Mon.Aug 23, 2021

article thumbnail

Misconfigured Microsoft Power Apps Spill Sensitive Data

Data Breach Today

At Least 38 Million Records From Hundreds of Portals Exposed At least 38 million records have been leaked by hundreds of online portals that were unwittingly misconfigured by organizations using Power Apps, a Microsoft service to quickly spin up web apps. Microsoft has now changed default settings for Power Apps to prevent inadvertent data exposures.

329
329
article thumbnail

GUEST ESSAY: Top 5 cyber exposures tied to the rising use of international remote workforces

The Last Watchdog

While every business needs to prioritize cybersecurity, doing so is becoming increasingly complicated. With many employees now working remotely, securing company data isn’t as straightforward as it used to be. Things get even more complicated if you have an international remote workforce. Related: Employees as human sensors. As of 2018, more than 2 million people were working abroad for U.S. companies in China alone.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

CISA: Patching ProxyShell Flaws in Exchange Servers Is Urgent

Data Breach Today

Researchers Find Ransomware Gangs Now Exploiting the Vulnerabilities The Cybersecurity and Infrastructure Security Agency is warning organizations to immediately patch the ProxyShell vulnerabilities in Microsoft Exchange email servers because security researchers say ransomware gangs are exploiting these flaws.

article thumbnail

UK ICO Opens Consultation on Data Transfer Agreements and Guidance

Data Matters

On 11 August 2020, the UK Information Commissioner’s Office ( ICO ) launched a public consultation on its draft international data transfer agreement and guidance ( Consultation ). The Consultation comes two months after the European Commission’s adoption of new EU Standard Contractual Clauses ( EU SCCs ) and the European Data Protection Board’s publication of the final Schrems II guidance.

GDPR 148
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Data Breaches Tied to Ransomware: Look Harder

Data Breach Today

Australia Regulator Says Such Breaches Are Likely Underreported Australia's data regulator says organizations hit by ransomware may be underreporting data breaches because they haven't thoroughly figured out if data was taken. But an "absence of evidence" of a data breach in a ransomware attack isn't sufficient to declare that no data was taken.

More Trending

article thumbnail

Healthcare Organizations Mopping Up After Cyberattacks

Data Breach Today

Ohio Entity Admits 'Negotiating' With Attackers; Nevada System Says Breach Affected 1.3 Million Two large healthcare organizations - Memorial Health System in Ohio and University Medical Center of Southern Nevada - continue to mop up after recent cyberattacks apparently involving ransomware. The Ohio organization admits negotiating "a settlement" with attackers to obtain a decryptor.

article thumbnail

Windows 10 Admin Rights Gobbled by Razer Devices

Threatpost

So much for Windows 10's security: A zero-day in the device installer software grants admin rights just by plugging in a mouse or other compatible device. UPDATE: Microsoft is investigating.

Security 130
article thumbnail

T-Mobile's Current Data Breach Tally: 54 Million Victims

Data Breach Today

Ongoing Probe Has Found More Data Was Stolen Than First Suspected T-Mobile USA says its massive data breach is worse than it first reported: The count of prepaid and postpaid customers whose information was stolen has risen to 14 million. Also revised upward: its count of 40 million exposed credit applications from former customers and prospects.

article thumbnail

Ransomware Groups Look for Inside Help

eSecurity Planet

Ransomware attackers, who use myriad methods to get their malware into the systems of businesses large and small in hopes of pulling down millions of dollars, are now going directly to the source. A researcher with email security solutions vendor Abnormal Security found a threat actor directly emailing employees of a company urging them to release the ransomware into a company computer or Windows server in return for 40 percent – about $1 million – of the expected $2.5 million ransom the company

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

SNI Vulnerability Affects Some Security Products

Data Breach Today

Exploitation Could Enable Attackers to Exfiltrate Data, Researchers Say Researchers at Mnemonics Labs have found a vulnerability in the server name indication, or SNI, of the TLS Client Hello extension. Exploitation could enable attackers to bypass the security protocol of many security products, leading to stealthy exfiltration of data, researchers say.

Security 246
article thumbnail

Microsoft Spills 38 Million Sensitive Data Records Via Careless Power App Configs

Threatpost

Data leaked includes COVID-19 vaccination records, social security numbers and email addresses tied to American Airlines, Ford, Indiana Department of Health and New York City public schools.

Security 116
article thumbnail

US, Singapore Sign Cybersecurity Agreements

Data Breach Today

Nations Agree to Collaborate on Information Sharing, Training The U.S. and Singapore have announced three agreements to expand their collaborative efforts - including shoring up information sharing, research and training - to address global cybersecurity issues.

article thumbnail

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

In good news for organisations handling personal information, China’s Personal Information Protection Law (“ PIPL ”) was finalised on 20 August 2021, and will come into force on 1 November 2021. Rather than bringing substantial changes to the existing China data privacy framework, the PIPL helpfully consolidates and clarifies obligations on processing of personal information at a national law level.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

US State Department Reportedly Sustained Cyber Incident

Data Breach Today

Department Recently Received a 'D' Grade for Its Cybersecurity Defenses The U.S. State Department reportedly recently sustained a cyber incident that prompted a notice to the Defense Department's Cyber Command. The report of the incident follows a congressional report that gave the State Department a "D" grade for its cybersecurity defenses.

article thumbnail

CISA recommends immediately patch Exchange ProxyShell flaws

Security Affairs

US CISA issued an urgent alert to warn admins to address ProxyShell vulnerabilities on-premises Microsoft Exchange servers. The US Cybersecurity and Infrastructure Security Agency (CISA) issued an alert to warn admins to address actively exploited ProxyShell vulnerabilities on-premises Microsoft Exchange servers. ProxyShell is the name of three vulnerabilities that could be chained by an unauthenticated remote attacker to gain code execution on Microsoft Exchange servers.

article thumbnail

T-Mobile's Revised Breach Tally: 54 Million Customers

Data Breach Today

Ongoing Probe Has Found More Data Was Stolen Than First Suspected T-Mobile USA says its massive data breach is worse than it first reported: The count of prepaid and postpaid customers whose information was stolen has risen to 14 million. Also revised upward: its count of 40 million exposed credit applications from former customers and prospects.

article thumbnail

Are you using a Sophos UTM appliance? Be sure it is up to date!

Security Affairs

A researcher disclosed technical details of a critical remote code execution vulnerability, tracked as CVE-2020-25223, patched last year. In September, Sophos addressed a remote code execution vulnerability (CVE-2020-25223) in the WebAdmin of SG UTM that was reported via the company bug bounty program. At the time, the security vendor said that there was no evidence that the vulnerability was exploited in attacks in the wild.

IT 99
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Andy Jenkinson of CIP: 'Shut the Digital Doors'

Data Breach Today

Andy Jenkinson of Cybersec Innovation Partners has found an alarming number of flaws and misconfigurations in websites and web servers run by some of the biggest players in government, healthcare and even cybersecurity. He discusses this pressing issue in the latest episode of "Cybersecurity Unplugged.

article thumbnail

FTC Alleges Facebook Resorted to Illegal Buy-or-Bury Scheme to Crush Competition After String of Failed Attempts to Innovate via the FTC

IG Guru

Check out the press release here. The post FTC Alleges Facebook Resorted to Illegal Buy-or-Bury Scheme to Crush Competition After String of Failed Attempts to Innovate via the FTC appeared first on IG GURU.

article thumbnail

Record-Setting DDoS Attack Hits Financial Service Firm

Data Breach Today

17.2 Million Request-Per-Second Attack Launched by 20,000 Bots, Cloudflare Says Security firm Cloudflare says it detected and mitigated a 17.2 million request-per-second (rps) distributed denial of service attack, almost three times larger than any previously reported HTTP DDoS attack.

article thumbnail

ProxyShell Attacks Pummel Unpatched Exchange Servers

Threatpost

CISA is warning about a surge of ProxyShell attacks, as Huntress discovered 140 webshells launched against 1,900 unpatched Microsoft Exchange servers.

Cloud 97
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

38M Records Exposed Online—Including Contact-Tracing Info

WIRED Threat Level

Misconfigured Power Apps from Microsoft led to more than a thousand web apps accessible to anyone who found them.

Access 101
article thumbnail

Attackers Actively Exploiting Realtek SDK Flaws

Threatpost

Multiple vulnerabilities in software used by 65 vendors under active attack.

110
110
article thumbnail

Focus on customer experience to stand out from your retail banking competitors

OpenText Information Management

Conventional marketing wisdom dictates that acquisition is where you focus all your efforts. After all, you need new customers to sell to! However, when that’s what everyone else in your industry is doing, there’s a lot less room to stand out. That’s definitely true in the retail banking sector. CX Index: What is it, and … The post Focus on customer experience to stand out from your retail banking competitors appeared first on OpenText Blogs.

article thumbnail

Managing Privileged Access to Secure the Post-COVID Perimeter

Threatpost

Joseph Carson, chief security scientist & advisory CISO at ThycoticCentrify, discusses how to implement advanced privileged-access practices.

Access 80
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Shutterstock integration for OpenText Media Management

OpenText Information Management

We’ve all experienced the stress of an asset emergency. Something (a piece of collateral, a video, instore signage, etc.) needs to be finalized straight away, but it’s missing that vital visual component. That’s when you reach for the stock photo library to fill the gap. Traditionally, you have to browse the library to find what … The post Shutterstock integration for OpenText Media Management appeared first on OpenText Blogs.

article thumbnail

8 Tips for Transitioning from Remote Work to a New Office

Adapture

8 Tips for Transition ing from Remote Work to a New Office. With many companies onboarding remotely during 2020, some employees have never seen their company’s office in-person, even after working with the team for over a year. Is this you? If you’re worried about making the transition to a new space after establishing your work relationships from afar, don’t worry.

article thumbnail

Blog updates

Adam Shostack

I’m in the process of replacing this site, threatmodelingbook.com, and the associates.shostack.org site with a new, unified [link]. I’ll be saying more about the redesign, but as part of it, I’m migrating the blog over there. There are a few new posts there that I forgot to mirror here, including: Threat Modeling Through the JoHari Window.

Risk 40