Mon.Apr 11, 2022

article thumbnail

The Tricky Aftermath of Source Code Leaks

WIRED Threat Level

Lapsus$ hackers leaked Microsoft’s Bing and Cortana source code. How bad is that, really?

article thumbnail

Patch Tuesday to End; Microsoft Announces Windows Autopatch

Data Breach Today

A 'Step Toward Automation as Standard for Patching' But There May Be Exceptions Starting in July, the second Tuesday of every month will "just be another Tuesday," Microsoft says. After releasing patches for vulnerabilities in its software every second Tuesday of every month since 2016, Microsoft says it is now set to roll out automatic updates. Some security experts weigh in.

Security 246
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST ESSAY: Defending ransomware boils down to this: make it very costly for cybercriminals

The Last Watchdog

From financial institutions to meat producers, it seems every industry has been impacted by ransomware in the past year — maybe even the past week. The world’s largest enterprises to the smallest mom-and-pop shops have been devastated by cybercriminals who are looking to hold assets hostage for a big pay day. Related: Tech solutions alone can’t stop ransomware.

article thumbnail

US Bank Regulator Weighs Stablecoin Risks and Benefits

Data Breach Today

OCC's Hsu: Fraud Loss 'Pales in Comparison' to $2 Trillion Crypto Market Wealth Acting Comptroller of the Currency Michael J. Hsu says there are compelling arguments for a centralized U.S. stablecoin, but there are also high risks associated with it. Some security experts question whether the technology has advanced enough and consider stablecoin risks.

Risk 246
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Understanding China’s Data Regulatory Regime: What Are Important Data? And Can They Be Transferred Outside Of China?

Data Matters

The concept of “important data” is a cornerstone of China’s data regulatory regime. The Cyber Security Law (2017) (the CSL ) prohibits operators of critical information infrastructures ( CIIs ) from transferring their “important data” and personal information outside of China. The Data Security Law (2021) (the DSL ) and some recent draft regulations indicate that the prohibition on exports of “important data” is likely to apply to all companies, whether CII operators or not.

More Trending

article thumbnail

Singapore: Higher Fines for Breach of Personal Data Protection Act 2012 (PDPA) – up to 10% of Singapore Turnover

DLA Piper Privacy Matters

Authors: Carolyn Bigg , Yue Lin Lee , Gwyneth To. Increased financial penalties. From 1 October 2022, companies that breach the PDPA may face fines of up to: SGD 1 million; or. where the organisation’s annual turnover in Singapore exceeds SGD 10 million, 10% of the organisation’s Singapore turnover. Penalties imposed under the PDPA could potentially be more stringent compared to the GPDR, which currently imposes fines of up to €20 million or 4% worldwide turnover, whichever is higher.

article thumbnail

BlackCat Attack on Betting Company Disrupts Service

Data Breach Today

Victim Confirms Attack; CEO Says Data, Funds Remain Safe Nigerian betting platform Bet9ja has suffered a ransomware attack perpetrated by the BlackCat ransomware group, the company confirmed on Sunday. The attack disrupted the platform's regular operations, but CEO Ayo Ojuroye maintains that "all accounts, data and funds" are "safe.

article thumbnail

Anonymous hacked Russia’s Ministry of Culture and leaked 446 GB

Security Affairs

The Anonymous collective has hacked Russia’s Ministry of Culture and leaked 446 GB of data through the DDoSecrets platform. Data leak service DDoSecrets has published over 700 GB of data allegedly stolen from the Russian government, including over 500,000 emails. The dump includes three datasets, the largest one is related to the Ministry of Culture at 446 GB (containing 230,000 emails), which is responsible for state policy regarding art, cinematography, archives, copyright, cultural heri

article thumbnail

HHS HC3: Beware of Lapsus$, Email Marketing-Related Threats

Data Breach Today

Authorities Warn Healthcare, Public Health Sectors of Latest Concerns Federal authorities are warning the healthcare sector of potential threats involving Lapsus$ - including those related to the group's recent hack of Okta - and also of potential phishing attacks arising out of a recent breach experienced by email marketing services provider Mailchimp.

Marketing 235
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Former DHS Acting IT Chief Convicted in Software, Database Theft Scheme

Dark Reading

Former DHS employees targeted confidential, proprietary software and personally identifying information (PII) for hundreds of thousands of federal employees.

IT 98
article thumbnail

Microsoft’s Autopatch feature improves the patch management process

Security Affairs

Microsoft announced a feature called Autopatch that will allow organizations to keep their systems up-to-date starting with Windows Enterprise E3 (July 2022). Microsoft recently announced the implementation of a new feature called Autopatch starting with Windows Enterprise E3 in July 2022 that aims at keeping their systems up-to-date. The move aims at improving the patch management process in enterprises that could be exposed to cyber-attacks in case they fail into installing the available patch

article thumbnail

Going Passwordless? Here Are 6 Steps to Get Started

Dark Reading

High costs and user reluctance have stood in the way of passwordless adoption, but conversion can be simplified if you take it in more gradual steps.

IT 91
article thumbnail

Microsoft Azure's Static Web Apps Service Becomes the New Home for Phishing Attacks

KnowBe4

Taking advantage of the value of a legitimate web service, along with a valid SSL certificate, a new campaign of phishing attack targeting online Microsoft credentials is leveraging Azure.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Securing Easy Appointments and earning CVE-2022-0482

Security Affairs

Easy Appointments contained a very dangerous Broken Access Control vulnerability tracked as CVE-2022-0482 that was exposing PII. Another day, another threat to your data. The recently discovered CVE-2022-0482 is a Broken Access Control vulnerability affecting Easy Appointments, a popular open-source web app written in PHP, used by thousands of sites to manage their online bookings.

article thumbnail

Google, GitHub Collaboration Focuses on Securing Code Build Processes

Dark Reading

The software supply chain security tool from GitHub and Google uses GitHub Actions and Sigstore to generate a "tamper-proof" record describing where, when, and how the software is produced.

article thumbnail

FFDroider, a new information-stealing malware disguised as Telegram app

Security Affairs

Cybersecurity researchers spotted a new Windows information-stealing malware, named FFDroider, designed to steal credentials and cookies. Cybersecurity researchers from Zscaler ThreatLabz warn of a new information-stealing malware, named FFDroider, that disguises itself as the popular instant messaging app Telegram. The malware was derived to siphon credentials and cookies from infected machines. “Recently, ThreatLabz identified a novel windows based malware creating a registry key as FFDr

article thumbnail

KnowBe4 Named a Leader in the Spring 2022 G2 Grid Report for Security Awareness Training

KnowBe4

We are thrilled to announce that KnowBe4 has been named a leader in the latest G2 Grid Report that compares Security Awareness Training (SAT) vendors based on user reviews, customer satisfaction, popularity and market presence.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

SuperCare Health discloses a data breach that Impacted +300K people

Security Affairs

SuperCare Health, a leading respiratory care provider in the Western U.S, disclosed a data breach that impacted more than 300,000 individuals. SuperCare Health disclosed a security breach that has led to the exposure of personal information belonging to its patients, patients/members of its partner organizations and others. The company notified impacted individuals and law enforcement agencies.

article thumbnail

In Appreciation: Mike Murray

Dark Reading

Security industry expert who spearheaded healthcare cybersecurity efforts passes away at age 46.

article thumbnail

Dependency Review GitHub Action prevents adding known flaws in the code

Security Affairs

Dependency Review GitHub Action scans users’ pull requests for dependency changes and will raise an error if any new dependencies have existing flaws. GitHub announced Dependency Review GitHub Action which scans users’ pull requests for dependency changes and will raise an error if any new dependencies have existing flaws that can be exploited in supply chain attacks.

article thumbnail

Creating a Security Culture Where People Can Admit Mistakes

Dark Reading

In cybersecurity, user error is the symptom, not the disease. A healthy culture acknowledges and addresses the underlying causes of lapses.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Microsoft Takes Down Domains Used in Cyberattack Against Ukraine

Threatpost

The APT28 (Advanced persistence threat) is operating since 2009, this group has worked under different names such as Sofacy, Sednit, Strontium Storm, Fancy Bear, Iron Twilight, and Pawn.

68
article thumbnail

10 Signs of a Good Security Leader

Dark Reading

Strong leadership can lead to motivated and loyal employees. Here's what that looks like.

article thumbnail

Recapping Run and Transform

Micro Focus

The exciting Micro Focus Universe 2022 conference showcased Micro Focus’ Run and Transform narrative. Derek Britton reflects on what it all means. A Universal Truth The technology conference Micro Focus Universe 2022 recently took place as a virtual event. Covering three time zones, it welcomed thousands of customers, partners, analysts, and technology enthusiasts to a.

IT 59
article thumbnail

ARMA Forms Global Partnership With RIMPA

IG Guru

Check out the article here. The post ARMA Forms Global Partnership With RIMPA appeared first on IG GURU.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Why Emulator Macros Are an Outdated Solution to Today’s Automation Challenge

Rocket Software

At Rocket Software, we see application modernization as a continuous journey, and for many customers the first step on that journey is to modernize the terminal editor used to access critical business applications living on core systems like IBM z and IBM i. Typically, experienced employees leverage the macros tool within terminal emulation on their desk computer to make themselves more efficient.

article thumbnail

6 best practices for a data governance strategy

Collibra

Data governance is a very intricate field, so implementing and sustaining data governance comes with a suite of challenges. Luckily, thousands, if not millions, of organizations use data governance to improve their operations, so you can learn from others’ mistakes and successes. Below are a few of the data governance best practices that Data Intelligent organizations employ when maintaining and amending their data governance programs: Focus on the operating model.

article thumbnail

Jamf is a certified Great Place to Work® and Fortune 100 Best Companies to Work For™

Jamf

The standard in Apple Enterprise Management now has nearly 2,400 employees around the globe, and 96% of our employees say they feel welcomed and cared for. Our presence in 2022 on two lists of companies that provide a positive experience for employees is further testament to the nurturing workplace culture we provide.

52