Data Breach Today
JUNE 3, 2022
Also: Microsoft's Zero-Day and Broadcom's Acquisition In the latest weekly update, four ISMG editors discuss important cybersecurity issues, including the trending topics at this year's RSA Conference, how security researchers are tracking a zero-day vulnerability in Microsoft Office and what Broadcom's acquisition of VMware means for security.
The Last Watchdog
JUNE 3, 2022
The zero trust approach to enterprise security is well on its way to mainstream adoption. This is a very good thing. Related: Covid 19 ruses used in email attacks. At RSA Conference 2022 , which takes place next week in San Francisco, advanced technologies to help companies implement zero trust principals will be in the spotlight. Lots of innovation has come down the pike with respect to imbuing zero trust into two pillars of security operations: connectivity and authentication.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Data Breach Today
JUNE 3, 2022
Vulnerability Affects Up-to-Date Versions of Confluence Server and Data Center A zero-day vulnerability in Atlassian Confluence, a workspace collaboration tool that serves millions of daily active users, is being targeted in the wild. The flaw, according to the company's security advisory, gives attackers unauthenticated remote code execution privileges.
The Last Watchdog
JUNE 3, 2022
It’s not difficult to visualize how companies interconnecting to cloud resources at a breakneck pace contribute to the outward expansion of their networks’ attack surface. Related: Why ‘SBOM’ is gaining traction. If that wasn’t bad enough, the attack surface companies must defend is expanding inwardly, as well – as software tampering at a deep level escalates.
Advertisement
Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.
Data Breach Today
JUNE 3, 2022
Extortion Group Won’t Stop Data Leaks Even If Its Demands Are Met, Feds Say U.S. government agencies have issued a warning to organizations in the country against paying ransom to the Karakurt data extortion group. The threat actor's promises to delete stolen data and not disclose the security incident to the public if its demands are met are false, the agencies say.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Data Breach Today
JUNE 3, 2022
Vulnerabilities Affect Certain Illumina and BD Products Federal authorities have issued advisories about security vulnerabilities identified in several medical device products, including various Illumina Inc. genetic testing and sequencing devices and certain medication dispensing systems and microbiology software products from Becton, Dickinson & Co.
Security Affairs
JUNE 3, 2022
The Clipminer botnet allowed operators to earn at least $1.7 million, according to a report published by security researchers at Symantec. Researchers at Symantec’s Threat Hunter Team uncovered a cryptomining operation that has potentially made the actors behind it at least $1.7 million in illicit gains. The bot focuses on cryptocurrency mining and cryptocurrency theft via clipboard hijacking.
Data Breach Today
JUNE 3, 2022
Money Will Be Used to Buy Companies That Can Deliver Intelligence and Insight Devo has closed its Series F round and notched a $2 billion valuation to incorporate more capabilities into its SOC via acquisition. The company plans to use the $100 million to buy companies that will provide customers with additional intelligence on top of Devo's data for specific use cases.
Security Affairs
JUNE 3, 2022
Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor. An “extremely sophisticated” China-linked APT tracked as LuoYu was delivering malware called WinDealer via man-on-the-side attacks. Researchers from Kaspersky have uncovered an “extremely sophisticated” China-linked APT group, tracked as LuoYu, that has been observed using a malicious Windows tool called WinDealer.
Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage
Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.
Data Breach Today
JUNE 3, 2022
Europol: Probe Into Identifying Actors Behind Threat Campaign Is Ongoing Android spyware FluBot's infrastructure was disrupted by the Dutch police as part of a multinational law enforcement operation in May, rendering this strain of malware inactive, Europol says. The agency is continuing its probe into identifying the actors responsible for the malware campaign.
KnowBe4
JUNE 3, 2022
KnowBe4 just released its official guidance and recommendations regarding password policy. It has been a project in the works for many months now, but we wanted to make sure we got it right.
Dark Reading
JUNE 3, 2022
Someone interested in putting together a ransomware campaign has to consider several factors. The LockBit group touts its speed over competing families to attract potential buyers for its ransowmare-as-a-service.
eSecurity Planet
JUNE 3, 2022
Software supply chain attacks present an increasingly worrying threat. According to a recent BlueVoyant study, an impressive 97 percent of companies surveyed have been negatively impacted by a security breach in their supply chain, and 38 percent said they have no way of knowing about any potential issues with a third-party supplier’s cybersecurity.
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
Dark Reading
JUNE 3, 2022
The latest iteration of CMD-based ransomware is sophisticated and tricky to detect – and integrates token theft and worming capabilities into its feature set.
Threatpost
JUNE 3, 2022
The cybercriminal group is distancing itself from its previous branding by shifting tactics and tools once again in an aim to continue to profit from its nefarious activity.
Dark Reading
JUNE 3, 2022
The attack on Israeli organizations is the latest in a long line of attempts to compromise supply chains, as the APT looks to leverage that access to target a multitude of potential victims.
Jamf
JUNE 3, 2022
Make it easier for your organization to share dynamic messages by integrating Apple TV, Carousel Digital Signage and Jamf.
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
Dark Reading
JUNE 3, 2022
An unpatched remote code execution (RCE) vulnerability in all versions of the popular Confluence collaboration platform can be abused in credential harvesting, cyber espionage, and network backdoor attacks.
Threatpost
JUNE 3, 2022
Deja-Vu data from this year's DBIR report feels like we are stuck in the movie 'Groundhog Day.'.
Dark Reading
JUNE 3, 2022
A critical security bug could lead to remote device control, altered lab results, and more, putting patients in danger, agency warns.
WIRED Threat Level
JUNE 3, 2022
The company continues to downplay the severity of the Follina vulnerability, which remains present in all supported versions of Windows.
Advertisement
“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.
Dark Reading
JUNE 3, 2022
If you want your IT and security administrators to get buried in trivial workloads and productivity bottlenecks, having poor network object management is a great way to accomplish that.
WIRED Threat Level
JUNE 3, 2022
The company continues to downplay the severity of the Follina vulnerability, which remains present in all supported versions of Windows.
KnowBe4
JUNE 3, 2022
Check out the 26 new pieces of training content added in April, alongside the always fresh content update highlights and new features.
Schneier on Security
JUNE 3, 2022
Back in November 2020, in the middle of the COVID-19 pandemic, I gave a virtual talk at the International Symposium on Technology and Society: “ The Story of the Internet and How it Broke Bad: A Call for Public-Interest Technologists.” It was something I was really proud of, and it’s finally up on the net.
Advertisement
If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.
KnowBe4
JUNE 3, 2022
KnowBe4 just released its first e-book covering password attacks , defenses and what your password policy should be.
WIRED Threat Level
JUNE 3, 2022
A new proposal by India's telecom regulator aims to make accurate caller ID mandatory, but critics say it may be fundamentally flawed.
Jamf
JUNE 3, 2022
SentinelOne researchers recently investigated a supply chain attack leveraging a malicious crate named ‘ rustdecimal ’ in the crates.io Rust community crate repository.
Expert insights. Personalized for you.
261 
Let's personalize your content