Mon.Sep 13, 2021

article thumbnail

Apple Patched iMessage. But Can It Be Made Safer Overall?

Data Breach Today

Citizen Lab Says iMessage Exploit Delivered NSO's Pegasus Spyware Apple patched a software vulnerability on Monday that researchers say was used to deliver spyware via its iMessage platform to the mobile phones of activists. But a few changes to iMessage could make it safer overall for individuals at high risk of surveillance, says an Apple security expert.

IT 318
article thumbnail

MY TAKE: Surfshark boosts ‘DIY security’ with its rollout of VPN-supplied antivirus protection

The Last Watchdog

Surfshark wants to help individual citizens take very direct control of their online privacy and security. Thus, Surfshark has just become the first VPN provider to launch an antivirus solution as part of its all-in-one security bundle Surfshark One. Related: Turning humans into malware detectors. This development is part and parcel of rising the trend of VPN providers hustling to deliver innovative “DIY security” services into the hands of individual consumers.

IT 182
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

House Bill Seeks to Insulate CISA Director From Politics

Data Breach Today

Bipartisan Measure Would Give Cybersecurity Agency Leader 5-Year Term A bipartisan group of lawmakers wants to better insulate the director of CISA from political pressure by giving the role a defined five-year term that could keep the agency's leader in place even when presidential administrations change. Currently, the position of CISA director lacks a set term.

article thumbnail

REvil’s Back; Coder Fat-Fingered Away Its Decryptor Key

Threatpost

How did Kaseya get a universal decryptor after a mind-bogglingly big ransomware attack? A REvil coder misclicked, generated & issued it, and “That’s how we sh*t ourselves.”.

IT 133
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

HHS Warns Health Sector of BlackMatter Attacks

Data Breach Today

Advisory Says Ransomware Gang Is an 'Elevated Threat' for Healthcare Federal regulators are alerting healthcare and public health sector entities of the "elevated threat" for potential ransomware attacks by BlackMatter, despite the gang's purported claims that it is not targeting "critical infrastructure" organizations, such as hospitals.

More Trending

article thumbnail

Olympus: 'Potential Cyber Incident' Disrupted EMEA System

Data Breach Today

Some Reports Suggest BlackMatter Was Attacker Olympus, a Japanese company that manufactures optics and reprography products, reports that a portion of its IT system in the EMEA region was affected by a "potential cybersecurity incident." While Olympus has not identified an attacker, some reports suggest it is the BlackMatter ransomware gang.

article thumbnail

BlackMatter ransomware gang hit Technology giant Olympus

Security Affairs

Technology giant Olympus announced it was the victim of a ransomware attack and is currently investigating the extent of the incident. Olympus issued a statement to announce that its European, Middle East and Africa computer network was hit by a ransomware attack. “Upon detection of suspicious activity, we immediately mobilized a specialized response team including forensics experts, and we are currently working with the highest priority to resolve this issue.

article thumbnail

Indonesian Intelligence Agency Reportedly Breached

Data Breach Today

At Least 10 Indonesian Government Ministries and Agencies Affected Insikt Group, the threat research division of threat intelligence firm Recorded Future, says it has discovered Chinese hackers have breached the internal records of at least 10 Indonesian government agencies, including Indonesia’s primary intelligence service, the Badan Intelijen Negara.

article thumbnail

BREAKING: Biden to Nominate New FTC Commissioner

Hunton Privacy

On September 13, 2021, President Biden is expected to nominate Alvaro Bedoya to the Federal Trade Commission. Bedoya would replace FTC Commissioner Rohit Chopra, who was earlier nominated, but has not yet been confirmed, as Director of the Consumer Financial Protection Bureau. Bedoya is a Georgetown Law professor and former Chief Counsel of the U.S.

Privacy 112
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

IT-OT Convergence: Taking the Right Security Measures

Data Breach Today

Meralco's Mel Migriño on How to Ensure OT Security In addition to doing asset inventory, it is important to profile the risks of each asset to ensure OT security, says Mel Migriño, vice president and group CISO at Meralco, the largest power distribution unit in the Philippines.

IT 167
article thumbnail

4 Steps for Fostering Collaboration Between IT Network and Security Teams

Dark Reading

Successful collaboration requires a four-pronged approach that considers operations and infrastructure, leverages shared data, supports new workflows, and is formalized with documentation.

IT 103
article thumbnail

Bad News: Innovative REvil Ransomware Operation Is Back

Data Breach Today

Group Specializing in Big Game Hunting Has Amassed Millions in Ransom Payments Security experts say the notorious REvil - aka Sodinokibi - ransomware-as-a-service operation, which went dark in July, appears to be back in business. The group's data leak site and payment portal are back online, and one expert says the group appears to have begun amassing new victims.

article thumbnail

Honing Cybersecurity Strategy When Everyone’s a Target for Ransomware

Threatpost

Aamir Lakhani, researcher at FortiGuard Labs, explains why organizations must extend cyber-awareness training across the entire enterprise, from Luddites to the C-suite.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Vermilion Strike, a Linux implementation of Cobalt Strike Beacon used in attacks

Security Affairs

Researchers discovered Linux and Windows implementations of the Cobalt Strike Beacon developed by attackers that were actively used in attacks in the wild. Threat actors re-implemented from scratch unofficial Linux and Windows versions of the Cobalt Strike Beacon and are actively using them in attacks aimed at organizations worldwide. Cobalt Strike is a legitimate penetration testing tool designed as an attack framework for red teams (groups of security professionals who act as attackers on the

article thumbnail

Designing Contact-Tracing Apps

Schneier on Security

Susan Landau wrote an essay on the privacy, efficacy, and equity of contract-tracing smartphone apps. Also see her excellent book on the topic.

Privacy 98
article thumbnail

Google addresses a new Chrome zero-day flaw actively exploited in the wild

Security Affairs

Google Chrome 93.0.4577.82 for Windows, Mac, and Linux that addressed eleven security issues, including two zero-days actively exploited. Google released Chrome 93.0.4577.82 for Windows, Mac, and Linux that fixed eleven security issues, including two zero-days vulnerabilities actively exploited in the wild. This is the tenth zero-day vulnerability in Chrome fixed by Google that was exploited in attacks in the wild.

article thumbnail

WhatsApp’s End-to-End Encryption Isn’t Actually Broken

Threatpost

WhatsApp’s moderators sent messages flagged by intended recipients. Researchers say this isn't concerning -- yet.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Apple fixes actively exploited FORCEDENTRY zero-day flaws

Security Affairs

Apple released security patches to fix two zero-day vulnerabilities in iOS and macOS that are actively exploited in attacks in the wild. Apple rolled out security patches to fix a couple of zero-day flaws in iOS and macOS (CVE-2021-30860, CVE-2021-30858), the IT giant also warns its customers that these issues are actively exploited in attacks in the wild, come of which were reported by researchers from Citizen Lab.

article thumbnail

Apple Patches Zero-Days in iOS 14.8 Update

Dark Reading

An important security update addresses vulnerabilities in CoreGraphics and WebKit that may have been actively exploited.

article thumbnail

New Spook.Js attack allows to bypass Google Chrome Site Isolation protections

Security Affairs

Spook.js is a new side-channel attack on modern processors that can allow bypassing Site Isolation protections implemented in Google Chrome. Boffins devised a transient side-channel attack on modern processors, “ Spook.js ,” that can be abused by threat actors to bypass Site Isolation protections implemented in Google Chrome and Chromium browsers.

article thumbnail

Authenticating Communication Screenshots

eDiscovery Daily

Text messages and social media evidence can offer a plethora of relevant data. However, screenshots are not a reliable form of authenticating digital communication. Whether its Slack, Facebook Messenger, or email, screenshots of digital evidence can be easily fabricated. Screenshot Failures in Court. Rossbach v. Montefiore Medical Center : To substantiate claims of workplace harassment and wrongful termination, the plaintiff submitted text screenshots from her former employer.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Facebook announces WhatsApp end-to-end encrypted (E2EE) backups

Security Affairs

Facebook announced it will allow WhatsApp users to encrypt their message history backups in the cloud. Facebook will continue to work to protect the privacy of WhatsApp users and announced that it will allow users to encrypt their message history backups in the cloud. While WhatsApp has already implemented end-to-end encrypion since 2016, the company still stores backups in the cloud unencrypted.

article thumbnail

Records Managers in Australia, New Zeeland, the US, and Canada are encouraged to respond to Curtin University Survey

IG Guru

Dear records professional, We are conducting a research project that assesses records professionals’ perceptions of their professional identity. At present, the research is limited to those who identify as a records professional in Australia, New Zealand, the United States and Canada whose primary role is working with records. For this study, we broadly define a […].

article thumbnail

IoT Advantages & Disadvantages

Record Nations

The term IoT may be new to some, but the expression has been around since roughly 1999. IoT stands for “the internet of things.” The internet of things is simply all of the interconnected devices around us that exchange information over a network. Think of it as your smart speakers, thermostats, refrigerators, and even cars. […]. The post IoT Advantages & Disadvantages appeared first on Record Nations.

IoT 59
article thumbnail

Part 1: OMG! Not another digital transformation article! Is it about understanding the business drivers?

ARMA International

Abstract. Humans have used technology to transform their societies from prehistoric times up to the present. Society begrudgingly accepted the transformative changes, yet the changes moved society forward. Now information technologies and the information revolution are again transforming society. The COVID-19 pandemic further accelerated the transformation from many years to just a couple of years.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Brute-Force Attacks, Vulnerability Exploits Top Initial Attack Vectors

Dark Reading

A new analysis emphasizes how most security incidents can be avoided with strong patch management and password management policies.

article thumbnail

Adding to Our Team

The Texas Record

The records management assistance team at the Texas State Library and Archives Commission welcomes a new analyst this month. Read more about Michelle Johnson , who is now the point of contact for local governments in the Central region of Texas. The Central region is comprised of the following counties: Bastrop Bell Blanco Bosque Brown Burnet Caldwell Coleman Coryell Falls.

article thumbnail

WooCommerce Multi Currency Bug Allows Shoppers to Change eCommerce Pricing

Threatpost

The security vulnerability can be exploited with a malicious CSV file.