Mon.Mar 14, 2022

article thumbnail

Governments Should Decide Who Gets to Buy Spyware

Dark Reading

And the world must face the fact that offensive cyber tools have evolved into weapons that are no different from tanks, drones, or missiles.

article thumbnail

Picking parameters

Imperial Violet

When taking something from cryptographic theory into practice, it's very important to pick parameters. I don't mean picking the right parameters — although that certainly helps. I mean picking parameters at all. That might seem obvious, but there are pressures pushing towards abdication: what if you get it wrong? Why not hedge bets and add another option?

IT 154
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How Cobalt Strike Became a Favorite Tool of Hackers

eSecurity Planet

Cobalt Strike was created a decade ago by Raphael Mudge as a tool for security professionals. It’s a comprehensive platform that emulates very realistic attacks. Indeed, the tool can assess vulnerabilities and run penetration tests , while most tools on the market cannot do both. Vulnerability assessment and pentesting are two different things. The first consists of identifying vulnerabilities that could be used by hackers, not exploiting them.

article thumbnail

Cyber Incident Reporting Language in Omnibus Bill Headed to President Biden’s Desk

Hunton Privacy

On March 11, 2022, the U.S. Senate passed an omnibus spending bill that includes language which would require certain critical infrastructure owners and operators to notify the federal government of cybersecurity incidents in specified circumstances. The bill previously was passed by the House of Representatives on March 9, 2022. President Biden is expected to sign the bill and has until March 15, 2022, to do so before the current spending authorization expires.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Ukraine is using Clearview AI’s facial recognition during the conflict

Security Affairs

Ukraine’s defense ministry began using Clearview AI’s facial recognition technology to uncover Russian assailants, combat misinformation and identify the dead. Ukraine’s defense ministry announced it will use the AI’s facial recognition technology offered by Clearview. Clearview’s chief executive Hoan Ton-That confirmed the news to Reuters, the technology will allow the Ukrainian military to uncover Russian assailants, combat misinformation and identify the dead.

Military 108

More Trending

article thumbnail

CaddyWiper, a new data wiper hits Ukraine

Security Affairs

Experts discovered a new wiper, tracked as CaddyWiper, that was employed in attacks targeting Ukrainian organizations. Experts at ESET Research Labs discovered a new data wiper, dubbed CaddyWiper, that was employed in attacks targeting Ukrainian organizations. The security firm has announced the discovery of the malware with a series of tweets: #BREAKING #ESETresearch warns about the discovery of a 3rd destructive wiper deployed in Ukraine.

article thumbnail

Jamf Protect receives several awards for excellence in endpoint protection

Jamf

Independent software review sites Capterra and GetApp recognize Jamf Protect, awarding it top marks in the endpoint protection category, recognizing the purpose-built macOS endpoint security solution as a top performer and industry leader for its threat prevention, device health monitoring and unified logging capabilities, among others.

article thumbnail

Weak password report reveals password reuse problem

Outpost24

Weak password report reveals password reuse problem. 14.Mar.2022. Florian Barre. Mon, 03/14/2022 - 10:54. Specops, and Outpost24 company. Password security. Teaser. Bruteforce and stolen credentials are prime reasons for a data breach. New data recently released shows that setting strong passwords might not be enough in an increasingly volatile cybersecurity landscape.

article thumbnail

iOS and iPadOS re-provisioning workflows: protect patient data and streamline clinical access

Jamf

It’s 2022, and your healthcare IT organization is managing a flood of mobile devices driven by new clinical and patient needs. While some regulatory exceptions were made to ease the use of mobile telehealth solutions in 2020, it’s important for each health system to assess its mobile security posture heading into 2022.

Access 98
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Manufacturing in the Post-Pandemic World – the IoT way

RFID Global Solution, Inc.

The events of the last several years have served to highlight the fragility of the global supply chain and the importance of the manufacturing industry. As we continue to emerge into the post-pandemic era, the value manufacturers can achieve from optimizing their operations is more important than ever. To resolve supply chain shortages and delays, … Manufacturing in the Post-Pandemic World – the IoT way Read More ».

article thumbnail

Social Engineering through Contact Form

KnowBe4

Email is the familiar form of phishing , but there’s an ongoing criminal campaign that follows a different, arguably subtler avenue of approach: the corporate contact form. Abnormal Security has found that the BazarBackdoor is being distributed through this social engineering technique that succeeds in bypassing email filters.

article thumbnail

Anonymous claims to have hacked German subsidiary of Russian energy giant Rosneft

Security Affairs

Anonymous claims to have hacked the systems of the German subsidiary of Russian energy giant Rosneft and stole 20TB of data. The Anonymous hacker collective claimed to have hacked the German branch of the Russian energy giant Rosneft. In hacktivists announced to have stolen 20 terabytes of data from the company. #Anonymous has attacked the energy company Rosneft.

article thumbnail

2022 Foundation Education Scholarships

IG Guru

The Foundation intends to award scholarships of up to $3000 for Graduate level and up to $1200 for under-graduate level applicants. At least one of each will be awarded to qualified International applicants. Applications are being accepted between February 15th and March 15th, 2022. The deadline for ALL scholarship application material is Tuesday, March 31st, Midnight (US […].

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Russia-Ukraine cyber conflict poses critical infrastructure at risk

Security Affairs

While the Russia-Ukraine cyber conflict goes on, nation-state actors, crooks, and hacktivists continue to pose critical infrastructure at risk. Critical infrastructure is a privileged target for almost any kind of threat actor, the ongoing Russia-Ukraine cyber conflict is posing them at risk. Ongoing attacks could cause severe damages to multiple sectors, including transportation, communication, financial services, government facilities, nuclear reactors, and critical manufacturing. “Recen

Risk 95
article thumbnail

The Financial Service and Insurance Industries Need Intelligent Document Processing; Here’s Why

Rocket Software

Analyst firm IDC recently published a Vendor Spotlight report featuring ASG Mobius Content Services (Mobius) and its applications in the financial service and insurance industries. Mobius is a modular, API-led platform that supports complete content lifecycle management in private, public or hybrid cloud as well as on-premises environments. Steve Charbonnier, research manager for IDC’s Enterprise Content Strategies program, shares data-backed insights in the report that explore the trends,

article thumbnail

Brazilian trojan impacting Portuguese users and using the same capabilities seen in other Latin American threats

Security Affairs

Brazilian trojan impacting Portuguese users and using the same capabilities seen in other Latin American threats. Introduction. A new variant of a Brazilian trojan has impacted Internet end users in Portugal since last month (February 2022). Although there are no significant differences and sophistication in contrast to other well-known trojans such as Maxtrilha , URSA , and Javali , an analysis of the artifacts and IOCs obtained from this campaign is presented below.

article thumbnail

Catching the Evasive REvil Ransomware Gang With AI

Dark Reading

Ransomware-as-a-service gangs are difficult to shut down, but sophisticated, AI-driven defenses may finally be killing their profits.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Staff Think Conti Group Is a Legit Employer – Podcast

Threatpost

The ransomware group’s benefits – bonuses, employee of the month, performance reviews & top-notch training – might be better than yours, says BreachQuest’s Marco Figueroa.

article thumbnail

Mobile Threats Skyrocket

Dark Reading

A new report shows an explosion of zero-day attacks and malware focused on mobile devices just as companies adopted widespread bring-your-own device policies.

95
article thumbnail

Leak of Russian Censorship Data

Schneier on Security

The transparency organization Distributed Denial of Secrets has released 800GB of data from Roskomnadzor, the Russian government censorship organization. Specifically, Distributed Denial of Secrets says the data comes from the Roskomnadzor of the Republic of Bashkortostan. The Republic of Bashkortostan is in the west of the country. […]. The data is split into two main categories: a series of over 360,000 files totalling in at 526.9GB and which date up to as recently as March 5, and then t

article thumbnail

Cybercrooks’ Political In-Fighting Threatens the West

Threatpost

They’re choosing sides in the Russia-Ukraine war, beckoning previously shunned ransomware groups and thereby reinvigorating those groups' once-diminished power.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Secureworks Adds Hands-on-Keyboard-Detector to Taegis Platform

Dark Reading

Detector helps prevent, detect, and respond to advanced threats with automation, machine learning, and threat intelligence.

74
article thumbnail

The Hacker Mind: Hacking Aerospace

ForAllSecure

Can you hack an airplane? A satellite in orbit? Turns out that you can. And the fact that hackers are thinking about this now is a very good thing. Steve Luczynski and Matt Mayes join The Hacker Mind to talk about the importance of getting hackers, vendors, and the government to get together and work through problems. That’s why the Aerospace Village at DEF CON exists, to expose various groups of people to each other, and to collectively start to work on solving these problems before they

article thumbnail

Gimmal Records Documentum Connector Update and 5.1 Server Release

Gimmal

Today, Gimmal is announcing an updated version of the Documentum Connector for Gimmal Record, as well as the 5.1 Server release, is now available on our customer download site. Server releases are rollups of the cloud releases along with any updates necessary for the installation of Gimmal Records on client servers or virtual machines. . The updated Documentum Connector will work with both Cloud (SaaS) and Server versions of Gimmal Records and will now allow the selection of which Documentum obj

Cloud 52
article thumbnail

erwin by Quest invites you to our Data Empowerment User Groups

erwin

Technology user groups are a great way to grow your professional network, expand your knowledge and further your career. And in a far-reaching area like data empowerment, erwin® by Quest® wants to help customers like you be able to use our solutions efficiently and strategically. Ultimately, we want to make sure you can reach your digital transformation goals through data.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

CISA Hosts Eighth Cyber Storm Exercise With More than 200 Organizations

Dark Reading

Participants across the globe worked together to respond to a simulated significant cyber incident impacting critical infrastructure.

64
article thumbnail

Inaugural Symposium on eCrime – Dealing with Multiple Data Sources

eDiscovery Daily

Studies show that the average person generates about 100 megabytes of data per minute. While most people leverage technology for work and personal activities, it can also be a tool for criminal offenses. On February 28, 2022, the Henry C. Lee Institute of Forensic Science held a virtual symposium on e-crime. The symposium covered topics such as cell phone forensics, email investigations, and deep fakes.

article thumbnail

Embracing Security by Design: Security Isn't a Pretty Picture

Dark Reading

A starting point for secure UI and UX? Remember that security measures should frustrate attackers, not users.