Krebs on Security

MAY 7, 2019

Early in the afternoon on Friday, May, 3, I asked a friend to relay a message to his security contact at CCH , the cloud-based tax division of the global information services firm Wolters Kluwer in the Netherlands. The message was that the same file directories containing new versions of CCH’s software were open and writable by any anonymous user, and that there were suspicious files in those directories indicating some user(s) abused that access.

Cloud 210

Cloud Communications Access Marketing 210

Data Breach Today

MAY 7, 2019

Symantec Report Deepens Mystery Around Lost NSA Tools and Exploits A Chinese hacking group was using exploits and tools developed by the NSA months before the tools were released by another group, Symantec says in a new report. The surprising report deepens the mystery around an extraordinary situation in which the U.S.'s most effective cyberweapons were compromised.

205

205

Thales Cloud Protection & Licensing

MAY 7, 2019

Originally published in TEISS on May 1, 2019. For many years, encryption has been viewed as a burden on businesses – expensive, complex and of questionable value. How things have changed. In just the past few years (and hundreds of high-profile breaches and £Trillions of economic damage later), cyber threats became impossible for the boardroom to ignore.

Encryption 120

Encryption Digital transformation Risk Cybersecurity 120

Data Breach Today

MAY 7, 2019

Latest Attack Targets Online Campus Stores in US and Canada JavaScript sniffers, which are used to skim credit card and other customer data from e-commerce websites, are a persistent threat. In the latest incident, an attack targeted about 200 online campus stores in the U.S. and Canada, Trend Micro reports. But this attack apparently was waged by a new group.

204

204

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

WIRED Threat Level

MAY 7, 2019

Opinion: Julian Assange is being prosecuted under the Computer Fraud and Abuse Act, a minimally defined statute that can have maximally destructive consequences.

Security 111

Security 111

Jamf

MAY 7, 2019

Jamf School, formerly ZuluDesk, helps teachers get the most from their Apple devices. Jamf’s mobile device management (MDM) school solution means that teachers and IT professionals receive an MDM school powerhouse for running today’s modern classroom.

MDM 98

MDM IT 98

Data Breach Today

MAY 7, 2019

With today's challenges from an increasingly hostile threat landscape, combined with a lack of people, expertise, and budget, organizations are driving toward optimizing their SIEM and SOAR solutions in order to get the highest return their investment. Of the greatest areas of unmet need with SIEM and SOAR solutions, obtaining the right file-level intelligence with actionable rich context, and building effective levels of automation are both needed to increase detection and response effectivenes

166

166

IT Governance

MAY 7, 2019

Most of us use social media to keep in touch with friends, read interesting content or share photos, but we also know it comes with risk. How private our data really is and whether or not “they” are listening is constantly in the news, but do you know the risks of personal social media use to your business? In Techworld’s recent article summarising some of the most infamous data breaches in the UK, Facebook, Google+ and Reddit are all featured.

Education 103

Education Risk Information Security Data breaches 103

Data Breach Today

MAY 7, 2019

When a healthcare provider develops its own applications that handle patient data, it must take critical steps to safeguard protected health information and ensure HIPAA compliance, says privacy attorney Adam Greene.

Compliance 160

Compliance Privacy IT 160

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Dark Reading

MAY 7, 2019

New Symantec research shows how the Buckeye group captured an exploit and backdoor used by the National Security Agency and deployed them on other victims.

Security 97

Security 97

Jamf

MAY 7, 2019

Jamf School, formerly ZuluDesk, helps teachers get the most from their Apple devices. Jamf’s mobile device management (MDM) school solution means that teachers and IT professionals receive an MDM school powerhouse for running today’s modern classroom.

MDM 75

MDM IT 75

OpenText Information Management

MAY 7, 2019

Familiar flavors take varied routes to shelves at grocery stores and corner markets. As one of the world’s top five Coca-Cola bottlers, Coca-Cola Amatil supplies ready-to-drink beverages to customers of all sizes across the Asia Pacific region. While 50 of Amatil’s largest trading partners use EDI to submit orders via the OpenText™ B2B platform, other … The post Coca-Cola Amatil improves customer order accuracy and sales execution with OpenText appeared first on OpenText Blogs.

Sales 74

Sales B2B Marketing 74

Dark Reading

MAY 7, 2019

Government employees are working to determine the source and severity of a cyberattack that forced most city servers offline.

Ransomware 89

Ransomware Government 89

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Security Affairs

MAY 7, 2019

Experts at security firm Sophos discovered a new strain of ransomware dubbed MegaCortex that is targeting corporate networks. Security experts at Sophos discovered a new piece of ransomware dubbed MegaCortex that is targeting corporate networks. MegaCortex attacks were already reported in the United States, Italy, Canada, France, the Netherlands, and Ireland. “A new ransomware that calls itself MegaCortex got a jolt of life on Wednesday as we detected a spike in the number of attacks again

Ransomware 73

Ransomware File names Encryption Security 73

Schneier on Security

MAY 7, 2019

This short video explains why computers regularly came with physical locks in the late 1980s and early 1990s. The one thing the video doesn't talk about is RAM theft. When RAM was expensive, stealing it was a problem.

IT 73

IT 73

Security Affairs

MAY 7, 2019

China-linked APT group tracked as APT3 was using a tool attributed to the NSA-linked Equation Group more than one year prior to Shadow Brokers leak. China-linked APT group tracked as APT3 (aka Buckeye, APT3, UPS Team, Gothic Panda , and TG-0110 ) was using a tool attributed to the NSA-linked Equation Group more than one year prior to Shadow Brokers leak , In May 2017, researchers at threat intelligence firm Record Future discovered a clear link between APT3 cyber threat group and China’s Ministr

Access 73

Access Security IT Cybersecurity 73

eSecurity Planet

MAY 7, 2019

Network access control is critical for controlling the security of devices that attach to your network. We review nine NAC solutions.

Access 79

Access Security 79

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Security Affairs

MAY 7, 2019

Russia-linked APT group Turla has been using a sophisticated backdoor, dubbed LightNeuron , to hijack Microsoft Exchange mail servers. Russia-linked APT group Turla has been using a sophisticated backdoor, dubbed LightNeuron , to hijack Microsoft Exchange mail servers. Turla group (also known as Waterbug, Venomous Bear and KRYPTON) has been active since at least 2007 targeting government organizations and private businesses.

Paper 66

Paper Government Security Access 66

Dark Reading

MAY 7, 2019

Criminals have begun to recognize that enterprise ransomware offers tremendous financial advantage over the more traditional tactics of wire fraud and account takeover.

Ransomware 67

Ransomware 67

Information Management Resources

MAY 7, 2019

Companies are tempted to think of transformation as a predominately organizational journey, but they need to think much more holistically in order to achieve success.

Digital transformation 73

Digital transformation 73

Security Affairs

MAY 7, 2019

Cisco released security updates to address a critical vulnerability in its virtualized function automation tool Elastic Services Controller (ESC). Cisco has released security updates to address a critical vulnerability affecting its virtualized function automation tool, Cisco Elastic Services Controller (ESC). The flaw could be exploited by a remote attacker could be exploited by an unauthenticated, remote attacker to take full control of impacted systems.

Authentication 65

Authentication Security IT 65

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Dark Reading

MAY 7, 2019

Behavioral biometrics is a building block to be used in conjunction with other security measures, but it shows promise.

Security 80

Security IT 80

IT Governance

MAY 7, 2019

The broad range of skills required to succeed as a DPO (data protection officer) makes it a tough position to fill. DPOs need to work with staff to answer data protection questions, monitor the organisation’s data protection policies and procedures, and, of course, have expert knowledge of the GDPR (General Data Protection Regulation). We therefore wouldn’t expect an organisation to simply tell its newly appointed DPO to get straight to work.

GDPR 63

GDPR Data breaches Compliance Privacy 63

Dark Reading

MAY 7, 2019

The number of live, accessible.onion sites amounts to less than 0.005% of surface web domains, researchers report.

81

81

WIRED Threat Level

MAY 7, 2019

Even the Central Intelligence Agency has a so-called onion service now.

Security 96

Security 96

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Threatpost

MAY 7, 2019

Oleksii Petrovich Ivanov has been extradited in the U.S. after allegedly launching malvertising campaigns that caused victims to view malicious ads on more than 100 million occasions.

60

60

DXC Technology

MAY 7, 2019

In the world of “one-up” IT, it seems like almost everyone is wanting to understand how to integrate microservices into their solution architecture. And rightly so. The benefits of using microservices are numerous and varied. Let’s examine some of these positives and consider if they can help you solve some of the problems that you […].

IT 60

IT Cloud 60

Dark Reading

MAY 7, 2019

Companies that find a breach on their own take substantially longer to report a breach, a new analysis shows.

76

76