Krebs on Security

MAY 14, 2019

Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003 , citing the discovery of a “wormable” flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017. The May 2017 global malware epidemic WannaCry affected some 200,000 Windows systems in 150 countries.

Ransomware 238

Ransomware Authentication Security IT 238

Data Breach Today

MAY 14, 2019

Attackers exploiting a buffer overflow in WhatsApp's signaling software to automatically infect devices with malware - without users even having to answer their phone - and then alter call logs to hide attack traces is "a bit of a nightmare scenario," says cybersecurity expert Alan Woodward.

Cybersecurity 207

Cybersecurity 207

Thales Cloud Protection & Licensing

MAY 14, 2019

Digital transformation is driving IT modernization, IoT, and cloud migrations at a record pace in the federal government. The ability to narrow the gap between taking advantage of digital transformation without compromising security was a reoccurring theme at our 2019 annual Data Security Summit on May 1. The roundtable, including more than a dozen IT and cyber leaders from government and industry, explored the business drivers, challenges and evolving strategies around cybersecurity in governme

Digital transformation 97

Digital transformation Security IoT Cloud 97

Data Breach Today

MAY 14, 2019

Vulnerability Could Compromise Secure Boot Process Researchers report finding a vexing vulnerability in Cisco routers that could invisibly undermine device integrity and allow attackers to take full control of a router, if combined with a second exploit. Unfortunately, hardware design flaws could complicate Cisco's efforts to safeguard users.

Security 187

Security 187

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

IT Governance

MAY 14, 2019

If you’ve recently had a missed call on WhatsApp from a number you didn’t recognise, cyber criminals might be spying on you. The Facebook-owned app has admitted that cyber criminals have exploited a major vulnerability in its voice call function and are planting spyware on users’ phones. This enables crooks to turn on devices’ cameras and microphones, read emails and instant messages, and collect users’ location data.

Security 97

Security Government IT Data breaches 97

Dark Reading

MAY 14, 2019

Just as spreadsheets and personal computers created a job boom in the '70s, so too will artificial intelligence spur security analysts' ability to defend against advanced threats.

Artificial Intelligence 95

Artificial Intelligence IT Security 95

Data Breach Today

MAY 14, 2019

Unified endpoint management exists because devices have grown in number, variety and complexity of how they're being used in the workplace. So how should IT and security leaders approach UEM? John Harrington Jr. and Ryan Schwartz of IBM MaaS360 with Watson share insight.

Security 164

Security IT 164

Dark Reading

MAY 14, 2019

Tweet suggests possible screenshot of stolen city documents and credentials in the wake of attack that took down city servers last week.

Ransomware 110

Ransomware 110

OpenText Information Management

MAY 14, 2019

One of the fastest growing technology areas in the automotive industry relates to autonomous and connected vehicle technologies. The word autonomous has been associated with the automotive industry for a few years however it is now starting to find its way into the supply chain as well. The supply chain has been impacted by numerous … The post How IoT, AI and blockchain will enable tomorrow’s autonomous supply chain appeared first on OpenText Blogs.

Blockchain 93

Blockchain IoT IT 93

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Dark Reading

MAY 14, 2019

Millions of websites have been compromised, but the most likely malware isn't cyptomining: it's quietly stealing files and redirecting traffic, a new Sitelock report shows.

IT 96

IT 96

Jamf

MAY 14, 2019

Sewanhaka Central High School District is doing incredible things with their iPad program. In part one of our three-part blog series, we examine why the district chose iPad over other education technologies.

Education 91

Education 91

WIRED Threat Level

MAY 14, 2019

Two different groups of researchers found another speculative execution attack that can steal all the data a CPU touches.

Security 110

Security 110

Security Affairs

MAY 14, 2019

Millions of computers powered by Intel processors are affected by a new class of vulnerabilities ( MDS ) that can leak potentially sensitive data. Researchers from multiple universities and security firms discovered a new class of speculative execution side-channel vulnerabilities that could be exploited with new side-channel attack methods dubbed Fallout, RIDL (Rogue In-Flight Data Load), and ZombieLoad. “On May 14, 2019, Intel and other industry partners shared details and information ab

Paper 88

Paper Encryption Passwords Security 88

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

DXC Technology

MAY 14, 2019

The world of work is about to change dramatically. Truthfully, it already has been for some time, driven by stunning advances in digital technology and a shift in the job market toward a gig economy. But the already torrid pace of change will accelerate over the next 15 years, rendering unrecognizable many of the tools […].

Marketing 88

Marketing Digital transformation IT 88

Dark Reading

MAY 14, 2019

Just as every organization security team's needs are unique, so are the reasons for the shortage of candidates for open positions. Here are five strategies to help you close the gap.

Cybersecurity 80

Cybersecurity Security 80

Security Affairs

MAY 14, 2019

Security firm Red Balloon discovered a severe vulnerability dubbed Thrangrycat , in Cisco products that could be exploited to an implant persistent backdoor in many devices. Experts at Red Balloon Security disclosed two vulnerabilities in Cisco products. The first issue dubbed Thrangrycat , and tracked as CVE-2019-1649, affects multiple Cisco products that support Trust Anchor module (TAm). could be exploited by an attacker to fully bypass Cisco’s Trust Anchor module (TAm) via Field Programmable

Authentication 80

Authentication Access Security IT 80

Data Matters

MAY 14, 2019

William Long, partner and global co-leader of at Sidley’s Privacy and Cybersecurity practice, and has been working on global data privacy and information security matters for a number of years. In particular, William advises international clients on a wide variety of General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’), data protection, cybersecurity and financial services issues.

Financial Services 68

Financial Services GDPR Big data Data Privacy 68

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Security Affairs

MAY 14, 2019

Adobe Patch Tuesday updates for May 2019 address a critical flaw in Flash Player and more than 80 vulnerabilities in Acrobat products. Adobe Patch Tuesday updates for May 2019 address a total of 84 vulnerabilities in Acrobat and Acrobat Reader products for Windows and macOS. The tech company addressed many critical vulnerabilities in its products, including heap overflow, buffer error, double free, use-after-free, type confusion, and out-of-bounds write issues that can be exploited to execute ar

Risk 76

Risk Security IT Information Security 76

Dark Reading

MAY 14, 2019

Microsoft releases security updates for some out-of-support systems to fix a bug that could be weaponized as a worm if exploited.

Security 79

Security 79

Schneier on Security

MAY 14, 2019

A weird paper was posted on the Cryptology ePrint Archive (working link is via the Wayback Machine), claiming an attack against the NSA-designed cipher SIMON. You can read some commentary about it here. Basically, the authors claimed an attack so devastating that they would only publish a zero-knowledge proof of their attack. Which they didn't. Nor did they publish anything else of interest, near as I can tell.

Paper 66

Paper Archiving IT Encryption 66

Security Affairs

MAY 14, 2019

The North Korea-linked APT group ScarCruft (aka APT37 and Group123) continues to expand its arsenal by adding a Bluetooth Harvester. North Korea-linked APT group ScarCruft (aka APT37 , Reaper, and Group123) continues to expand its arsenal by adding a Bluetooth Harvester. ScarCruft has been active since at least 2012, it made the headlines in early February 2018 when researchers revealed that the APT group leveraged a zero-day vulnerability in Adobe Flash Player to deliver malware to South Ko

IT 65

IT Military Manufacturing Government 65

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

DXC Technology

MAY 14, 2019

Los entornos multinube (formados por varias nubes, públicas y privadas, que se utilizan normalmente para diferentes propósitos) pueden considerarse como la opción preferida de los bancos. Eso se desprende del último informe realizado por 451 Research, “Multi-Cloud Fundamental to Financial Services Transformation” y yo no lo pienso discutir. El estudio, patrocinado por Canonical, especialista en […].

Financial Services 61

Financial Services Cloud Insurance Marketing 61

Security Affairs

MAY 14, 2019

The popular expert Marco Ramilli provided a follow up to its Malware classification activity by adding a scripting section which would be useful for several purposes. On 2016 I was working hard to find a way to classify Malware families through artificial intelligence (machine learning). One of the first difficulties I met was on finding classified testing set in order to run new algorithms and to test specified features.

Artificial Intelligence 62

Artificial Intelligence Computer and Electronics Honeypots Cybersecurity 62

Dark Reading

MAY 14, 2019

Third-party pen tests are part of every comprehensive security plan. Here's how to get the most from this mandatory investment.

Security 74

Security 74

Micro Focus

MAY 14, 2019

Introduction: Code Coverage Working out which parts of a program have been executed and run can be a daunting task. Manually trying to work out the control flow is time consuming and error prone. In Micro Focus Visual COBOL and Enterprise Developer we have support for recording code coverage of native COBOL applications, making this. View Article.

61

61

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Threatpost

MAY 14, 2019

Microsoft Patch Tuesday security bulletin tackles 22 critical vulnerabilities.

Security 88

Security 88

Schneier on Security

MAY 14, 2019

This is a current list of where and when I am scheduled to speak: I'm speaking on " Securing a World of Physically Capable Computers " at Oxford University on Monday, June 17, 2019. The list is maintained on this page.

Security 56

Security 56

Threatpost

MAY 14, 2019

A massive update addresses the breadth of the computing giant's product portfolio.

85

85