Krebs on Security

DECEMBER 3, 2021

Rarely do cybercriminal gangs that deploy ransomware gain the initial access to the target themselves. More commonly, that access is purchased from a cybercriminal broker who specializes in acquiring remote access credentials — such as usernames and passwords needed to remotely connect to the target’s network. In this post we’ll look at the clues left behind by “ Babam ,” the handle chosen by a cybercriminal who has sold such access to ransomware groups on many occa

Access 281

Access Ransomware Sales Passwords 281

Schneier on Security

DECEMBER 3, 2021

Matt Blaze tested a variety of Faraday cages for phones, both commercial and homemade. The bottom line: A quick and likely reliable “go/no go test” can be done with an Apple AirTag and an iPhone: drop the AirTag in the bag under test, and see if the phone can locate it and activate its alarm (beware of caching in the FindMy app when doing this).

IT 119

IT 119

Security Affairs

DECEMBER 3, 2021

Threat actors have started to exploit the interest in the Omicron COVID-19 variant and are using it as a lure in phishing campaigns. Crooks have already started exploiting the interest in the Omicron COVID-19 variant and are using it as a lure in phishing attacks. People are interested in the spreading of the new variant, the efficiency of the vaccines and the measures that will adopt the states to prevent its spreading, and threat actors are attempting to take advantage of this situation.

Phishing 113

Phishing Security IT Cybersecurity 113

DLA Piper Privacy Matters

DECEMBER 3, 2021

The United Arab Emirates (“UAE”) has enacted its long awaited federal level data protection law. This article examines some of its key features. As part of its 50 th anniversary, the UAE has issued a set of sweeping legal reforms, including the much anticipated Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data Protection (“ PDPL ”), which was issued on 26 September 2021.

Personal data 105

Personal data Data breaches GDPR Compliance 105

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Security Affairs

DECEMBER 3, 2021

Threat actors stole $120 million in cryptocurrencies from multiple wallets connected to the decentralized finance platform BadgerDAO. Threat actors this week have hacked the decentralized finance platform BadgerDAO and have stolen $120.3 million in crypto funds, blockchain security firm PeckShield reported. Most of the stolen funds, over $117 million, were Bitcoin, while the rest of the stolen assets were stored in the form of interest-bearing Bitcoin, a form of tokenised Bitcoin, and Ether.

Blockchain 99

Blockchain Phishing Authentication IT 99

Dark Reading

DECEMBER 3, 2021

Organizations must improve their cybersecurity protocols to detect fraudulent identities and make sure they're safeguarding their consumers’ personal information.

Cybersecurity 97

Cybersecurity 97

Security Affairs

DECEMBER 3, 2021

CISA has released six advisories to warn organizations about security vulnerabilities affecting Hitachi Energy products. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published six advisories to inform organizations about the availability of security patches and notifications for vulnerabilities impacting Hitachi Energy products.

Retail 93

Retail Libraries Communications Cybersecurity 93

Dark Reading

DECEMBER 3, 2021

Vendors drag their heels when it comes to identifying software vulnerabilities and are often loath to expedite the fixes.

IT 109

IT 109

Threatpost

DECEMBER 3, 2021

Attackers that previously targeted the cloud platform provider have shifted their focus to additional products in the company’s portfolio.

Cloud 97

Cloud Security 97

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

IG Guru

DECEMBER 3, 2021

Join ACEDS for E-Discovery Day 2021 on Friday, December 3! ACEDS and industry leaders will be hosting events to celebrate the growing importance of the e-discovery practice and give legal technology professionals a day to connect and learn. E-Discovery Day Agenda A Post COVID E-Discovery World? Experts Predict Key E-Discovery Trends For 2022 Time: 11:30 AM […].

e-Discovery 84

e-Discovery 84

Threatpost

DECEMBER 3, 2021

Jason Kent, hacker-in-residence at Cequence, found a way to exploit a Toyota API to get around the hassle of car shopping in the age of supply-chain woes.

Manufacturing 90

Manufacturing Security 90

IG Guru

DECEMBER 3, 2021

When: Dec 7, 2021 from 12:30 to 13:30 (ET)Associated with AIIM True NorthAIIM True North would like to invite you to a webinar on Dec 7, 2021 at 12:30 PM ET. The presentation will examine and dispel some misconceptions of AI as a solution for every digital transformation business challenge. This webinar is eligible for 1.0 CEU. Please use the […].

Digital transformation 75

Digital transformation Artificial Intelligence Education Information governance 75

Threatpost

DECEMBER 3, 2021

We want to know what your biggest cloud security concerns and challenges are, and how your company is dealing with them. Weigh in with our exclusive poll!

Cloud 81

Cloud Security IoT Privacy 81

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

WIRED Threat Level

DECEMBER 3, 2021

The incident lays bare how hollow the surveillance company’s reassurances about the limits of its hacking tools have always been.

IT 88

IT Security 88

Dark Reading

DECEMBER 3, 2021

A new study of 17 malware frameworks shows threat actors always use USB drives to sneak malware into air-gapped environments and then steal data from there.

82

82

The Texas Record

DECEMBER 3, 2021

Join the records management assistance unit in celebrating E-Discovery Day on Friday, December 3, 2021! Put on your records management hat, pull on your information governance boots, and get in the spirit of the day by checking out these e-discovery resources. What is E-Discovery? ARMA International defines e-discovery as “the process of identifying, locating, securing, reviewing, and protecting electronic information and materials that are potentially relevant to specific litigation and m

e-Discovery 52

e-Discovery Records Management Education Metadata 52

Dark Reading

DECEMBER 3, 2021

Service gives customers access to a CISO-led team of practitioners with a variety of skills and expertise.

Cybersecurity 93

Cybersecurity Access 93

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

eSecurity Planet

DECEMBER 3, 2021

????????Fifteen years after the launch of the microblogging social media platform, Twitter remains a dominant public forum for instant communication with individuals and organizations worldwide on a universe of topics, including #cybersecurity. Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space.

Cybersecurity 129

Cybersecurity e-Discovery Passwords Information Security 129

Dark Reading

DECEMBER 3, 2021

Fake traffic observed on Nov. 26 included malicious scrapers, sophisticated botnets, fake accounts, and click farms.

74

74

eSecurity Planet

DECEMBER 3, 2021

AT&T is working to stop a botnet that has infected at least 5,700 network edge servers inside its networks and appears designed to steal sensitive information and launch distributed denial-of-service (DDoS) attacks. Researchers at Netlab, the network security unit of Chinese tech giant Qihoo 360, wrote in a report this week that the rapidly updated botnet was attacking voice-over-IP (VoIP) servers from Edgewater Networks that are housed within AT&T’s network and are designed to route tra

IoT 126

IoT Cybersecurity Communications Access 126

Dark Reading

DECEMBER 3, 2021

At least nine US State Department employee iPhones were targeted with sophisticated spyware developed by the Israeli firm NSO Group.

67

67

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Security Affairs

DECEMBER 3, 2021

Since 2017, an unknown threat actor has run thousands of malicious Tor relay servers in the attempt to unmask Tor users. A mysterious threat actor, tracked as KAX17, has run thousands of malicious Tor relay servers since 2017 in an attempt to deanonymize Tor users. KAX17 ran relay servers in various positions within the Tor network, including entry and exit nodes, researchers at the Tor Project have removed hundreds of servers set up by the threat actor in October and November 2021.

Authentication 96

Authentication Cloud Security Risk 96

Dark Reading

DECEMBER 3, 2021

LogFlow addresses data risks associated with machine data pipelines.

Risk 64

Risk 64

Security Affairs

DECEMBER 3, 2021

Apple warns that the mobile devices of at least nine US Department of State employees were compromised with NSO Group ‘s Pegasus spyware. The iPhones of at least nine US state department officials were compromised with the NSO Group’s spyware Pegasus. The US officials targeted by the surveillance software were either based in Uganda or focused on matters concerning the African country, revealed Reuters which was not able to determine which was NSO client that orchestrated the attacks

Sales 106

Sales Government IT Security 106

Schneier on Security

DECEMBER 3, 2021

Squeeze the Squid is a band. It just released its second album. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.

Security 88

Security IT 88

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT