Wed.Feb 21, 2024

article thumbnail

Russia Announces Arrest of Medibank Hacker Tied to REvil

Data Breach Today

3 Suspects Charged With Using Sugar Ransomware, Phishing Attacks Against Russians Russian authorities have reportedly arrested three accused members of the SugarLocker ransomware-as-a-service operation. Their alleged crime? Targeting Russians, although one suspect has also been tied to a massive hack of Australian health insurer Medibank and subsequent data leak.

Insurance 271
article thumbnail

SHARED INTEL: Poll shows companies pursuing ‘Digital Trust’ reap benefits as laggards fall behind

The Last Watchdog

Achieving “ digital trust ” is not going terribly well globally. Related: How decentralized IoT boosts decarbonization Yet, more so than ever, infusing trustworthiness into modern-day digital services has become mission critical for most businesses. Now comes survey findings that could perhaps help to move things in the right direction. According to DigiCert’s 2024 State of Digital Trust Survey results, released today , companies proactively pursuing digital trust are seeing boosts in revenue, i

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Wyze Security Incident Exposes Private Cameras

Data Breach Today

13,000 Users Received Incorrect Thumbnails; 1,504 Tapped on Them, Risking Privacy A glitch in Wyze home security cameras permitted thousands of users to catch glimpses inside strangers' homes as its cloud system came back online after an hourslong outage. Around 13,000 Wyze users received thumbnails from cameras that were not their own, and around 1,504 users tapped on them.

Security 244
article thumbnail

How Thales and Red Hat Protect Telcos from API Attacks

Thales Cloud Protection & Licensing

How Thales and Red Hat Protect Telcos from API Attacks madhav Thu, 02/22/2024 - 04:55 Application programming interfaces (APIs) power nearly every aspect of modern applications and have become the backbone of today’s economy. Every time you send a mobile payment, search for airline flight prices, or book a restaurant reservation - you are using an API.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Hack at Services Firm Hits 2.4 Million Eye Doctor Patients

Data Breach Today

As Vendor Breaches Surge, Medical Practices Need 20/20 Visibility on Third Parties An Arizona firm that provides administrative services to a dozen ophthalmology practices in several states is notifying nearly 2.4 million patients of a data theft incident. The hack is among the latest recent major data breaches involving vendors of critical services to healthcare firms.

More Trending

article thumbnail

PAM Provider Delinea Buys Fastpath

Data Breach Today

Acquisition Will Allow Delinea to Detect Overprivileged Access, Company Says California privileged access management vendor Delinea announced it will acquire identity governance and administration vendor Fastpath. "We believe privilege, not just identity, is the true security perimeter," said Delinea Chief Product Officer Phil Calvin.

article thumbnail

New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS

Security Affairs

China-linked APT group Mustang Panda targeted various Asian countries with a variant of the PlugX (aka Korplug) backdoor dubbed DOPLUGS. Trend Micro researchers uncovered a cyberespionage campaign, carried out by China-linked APT group Mustang Panda , targeting Asian countries, including Taiwan, Vietnam, and Malaysia. Mustang Panda has been active since at least 2012, it targeted American and European entities such as government organizations, think tanks, NGOs , and even Catholic organiza

Phishing 110
article thumbnail

Biden to Issue Executive Order Raising Maritime Cybersecurity

Data Breach Today

US Coast Guard Will Publish Proposed Rule Establishing Cybersecurity Minimums U.S. President Joe Biden is set Wednesday to sign an executive order aimed at bolstering cybersecurity in maritime ports, including a directive for the Coast Guard to develop minimum cybersecurity standards for the marine transportation system.

article thumbnail

Details of a Phone Scam

Schneier on Security

First-person account of someone who fell for a scam, that started as a fake Amazon service rep and ended with a fake CIA agent, and lost $50,000 cash. And this is not a naive or stupid person. The details are fascinating. And if you think it couldn’t happen to you, think again. Given the right set of circumstances, it can. It happened to Cory Doctorow.

IT 106
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Biden to Sign Executive Order Raising Maritime Cybersecurity

Data Breach Today

US Coast Guard Will Publish Proposed Rule Establishing Cybersecurity Minimums U.S. President Joe Biden is set Wednesday to sign an executive order aimed at bolstering cybersecurity in maritime ports, including a directive for the Coast Guard to develop minimum cybersecurity standards for the marine transportation system.

article thumbnail

Why organizational buy-in is critical to data cloud migration

Collibra

Migrating to the cloud but worried your organization — or your data — isn’t up to the challenge? An enterprise data intelligence solution can accelerate and simplify your migration journey. More importantly, it lays a foundation for data governance and data quality that can fuel your organization with the trusted data that drives decision-making. To achieve data cloud migration success, we recommend a 4-step process that we explore in our helpful ebook: Four steps to successfully power your da

Cloud 103
article thumbnail

Breach at Aussie Telecom Tangerine Affects 232,000 Customers

Data Breach Today

Customer Accounts Were Secured by MFA, But Contractor's Credentials Exposed Data Australian telecom company Tangerine is blaming the compromise of a third-party contractor's credentials for exposing personal information of 232,000 customers, which had been stored in a legacy database. The breach exposed customers' names, birthdates, mobile numbers, addresses and account numbers.

Security 225
article thumbnail

Exposed: Global Espionage Unleashed by China's Police in Groundbreaking Leak

KnowBe4

I get my news from a very wide variety of sources. One is the venerable SpyTalk news that lives in Substack. They just reported something pretty astounding. Here are the first few paragraphs and at the end is the link to substack with the rest.

102
102
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Unlock the Power of Attack Surface Management with Insights from a KuppingerCole Analyst

Data Breach Today

Join us for an informative webinar with Bitsight speakers Vanessa Jankowski, SVP of Third Party Risk Management, and Greg Keshian, SVP of Security Performance

Risk 189
article thumbnail

New Redis miner Migo uses novel system weakening techniques

Security Affairs

A new malware campaign targets Redis servers to deploy the mining crypto miner Migo on compromised Linux hosts. Caro Security researchers have observed a new malware campaign targeting Redis servers with a crypto miner dubbed Migo. The campaign stands out for the use of several novel system weakening techniques against the data store itself. Migo is a Golang ELF binary with compile-time obfuscation, it is also able to maintain persistence on Linux hosts.

Mining 102
article thumbnail

Anyone Can Be Scammed and Phished, With Examples

KnowBe4

I recently read an article about a bright, sophisticated woman who fell victim to an unbelievable scam. By unbelievable, I mean most people reading or hearing about it could not believe it was successful.

Phishing 102
article thumbnail

How to Perform a Firewall Audit in 11 Steps (+Free Checklist)

eSecurity Planet

A firewall audit is a procedure for reviewing and reconfiguring firewalls as needed so they still suit your organization’s security goals. Over time, business network needs, traffic patterns, and application access change. Auditing your firewall is one of the most important steps to ensuring it’s still equipped to protect the perimeter of your business’ network.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

QR-Code Attacks Target the C-Suite 42 Times More than Standard Employees

KnowBe4

QR-code attacks leveraging QR-codes are kicking into high gear and becoming a common method used in phishing attacks, according to new data from Abnormal Security.

Phishing 106
article thumbnail

Episode 256: Recursive Pollution? Data Feudalism? Gary McGraw On LLM Insecurity

The Security Ledger

Paul speaks with Gary McGraw of the Berryville Institute of Machine Learning (BIML), about the risks facing large language model machine learning and artificial intelligence, and how organizations looking to leverage artificial intelligence and LLMs can insulate themselves from those risks. The post Episode 256: Recursive Pollution? Data. Read the whole entry. » Click the icon below to listen.

article thumbnail

What Is a Circuit-Level Gateway? Definitive Guide

eSecurity Planet

A circuit-level gateway (CLG) is a firewall feature that acts as a proxy and filters packets based on session information. CLGs are important because they provide specialized security filtering and prevent the discovery of IP addresses and open ports on CLG-protected devices. The best use cases stem from how CLGs work, their pros, cons, and how they function differently than other potential solutions.

article thumbnail

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

Security Affairs

U.S. government offers rewards of up to $15 million for information that could lead to the identification or location of LockBit ransomware gang members and affiliates. The U.S. Department of State is offering a reward of up to $15 million for information leading to the identification or location of members of the Lockbit ransomware gang and their affiliates. “The Department of State is announcing reward offers totaling up to $15 million for information leading to the arrest and/or convic

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Malware Delivered Through Phishing Surges 276%

KnowBe4

Researchers at VIPRE Security observed a 276% increase in malware delivered by phishing between Q1 and Q4 of 2023.

Phishing 110
article thumbnail

Apple iOS 17.4: iMessage Gets Post-Quantum Encryption in New Update

WIRED Threat Level

Useful quantum computers aren’t a reality—yet. But in one of the biggest deployments of post-quantum encryption so far, Apple is bringing the technology to iMessage.

article thumbnail

ICO Publishes Guidance on Content Moderation

Hunton Privacy

On February 16, 2024, the UK Information Commissioner’s Office (the “ICO”) published its first piece of guidance on content moderation. The ICO defines content moderation in the guidance as the analysis of user-generated content to assess whether it meets certain standards, and any action a service takes as a result of this analysis. This process includes the processing of personal data and, according to the ICO in its statement , “can cause harm if incorrect decisions are made,” for example co

article thumbnail

What’s new in OpenText InfoArchive

OpenText Information Management

OpenText™ InfoArchive provides highly accessible, scalable, economical, and compliant archiving of structured and unstructured information. Whether actively archiving business information to reduce system loads or decommissioning applications to stand down outdated systems, InfoArchive is the flexible and cost-efficient way to reduce IT costs and accelerate the move to a modernized, cloud-based architecture.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Ohio Court Grants Motion for Preliminary Injunction on Parental Notification by Social Media Operators Act

Hunton Privacy

On February 12, 2024, a federal court in the Southern District of Ohio issued an order granting a Motion for a Preliminary Injunction, prohibiting the Ohio Attorney General from implementing and enforcing the Parental Notification by Social Media Operators Act, Ohio Rev. Code § 1349.09(B)(1) (the “Act”). The Act was signed into law in July 2023, and was set to take effect on January 15, 2024.

IT 64
article thumbnail

What’s new in OpenText Media Management

OpenText Information Management

For a category that has been around for over 30 years, digital asset management (DAM) is surprisingly dynamic. However, it remains challenging to manage the increasing volume and complexity of rich media that organizations and individuals create and consume. Whether it is new formats, like 3D models, new channels, like social short-form video, or new … The post What’s new in OpenText Media Management appeared first on OpenText Blogs.

article thumbnail

HHS Office for Civil Rights Publishes Cybersecurity Resource for HIPAA Implementation

Hunton Privacy

On February 16, 2024, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) and the National Institute of Standards and Technology (“NIST”) published a final version of Special Publication 800-66 Revision 2, “Implementing the Health Insurance Portability and Accountability Act (“HIPAA”) Security Rule: A Cybersecurity Resource Guide.