Wed.Jul 28, 2021

article thumbnail

UC San Diego: Phishing Leads to Account Access for Months

Data Breach Today

Intrusion Affects Patients, Employees and Students UC San Diego Health says a phishing incident led to unauthorized access to an undisclosed amount of information on patients, employees and students for at least four months.

Phishing 355
article thumbnail

IBM Cost of a Data Breach study: average Cost of Data Breach exceeds $4.2M

Security Affairs

The ‘Cost of a Data Breach’ report commissioned by IBM Security states that the cost of a data breach exceeded $4.2 million during the COVID19 pandemic. IBM Security presented today the annual study “Cost of Data Breach,” conducted by Ponemon Institute and sponsored and analyzed by IBM, which is based on data related to data breaches suffered by over 500 organizations between May 2020 and March 2021.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Measuring Success of 'No More Ransom' Portal

Data Breach Today

Europol Says Program Has Saved Ransomware Victims Over $1 Billion Europol says the "No More Ransom" portal, launched five years ago, so far has helped more than 6 million ransomware victims worldwide recover their files for free so they could avoid paying almost 1 billion euros ($1.2 billion) in ransoms.

article thumbnail

US, UK, and Australian agencies warn of top routinely exploited issues

Security Affairs

A joint report published by US, UK, and Australian cyber security agencies warns of the top routinely exploited vulnerabilities in 2020. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI) published a Joint Cybersecurity Advisory that provides details on the top 30 vulnerabilities exploited by threat actors in 2020.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Is REvil Ransomware Operation Returning as 'BlackMatter'?

Data Breach Today

Expert: More Likely, an Affiliate Has Repurposed REvil's Crypto-Locking Malware Has the REvil ransomware operation come storming back? Experts say a new operation called BlackMatter has wielded REvil's code against at least one victim, claims to combine "the best features of DarkSide, REvil and LockBit," and may be a former affiliate of one or more of these ransomware operations.

More Trending

article thumbnail

Waging a War on Cybercrime With Big Data and AI

Data Breach Today

Some 95% of today’s compromises are either zero-day exploits or malware-free attacks; that means that signature-based behavioral defenses only work for 5% of attacks, says Joe Head of Intrusion Inc. He discusses how to use massive lists of historical data to train AI to spot and stop malicious activity.

Big data 301
article thumbnail

FBI, CISA Reveal Most Exploited Vulnerabilities

eSecurity Planet

The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) joined counterparts in the UK and Australia today to announce the top 30 vulnerabilities exploited since the start of the pandemic. The list, a joint effort with the Australian Cyber Security Centre (ACSC) and the UK’s National Cyber Security Centre (NCSC), details vulnerabilities – primarily Common Vulnerabilities and Exposures (CVEs) – “routinely exploited by malicious cyber actors in 2020 and those being

article thumbnail

Kaseya's Unitrends Technology Has Zero-Day Flaws

Data Breach Today

Researchers Warn: Do Not Expose Technology to the Internet Researchers are warning of three zero-day vulnerabilities in Kaseya's Unitrends cloud-based enterprise backup and disaster recovery technology. The news comes after a July 2 ransomware attack exploiting flaws in Kaseya's VSA software had a major impact.

article thumbnail

BlackMatter ransomware group claims to be Darkside and REvil succesor

Security Affairs

BlackMatter ransomware gang, a new threat actor appears in the threat landscape and claims to combine TTPs of Darkside and REvil. BlackMatter is a new ransomware gang that started its activity this week, the cybercriminals group claims to be the successor of Darkside and REvil groups. Lile other ransomware operations, BlackMatter also set up its leak site where it will publish data exfiltrated from the victims before encrypting their system.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Biden Calls for Critical Infrastructure Security Standards

Data Breach Today

National Security Memo Requires NIST, CISA to Create Standards, But Compliance Is Voluntary President Joe Biden signed an executive national security memorandum on Wednesday calling for the development of new critical infrastructure cybersecurity standards for various industries. CISA and NIST will develop the standards, and compliance will be voluntary - at least initially.

Security 274
article thumbnail

Another Court Deems Forensic Investigation Report Not Privileged

Hunton Privacy

On July 22, 2021, a Magistrate Judge in the U.S. District Court for the Middle District of Pennsylvania (the “Court”) ordered Rutter’s, a convenience-store chain, to produce an investigative report prepared by a security consultant regarding a suspected data breach event, as well as all communications between the party and the company performing the investigation.

article thumbnail

BlackMatter & Haron: Evil Ransomware Newborns or Rebirths

Threatpost

They’re either new or old REvil & DarkSide wine in new bottles. Both have a taste for deep-pocketed targets and DarkSide-esque virtue-signaling.

article thumbnail

Chinese cyberspies used a new PlugX variant, dubbed THOR, in attacks against MS Exchange Servers

Security Affairs

A China-linked cyberespionage group, tracked as PKPLUG, employed a previously undocumented strain of a RAT dubbed THOR in recent attacks. A China-linked cyberespionage group tracked as PKPLUG (aka Mustang Panda and HoneyMyte), which is known for targeting Southeast Asia, exploited vulnerabilities in the Microsoft Exchange Server to deploy a previously undocumented variant of PlugX on compromised systems.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

White House Issues Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems

Hunton Privacy

On July 28, 2021, President Biden signed a National Security Memorandum entitled “ Improving Cybersecurity for Critical Infrastructure Control Systems ” (the “Memorandum”). The Memorandum formally establishes an Industrial Control Systems Cybersecurity Initiative and directs the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (“CISA”) and the Department of Commerce’s National Institute of Standards and Technology (“NIST”), in collaboration with other agencies,

article thumbnail

Podcast: Why Securing Active Directory Is a Nightmare

Threatpost

Researchers preview work to be presented at Black Hat on how AD “misconfiguration debt” lays out a dizzying array of attack paths, such as in PetitPotam.

Security 111
article thumbnail

8 Security Tools to be Unveiled at Black Hat USA

Dark Reading

Security researchers and practitioners share a host of new cyber tools for penetration testing, reverse engineering, malware defense, and more.

Security 140
article thumbnail

Reboot of PunkSpider Tool at DEF CON Stirs Debate

Threatpost

Researchers plan to introduce a revamp of PunkSpider, which helps identify flaws in websites so companies can make their back-end systems more secure, at DEF CON.

Security 105
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Dutch DPA Fines TikTok 725,000 EUR for Transparency Violations

Hunton Privacy

On July 22, 2021, the Dutch Data Protection Authority (“Dutch DPA”) announced that it had imposed a €725,000 fine on TikTok for violating the privacy of young children namely for the company’s alleged lack of transparency. The fine comes after the Dutch DPA had previously investigated TikTok for alleged children’s privacy violations and submitted a report of its findings to the company in October 2020.

GDPR 89
article thumbnail

Why agnostic access security is critical for compliance in the post Schrems II landscape

Thales Cloud Protection & Licensing

Why agnostic access security is critical for compliance in the post Schrems II landscape. madhav. Wed, 07/28/2021 - 07:38. The Schrems II ruling has changed the data protection landscape and introduced new security requirements for the companies wishing to do business with the European Union (EU). In this regard, a cloud agnostic, flexible, and controlled access security solution may come in very handy for organizations.

article thumbnail

From Document Management to Launching a Tech-only Knowledgebase

IG Guru

July 28th, 2021 My background is document imaging, document and records management. I have been a reseller of numerous industry solutions, have utilized many software and hardware technologies for my business and service bureau, and consulted companies and government agencies on their business processes. My experience started with Laserfiche in the early ’90s, and since […].

article thumbnail

Every individual interaction is the one that matters

OpenText Information Management

According to McKinsey, around 80 percent of government efforts to transform performance don’t fully meet their objectives. However, the consultancy holds the US Department of Veterans Affairs (VA) as an exemplar when it comes to citizen experience. Between 2015 and 2018, the agency was able to increase the trust of its customers from 47 percent … The post Every individual interaction is the one that matters appeared first on OpenText Blogs.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Ensure the security of all devices with Beyond Identity’s integration with Jamf

Jamf

Beyond Identity’s Director of Product Marketing, Katie Wah, on how to ensure strong, passwordless authentication and force all devices to meet security requirements at the time of login.

article thumbnail

The Hacker Mind Podcast: Hacking Charity

ForAllSecure

Hackers are charitable in ways that might surprise you. Whether it is in Africa or rural Arkansas, hackers find ways to use their skills for good reasons. Jake Daniel and Jason Kent return to The Hacker Mind to discuss the various ways hackers are helping society by contributing to charitable organizations … even starting their own. From BSides, to DerbyCon, to Shmoocon, even on the Apple App Store you can find evidence of their hard work.

article thumbnail

Everything you need to know about FinTech regulations and compliance

Jamf

The Financial sector has adopted technology and security to provide digital financial services and safeguard data. While the sensitive nature of the data and rapidly changing technological landscape pose unique cybersecurity challenges to IT, we can help you make sense of its complexities in part two of a two part series by identifying the risks, addressing concerns and complying with regulations.

article thumbnail

Why Enterprises Need a Technology Agnostic Approach for PKI Automation

HID Global

Why Enterprises Need a Technology Agnostic Approach for PKI Automation. mchandarana. Wed, 07/28/2021 - 12:29.

52
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

The State of Blockchain Applications in Cybersecurity

eSecurity Planet

Whether perceived or real, a lack of understanding about blockchain technology has slowed the adoption of advanced distributed database technology in the past decade. As the tide turns and more organizations find ways to implement blockchain, time will tell if it’s as influential in improving business processes as the hype has led us to believe. The brilliance of blockchain technology lies in its ability to validate transactions between parties, and, in turn, store a permanent record of those tr

article thumbnail

De-anonymization Story

Schneier on Security

This is important : Monsignor Jeffrey Burrill was general secretary of the US Conference of Catholic Bishops (USCCB), effectively the highest-ranking priest in the US who is not a bishop, before records of Grindr usage obtained from data brokers was correlated with his apartment, place of work, vacation home, family members’ addresses, and more. […].

IT 142
article thumbnail

West Coast, East Coast, and Now Mountains, Too: Colorado Joins the Comprehensive State Privacy Law Club

Data Matters

With the U.S. Congress continuing to stymie federal omnibus privacy legislation, states have decidedly taken up the call. Most recently, on July 8, 2021, Colorado Gov. Jared Polis signed into law Senate Bill 21-190, the Colorado Privacy Act (CPA). With the signing of the CPA, which will largely go into effect on July 1, 2023, Colorado became the third state to enact comprehensive privacy legislation following the California Privacy Rights Act (CPRA) and the Virginia Consumer Data Protection

Privacy 88