Wed.Apr 06, 2022

article thumbnail

Meta Tries to Break the End-to-End Encryption Deadlock

WIRED Threat Level

A new report Meta commissioned aims to redefine comprehensive encryption as essential to protecting human rights.

article thumbnail

HHS Seeks Input on Critical HIPAA Enforcement Considerations

Data Breach Today

Regulators Examine 'Recognized' Security Practices and How to Divvy Up HIPAA Fines Federal regulators are seeking public input about how they should consider the "recognized" security practices of organizations when taking potential HIPAA enforcement actions - and how to distribute a percentage of HIPAA fines to individuals harmed by violations.

Security 259
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Attackers Spoof WhatsApp Voice-Message Alerts to Steal Info

Threatpost

Threat actors target Office 365 and Google Workspace in a new campaign, which uses a legitimate domain associated with a road-safety center in Moscow to send messages.

Security 122
article thumbnail

Identity Vendor BeyondTrust Promotes Janine Seebeck to CEO

Data Breach Today

Seebeck Wants to Create a Prevention-Based Approach to Protecting Privileged Users New BeyondTrust CEO Janine Seebeck plans to help privileged users protect themselves by applying machine learning to detect patterns in the data generated across BeyondTrust's 20,000 customers. She starts as BeyondTrust's CEO July 1 and replaces Matt Dircks, who has led the company since 2014.

259
259
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Protecting Against the Spring4Shell Vulnerability

eSecurity Planet

Spring4Shell ( CVE-2022-22965 ) is a remote code execution (RCE) vulnerability that affects Spring Core, a comprehensive framework for Java-based enterprise applications. Spring4Shell gets its name from the Log4Shell vulnerability , one of the most critical zero-day threats ever, which affected a Java software component called Log4j and allowed hackers to take control of web servers and networks.

Cloud 116

More Trending

article thumbnail

A cyber attack forced the wind turbine manufacturer Nordex Group to shut down some of IT systems

Security Affairs

Nordex Group, one of the largest manufacturers of wind turbines, was hit by a cyberattack that forced the company to shut down part of its infrastructure. Nordex Group, one of the world’s largest manufacturers of wind turbines, was the victim of a cyberattack that forced the company to take down multiple systems. The attack was uncovered on March 31 and the company immediately started its incident response procedure to contain the attack.

article thumbnail

Chinese APT Targets Global Firms in Monthslong Attack

Data Breach Today

Targets Include MSPs, Government Orgs, NGOs in Europe, Asia, North America Chinese state-backed threat actor Cicada, aka APT10, is attacking global organizations in what appears to be a monthslong espionage campaign. On its radar are government, legal, religious and nongovernmental organizations in Europe, Asia and North America, the Symantec Threat Hunter team says.

article thumbnail

Block discloses data breach involving Cash App potentially impacting 8.2 million US customers

Security Affairs

Block disclosed a data breach related to the Cash App investing app and is notifying 8.2 million current and former US customers. The data breach involved a former employee that downloaded some unspecified reports of its Cash App Investing app that contained some U.S. customer information. Cash App is an app that allows users to easily send money, spend money, save money, and buy cryptocurrency. “On April 4, 2022, Block, Inc.

article thumbnail

How Identity Fraud Affects Financial Institutions

Data Breach Today

Javelin's John Buzzard on Findings of Fraud Impact Report Financial institutions must be aware of artificial intelligence being used by criminals against them, says John Buzzard, lead analyst, fraud and security, Javelin Strategy & Research. He discusses the findings of Javelin's latest identity fraud report.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

SEC Announces 2022 Examination Priorities: Private Funds, ESG, Retail, Cyber, Digital Assets Top the List

Data Matters

On March 30, 2022, the U.S. Securities and Exchange Commission (SEC) Division of Enforcement (EXAMS or Division) issued its annual examination priorities. 1 Consistent with its recent rulemaking activity, in its accompanying release, the SEC highlighted private funds; Environmental, Social and Governance (ESG) investing; retail; cyber; and digital assets as key examination priorities.

Retail 88
article thumbnail

Tufin to Be Bought by PE Firm Turn/River Capital for $570M

Data Breach Today

Going Private May Help Accelerate Tufin's Pivot to Subscription-Based Revenue Getting bought by private equity firm Turn/River Capital is expected to help Tufin grow its subscription-based revenue, expand to new markets and reach new customer segments. The proposed acquisition comes just three years after Tufin went public.

Marketing 240
article thumbnail

U.S. Treasury Department sanctions darkweb marketplace Hydra Market

Security Affairs

The U.S. Treasury Department sanctioned the Hydra Market, the world’s largest and longest-running dark web marketplace. The U.S. Treasury Department sanctioned the darkweb marketplace Hydra Market, the same day Germany’s Federal Criminal Police Office, the Bundeskriminalamt (BKA), announced they have shut down the illegal platform. The seizure of the Hydra Market is the result of an international investigation conducted by the Central Office for Combating Cybercrime (ZIT) in partnership wi

Marketing 104
article thumbnail

Employee empowerment the Jamf way

Jamf

Beyond the benefits that Jamf solutions provide IT and management, they can help employees in many industries and job functions to work more efficiently and happily.

IT 98
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Ukraine warns of attacks aimed at taking over Telegram accounts

Security Affairs

Ukraine’s technical security and intelligence service warns of threat actors targeting aimed at gaining access to users’ Telegram accounts. State Service of Special Communication and Information Protection (SSSCIP) of Ukraine spotted a new wave of cyber attacks aimed at gaining access to users’ Telegram accounts. The Ukrainian CERT attributes the hacking campaign to threat actors tracked as UAC-0094.

Phishing 102
article thumbnail

Cyberweapons Arms Manufacturer FinFisher Shuts Down

Schneier on Security

FinFisher has shut down operations. This is the spyware company whose products were used, among other things, to spy on Turkish and Bahraini political opposition.

article thumbnail

Germany police shut down Hydra Market dark web marketplace

Security Affairs

Germany’s Federal Criminal Police Office shut down Hydra Market, the Russian-language darknet marketplace specialized in drug dealing. Germany’s Federal Criminal Police Office, the Bundeskriminalamt (BKA), announced they have shut down Hydra, one of the world’s largest dark web marketplace. The seizure of the Hydra Market is the result of an international investigation conducted by the Central Office for Combating Cybercrime (ZIT) in partnership with U.S. law enforcement author

article thumbnail

Nearly 40% of Macs Left Exposed to 2 Zero-Day Exploits

Dark Reading

Apple's emergency fixes last week for two actively exploited vulnerabilities neglected previous Big Sur and Catalina versions of macOS, security vendor says.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Mailchimp Phishing Attack Results in Potential Hit on 100K Trezor Crypto Wallets

KnowBe4

Stolen client data from Mailchimp put customers of the cryptocurrency hardware wallets on notice of potential social engineering attacks claiming to be Trezor.

article thumbnail

Why XDR As We Know It Will Fail

Dark Reading

Don't take the XDR hype at face value. Do security due diligence and add a connectivity level for data access across all silos for best response.

IT 95
article thumbnail

“Europol Calling” (Not Necessarily)

KnowBe4

Scammers are impersonating Europol with fraudulent phone calls in an attempt to steal personal and financial information, according to Kristina Ohr at Avast. The German Federal Criminal Police Office (Bundeskriminalamt, BKA) recently warned of this campaign as well.

article thumbnail

Europe Is Building a Huge International Facial Recognition System

WIRED Threat Level

Lawmakers advance proposals to let police forces across the EU link their photo databases—which include millions of pictures of people’s faces.

Privacy 93
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

US dismantled the Russia-linked Cyclops Blink botnet

Security Affairs

The U.S. government announced the disruption of the Cyclops Blink botnet operated by the Russia-linked Sandworm APT group. The U.S. government announced that it had dismantled the Cyclops Blink botnet operated by the Russia-linked Sandworm APT group. “The Justice Department today announced a court-authorized operation, conducted in March 2022, to disrupt a two-tiered global botnet of thousands of infected network hardware devices under the control of a threat actor known to security resear

article thumbnail

Eliminating Passwords: One Way Forward

Dark Reading

Fast Identity Online (FIDO) technology leverages security keys and biometrics to provide secure authentication.

article thumbnail

IT asset disposal is a security risk CISOs need to take seriously via CSO Online

IG Guru

Check out the article here. The post IT asset disposal is a security risk CISOs need to take seriously via CSO Online appeared first on IG GURU.

Risk 77
article thumbnail

Linux Systems Are Becoming Bigger Targets

Dark Reading

To prevent Linux exploits, organizations should establish an integrated security approach that extends to the network edge.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Agreement For A New Trans-Atlantic Data Privacy Framework Announced

Privacy and Cybersecurity Law

On March 25, 2022, the United States and European Commission announced by joint statement an agreement in principle on a […].

article thumbnail

Nearly Two-Thirds of Ransomware Victims Paid Ransoms Last Year, Finds "2022 Cyberthreat Defense Report"

Dark Reading

Record-setting ransomware attacks, a shortage of skilled personnel, and low security awareness across the workforce cause headaches for IT security teams.

article thumbnail

The Future of SAFE for Aviation

HID Global

The Future of SAFE for Aviation. mlewis. Wed, 04/06/2022 - 14:08.

52