Thu.Jul 15, 2021

article thumbnail

Facebook Disrupts Iranian APT Campaign

Data Breach Today

'Tortoiseshell' Group Used the Social Network to Contact Targets Facebook's threat intelligence team says it has disrupted an Iranian advanced persistent threat group that was using the social network as part of an effort to spread malware and conduct cyberespionage operations, primarily in the U.S.

IT 363
article thumbnail

Tips for Maximizing Your Sharepoint Investment

AIIM

With SharePoint now included in Enterprise Microsoft 365 subscriptions, it is now more accessible than ever before. It is tempting for organizations to just jump right in and start setting it up without much forethought. SharePoint, however, is a sophisticated content management system. As a leader in the content management space, it offers a robust set of capabilities.

Libraries 192
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

NortonLifeLock in Talks to Buy Antivirus Rival Avast

Data Breach Today

Both Companies Confirm 'Advanced Discussions'; Avast's Market Valuation Is $7.2 Billion Security software firm NortonLifeLock says it is in "advanced discussions" to acquire Avast, a rival security firm known for its freemium antivirus software. NortonLifeLock was formerly Symantec's consumer-focused business.

Marketing 310
article thumbnail

HelloKitty ransomware now targets VMware ESXi servers

Security Affairs

HelloKitty ransomware gang is using a Linux variant of their malware to target VMware ESXi virtual machine platform. A Linux variant of the HelloKitty ransomware was employed in attacks against VMware ESXi systems. The move of the ransomware gang aims at expanding the operations targeting enterprises that are largely adopting virtualizing platforms.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Educating and Training Future Cybersecurity Pros

Data Breach Today

Rob Clyde of ISACA discusses his ideas for how to raise up the next generation of "cyberwarriors" to serve on the front lines of active defense against cyberthreats.

Education 304

More Trending

article thumbnail

US Offering $10 Million Reward for Cyberthreat Information

Data Breach Today

State Department, DHS Focus on Ransomware Threats to Critical Infrastructure The U.S. Department of State is now offering rewards of up to $10 million for information about cyberthreats to the nation's critical infrastructure. Meanwhile, the government has launched a StopRansomware website offering a central repository of resources.

article thumbnail

SpearTip Finds New Diavol Ransomware Does Steal Data

Security Affairs

Security researchers have linked a new ransomware strain called Diavol to the Wizard Spider threat group behind the Trickbot botnet. BleepingComputer noted the ransomware families utilize the same I/O operations for file encryption queueing and use nearly identical command-line parameters for the same functionality. There may be some similarities, but as they’ve explained and SpearTip has validated, there are two interesting differences that make the direct connection improbable.

article thumbnail

SonicWall Urges Patching of Devices to Ward Off Ransomware

Data Breach Today

Vendor Issues Urgent Security Notice in Light of Ongoing Threat SonicWall is urging users of its Secure Mobile Access 100 series and its Secure Remote Access products running unpatched and end-of-life 8.x firmware to immediately apply patches or disconnect the devices because a ransomware campaign using stolen credentials is targeting the them.

article thumbnail

Hacker's guide to deep-learning side-channel attacks: the theory

Elie

Learn the concepts behind deep-learning side-channels attack, a powerful cryptanalysis technique, by using it to recover AES cryptographic keys from a hardware device.

IT 118
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

For Sale: 'Full Source Code Dump' of DDoS-Guard Service

Data Breach Today

DDoS-Guard Disputes Exploit.in Listing for Customer Data. But What's the Risk to Users? A cybercrime forum seller advertised a "a full dump of the popular DDoS-Guard online service" for sale, but the distributed denial-of-service defense provider, which has a history of defending notorious sites, has dismissed any claim it's been breached. What's the potential risk to its users?

Sales 260
article thumbnail

Hacker's guide to deep-learning side-channel attacks: code walkthrough

Elie

Learn how to perform a deep-learning side-channels attack using TensorFlow to recover AES cryptographic keys from a hardware device power traces, step by step.

118
118
article thumbnail

A 'First Responder' Approach to Cybersecurity

Data Breach Today

Credentialing Program First Step Toward Creating Network of Cyberattack Responders Lessons learned by first responders' efforts to deal with natural disasters can be applied to cyberattack responses, according to organizations that have teamed up to launch a cybersecurity first responder credentialing program - a first step toward creating a network of pros to help respond to cyberattacks.

article thumbnail

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

SonicWall has issued an urgent security alert to warn customers of “ an imminent ransomware campaing ” targeting EOL equipment. SonicWall has issued an urgent security alert to warn companies of “ an imminent ransomware campaing ” targeting some of its equipment that reached end-of-life (EoL). Threat actors could target unpatched devices belonging to Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) families. “Through the course of collaboration with trusted third parti

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

SonicWall Warns Secure VPN Hardware Bugs Under Attack

Threatpost

SonicWall issued an urgent security alert warning customers that some of its current and legacy secure VPN appliances were under active attack.

Security 120
article thumbnail

Hong Kong: Bill to amend the Personal Data (Privacy) Ordinance to combat doxxing acts was gazetted today

Data Protection Report

The Personal Data (Privacy) (Amendment) Bill 2021 (the Bill) was gazetted today, 16 July 2021. The Bill aims to combat doxxing acts through (i) criminalisation of doxxing acts; (ii) empowering the Privacy Commissioner for Personal Data to conduct criminal investigation and institute prosecution for doxxing cases; and (iii) conferring on the Commissioner statutory powers to demand the rectification of doxxing content.

article thumbnail

Key Developments in IoT Security

Thales Cloud Protection & Licensing

Key Developments in IoT Security. madhav. Thu, 07/15/2021 - 10:09. Remember the early days of the emergence of Internet of Things (IoT) devices? The rush to market for consumers to enjoy the modern conveniences offered by these devices shocked the security community. Security experts were concerned that these devices were built with no security in mind.

IoT 99
article thumbnail

Colorado Passes Consumer Privacy Law

Schneier on Security

First California. Then Virginia. Now Colorado. Here’s a good comparison of the three states’ laws.

Privacy 137
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Safari Zero-Day Used in Malicious LinkedIn Campaign

Threatpost

Researchers shed light on how attackers exploited Apple web browser vulnerabilities to target government officials in Western Europe.

article thumbnail

State Dept. to Pay Up to $10M for Information on Foreign Cyberattacks

Dark Reading

The Rewards for Justice program, a counterterrorism tool, is now aimed at collecting information on nation-states that use hackers to disrupt critical infrastructure.

100
100
article thumbnail

Fake Zoom App Dropped by New APT ‘LuminousMoth’

Threatpost

First comes spear-phishing, next download of malicious DLLs that spread to removable USBs, dropping Cobalt Strike Beacon, and then, sometimes, a fake Zoom app.

Phishing 103
article thumbnail

Right to Know: A Historical Guide to the Freedom of Information Act (FOIA) via Ammo.com

IG Guru

Check out the article here. The post Right to Know: A Historical Guide to the Freedom of Information Act (FOIA) via Ammo.com appeared first on IG GURU.

FOIA 97
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Zero-Day Attacks on Critical WooCommerce Bug Threaten Databases

Threatpost

The popular e-commerce platform for WordPress has started deploying emergency patches.

Security 128
article thumbnail

Data officers raid two properties over Matt Hancock CCTV footage leak

The Guardian Data Protection

Computer equipment and electronic devices seized in connection with images of minister kissing aide Two residential properties in the south of England have been raided by data protection officers, as part of their investigation into who leaked CCTV footage of Matt Hancock kissing an aide in his office. The Information Commissioner’s Office (ICO) said it had seized computer equipment and electronic devices as part of the operation on Thursday morning, amid an ongoing investigation into alleged br

article thumbnail

The SolarWinds Hackers Used an iOS Flaw to Compromise iPhones

WIRED Threat Level

Security researchers say the group exploited a zero-day in Apple’s operating system to target European government officials over LinkedIn.

article thumbnail

Attackers Exploited 4 Zero-Day Flaws in Chrome, Safari & IE

Dark Reading

At least two government-backed actors -- including one Russian group -- used the now-patched flaws in separate campaigns, Google says.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Facebook Catches Iranian Spies Catfishing US Military Targets

WIRED Threat Level

The hackers posed as recruiters, journalists, and hospitality workers to lure its victims.

Military 103
article thumbnail

CISA Launches New Website to Aid Ransomware Defenders

Dark Reading

StopRansomware.gov provides information to help organizations protect against, and respond to, ransomware attacks.

article thumbnail

How to run telehealth programs smoothly with Jamf and Apple

Jamf

Telemedicine is, increasingly, the new normal. The International Data Corporation (IDC) predicts that 20% of healthcare organizations will embrace integrated care to improve outcomes during 2021. They further predict that by 2023, 65% of patients will have received care digitally.

52