Fri.Jun 04, 2021

article thumbnail

White House Urges Businesses: Improve Ransomware Defenses

Data Breach Today

Biden Orders Federal Ransomware Task Force to Coordinate Federal Investigations The White House has written to business leaders, urging them to prioritize having robust ransomware defenses in place. The move comes as the Biden administration pursues multiple strategies to combat ransomware and digital extortion, including ordering a new task force to coordinate all federal investigations.

article thumbnail

Trend Micro details CVE-2021-30724 privilege escalation flaw in macOS, iOS

Security Affairs

Trend Micro disclosed technical details of a patched privilege escalation issue, tracked as CVE-2021-30724 , that impacts macOS, iOS and iPadOS. Trend Micro researchers disclosed technical details of a patched privilege escalation vulnerability, tracked as CVE-2021-30724 , that impacts macOS, iOS, and iPadOS. The flaw was reported to Apple by Trend Micro researcher Mickey Jin, and the It giant fixed the issue was addressed by the IT giant on May 24 with the release of macOS 11.4, iOS 14.6, and

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Profiles in Leadership: Mario Demarillas of Exceture

Data Breach Today

CISO Discusses Changing Security Culture in Organizations Mario Demarillas, CISO and head of IT consulting and software engineering at Exceture, in the Philippines, strikes a balance between securing his organization and its business offering in security.

Security 348
article thumbnail

TSA Issues Directive to Enhance Pipeline Cybersecurity

Data Matters

The U.S. Department of Homeland Security’s Transportation Security Administration (“TSA”) issued a Security Directive , “Enhancing Pipeline Cybersecurity” on May 28, laying out new cybersecurity requirements for operators of liquids and natural gas pipelines and LNG facilities designated as critical infrastructure. The Directive can be seen as part of a larger federal effort to augment the nation’s cybersecurity posture in wake of the Colonial Pipeline ransomware attack earlier in May and the So

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

ISMG's Editors' Panel: US Election Security Lessons Learned

Data Breach Today

Analyzing Biden's Cybersecurity Executive Order, Cybercrime Investigations and More Election security improvements, the push for all software to ship with a "bill of materials" and the results of a long-running investigation into a lucrative digital advertising scam are among the latest cybersecurity topics to be featured for analysis by a panel of Information Security Media Group editors.

Security 321

More Trending

article thumbnail

Cox Media Group Affiliates Go Offline

Data Breach Today

Ransomware Suspected as a Possible Reason for the Outage at Some Outlets Cox Media Group's TV and radio affiliates' ability to livestream content was mostly offline Thursday evening, possibly due to an unspecified cyber incident, says the security firm Recorded Future.

article thumbnail

Security and Human Behavior (SHB) 2021

Schneier on Security

Today is the second day of the fourteenth Workshop on Security and Human Behavior. The University of Cambridge is the host, but we’re all on Zoom. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The forty or so attendees include psychologists, economists, computer security researchers, sociologists, political scientists, criminologists, neuroscientists, des

Security 126
article thumbnail

Google Finds New Exploit That Alters Chip Memory

Data Breach Today

Latest Rowhammer Technique Targets Design Flaws in Modern DRAM Chips Researchers at Google have identified a new Rowhammer exploit, dubbed Half-Double, which targets design flaws in some of the newer DRAM chips to alter their memory content.

330
330
article thumbnail

Anti-Ransomware Company Exagrid Pays $2.6 Million Ransom

Adam Levin

You would think that ExaGrid, a backup appliance and anti-ransomware service might know how to avoid ransomware, but it was hit. . According to the company’s website, “ExaGrid offers a unique approach to ensure that attackers cannot compromise the backup data, allowing organizations to be confident that they can restore the affected primary storage and avoid paying ugly ransoms.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Analysis: Ransomware Gang Disrupts Global Meat Production

Data Breach Today

The latest edition of the ISMG Security Report details the ongoing wave of ransomware attacks, including the disruption of JBS, the world's largest supplier of meat. Also featured are police busting criminals who formerly used the EncroChat communications network and the strategies for filling the cyber skills gap.

article thumbnail

Supreme Court Limits Scope of Controversial Hacking Law

Threatpost

Judges rule that Georgia police officer did not violate CFAA when he accessed law-enforcement data in exchange for bribe money, a ruling that takes heat off ethical hackers.

Access 116
article thumbnail

Where's the Beef? Ransomware Hit Highlights Cyber Problems

Data Breach Today

Disruption of Meat Processing Giant JBS Exposes Sector's Security Shortcomings The ransomware attack that disrupted operations at meat processing giant JBS has exposed cybersecurity shortcomings in the U.S. agricultural sector and food supply chain. Experts say the industry demands the level of security scrutiny given to the electrical grid and other critical infrastructure.

article thumbnail

Necro Python bot now enhanced with new VMWare, server exploits

Security Affairs

Operators behind the Necro Python botnet have added new features to their bot, including VMWare and server exploits. Experts from Cisco Talos have recently observed a new Necro Python bot campaign and noticed that its developers have improved its capabilities. The Necro Python bot, aka FreakOut, has been in development since 2015 and early this year researchers from Check Point and Netlab 360 have provided details about its activity.

Mining 112
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

The Tories have worked out how to pull off an NHS data grab: do it during a pandemic | Marina Hyde

The Guardian Data Protection

Taking data from patients in England was so unpopular in 2014 it had to be shelved. Now it’s happening without the scrutiny It feels so wrong starting an article with the words “you need to hear about this” when it doesn’t concern things Gwyneth Paltrow wants you to put up your vagina, or 20 of the world’s most important kitchen islands. Even so, would you … could you possibly consider listening to this?

IT 112
article thumbnail

European Commission Publishes Final Version of Updated Standard Contractual Clauses

Hunton Privacy

On June 4, 2021, the European Commission published the final version of the implementing decision on standard contractual clauses for transfers of personal data to third countries under the EU General Data Protection Regulation (“GDPR”), as well as the final version of the new standard contractual clauses (the “SCCs”). The European Commission had previously published draft versions of the implementing decision and the SCCs in November 2020.

article thumbnail

1-to-1 iPad program: How to outsmart the students

Jamf

Alison Wojahn, Jamf Hero and Technology Manager, recounts some of the challenges and successes she faced at The Prairie School while setting up iPad devices, using Jamf.

105
105
article thumbnail

Proposed amendments to the Personal Data (Privacy) Ordinance to combat doxxing acts

Data Protection Report

The Hong Kong Government is proposing amendments to the Personal Data (Privacy) Ordinance (the “ PDPO ”) to combat doxxing acts. On 17 May 2021, the Constitutional and Mainland Affairs Bureau (the “ CMAB ”) published a discussion paper on the proposed amendments to the Personal Data (Privacy) Ordinance to combat doxxing acts ( LC Paper No. CB(4)974/20-21(03) ) (the “ Paper ”).

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Cyberattack Suspected in Cox TV and Radio Outages

Threatpost

Cox Media Group tv, radio station streams affected by a reported ransomware attack.

article thumbnail

EU : New SCCs published

DLA Piper Privacy Matters

Today, the European Commission published the final Implementing Decision on standard contractual clauses (“ New SCCs ”) for the transfer of personal data to third countries. The New SCCs repeal the existing SCCs (dating from 2001, 2004 and 2010) and aim to address the entry into force of the General Data Protection Regulation (“ GDPR ”) and the decision of the European Court of Justice (“ CJEU ”) in Schrems II.

GDPR 87
article thumbnail

Data Breaches Drive Higher Loan Interest Rates

Dark Reading

Businesses that suffer a security breach may not see their stock price tumble, but they may pay higher rates for loans and be forced to provide collateral, researchers report.

article thumbnail

REvil Ransomware Gang Spill Details on US Attacks

Threatpost

The REvil ransomware gang is interviewed on the Telegram channel called Russian OSINT.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

China-linked attackers breached Metropolitan Transportation Authority (MTA) using Pulse Secure zero-day

Security Affairs

China-linked APT breached New York City’s Metropolitan Transportation Authority (MTA) network in April using a Pulse Secure zero-day. China-linked threat actors breached the network of the New York City’s Metropolitan Transportation Authority (MTA) network exploiting a Pulse Secure zero-day. The intrusion took place in April, but attackers did not cause any damage because they were not able to gain access to MTA train control systems.

article thumbnail

Welcome to the New Workplace

Dark Reading

The pandemic has changed the landscape in which security pros work. Here are five ways how.

article thumbnail

China: Navigating China episode 18: Increased scrutiny over connected car and automobile industry data from Chinese regulators, including push towards data localisation

DLA Piper Privacy Matters

Authors: Carolyn Bigg , Venus Cheung and Fangfang Song. Increased scrutiny over connected car and automobile industry data from Chinese regulators, including push towards data localisation. The Chinese cybersecurity authorities have published new draft rules clarifying data and cyber compliance obligations for the automobile industry, including a push towards most personal information and important data being kept in China.

article thumbnail

European Commission publishes much anticipated finalised Standard Contractual Clauses

Data Protection Report

The European Commission has today published the finalised version of the new Standard Contractual Clauses (the new SCCs). The purpose of the new SCCs are to help companies legalise transfers of personal data from outside of the EEA. They will also be a lawful mechanism for UK companies to use too. The new SCCs were updated to: allow for various types of transfers (in particular those between a processor and a sub-processor); give the clauses a GDPR ‘face lift’; and. address the requirements of

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

The Perfect Storm for PAM to Grow In

Dark Reading

With more staff working remotely, privileged access management (or PAM) has never been more important. Market forecasts, drivers, and trends are explored.

article thumbnail

7 founding principles for adaptive data and analytics governance

Collibra

As new technologies and innovations enter the market, CDOs are faced with two opposing organizational forces– pushing forward and pulling back. Although the enterprise demands business growth through digital transformation and optimization, the enterprise also constantly experiences challenges due to the lack of modern data and analytics governance.

article thumbnail

Van Buren

Adam Shostack

The Supreme Court has ruled in the van Buren case, and there’s a good summary on the EFF’s blog: “The decision is a victory for all Internet users, as it affirmed that online services cannot use the CFAA’s criminal provisions to enforce limitations on how or why you use their service…” As I said at the time , I was honored to be a part of EFF’s amicus brief in this case.

Privacy 52