Mon.May 02, 2022

article thumbnail

5 Lessons Star Wars Can Teach Us About Cybersecurity

Thales Cloud Protection & Licensing

5 Lessons Star Wars Can Teach Us About Cybersecurity. divya. Mon, 05/02/2022 - 07:29. A long time ago – in 1977 to be precise - in a film theatre far, far away, a film called “Star Wars” was released, which took the world by storm and changed sci-fi, cinema, and pop culture over the next few decades. This intergalactic tale of lightsaber duels, droids, and the rebel alliance can actually teach us a lot about the importance of strong and secure passwords.

article thumbnail

Russia to Rent Tech-Savvy Prisoners to Corporate IT?

Krebs on Security

Image: Proxima Studios, via Shutterstock. Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within the nation’s prison population to perform low-cost IT work for domestic companies.

IT 264
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST ESSAY: A primer on Biden’s moves to protect U.S. water facilities from cyber attacks

The Last Watchdog

Potable water and wastewater management is a top priority for cybersecurity professionals and the Biden administration alike. With new regulations and funding, companies must find the best way to implement and manage cybersecurity to protect these systems. Related: Keeping critical systems patched. As the US federal government begins to put its eye on securing more of its infrastructure against the rising risk of large-scale cybersecurity attacks, a late January statement from the White House ha

article thumbnail

Man Uses Phishing to Trick US DOD Into Paying $23.5M

Data Breach Today

California Resident Found Guilty on Total of 6 Criminal Counts Sercan Oyuntur, a 40-year-old California resident, has been found guilty of stealing payments of over $23 million from the U.S. Department of Defense, according to the U.S. Department of Justice. The stolen payment was meant for DOD's jet fuel suppliers.

Phishing 259
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

North Carolina Becomes First State to Prohibit Public Entities from Paying Ransoms

Hunton Privacy

On April 5, 2022, North Carolina became the first state in the U.S. to prohibit state agencies and local government entities from paying a ransom following a ransomware attack. North Carolina’s new law, which was passed as part of the state’s 2021-2022 budget appropriations , prohibits government entities from paying a ransom to an attacker who has encrypted their IT systems and subsequently offers to decrypt that data in exchange for payment.

More Trending

article thumbnail

India to Require Cybersecurity Incident Reporting Within Six Hours

Hunton Privacy

On April 28, 2022, India issued new guidance relating to “information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet.” Notably, the guidance requires “service providers, intermediary, data centre, body corporate and Government organizations” to report cyber incidents to India’s Computer Emergency Response Team (“CERT-In”) within six hours of noticing such incidents or being notified about such incidents.

article thumbnail

Community College Suspends Classes Over Ransomware Attack

Data Breach Today

5 Kellogg Community Colleges - and Nearly 8,400 Students - Affected All five campuses of the Kellogg Community College, or KCC, have suspended classes until further notice as the result of a ransomware attack, according to its website. The campuses in Battle Creek, Albion, Coldwater, Hastings and Fort Custer Industrial Park in Michigan house nearly 8,400 students.

article thumbnail

Onyx Ransomware Destroys Large Files Instead of Locking Them

eSecurity Planet

Ransomware just keeps getting worse, it seems. Cybersecurity researchers last week revealed that a new ransomware gang called Onyx is simply destroying larger files rather than encrypting them. As the MalwareHunterTeam noted in a Twitter thread , “as the ransomware they are using is a trash skidware, it’s destroying a part of the victims’ files.” The team would recommend that “no company should pay to these idiots … but they are stealing files too.” Most

article thumbnail

OIG: HHS' Info Security Program Still Rated 'Not Effective'

Data Breach Today

Latest FISMA Compliance Audit Finds a Variety of Issues Auditors have once again rated the Department of Health and Human Services' information security program as "not effective," citing several areas of weaknesses, including issues related to risk management, information security continuous monitoring and contingency planning.

Security 243
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Security Stuff Happens: What Do You Do When It Hits the Fan?

Dark Reading

Breaches can happen to anyone, but a well-oiled machine can internally manage and externally remediate in a way that won't lead to extensive damage to a company's bottom line. (Part 1 of a series.

IT 106
article thumbnail

Phishing Campaign Uses Simple Email Templates

KnowBe4

A phishing campaign is using short, terse emails to trick people into visiting a credential-harvesting site, according to Paul Ducklin at Naked Security. The email informs recipients that two incoming messages were returned to the sender, and directs the user to visit a link in order to view the messages. Since the emails are so short, the scammers avoid risking typos or grammatical errors that could have tipped off the recipient.

Phishing 106
article thumbnail

Data Modeling 101: OLTP data modeling, design, and normalization for the cloud

erwin

How to create a solid foundation for data modeling of OLTP systems. As you undertake a cloud database migration , a best practice is to perform data modeling as the foundation for well-designed OLTP databases. For standard relational database applications, data modeling that incorporates accepted design paradigms, such as normalization, is essential.

Cloud 98
article thumbnail

Group-IB CEO remains in prison – the Russian-led company has been ‘blacklisted’ in Italy

Security Affairs

The latest executive order from the Italian ACN agency banned Group-IB, a Russian-led cybersecurity firm from working in the government sector. The latest executive order from the Italian National Cybersecurity Agency (NCA) banned Group-IB, a Russian-led cybersecurity company from working in the government sector, including 2 other companies – Kaspersky Labs and Positive Technologies.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

The most critical vulnerabilities right now - April 2022

Outpost24

The most critical vulnerabilities right now - April 2022. 02.May.2022. Florian Barre. Mon, 05/02/2022 - 02:09. Blueliv, an Outpost24 company. Threat Intelligence.

98
article thumbnail

Holding a Great Employee Education Meeting

KnowBe4

I recently attended a customer’s annual security awareness training employee event. I have attended a bunch of these over the years and I have loved them all. But this particular customer threw a great one! It included everything I think a security awareness training employee event should have.

article thumbnail

The mystery behind the samples of the new REvil ransomware operation

Security Affairs

The REvil ransomware gang has resumed its operations, experts found a new encryptor and a new attack infrastructure. The REvil ransomware operation shut down in October 2021, in January the Russian Federal Security Service (FSB) announced to have shut down the REvil ransomware gang, the group that is behind a long string of attacks against large organizations, such as Kaseya and JBS USA.

article thumbnail

Google Offers $1.5M Bug Bounty for Android 13 Beta

Dark Reading

The security vulnerability payout set bug hunters rejoicing, but claiming the reward is much, much easier said than done.

Security 102
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Deep Dive: Protecting Against Container Threats in the Cloud

Threatpost

A deep dive into securing containerized environments and understanding how they present unique security challenges.

Cloud 103
article thumbnail

Package Analysis dynamic analyzes packages in open-source repositories

Security Affairs

The Open Source Security Foundation (OpenSSF) is working on a tool to conduct a dynamic analysis of packages uploaded to popular open-source repositories. The Open Source Security Foundation (OpenSSF) announced the release of the first version of a new tool, dubbed Package Analysis , to perform dynamic analysis of the packages uploaded to popular open-source repositories. “Today we’re pleased to announce the initial prototype version of the Package Analysis project , an OpenSSF project add

article thumbnail

U.S. DoD tricked into paying $23.5 million to phishing actor via BleepingComputer

IG Guru

The U.S. Department of Justice (DoJ) has announced the conviction of Sercan Oyuntur, 40, resident of California, for multiple counts relating to a phishing operation that caused $23.5 million in damages to the U.S. Department of Defense (DoD). The post U.S. DoD tricked into paying $23.5 million to phishing actor via BleepingComputer appeared first on IG GURU.

article thumbnail

Car rental company Sixt hit by a cyberattack that caused temporary disruptions

Security Affairs

The car rental company Sixt announced it was hit by a cyberattack that is causing temporary business disruptions at customer care centers and selective branches. The car rental company Sixt detected IT anomalies on April 29th, 2022 and immediately activated the incident response procedures. Later, the company confirmed that it was hit by a cyber-attack that was quickly contained, but that caused temporary business disruptions at customer care centers and selective branches. “As a standard

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

DoD Scammed Out of $23M in Phishing Attack on Jet-Fuel Vendors

Dark Reading

A California man faces prison time and steep fines stemming from cybertheft of US military funds intended to pay jet-fuel suppliers.

article thumbnail

Bad Actors Are Maximizing Remote Everything

Threatpost

Aamir Lakhani, global security strategist and researcher at FortiGuard Labs, zeroes in on how adversaries are targeting 'remote everything'.

article thumbnail

6 Best Practices to Ensure Kubernetes Security Meets Compliance Regulations

Dark Reading

Security must be precise enough to meet compliance requirements without impeding DevOps and developer productivity. Here's how to strike that balance.

article thumbnail

IoT and Cybersecurity: What’s the Future?

Security Affairs

IoT gizmos make our lives easier, but we forget that these doohickeys are IP endpoints that act as mini-radios. They continuously send and receive data via the internet and can be the easiest way for a hacker to access your home network. IoT devices can spy on people, steal data, or bring down vast swathes of the internet, as happened in 2016 when Mirai malware infiltrated devices such as baby monitors and refrigerators and locked them into a botnet for the Dyn cyberattack.

IoT 129
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

New Regulations in India Require Orgs to Report Cyber Incidents Within 6 Hours

Dark Reading

CERT-In updates cybersecurity rules to include mandatory reporting, record-keeping, and more.

article thumbnail

European Union Reaches Political Agreement on Digital Services Act

Hunton Privacy

On April 23, 2022, the European Commission announced that the European Parliament and EU Member States had reached consensus on the Digital Services Act (“DSA”), which establishes accountability standards for online platforms regarding illegal and harmful content. The DSA imposes obligations on covered entities based on their size, role and impact within the online ecosystem.

GDPR 106
article thumbnail

Name That Edge Toon: Flower Power

Dark Reading

Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

78