Thu.Mar 28, 2019

article thumbnail

MY TAKE: Why DDoS weapons will proliferate with the expansion of IoT and the coming of 5G

The Last Watchdog

A couple of high-profile distributed denial-of-service (DDoS) attacks will surely go down in history as watershed events – each for different reasons. Related: IoT botnets now available for economical DDoS blasts. In March 2013, several impossibly massive waves of nuisance requests – peaking as high as 300 gigabytes per second— swamped Spamhaus , knocking the anti-spam organization off line for extended periods.

IoT 237
article thumbnail

Perpetual 'Meltdown': Security in the Post-Spectre Era

Data Breach Today

SonicWall's Bill Conner on Side-Channel Attacks and Other Emerging Threats The information security world has been beset by the emergence of multiple side-channel attacks, including Meltdown, Spectre and most recently Spoiler, that have proven difficult to fully fix, says Bill Conner, president and CEO of SonicWall.

Security 259
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Jamf Connect now integrates with Google’s G Suite and Cloud Identity

Jamf

The integration with Google Cloud allows IT admins to easily set up and manage local educator and student Mac accounts, while also requiring users to authenticate with their G Suite credentials. Read more.

Cloud 106
article thumbnail

The Impact of Digital Transformation on Security

Data Breach Today

Kory Daniels of Trustwave on Scaling Security at the Speed of Business Identifying the data gaps in the rapidly expanding attack surface is critical to allow more sophisticated preventive and response capabilities, says Kory Daniels of Trustwave.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Malware Installed in Asus Computers Through Hacked Update Process

Schneier on Security

Kaspersky Labs is reporting on a new supply chain attack they call "Shadowhammer.". In January 2019, we discovered a sophisticated supply chain attack involving the ASUS Live Update Utility. The attack took place between June and November 2018 and according to our telemetry, it affected a large number of users. [.]. The goal of the attack was to surgically target an unknown pool of users, which were identified by their network adapters' MAC addresses.

More Trending

article thumbnail

BELGIUM: NEW DATA PROTECTION COMMISSIONER

DLA Piper Privacy Matters

By Patrick Van Eecke & Peter Craddock. Today, 29 March 2019, the Belgian House of Representatives appointed the new commissioner and directors of the Belgian Data Protection Authority (DPA). The commissioner will be dr. David Stevens, a seasoned data protection expert with a strong academic background and experience in the telco and data analytics industry.

GDPR 93
article thumbnail

Systems Used to Track U.S. Debt Vulnerable - Report

Data Breach Today

GAO Audit Finds Systems Treasury Department Uses Have Security Flaws The computer systems the U.S. Department of the Treasury uses to track the nation's debt have serious security flaws that could allow unauthorized access to a wealth of federal data, according to a pair of audits released this week by the Government Accountability Office.

article thumbnail

Is your school GDPR-compliant? Use our checklist to find out

IT Governance

At the recent ASCL (Association of School and College Leaders) conference , a guest said to us: “The GDPR ? Wasn’t that last year?”. Our heads fell into our hands. How was it possible for someone to be so misguided about such a well-publicised regulation, the requirements of which have huge ramifications for the way organisations handle personal data?

GDPR 91
article thumbnail

Australia's Crypto-Cracking Law Is Spooking Big Tech

Data Breach Today

Microsoft's Brad Smith Says Companies Don't Want to Store Data There Brad Smith, Microsoft's chief legal officer, says Australia's encryption-busting law is causing companies and governments to look elsewhere to store their data. Microsoft hasn't changed it own local operations yet, but other companies say they're no longer comfortable storing data there, he says.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

New Shodan Monitor service allows tracking Internet-Exposed devices

Security Affairs

Shodan IoT search engine announced the launch of a new service called Shodan Monitor designed to help organizations to maintain track of systems connected to the Internet. Shodan , the popular IoT search engine, announced this week the launch of a new service called Monitor designed to help organizations to maintain track of systems connected to the Internet.

IoT 90
article thumbnail

Inside Cyber Battlefields, the Newest Domain of War

Dark Reading

In his Black Hat Asia keynote, Mikko Hypponen explored implications of "the next arms race" and why cyber will present challenges never before seen in warfare.

90
article thumbnail

Gustuff Android banking trojan targets 125+ banking, and 32 cryptocurrency apps

Security Affairs

Security experts at Group-IB have detected the activity of Gustuff a mobile Android Trojan, which includes potential targets of customers in leading international banks, users of cryptocurrency services, popular ecommerce websites and marketplaces. Gustuff has previously never been reported. Gustuff is a new generation of malware complete with fully automated features designed to steal both fiat and crypto currency from user accounts en masse.

article thumbnail

Microsoft Takes Down 99 Hacker-Controlled Websites

Dark Reading

A judge granted Microsoft the injunction allowing them to disrupt a network of sites operated by an Iranian-linked group of hackers.

89
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Lazarus APT continues to target cryptocurrency businesses with Mac malware

Security Affairs

North Korea-linked Lazarus group made the headlines again, it has been leveraging PowerShell to target both Windows and macOS machines. The North Korea-linked Lazarus APT group made has been leveraging PowerShell to target both Windows and macOS machines in a new wave of attacks. The discovery was made by experts at Kaspersky Lab, the campaign has been ongoing since at least November 2018, Kaspersky Lab reports.

article thumbnail

The Cybersecurity Lessons Your Company Can Learn From a Sensational Police Misconduct Story

Adam Levin

Florida police officer Leonel Marines resigned after a police investigation revealed the 12-year veteran of the Bradenton Police Department had been using police databases like a dating app to locate potential women for fun and maybe more. He’d been doing it for years. While it’s surprising this 5-0 Romeo actually got some dates playing fast and loose with his access to driver’s license and vehicle registration databases, the more shocking thing about this story is that it co

article thumbnail

ASUS fixes supply chain of Live Update tool hit in Operation ShadowHammer

Security Affairs

ASUS released security patches to fix the issues in the Live Update utility that were exploited by threat actors in Operation ShadowHammer. ASUS announced to have released a fix for the Live Update utility that was exploited by threat actors behind the Operation ShadowHammer to deliver malware to hundreds of users. . The Operation ShadowHammer took place between June and November 2018, but experts from Kaspersky Lab discovered it in January 2019.

article thumbnail

HTTPS Isn't Always As Secure As It Seems

WIRED Threat Level

A surprising number of high-traffic sites have TLS vulnerabilities that are subtle enough for the green padlock to still appear.

IT 89
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Serverless Cloud Security: How to Secure Serverless Computing

eSecurity Planet

Serverless is a new computing paradigm that also introduces new security risks. Learn what serverless is and security steps organizations need to take.

article thumbnail

The Huawei Threat Isn't Backdoors. It's Bugs

WIRED Threat Level

A British report finds that Huawei equipment, suspected of including backdoors for China's government, suffers from a lack of "basic engineering competence.".

IT 77
article thumbnail

Reveille sponsors OpenText Enterprise World and OpenText Enfuse

OpenText Information Management

OpenText™ Enterprise World 2019 officially kicked off this month with Enterprise World Europe in Vienna, the first of three stops on our global tour. Enterprise World will be in Singapore from April 16-17 and will wrap up in Toronto from July 9-11. This year, Enterprise World will bring you more in-depth sessions on our leading … The post Reveille sponsors OpenText Enterprise World and OpenText Enfuse appeared first on OpenText Blogs.

64
article thumbnail

Microsoft Tackles IoT Security with New Azure Updates

Dark Reading

The Azure Security Center for IoT provides teams with an overview of IoT devices and helps monitor their security properties.

IoT 78
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Gamers Urged to Patch Critical Bugs in GOG Galaxy

Threatpost

Video game digital distribution platform GOG Galaxy Games has patched two critical privilege escalation flaws that could allow arbitrary code execution.

61
article thumbnail

40% of Organizations Not Doing Enough to Protect Office 365 Data

Dark Reading

By not using third-party data backup tools, companies are leaving themselves open to attack, a new report finds.

81
article thumbnail

Lazarus Group Widens Tactics in Cryptocurrency Attacks

Threatpost

MacOS users, as well as Windows, are in the cross-hairs, especially those based in South Korea.

article thumbnail

Quantum Computing and Code-Breaking

Dark Reading

Prepare today for the quantum threats of tomorrow.

108
108
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

An Australian perspective on HIMSS 2019 …

DXC Technology

Pulse Series: As part of the 21st Century Series on Australian Healthcare, David Pare, CTO for DXC Healthcare and Life Sciences in Australia and New Zealand, will focus on news, start-ups and developments within the industry — what’s happening, what’s being done to drive innovation, and what’s new or newsworthy. Despite the 15 years I […].

49
article thumbnail

Enterprise Data Encryption Hits All-time High

Dark Reading

A new report by the Ponemon Institute shows 45% of organizations have a comprehensive encryption policy in place.

article thumbnail

IT Security Vulnerability Roundup – March 2019

eSecurity Planet

We take a look at 14 of the most critical security flaws disclosed over the past few weeks.