sent to another facility.

article thumbnail

Apple Bug Allows Code Execution on iPhone, iPad, iPod

Threatpost

Release of iOS 14 and iPadOS 14 brings fixes 11 bugs, some rated high-severity.

Security 109
article thumbnail

The Wayback Machine and Cloudflare Want to Backstop the Web

WIRED Threat Level

The Internet Archive and the infrastructure company are teaming up to make sure sites never fully go down.