Sat.May 15, 2021

article thumbnail

RSAC insights: Deploying SOAR, XDR along with better threat intel stiffens network defense

The Last Watchdog

Much attention has been paid to the widespread failure to detect the insidious Sunburst malware that the SolarWinds hackers managed to slip deep inside the best-defended networks on the planet. Related: The undermining of the global supply chain. But there’s also an encouraging ‘response’ lesson SolarWinds teaches us, as well. Reacting to the disclosure of this momentous supply-chain hack , many of the breached organizations were able to deploy advanced tools and tactics to swiftly root out Sunb

IoT 131
article thumbnail

Colonial Pipeline, Darkside and Models

Adam Shostack

The Colonial Pipeline shutdown story is interesting in all sorts of ways, and I can’t delve into all of it. I did want to talk about one small aspect, which is the way responders talk about Darkside. Blog posts from Sophos and Mandiant seem really useful! Information sharing is working, and what the heck does a Cyber Review Board have left to do?

Phishing 143
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

QNAP warns of eCh0raix ransomware and Roon Server zero-day attacks

Security Affairs

QNAP warns of an actively exploited Roon Server zero-day flaw and eCh0raix ransomware attacks on its NAS devices. QNAP warns customers of threat actors that are targeting its Network Attached Storage (NAS) devices with eCh0raix ransomware attacks and exploiting a Roon Server zero-day vulnerability. The Taiwanese vendor was informed of ongoing eCh0raix ransomware attacks that infected QNAP NAS devices using weak passwords. “The eCh0raix ransomware has been reported to affect QNAP NAS device

article thumbnail

WhatsApp’s New Privacy Policy Just Kicked In

WIRED Threat Level

Instead of a hard cutoff, the messaging app will gradually degrade and eventually cease to function if you don’t accept the changes.

Privacy 93
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Major hacking forums XSS and Exploit ban ads from ransomware gangs

Security Affairs

XSS forum (previously known as DaMaGeLab) one of the most popular hacking forums, announced that it would ban the ads published by ransomware gangs. The popular hacking forum XSS forum, previously known as DaMaGeLab, announced that that it would ban the ads published by ransomware gangs. The forum is one the most important places of aggregation where ransomware gangs offer their services and attempt to recruit new affiliates in their networks.

article thumbnail

European police dismantle major online investment fraud ring that causes €30 Million in losses

Security Affairs

A joint operation of European law enforcement agencies and coordinated by Europol dismantled a criminal ring involved in investment fraud. A joint investigation of European law enforcement agencies supported by Europol and Eurojust dismantled a large criminal network involved in investment fraud and money laundering. The operation, led by Germany, involved authorities from Bulgaria, Israel, Latvia, North-Macedonia, Poland, Spain, and Sweden.

Risk 85