Krebs on Security

SEPTEMBER 11, 2019

MyPayrollHR , a now defunct cloud-based payroll processing firm based in upstate New York, abruptly ceased operations this past week after stiffing employees at thousands of companies. The ongoing debacle, which allegedly involves malfeasance on the part of the payroll company’s CEO, resulted in countless people having money drained from their bank accounts and has left nearly $35 million worth of payroll and tax payments in legal limbo.

Financial Services 279

Financial Services Cloud Insurance IT 279

Data Breach Today

SEPTEMBER 11, 2019

September's Patch Tuesday Addresses Elevation of Privileges Flaws As part of its September Patch Tuesday security update, Microsoft issued software fixes for two vulnerabilities in several versions of Windows that it says are being exploited by attackers in the wild. Security experts are urging IT teams to quickly patch these flaws.

Security 251

Security IT 251

The Last Watchdog

SEPTEMBER 11, 2019

One of the promising cybersecurity trends that I’ve been keeping an eye on is this: SOAR continues to steadily mature. Security orchestration, automation and response, or SOAR, is a fledgling security technology stack that first entered the cybersecurity lexicon about six years ago. Related: Here’s how Capital One lost 100 million customer records SOAR holds the potential to slow – and, ultimately, to help reverse – the acute and worsening cybersecurity skills shortage.

Security 119

Security Big data Cybersecurity Analytics 119

Data Breach Today

SEPTEMBER 11, 2019

Experts Warn That Attacks Continue to Evolve The ransomware blitz against the healthcare sector continues: A Utah clinic has reported an attack that potentially affected 320,000 patients, making it one of the largest breaches of its kind so far this year.

Ransomware 195

Ransomware IT 195

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Security Affairs

SEPTEMBER 11, 2019

Experts discovered a flaw dubbed NetCAT (Network Cache ATtack) that affects all Intel server-grade processors and allows to sniff sensitive data over the network. Researchers from VUSec group at Vrije Universiteit Amsterdam have discovered a new vulnerability that can be exploited by a remote attacker to sniff sensitive details by mounting a side-channel attack over the network.

Paper 90

Paper Access Encryption Security 90

DXC Technology

SEPTEMBER 11, 2019

Raise your hand if you have deployed one or more robots in your operations. Good. Now raise your hand if you have deployed one hundred or more robots. Not there yet? No worry, as that is currently the situation in most businesses. With robotic process automation (RPA) pilots almost everywhere, creating industrial scale has emerged […].

85

85

Data Breach Today

SEPTEMBER 11, 2019

Pentagon and DOE Pitch Security Frameworks - But Should They Defer to NIST? The Pentagon and the Department of Energy are pitching new or revised cybersecurity capability maturity models to help their sectors prioritize cybersecurity investments and refine processes and controls. But should they defer to the NIST Cybersecurity Framework instead?

Cybersecurity 190

Cybersecurity Government Security 190

IT Governance

SEPTEMBER 11, 2019

We’re back for another round-up of phishing scams that caught our eye over the past month. This series provides real-life examples of phishing emails, helping you understand how they work and what you should do to avoid falling victim. You can check out last month’s list if you missed it. In the meantime, let’s get to September’s catches of the month: Yahoo Mail customers targeted by Apple scam.

Phishing 83

Phishing Retail Cloud Data breaches 83

Data Breach Today

SEPTEMBER 11, 2019

Hackers Have Attacked at Least 12 Targets Since 2018, Symantec Researchers Say A Chinese advanced persistent threat group dubbed "Thrip" has attacked at least 12 organizations in Southeast Asia since being exposed last year, Symantec researchers say. The group appears to be linked to Billbug, another Chinese APT group that has been around for a decade.

175

175

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Security Affairs

SEPTEMBER 11, 2019

Security experts have discovered that some models of D-Link and Comba WiFi routers leak their administrative login credentials in plaintext. Security researchers from Trustwave’s SpiderLabs have discovered several credential leaking vulnerabilities in some models of D-Link and Comba Telecom. The researcher Simon Kenin from SpiderLabs discovered five credential leaking vulnerabilities, three of them affect some Comba Telecom WiFi routers, the remaining impact a D-Link DSL modem.

Passwords 79

Passwords Authentication Access Security 79

Data Breach Today

SEPTEMBER 11, 2019

In the past year, cybercriminals behind two of the biggest ransomware attacks have abandoned other techniques in favor of exploiting remote desktop protocol. Matt Boddy of Sophos explains why RDP attacks are so popular - and what you can do to discourage them.

Risk 153

Risk Security Ransomware 153

Security Affairs

SEPTEMBER 11, 2019

Security researchers at Fortinet uncovered a malspam campaign aimed distributing the LokiBot malware at a US manufacturing company. FortiGuard SE Team experts uncovered a malspam campaign aimed distributing the LokiBot malware at a US manufacturing company. The Lokibot malware has been active since 2015, it is an infostealer that was involved in many malspam campaigns aimed at harvest credentials from web browsers, email clients, admin tools and that was also used to target cryptocoin-wallet own

Manufacturing 78

Manufacturing Phishing Passwords Sales 78

Dark Reading

SEPTEMBER 11, 2019

Conspirators stole more than 250,000 identities and filed more than 10,000 fraudulent tax returns, the Department of Justice reports.

85

85

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Threatpost

SEPTEMBER 11, 2019

Proofpoint's senior director of the threat research team discusses the strange levels that attackers are going to in order to persuade victims to click on phishing messages.

Phishing 68

Phishing Paper Security 68

Dark Reading

SEPTEMBER 11, 2019

CA/Browser Forum wants SSL certificates to expire after a year. Many businesses that rely on them aren't equipped to cope.

IT 83

IT Security 83

Threatpost

SEPTEMBER 11, 2019

An exposed database containing 17 million email addresses exposed a massive fraud scheme impacting vendors like Groupon and Ticketmaster.

Security 78

Security 78

Collaboration 2.0

SEPTEMBER 11, 2019

Lines are blurring between fintech banking and consumer digital wallets, major consumer brands have much to gain and more to lose as the race to serve future customers with their own unique currencies accelerates

66

66

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Threatpost

SEPTEMBER 11, 2019

A coordinated effort between multiple agencies arrested suspects in Nigeria, the U.S. and eight other countries as well as seized nearly $3.7 million.

Government 73

Government Security 73

The Guardian Data Protection

SEPTEMBER 11, 2019

Move to use data hubs is likely to raise anxiety about possible breaches in privacy Britain is about to start using information about millions of NHS patients’ medical histories to boost the search for cures for ailments such as cancer, asthma and mental illness. Seven new “data hubs” are set to revolutionise medical research by giving doctors, scientists and academics access to unprecedented data about who gets ill in the first place and who responds best to treatment.

Privacy 65

Privacy Access 65

Dark Reading

SEPTEMBER 11, 2019

A new set of regulations converts the government ban on using Kaspersky products from a temporary rule to one that's permanent.

Government 77

Government 77

Threatpost

SEPTEMBER 11, 2019

An Elastica DB belonging to Dealer Leads exposed a raft of information collected by "research" websites aimed at prospective car buyers.

Cloud 70

Cloud Privacy Security 70

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Dark Reading

SEPTEMBER 11, 2019

It's time for cybersecurity manufacturers and solution providers to step up and show leadership in addressing firmware security. Read why and how.

Manufacturing 72

Manufacturing Cybersecurity Security IT 72

OpenText Information Management

SEPTEMBER 11, 2019

When it comes to hospital laboratory outreach solutions, it’s not just about accurate test results and clean orders. Hospitals use lab outreach programs to enable marketing and selling of testing and other lab services to local physician practices or other providers. Today, labs can provide additional value to both physicians and patients by becoming a … The post It’s a jungle out there appeared first on OpenText Blogs.

Marketing 59

Marketing IT Digital transformation 59

Dark Reading

SEPTEMBER 11, 2019

From university courses to open source self-starters, community software projects aim to solve problems for populations in need. A focus on security is required as well.

Security 64

Security 64

IG Guru

SEPTEMBER 11, 2019

June 19 2019 via BBC News Archivists who bought a stash of CDs at a house clearance sale found 2,400 photos of Ground Zero in New York taken following the 9/11 attacks in 2001. They appear to have been taken by an as yet unidentified construction worker who helped to clear up the wreckage of […]. The post Unseen 9/11 photos bought at house clearance sale appeared first on IG GURU.

Sales 52

Sales Records Management Archiving Information governance 52

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Threatpost

SEPTEMBER 11, 2019

Telemetry for the first half of the year shows that Apple's ecosystem is firmly in cybercriminals' sights.

Phishing 68

Phishing IT Security 68

Information Management Resources

SEPTEMBER 11, 2019

A trustworthy cloud developer should take precautions and improve cloud security the best it can—but how responsible should the developer be for ensuring the integrity of their system?

Cloud 55

Cloud Security IT 55

Threatpost

SEPTEMBER 11, 2019

A new attack on Intel server-grade CPUs could allow the leakage of SSH passwords - but luckily it's not easy to exploit.

Passwords 63

Passwords IT 63