Thu.Mar 11, 2021

article thumbnail

Beer-Brewer Molson Coors Reports On-Going Cyber Incident

Data Breach Today

Multiple Systems Impacted, Including Production and Shipping Capabilities The Molson Coors Beverage Company reported Thursday it is in the process of countering a cybersecurity incident that has caused system outages throughout the brewer's manufacturing process. The specific type of attack taking place was not released.

article thumbnail

How to Develop a Metadata Strategy

AIIM

What’s the Importance of a Metadata Strategy? Many organizations use metadata in ways that provide significant business value. Every system uses metadata to store and retrieve data. But in too many organizations, every system uses similar but different metadata, with the result that different data structures and approaches make information harder to find and manage, not easier.

Metadata 162
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

At Least 10 APT Groups Exploiting Exchange Flaws

Data Breach Today

ESET: Some Attacks Happened Before Microsoft Was Notified of Vulnerabilities At least 10 APT groups exploited unpatched Microsoft Exchange vulnerabilities in attacks against thousands of companies in the last three months, according to researchers at the Slovak security firm ESET.

Security 261
article thumbnail

RedXOR, a new powerful Linux backdoor in Winnti APT arsenal

Security Affairs

Intezer experts have spotted a new strain of Linux backdoor dubbed RedXOR that is believed to be part of the arsenal of China-linked Winniti APT. Researchers from Intezer have discovered a new sophisticated backdoor, tracked as RedXOR, that targets Linux endpoints and servers. The malware was likely developed by the China-linked cyber espionage group Winnti. “We have discovered an undocumented backdoor targeting Linux systems, masqueraded as polkit daemon.

Cloud 143
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

More Health Data Breaches Tied to Vendor Incidents

Data Breach Today

Hacker Attacks Against Accellion, Other Vendors Expose Patient Data The list of healthcare organizations affected by recent vendor security incidents - including the attack against Accellion - continues to grow.

More Trending

article thumbnail

Police Target Criminal Users of Sky ECC Cryptophone Service

Data Breach Today

Investigators Report Recently 'Unlocking' 170,000 Users' 3 Million Daily Messages Police say they have disrupted Sky ECC - a global encrypted communications network allegedly used by numerous criminals to plan their operations - and made numerous arrests. Authorities say starting in February, they "unlocked" 3 million messages exchanged daily by the service's 170,000 users.

article thumbnail

Linux Systems Under Attack By New RedXOR Malware

Threatpost

Researchers say the new RedXOR backdoor is targeting Linux systems with various data exfiltration and network traffic tunneling capabilities.

139
139
article thumbnail

SOC Management: Automation Best Practices

Data Breach Today

What are best practices for applying automation to make SOCs more efficient? Cory Mazzola, executive fellow at The Tuck School of Business at Dartmouth College, offers insights.

225
225
article thumbnail

Internet providers tracking sites we visit in secretive trial

The Guardian Data Protection

Campaigners complain of ‘staggering lack of transparency’ in Home Office mass data collection experiment Two internet providers are tracking and collecting the websites visited by their customers as part of a secretive Home Office trial, designed to work out if a national bulk surveillance system would be useful for national security and law enforcement.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Relief Package Includes Less for Cybersecurity

Data Breach Today

$2 Billion for Security and IT, Rather Than $10 Billion as Originally Proposed The $1.9 billion economic relief package known as the American Rescue Plan, which the House approved Wednesday and President Biden signed Thursday afternoon, includes about $2 billion for cybersecurity and IT modernization, rather than the $10 billion the president originally proposed.

article thumbnail

Fast Random Bit Generation

Schneier on Security

Science has a paper (and commentary ) on generating 250 random terabits per second with a laser. I don’t know how cryptographically secure they are, but that can be cleaned up with something like Fortuna.

Paper 115
article thumbnail

Privacy commissioners take position on using facial recognition technology

Data Protection Report

Investigative findings. In a joint investigation report, the Privacy Commissioner of Canada, together with the commissioners of BC, Alberta, and Quebec concluded that Clearview AI violated Canadians’ privacy rights under federal and provincial privacy laws by scraping billons of images of people available online to be continually used in what amounted to a virtual “police lineup.

Privacy 105
article thumbnail

Grow Faster with OpenText Cloud Edition 21.1

OpenText Information Management

Modern organizations know that accelerating digital transformation is critical to their success. The launch of OpenText™ Cloud Edition (CE) 21.1 includes new features, products, cloud services and solutions to empower modern work, engage customers, connect global commerce and protect data. OpenText Content Cloud CE 21.1? The shift to remote work has led to an increase … The post Grow Faster with OpenText Cloud Edition 21.1 appeared first on OpenText Blogs.

Cloud 104
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Microsoft Exchange Servers Face APT Attack Tsunami

Threatpost

At least 10 nation-state-backed groups are using the ProxyLogon exploit chain to compromise email servers, as compromises mount.

article thumbnail

F5 addresses critical vulnerabilities in BIG-IP and BIG-IQ

Security Affairs

Security firm F5 announced the availability of patches for seven vulnerabilities in BIG-IP, four of which have been rated as “critical” severity. BIG-IP product family includes hardware, modularized software, and virtual appliances that run the F5 TMOS operating system and provides load balancing, firewall, access control, threat protection capabilities.

article thumbnail

NYDFS Settles with Mortgage Company for Data Breach

Hunton Privacy

On March 3, 2020, the New York Department of Financial Services (“NYDFS”) announced it had entered into a settlement with Residential Mortgage Services, Inc. (“RMS”) related to allegations that RMS violated the NYDFS Cybersecurity Regulation in connection with a 2019 data breach. According to NYDFS, RMS, a licensed mortgage banker, experienced a data breach involving unauthorized access to an employee’s email account.

article thumbnail

Expert publishes PoC exploit code for Microsoft Exchange flaws

Security Affairs

This week a security researcher published on GitHub a proof-of-concept tool to hack Microsoft Exchange servers chaining two of ProxyLogon flaws. . On March 2nd, Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported Microsoft Exchange versions that are actively exploited in the wild.

Education 104
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

IAPP plans return to in-person conferences later this year

IG Guru

The IAPP President & CEO sent a message to members today about an in-person conference in 2021. Optimism has been in short supply over this past year. That is why I am delighted to report the IAPP is moving forward with plans to host Europe’s most influential privacy conference in person – the IAPP Europe Data […]. The post IAPP plans return to in-person conferences later this year appeared first on IG GURU.

Privacy 90
article thumbnail

Hackers stole data from Norway parliament exploiting Microsoft Exchange flaws

Security Affairs

Norway parliament, the Storting, has suffered a new cyberattack, hackers stole data by exploiting recently disclosed Microsoft Exchange vulnerabilities. Norway ‘s parliament, the Storting, was hit by a new cyberattack, threat actors stole data exploiting the recently disclosed vulnerabilities in Microsoft Exchange , collectively tracked as ProxyLogon.

article thumbnail

5 Steps for Investigating Phishing Attacks

Dark Reading

Phishing is a common and effective cybercrime tool, but even the most sophisticated threat actors make mistakes that you can leverage in your investigations.

Phishing 102
article thumbnail

TrickBot Takes Over, After Cops Kneecap Emotet

Threatpost

TrickBot rises to top threat in February, overtaking Emotet in Check Point’s new index.

Security 127
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Network Pivots, Patch Bypasses: Exploits Hit Hard in 2020

Dark Reading

An analysis of 50 vulnerabilities finds a spectrum of risk, from widespread vulnerabilities exploited by a variety of attackers to serious issues that will likely be exploited in 2021.

Risk 119
article thumbnail

F5, CISA Warn of Critical BIG-IP and BIG-IQ RCE Bugs

Threatpost

The F5 flaws could affect the networking infrastructure for some of the largest tech and Fortune 500 companies - including Microsoft, Oracle and Facebook.

94
article thumbnail

Microsoft Exchange Server Exploit Code Posted to GitHub

Dark Reading

The proof-of-concept tool, which contained exploits for two Exchange Server vulnerabilities, was quickly removed from GitHub.

108
108
article thumbnail

Ransomware Attack Strikes Spain’s Employment Agency

Threatpost

Reports say that the agency in charge of managing Spain's unemployment benefits has been hit by the Ryuk ransomware.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

F5 Networks Urges Customers to Update to New Versions of Its App Delivery Tech

Dark Reading

F5 BIG-IP and BIG-IQ have multiple critical vulnerabilities that enable attackers to completely compromise systems.

IT 93
article thumbnail

FIN8 Resurfaces with Revamped Backdoor Malware

Threatpost

The financial cyber-gang is running limited attacks ahead of broader offensives on point-of-sale systems.

Sales 106
article thumbnail

Actionable Tips for Engaging the Board on Cybersecurity

Dark Reading

Up your game with your company's board of directors to help them understand your cybersecurity priorities.