Fri.Aug 09, 2019

article thumbnail

iNSYNQ Ransom Attack Began With Phishing Email

Krebs on Security

A ransomware outbreak that hit QuickBooks cloud hosting firm iNSYNQ in mid-July appears to have started with an email phishing attack that snared an employee working in sales for the company, KrebsOnSecurity has learned. It also looks like the intruders spent roughly ten days rooting around iNSYNQ’s internal network to properly stage things before unleashing the ransomware. iNSYNQ ultimately declined to pay the ransom demand, and it is still working to completely restore customer access

Phishing 205
article thumbnail

Minimizing Automation Bias in Machine Learning

Data Breach Today

Microsoft's Diana Kelley Says Diversity Is Key Component for Resilient ML Models Developing robust and resilient machine learning models requires diversity in the teams working on the models as well as in the datasets used to train the models, says Microsoft's Diana Kelley.

243
243
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Trump’s Intel Vacancies Put Americans in Danger

WIRED Threat Level

Sue Gordon's departure is the latest sign that US national security might be stretching its leaders too thin—and risks putting the wrong people into roles that American lives depend upon.

Risk 93
article thumbnail

Digital Transformation: Security Best Practices

Data Breach Today

RSA's Holly Rollo on the Importance of Third-Party Risk Management Organizations going through a digital transformation need to make sure they develop a sound third-party risk management strategy, says RSA's Holly Rollo, who discusses best practices.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

UK ICO Issues New Draft Data Sharing Code of Practice

Data Matters

The UK’s Information Commissioner’s Office (“ ICO ”) has recently issued a draft version of its statutory code of practice for sharing of personal data between controllers under the GDPR and the UK Data Protection Act 2018 (“ DPA ”) (the “ Draft Code ”) which provides a number of practical recommendations which controllers should take into account when sharing personal data.

GDPR 79

More Trending

article thumbnail

A Zero-Day in Steam client for Windows affects over 100 Million users

Security Affairs

Two researchers publicly disclosed a zero-day vulnerability that affects the popular Steam game client for Windows, 0ver 100 million users at risk. Two security experts disclosed a privilege escalation vulnerability in the Stream client for Windows that can be exploited by an attacker with limited permissions to run code administrative privileges. The issue could be exploited by vxers to develop malware that is able to perform multiple malicious activities.

Access 88
article thumbnail

New Ursnif Variant Spreads Through Infected Word Documents

Data Breach Today

Banking Trojan Designed to Steal Passwords and Credentials A new variant of the Ursnif Trojan is targeting vulnerable systems in an attempt to steal banking passwords and other credentials. The malware is spreading through infected Microsoft Word documents, and it has the ability to evade advanced security filters, according to security researchers at Fortinet.

Passwords 199
article thumbnail

Significant Vulnerabilities Found in 6 Common Printers Brands

Dark Reading

In a half-year project, two researchers tested six of the top enterprise printer brands and found vulnerabilities in every device, some of which allow remote execution.

86
article thumbnail

New Playbooks for Cyber Defense

Data Breach Today

Fortinet's FortiGuard Labs global threat research team is creating research playbooks that provide deep-dive analysis of not only threat trends, but also cybercriminal and adversary tools and techniques. Derek Manky and Tony Giandomenico discuss the playbook model and how it can help in the fight against cybercrime.

IT 188
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

It's (Still) the Password, Stupid!

Dark Reading

The best way to protect your identity in cyberspace is the simplest: Use a variety of strong passwords, and never, ever, use "123456" no matter how easy it is to type.

article thumbnail

BlueKeep Patching Still Spotty Months After Alerts: Report

Data Breach Today

Financial Services Companies Fared Better Than Most, SecurityScorecard Finds More than two months after Microsoft issued the first warnings about the BlueKeep vulnerability, many enterprises have a spotty record when it comes to patching for this particularly worrisome flaw, new research from SecurityScorecard finds. Financial services companies have fared better than those in other sectors.

article thumbnail

Hack of High-End Hotel Smart Locks Shows IoT Security Fail

Threatpost

LAS VEGAS – A vulnerability in a popular IoT lock key – used chiefly by a high-end hotel in Europe – allowed researchers to break into hotel rooms. The locks in question are dubbed “mobile keys” because of their reliance on mobile phones as opposed to card-based access such as those based on mag-strips and […].

IoT 81
article thumbnail

Cybersecurity Leadership: The Next Generation

Data Breach Today

IoT, the cloud, third-party risk - we hear a lot about how the cybersecurity risk surface and threat landscape have evolved. But what about the new business demands on cybersecurity leaders? Christopher Hetner, former global CISO at GE Capital, shares insights.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Emsisoft released a free decryptor for JSWorm 4.0

Security Affairs

Security researchers at Emsisoft have released a new decryptor tool that allows the victims of the JSWorm 4.0 ransomware to decrypt their files for free. Thanks to the experts at Emsisoft the victims of the JSWorm 4.0 ransomware can decrypt their files for free. Like previous versions of the malware, the JSWorm 4.0 ransomware is also written in C++ and uses a modified version of AES-256 to encrypt files.

article thumbnail

Creating a Retention Schedule that Works

Gimmal

Creating a usable, automated, and simple file plan is an important part of ensuring records are managed in a consistent manner and that you are protected from legal risks, such as failure to disclose information during a discovery proceeding or the unauthorized leakage of information. The first step in the process is creating a retention schedule , which outlines how long records are kept in accordance with the organization’s obligations and the law.

Risk 79
article thumbnail

Apple announces major changes to its bug bounty program, including higher rewards

Security Affairs

At the Blackhat cybersecurity conference, Apple has announced a few major changes to its bug bounty program that will be open to any researcher. The most striking change is related to the payout for the rewards, the maximum reward passed from $200,000 to $1 million. This is the biggest payout for a bug bounty program operated by a tech company. Apple will pay up to $1 million reward for a zero-click kernel code execution vulnerability zero user clicks, that could be exploited by an attacker to t

IT 74
article thumbnail

This Tesla Mod Turns a Model S Into a Mobile 'Surveillance Station'

WIRED Threat Level

The Surveillance Detection Scout can track license plates and faces near your Tesla—with all the privacy concerns that implies.

Privacy 89
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

State Farm Reports Credential-Stuffing Attack

Dark Reading

The insurer has informed customers a third party used a list of user IDs and passwords to attempt access into online accounts.

article thumbnail

U.S. Election Systems Left Vulnerable Online

Adam Levin

Security researchers have announced the discovery of several election systems across the country connected to the internet that are vulnerable to hacking. As a security policy, voting machines and election systems are supposed to remain disconnected from the internet, or “air-gapped,” unless they are transmitting data. This is to prevent the possibility of hackers connecting to them and subverting the results.

article thumbnail

Inside the Hidden World of Elevator Phone Phreaking

WIRED Threat Level

Eavesdropping, reprogramming, talking to strangers: Welcome to the harmless and not-so-harmless fun of hacking elevator call boxes.

article thumbnail

DEF CON 2019: Researchers Demo Hacking Google Home for RCE

Threatpost

Researchers show how they hacked Google Home smart speakers using the Megellan vulnerability.

94
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Hackers Take on Darpa's $10 Million Voting Machine

WIRED Threat Level

At this year's Defcon hacking conference, Darpa brought the beginnings of what it hopes will be impervious hardware.

IT 91
article thumbnail

PCI SSC warns organisations about growing threat of online skimming

IT Governance

Organisations that accept online payments must urgently address the threat of web-based skimming, the PCI SSC (Payment Card Industry Security Standards Council) has warned. The alert, issued in partnership with the Retail & Hospitality ISAC (information sharing and analysis centre [link] ), highlights a recent increase in malware attacks targeting e-commerce websites to gain payment card data.

Retail 64
article thumbnail

A Teen Hacker Found Bugs in School Software That Affects Millions

WIRED Threat Level

Some kids play in a band after school. Bill Demirkapi hacked two education software giants.

article thumbnail

New Vulnerability Risk Model Promises More-Efficient Security

Dark Reading

Taking into account more factors than the current CVSS makes for a better assessment of actual danger.

Risk 86
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

How to accelerate digital transformation initiatives

OpenText Information Management

Digital transformation is delivering a data deluge that most legacy systems and infrastructure are struggling to cope with. This data deluge brings a wealth of opportunity, but it also brings a whole new set of challenges. With so much information at their disposal, many enterprises have to spend more time, resources, and skilled staff wrangling … The post How to accelerate digital transformation initiatives appeared first on OpenText Blogs.

article thumbnail

7 Online Safety Tips for College Students

Dark Reading

Heading back to campus soon? Here are seven tips that will get your digital house in order and keep you safe online this semester.

75
article thumbnail

Sample-based analysis: A new approach for unstructured data management

IBM Big Data Hub

Introducing IBM StoredIQ Instascan for accelerated compliance and risk assessments. Read to learn more.