Fri.Aug 03, 2018

article thumbnail

Q&A: Crypto jackers redirect illicit mining ops to bigger targets — company servers

The Last Watchdog

Illicit crypto mining is advancing apace. It was easy to see this coming. It began when threat actors began stealthily embedding crypto mining functionality into the web browsers of unwitting individuals. Cryptojacking was born. And now, the next-level shift is underway. Related article: Illicit crypto mining hits cloud services. Cybercriminals have shifted their focus to burrowing onto company servers and then redirecting those corporate computing resources to crypto mining chores.

Mining 183
article thumbnail

Credit Card Issuer TCM Bank Leaked Applicant Data for 16 Months

Krebs on Security

TCM Bank , a company that helps more than 750 small and community U.S. banks issue credit cards to their account holders, said a Web site misconfiguration exposed the names, addresses, dates of birth and Social Security numbers of thousands of people who applied for cards between early March 2017 and mid-July 2018. TCM is a subsidiary of Washington, D.C.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Salesforce Security Alert: API Error Exposed Marketing Data

Data Breach Today

Marketing Cloud Data Potentially Accessed or Corrupted Over 6-Week Period Cloud-based CRM giant Salesforce.com is warning some of its Marketing Cloud users that any data they stored may have been accessed by third parties or inadvertently corrupted because of an API error that persisted for six weeks.

Marketing 167
article thumbnail

Three of My Books Are Available in DRM-Free E-Book Format

Schneier on Security

Humble Bundle sells groups of e-books at ridiculously low prices, DRM free. This month , the bundles are all Wiley titles, including three of my books: Applied Cryptography , Secrets and Lies , and Cryptography Engineering. $15 gets you everything, and they're all DRM-free. Even better, a portion of the proceeds goes to the EFF. As a board member, I've seen the other side of this.

IT 97
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Hacked MicroTik Routers Serve Cryptocurrency-Mining Malware

Data Breach Today

Researchers: Attackers Have Compromised More Than 209,000 Routers Attackers have targeted a patched vulnerability to exploit more than 209,000 carrier-grade routers made by Latvian manufacturer MicroTik and infect them with two types of malware - Coinhive and Crypto-Loot - designed to mine for cryptocurrency, security researchers say.

Mining 124

More Trending

article thumbnail

Boston Children's Hospital DDoS Attacker Convicted

Data Breach Today

Hacktivist Was Protesting Controversial Child Custody Case A federal jury has convicted a hacktivist who launched DDoS attacks in 2014 on Boston Children's Hospital and another local facility to protest a controversial child custody case.

100
100
article thumbnail

Hundreds of thousands MikroTik Routers involved in massive Coinhive cryptomining campaign

Security Affairs

Experts uncovered a massive cryptojacking campaign that is targeting MikroTik routers to inject a Coinhive cryptocurrency mining script in the web traffic. Security experts have uncovered a massive cryptojacking campaign that is targeting MikroTik routers, the hackers aim to change the configuration of the devices to inject a Coinhive cryptocurrency mining script in the users’ web traffic.

Mining 70
article thumbnail

Become cyber resilient with a BCMS

IT Governance

With the ever-present threat of cyber crime, your organisation can’t afford to be lax about cyber security. This doesn’t just entail using the latest technological defences and enrolling your staff on awareness courses. You also need to be prepared for when disaster strikes. The increasing number of cyber criminals and the evolution in their tactics mean attacks are inevitable.

article thumbnail

CVE-2018-14773 Symfony Flaw expose Drupal websites to hack

Security Affairs

A vulnerability in the Symfony HttpFoundation component tracked as CVE-2018-14773, could be exploited by attackers to take full control of the affected Drupal websites. Maintainers at Drupal addressed the security bypass vulnerability by releasing a new version of the popular content management system, the version 8.5.6. “The Drupal project uses the Symfony library.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Priceless advice for information security managers

IT Governance

As an information security manager, you enter each day not knowing what it may bring, in spite, perhaps, of having a well-formed plan or at least a to-do list. Each event or incident that you encounter is only a whisker away from being a full-scale breach, depending upon your knowledge, skills or ability to cope under pressure. But what all information security managers must appreciate is that there is no such thing as 100% security and you can never be 100% risk free.

article thumbnail

Google introduced G Suite alerts for state-sponsored attacks

Security Affairs

Google announced that has implemented an alerting system for G Suite admins when users have been targeted by state-sponsored attacks. Google announced it will alert G Suite admins when state-sponsored hackers will target their users. The new feature will be available in the G Suite Admin console very soon, it confirms the effort spent by the tech giant of protecting its users.

article thumbnail

Why we need the NIS Regulations

IT Governance

If cyber security wasn’t one of your organisation’s top priorities a few months ago, it probably is now. That’s because the threat of cyber crime has continued to grow, and two new legislations have come into effect to ensure organisations have appropriate safeguards. Of those legislations, most people have focused on the EU GDPR (General Data Protection Regulation).

GDPR 52
article thumbnail

How the US Military Can Better Keep Hackers

Schneier on Security

Interesting commentary : The military is an impossible place for hackers thanks to antiquated career management, forced time away from technical positions, lack of mission, non-technical mid- and senior-level leadership, and staggering pay gaps, among other issues. It is possible the military needs a cyber corps in the future, but by accelerating promotions, offering graduate school to newly commissioned officers, easing limited lateral entry for exceptional private-sector talent, and shortening

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Weekly podcast: Dixons Carphone, Fashion Nexus, Yale and Alaska

IT Governance

This week, we discuss the 10 million affected by Dixons Carphone’s 2017 data breach, the exposure of hundreds of thousands of clothes shoppers’ details, Yale University’s ten-year old data breach, and a return to typewriters for government workers in Matanuska-Susitna Borough in Anchorage. Hello and welcome to the IT Governance podcast for Friday, 3 August.

article thumbnail

Dept. of Energy to Test Electrical Grid Against Cyberattacks

Dark Reading

This is the first time the Department of Energy will test the electrical grid's ability to recover from a blackout caused by cyberattacks.

53
article thumbnail

The Content Services keynote at Enterprise World

OpenText Information Management

At OpenTextTM Enterprise World 2018 I once again had the pleasure of connecting with our highly diverse OpenText customer and partner community. And once again I was reminded that regardless of where they’re from, their role or industry, our common language is information management. It was amazing to soak in the buzz around the Toronto Convention Centre, … The post The Content Services keynote at Enterprise World appeared first on OpenText Blogs.

article thumbnail

4 Reasons Why Companies Are Failing at Incident Response

Dark Reading

When it comes to containing the business impacts of a security breach, proper planning is often the difference between success and failure.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Industrial Sector targeted in surgical spear-phishing attacks

Security Affairs

Industrial sector hit by a surgical spear-phishing campaign aimed at installing legitimate remote administration software on victims’ machines. Attackers carried out a spear-phishing campaign against entities in the industrial sector, the messages disguised as commercial offers where used by attackers to deliver a legitimate remote administration software on victims’ systems (TeamViewer or Remote Manipulator System/Remote Utilities (RMS)).

article thumbnail

You are a Certified Record Manager…now what?!

IG Guru

“CONGRATULATIONS! The ICRM Part 6 examination has been graded, and the results indicate that you have passed!” What? What does that say? I had to read it three times before I realized what the email I had just received was saying to me. After four years of studying and learning new information, four years of […]. The post You are a Certified Record Manager…now what?!

article thumbnail

Reddit Hack: Attack Bypasses 2-Factor Authentication

Adam Levin

One of the world’s largest websites has announced a security compromise. Reddit, the self-proclaimed “front page of the Internet,” announced a security breach that occurred over a three-day period in June. What Happened. The hacker or hackers bypassed the site’s 2-Factor Authentication associated with several employees credentialed to access sensitive data and used that access to take email addresses, server logs, and a decade-old database containing logins and passwords.

article thumbnail

DevOps is a Big Deal and what you should know about it!

Role Model Software

Understanding DevOps can accelerate the success of your System of Software If you’re in tech, you’ve probably been hearing the term “DevOps.” What’s all the fuss about? DevOps is more than a trendy synonym for IT. In a nutshell, DevOps is the integration of software development and IT to enable impressive scale, agility, and delivery of value through software.

IT 40
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Questions to Ask a Media Storage and Rotation Vendor

Archive Document Data Storage

It’s not easy handing over your sensitive data to just anyone. You must be 100% sure your information is stored, managed and protected with utmost care and security. When choosing a media storage and rotation vendor, ask the following questions: Q: How will my data tapes be stored? A: Magnetic data tapes are susceptible to damage from even the slightest environmental conditions.

article thumbnail

Threatlist: SMB Security Challenges Grow with the Cloud

Threatpost

Top IT security barriers cited by respondents include budget constraints, and limited time to research and understand new threats.

Cloud 47
article thumbnail

Is SMS 2FA Enough Login Protection?

Dark Reading

Experts say Reddit breach offers a prime example of the risks of depending on one-time passwords sent via text.

article thumbnail

Salesforce.com Warns Marketing Customers of Data Leakage SNAFU

Threatpost

Potentially impacted customers include organizations like Aldo, Dunkin Donuts, GE, HauteLook, Nestle Waters, News Corp Australia and Sony.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Ending the estrangement: Why the CIO and the CMO need to collaborate

Information Management Resources

For years, marketing departments have sidestepped corporate IT and deployed cloud-based solutions in an effort to keep up with a rapidly changing and intensely competitive landscape. Now this go-it-alone approach is coming back to bite them.

article thumbnail

Consumer DNA Testing Takes a Step Towards Privacy, Transparency

Threatpost

Ancestry, MyHeritage and others have committed to a policy framework for the collection, protection, sharing and use of consumer genetic data.

Privacy 42
article thumbnail

FBI Offers New IoT Security Tips

Dark Reading

A new article from the FBI offers insight into IoT risks and ways to reduce them.

IoT 45