Thu.Oct 14, 2021

article thumbnail

To Repel Supply Chain Attacks, Better Incentives Needed

Data Breach Today

The breach of text message routing giant Syniverse revealed yet another supply chain attack involving a key supplier, exacerbated by outdated communications protocols desperately in need of a security revamp and better incentives for improvement, says mobile telephony security expert Karsten Nohl.

article thumbnail

Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability

Krebs on Security

On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov. Mike Parson (R) said fixing the flaw could cost the state $50 million, and vowed his administration would seek to prosecute and investigate the “hackers” and anyone who aided the publication

Security 305
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Flaws In GitHub Actions Bypass Code Review Mechanism

Data Breach Today

Attackers Can Push Code To A Protected Branch Researchers at Cider Security have uncovered a security loophole in GitHub Actions that allows adversaries to bypass the required reviews mechanism and push unreviewed code to a protected branch, allowing it into the pipeline to production.

Security 337
article thumbnail

The U.S. Federal Government Continues Its Focus on Ransomware Attacks: CISA, FBA, and NSA Publish Technical Advisory on the Conti Group

Data Matters

On September 22, 2021, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) published a cybersecurity advisory (the “ Advisory ”) outlining the Conti ransomware group’s tactics, techniques, and procedures (“TTPs”) to help companies protect against their attacks. This Advisory is especially notable because it is an example of the type of information sharing promised by the Biden administration, which includes techni

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Missouri Refers Responsible Bug Report to Prosecutors

Data Breach Today

Gov. Michael L. Parson Alleges Newspaper Employee Improperly Accessed Data A newspaper employee in Missouri who responsibly reported the exposure of Social Security numbers on a state government website has been accused of malicious hacking by the state's governor. The governor alleged the publication of the vulnerability after it was fixed was part of a "political vendetta.

More Trending

article thumbnail

Thingiverse Data Leak Affects 228,000 Subscribers

Data Breach Today

The Data Dump Is Being Broadly Circulated on a Popular Hacking Forum Thingiverse, a popular website dedicated to sharing user-created digital design files, has reportedly leaked a 36GB backup file that contains 2.5 million unique email addresses and other personally identifiable information.

246
246
article thumbnail

NCSC warns of “devastating” Russian ransomware attacks

IT Governance

The head of the NCSC (National Cyber Security Centre) has warned that “most of the devastating ransomware attacks against UK targets” originated in Russia and that not enough organisations in the UK are adequately prepared to deal with the threat. Addressing the Chatham House Cyber 2021 conference to mark her first year as the NCSC’s CEO, Lindy Cameron considered four themes affecting cyber security today: “the ongoing impact of the pandemic; the ongoing threat posed by ransomware; the growth of

article thumbnail

Australia Plans Ransomware Attack Reporting Requirement

Data Breach Today

New Criminal Penalties, Assistance to Victims in the Ransomware Action Plan Australia plans to require businesses with more than $10 million in revenue to report ransomware attacks to the government, part of a comprehensive strategy to fight the attacks that also includes new criminal penalties and assistance to victims. The plan would need to be passed by Parliament.

article thumbnail

The Human Element Is the Weakest Link

Dark Reading

While the recent Facebook outage was a major inconvenience, the impact of leaked business operations documents is a much bigger issue than being down for a few hours.

98
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

MITRE Launches Centers to Protect Infrastructure and Health

Data Breach Today

Focus is on Critical Infrastructure Threats and Clinical Data MITRE, the not-for-profit organization that works across governmental and federal agencies, as well as various industrial verticals and academia, has set up The Cyber Infrastructure Protection Innovation Center and The Clinical Insights Innovation Cell to protect healthcare.

141
141
article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’ll be speaking at an Informa event on November 29, 2021. Details to come. The list is maintained on this page.

100
100
article thumbnail

Osteopathic Professional Group Reports Year-Old Breach

Data Breach Today

PII of Nearly 28,000 Members Exfiltrated in June 2020 Hacking Incident The American Osteopathic Association has just begun notifying nearly 28,000 individuals about a June 2020 data exfiltration incident involving their personal information. The medical professional organization says workforce challenges during the pandemic led to the notification delay.

141
141
article thumbnail

Microsoft Azure Attack Illustrates Ongoing DDoS Threats

eSecurity Planet

Officials with Microsoft’s Azure public cloud said the company in late August was able to stave off a record distributed denial-of-service (DDoS) attack against a European customer that originated in the Asia-Pacific region. The attack, which hit 2.4 terabits per second, was 140 percent higher than a 1 Tbps attack last year and higher than any similar event ever detected on the Azure public cloud, according to Amir Dahan, senior program manager for Azure networking.

IoT 87
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

New Yanluowang ransomware used in highly targeted attacks on large orgs

Security Affairs

Researchers spotted a new strain of ransomware, dubbed Yanluowang, that was used in highly targeted attacks against enterprises. Researchers from Symantec Threat Hunter Team discovered a ransomware family, tracked as Yanluowang ransomware that was used in highly targeted attacks against large enterprises. The discovery is part of an investigation into a recent attempted ransomware attack against a large organization. “The Threat Hunter Team first spotted suspicious use of AdFind, a legitim

article thumbnail

Becoming a Cybercriminal Keeps Getting Easier

eSecurity Planet

Zero-day vulnerabilities are no longer exclusively for elite hackers. There are now automated scripts available on GitHub so even novice hackers can explore these previously unknown security flaws. That was one of the insights in the HP Wolf Security Threat Insights Report released today. The report noted that the average time for a business to apply, test and fully deploy patches with the proper checks is 97 days, creating a large window for newly discovered vulnerabilities to be exploited.

article thumbnail

How to Ask Questions to Succeed with Security Projects

Lenny Zeltser

No matter the years of experience in cybersecurity, security professionals are often in situations where crucial details are missing. Yet, we often hesitate to ask questions because we don't want to appear ignorant or don't know what to ask. I captured my perspective on asking questions in a constructive way in a three-post series. Read the posts to learn how to use questions to succeed with the following cybersecurity activities: Planning : Preparing for tactical and strategic projects to stren

article thumbnail

Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020

Security Affairs

Google revealed to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers since January. Google announced to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers during 2021. The data were provided by Google’s Threat Analysis Group (TAG), which tracks government-backed hacking campaign, which warns of a significant increase in the number of the alert compared to the previous year. “So far in 2021, we’ve sent over

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Rickroll Grad Prank Exposes Exterity IPTV Bug

Threatpost

IPTV and IP video security is increasingly under scrutiny, even by high school kids.

Security 108
article thumbnail

WhatsApp made available end-to-end encrypted chat backups

Security Affairs

WhatsApp made available end-to-end encrypted chat backups on iOS and Android to prevent anyone from accessing user chats. WhatsApp is rolling out end-to-end encrypted chat backups on both iOS and Android devices, the move aims at implementing an optional layer of security to protect backups stored on Google Drive or iCloud cloud storage. Currently, WhatsApp allows users to backup their chats on cloud storage services, but these backups are not end-to-end encrypted.

article thumbnail

Podcast: 67% of Orgs Have Been Hit by Ransomware at Least Once

Threatpost

Fortinet’s Derek Manky discusses a recent global survey showing that two-thirds of organizations suffered at least one ransomware attack, while half were hit multiple times.

article thumbnail

Acer suffered the second security breach in a few months

Security Affairs

Taiwanese electronics technology giant Acer discloses a security breach suffered by its after-sales service systems in India after an isolated attack. Bad news for the Taiwanese electronics technology giant Acer, it disclosed a second security breach this year. The company revealed that its after-sales service systems in India were hit by an isolated attack.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

How Security Teams Can Reinforce End-User Awareness

Dark Reading

Training programs provide the information, but security teams can reinforce these for better end-user education.

article thumbnail

CryptoRom Scam Rakes in $1.4M by Exploiting Apple Enterprise Features

Threatpost

The campaign, which uses the Apple Developer Program and Enterprise Signatures to get past Apple's app review process, remains active.

article thumbnail

Your Students Are Mobile. Your RFID Readers Need to Be, Too.

HID Global

Your Students Are Mobile. Your RFID Readers Need to Be, Too. troz. Thu, 10/14/2021 - 10:41.

98
article thumbnail

Recovering Real Faces from Face-Generation ML System

Schneier on Security

New paper: “ This Person (Probably) Exists. Identity Membership Attacks Against GAN Generated Faces. Abstract: Recently, generative adversarial networks (GANs) have achieved stunning realism, fooling even human observers. Indeed, the popular tongue-in-cheek website [link] taunts users with GAN generated images that seem too real to believe. On the other hand, GANs do leak information about their training data, as evidenced by membership attacks recently demonstrated in the literature.

Paper 102
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Digging Deep Into the Top Security Certifications

Dark Reading

When it comes to technical certifications, which ones pay off so you can get that infosec job or more money for the one you're already doing?

Security 106
article thumbnail

#BeCyberSmart: Detect forensically and respond rapidly

OpenText Information Management

October is Cyber Awareness Month. To mark this I’m writing about a subject that is close to my heart, a subject I believe is our best chance of keeping our adversaries and bad-actors at bay. Specifically, the proactive detection of cybersecurity incidents within the Federal Government infrastructure. And using technologies to drive Endpoint Detection and … The post #BeCyberSmart: Detect forensically and respond rapidly appeared first on OpenText Blogs.

article thumbnail

Enterprise Data Storage Environments Riddled With Vulnerabilities

Dark Reading

Many organizations are not properly protecting their storage and backup systems from compromise, new study finds.

83