Mon.May 23, 2022

article thumbnail

Proof of Concept: How Can We Improve Industry Collaboration?

Data Breach Today

Also: Federal Agencies Rolling Out EDR; Stablecoins and Cryptocurrency Regulation In this edition, Ari Redbord and Grant Schneider join ISMG editors to discuss the challenges ahead for the U.S. government as it plans to roll out EDR deployments at more than half of federal agencies this year, how stable the stablecoin economy really is and how to improve industry collaboration.

article thumbnail

MY TAKE: ‘Digital trust’ has a huge role to play mitigating cybersecurity threats, going forward

The Last Watchdog

Modern digital systems simply could not exist without trusted operations, processes and connections. They require integrity, authentication, trusted identity and encryption. Related: Leveraging PKI to advance electronic signatures. It used to be that trusting the connection between a workstation and a mainframe computer was the main concern. Then the Internet took off and trusting the connection between a user’s device and a web server became of paramount importance.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Hospital Cyberattack Compromises Data From Decades Ago

Data Breach Today

Ontario Entity Says Patient, Employee Information Affected A cyberattack detected in December at a Canadian healthcare entity has compromised a wide range of data, including some patient information dating back to 1996, as well as employee vaccination records from last year. Some of the affected data belonged to a nonprofit group of affiliated clinicians.

261
261
article thumbnail

Access Management is Essential for Strengthening OT Security

Thales Cloud Protection & Licensing

Access Management is Essential for Strengthening OT Security. madhav. Tue, 05/24/2022 - 06:11. We have reached the point where highly connected cyber-physical systems are the norm, and the lines between information technology (IT) and operational technology (OT) are blurred. These systems are connected to and managed from the cloud to fine-tune performance, provide data analytics, and ensure the integrity of critical infrastructure across all sectors.

Access 125
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Cyberattack Affects Greenland's Healthcare Services

Data Breach Today

Attack Began on May 9; Patient Records Currently Inaccessible The healthcare services in the island country of Greenland, an autonomous Danish dependent territory, have been crippled by a cyberattack that began on May 9, 2022. Healthcare executives continue to face IT challenges to date, including lack of access to patient records and email services.

Access 260

More Trending

article thumbnail

US Sets Up Multiagency Initiatives to Curb Ransomware

Data Breach Today

FBI, CISA Will Focus on Threat Awareness and DOJ Will Focus on Illicit Crypto Use The U.S. is setting up a Joint Ransomware Task Force, headed by the Cybersecurity and Infrastructure Security Agency and the FBI, as well as two international initiatives, chaired by the Department of Justice, to tackle illegal cryptocurrency activities related to ransomware.

article thumbnail

Russia-linked Turla APT targets Austria, Estonia, and NATO platform

Security Affairs

Russia-linked APT group Turla was observed targeting the Austrian Economic Chamber, a NATO eLearning platform, and the Baltic Defense College. Researchers from SEKOIA.IO Threat & Detection Research (TDR) team have uncovered a reconnaissance and espionage campaign conducted by Russia-linked Turla APT aimed at the Baltic Defense College, the Austrian Economic Chamber (involved in government decision-making such as economic sanctions) and NATO’s eLearning platform JDAL (Joint Advanced Distribut

article thumbnail

How Broadcom Acquiring VMware Would Shake Up Cybersecurity

Data Breach Today

Symantec's Plight Under Broadcom Presents a Cautionary Tale for CISOs Using VMware The tumultuous experience of Symantec under Broadcom's control presents a cautionary tale for CISOs currently using VMware's security technology. Symantec saw massive customer and employee attrition following deal close, and the company's technology doesn't fare as well in reviews by Gartner.

article thumbnail

Russia-linked Fronton botnet could run disinformation campaigns

Security Affairs

Researchers warn that the Fronton botnet was used by Russia-linked threat actors for coordinated disinformation campaigns. Fronton is a distributed denial-of-service (DDoS) botnet that was used by Russia-linked threat actors for coordinated disinformation campaigns. In March 2020, the collective of hacktivists called “ Digital Revolution ” claimed to have hacked a subcontractor to the Russian FSB.

IoT 113
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Why the Employee Experience Is Cyber Resilience

Dark Reading

A culture of trust, combined with tools designed around employee experience, can work in tandem to help organizations become more resilient and secure.

Security 118
article thumbnail

Blockchain Tracing: The U.S. Government’s Newest Tool to Combat Foreign Crime

Data Matters

On May 13, 2022, U.S. Magistrate Judge Zia M. Faruqui of the District of Columbia took the unusual step of unsealing and issuing a Memorandum Opinion captioned “In Re: Criminal Complaint” to explain the court’s conclusion that probable cause existed to authorize a federal criminal complaint against an individual for transmitting over $10 million worth of bitcoin between the United States and an Office of Foreign Assets Control–sanctioned nation, violating the International Emergency Economic P

article thumbnail

QuSecure Carves Out Space in Quantum Cryptography With Its Vision of a Post-RSA World

Dark Reading

NIST may be on the brink of revealing which post-quantum computing encryption algorithms it is endorsing, solidifying commercial developments like QuProtect.

IT 112
article thumbnail

Forging Australian Driver’s Licenses

Schneier on Security

The New South Wales digital driver’s license has multiple implementation flaws that allow for easy forgeries. This file is encrypted using AES-256-CBC encryption combined with Base64 encoding. A 4-digit application PIN (which gets set during the initial onboarding when a user first instals the application) is the encryption password used to protect or encrypt the licence data.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

UK watchdog fines facial recognition firm £7.5m over image collection

The Guardian Data Protection

Clearview AI hit with penalty for collecting images of people from social media and web to add to global database The UK’s data watchdog has fined a facial recognition company £7.5m for collecting images of people from social media platforms and the web to add to a global database. US-based Clearview AI has also been ordered to delete the data of UK residents from its systems by the Information Commissioner’s Office (ICO).

article thumbnail

Snake Keylogger Spreads Through Malicious PDFs

Threatpost

Microsoft Word also leveraged in the email campaign, which uses a 22-year-old Office RCE bug.

137
137
article thumbnail

Europe: EDPB Guidelines on calculation of fines under GDPR – a case of evolution, not revolution?

DLA Piper Privacy Matters

A draft set of EDPB guidelines on the calculation of administrative fines under the GDPR is likely to lead to some further consistency among supervisory authorities on how fines are calculated – however, if adopted, the guidance leaves clear room for the current divergent approaches to continue. On 12 May 2022, the European Data Protection Board ( EDPB ) adopted the draft Guidelines on the calculation of administrative fines under the GDPR (“ the Guidelines ”).

GDPR 98
article thumbnail

How GDPR Is Failing

WIRED Threat Level

The world-leading data law changed how companies work. But four years on, there’s a lag on cleaning up Big Tech.

GDPR 97
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Multiple Governments Buying Android Zero-Days for Spying: Google

Dark Reading

An analysis from Google TAG shows that Android zero-day exploits were packaged and sold for state-backed surveillance.

article thumbnail

ISO 20022: Unlocking the competitive advantage

OpenText Information Management

It seems every organization around the world has a different approach to ISO 20022 implementations. Some financial institutions are attempting to quickly move through the implementation phase, check the compliance box, and move onto other strategic projects. Whereas others are looking to unlock a true competitive advantage with access to the new, rich, data that … The post ISO 20022: Unlocking the competitive advantage appeared first on OpenText Blogs.

article thumbnail

Malicious Python Repository Package Drops Cobalt Strike on Windows, macOS & Linux Systems

Dark Reading

The PyPI "pymafka" package is the latest example of growing attacker interest in abusing widely used open source software repositories.

86
article thumbnail

Don't Just Have a Compliance Season, Have a Culture of Compliance

KnowBe4

“We want compliance training to be impactful like your security awareness training.”.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

After the Okta Breach, Diversify Your Sources of Truth

Dark Reading

What subsequent protections do you have in place when your first line of defense goes down?

86
article thumbnail

How to get the most of supply chain technology via Hyland Blog

IG Guru

Check out the post here. The post How to get the most of supply chain technology via Hyland Blog appeared first on IG GURU.

article thumbnail

Zero Trust for Data Helps Enterprises Detect, Respond and Recover from Breaches

Threatpost

Mohit Tiwari, CEO of Symmetry Systems, explores Zero Trust, data objects and the NIST framework for cloud and on-prem environments.

Cloud 64
article thumbnail

Valeo Networks Acquires Next I.T.

Dark Reading

Next I.T. is the sixth and largest acquisition to date for Valeo Networks.

75
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Cytrox’s Predator spyware used zero-day exploits in 3 campaigns

Security Affairs

Google’s Threat Analysis Group (TAG) uncovered campaigns targeting Android users with five zero-day vulnerabilities. Google’s Threat Analysis Group (TAG) researchers discovered three campaigns, between August and October 2021, targeting Android users with five zero-day vulnerabilities. More TAG research from @_clem1 & @0xbadcafe1 Campaigns targeting Android users with five 0-day vulnerabilities.

article thumbnail

Kingston Digital Releases Touch-Screen Hardware-Encrypted External SSD for Data Protection

Dark Reading

IronKey Vault Privacy 80 External SSD safeguards against brute-force attacks and BadUSB with digitally-signed firmware.

article thumbnail

A flaw in PayPal can allow attackers to steal money from users’ account

Security Affairs

A security researcher announced the discovery of an unpatched flaw in PayPal that could allow attackers to steal money from users. TheHackerNews first reported that a security researcher (that goes online with the moniker h4x0r_dz) has discovered an unpatched flaw in PayPal that could allow attackers to trick users into completing transactions controlled by the attackers with a single click.