Tue.Apr 07, 2020

article thumbnail

Microsoft Buys Corp.com So Bad Guys Can’t

Krebs on Security

In February, KrebsOnSecurity told the story of a private citizen auctioning off the dangerous domain corp.com for the starting price of $1.7 million. Domain experts called corp.com dangerous because years of testing showed whoever wields it would have access to an unending stream of passwords, email and other sensitive data from hundreds of thousands of Microsoft Windows PCs at major companies around the globe.

Sales 316
article thumbnail

SHARED INTEL: How attacks on web, mobile apps are being fueled by rising API vulnerabilities

The Last Watchdog

Application programming interface. API. It’s the glue holding digital transformation together. Related: A primer on ‘credential stuffing’ APIs are the conduits for moving data to-and-fro in our digitally transformed world. APIs are literally everywhere in the digital landscape, and more are being created every minute. APIs connect the coding that enables the creation and implementation of new applications.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

No COVID-19 Respite: Ransomware Keeps Pummeling Healthcare

Data Breach Today

Cybercrime Gangs Providing 'No Abatement, Empathy or Free Decryptor,' Expert Says As the COVID-19 outbreak has intensified, so too has cybercrime, including ransomware, Interpol, the international crime-fighting agency, warns. Despite some gangs claiming to no longer be targeting healthcare organizations, experts have seen "no abatement, empathy or free decryptor" from any of them.

article thumbnail

AIIM vs. ARMA: An Honest Comparison of Membership

AIIM

I regularly get asked questions about AIIM and ARMA – which one’s “better,” which one’s the right one, what’s the difference, etc. As a paid professional member of both since 2001 – August 2001 for AIIM, September 2001 for ARMA, and having served on both organizations’ Board of Directors (2004-2005 for AIIM, 2007-2010 for ARMA), I have thoughts on both and will compare them in several key areas, including: Focus.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Hackers Target Chinese Government Agencies Via VPNs: Report

Data Breach Today

Zero-Day Vulnerabilities in VPN Servers Exploited, Quihoo 360 Reports Hackers are targeting Chinese government agencies and their employees by taking advantage of zero-day vulnerabilities in VPN servers to plant backdoors and other malware, researchers at the Chinese security firm Qihoo 360 report.

More Trending

article thumbnail

FBI: Covid-19-Themed BEC Scams Are on the Rise

Data Breach Today

Fraudsters Try to Use Pandemic to Their Advantage Fraudsters are taking advantage of the uncertainty over the global COVID-19 pandemic to ramp-up business email compromise scams designed to steal money, the FBI and security researchers warn.

Security 201
article thumbnail

Securing Corporate Data When Remote Working is the Norm

Thales Cloud Protection & Licensing

While many companies have deployed extra measures to secure employees’ remote access to corporate resources and apps, it is important to think of all the necessary security measures to be taken in protecting sensitive data. Careful planning and forward-thinking security is the best way to protect your most precious asset – your data – either while it is in transit or at rest.

Security 105
article thumbnail

COVID-19: CISOs Take on More Security, Privacy Challenges

Data Breach Today

As healthcare organizations across the U.S. respond to the COVID-19 crisis, the list of security and privacy challenges CISOs face continues to grow. Mitch Parker, CISO of Indiana University Health, provides an update on the changing risk management landscape.

Privacy 201
article thumbnail

The Coronavirus & Cybersecurity: 3 Areas of Exploitation

Dark Reading

Criminal, political, and strategic factors are combining to create a perfect storm of cyber infections that target the global supply chain.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Mitigating the Risks Posed by AI Meeting Assistants

Data Breach Today

AI meeting assistants present increasing risks as more companies rely on teleconferencing during the COVID-19 pandemic, says U.K.-based Steve Marshall, CISO at Bytes Technology, an IT and cybersecurity consultancy, who discusses risk mitigation steps.

Risk 170
article thumbnail

Coronavirus: Europol arrests man behind €6M face masks and hand sanitisers scam

Security Affairs

While crooks continue to exploit the Coronavirus outbreak, the Europol announced to have arrested a man involved in COVID19 business scams. The Europol announced the arrest of a 39-year old man that is allegedly involved in Business email scam (BEC) connected to the current Coronavirus outbreak. The man has been arrested early this week in Singapore after the authorities noticed a suspicious transaction that requested the transfer of funds to a bank in the country.

article thumbnail

Researchers Propose COVID-19 Tracking App

Data Breach Today

Smartphone App Would Warn of Proximity to Those With Virus While Protecting Privacy Researchers at Boston University have written a research paper that proposes creating a smartphone app that uses short-range transmission technologies that can inform users if they have been in close proximity to a person infected with COVID-19 - while maintaining privacy.

Paper 159
article thumbnail

Best Practice: 8 Ways to offer BYO Mac with Jamf Pro

Jamf

Supporting remote users with Apple technology has become top of mind as organizations adapt to new challenges, but Jamf wants to help you build BYOD programs. Read these 8 considerations to learn more.

93
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Cybersecurity During COVID-19

Schneier on Security

Three weeks ago (could it possibly be that long already?), I wrote about the increased risks of working remotely during the COVID-19 pandemic. One, employees are working from their home networks and sometimes from their home computers. These systems are more likely to be out of date, unpatched, and unprotected. They are more vulnerable to attack simply because they are less secure.

article thumbnail

Comparing IBM Watson OpenScale to open source on AI explainability

IBM Big Data Hub

IBM Watson OpenScale helps organizations detect and correct AI model bias and drift, explain AI outcomes, monitor model accuracy, analyze payloads, and more. There are algorithms available in open source that provide some of these capabilities.

90
article thumbnail

FIN6 and TrickBot Combine Forces in ‘Anchor’ Attacks

Threatpost

FIN6 fingerprints were spotted in recent cyberattacks that initially infected victims with the TrickBot trojan, and then eventually downloaded the Anchor backdoor malware.

86
article thumbnail

National Cyber Security Centre warns public about coronavirus scams

IT Governance

In a rare public statement , the NCSC (National Cyber Security Centre) has issued a warning over the threat of coronavirus-related scams. The government agency, which is part of GCHQ, noted that there has been a sharp rise in cyber attacks that take advantage of the panic and uncertainty caused by the pandemic. One of the biggest threats are phishing scams – malicious messages that appear to be from a trusted source.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Serious Exchange Flaw Still Plagues 350K Servers

Threatpost

The Microsoft Exchange vulnerability was patched in February and has been targeted by several threat groups.

104
104
article thumbnail

Interpol warns that crooks are increasingly targeting hospitals

Security Affairs

While the Coronavirus outbreak is threatening the world, the INTERPOL warns that crooks are increasingly targeting hospitals with ransomware. The INTERPOL (International Criminal Police Organisation) is warning of ransomware attacks against hospitals despite the currently ongoing Coronavirus outbreak. Attackers are targeting organizations in the healthcare industry via malspam campaigns using malicious attachments.

article thumbnail

Official Government COVID-19 Apps Hide a Raft of Threats

Threatpost

Android apps launched for citizens in Iran, Colombia and Italy offer cyberattackers new attack vectors.

article thumbnail

9 Security Podcasts Worth Tuning In To

Dark Reading

Recommendations for podcasts discussing news, trends, guidance, and stories across the cybersecurity industry.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Italian email provider Email.it hacked, data of 600k users available for sale

Security Affairs

A database stolen from the Italian email provider Email.it containing more than 600,000 users is available for sale on the dark web. The Italian email provider Email. it has been hacked, the company admitted the incident while a hacker group named NN Hacking Group is offering the stolen data for sale on the dark web. The group shared a series of snapshots on the dump on Twitter claiming that the hack is dated back January 2018, the hacker group also claimed that since then the email provider is

Sales 69
article thumbnail

Chinese APT Groups Targeted Enterprise Linux Systems in Decade-Long Data Theft Campaign

Dark Reading

Organizations across multiple industries compromised in a systematic effort to steal IP and other sensitive business data, BlackBerry says.

88
article thumbnail

Is Your Smart Home Too Smart?: Hunton Partner Featured in ABA Podcast on Privacy and Smart Speakers

Hunton Privacy

Listen as Phyllis H. Marcus , partner at Hunton Andrews Kurth and Co-Chair of the ABA Antitrust Law Section’s Privacy and Information Security Committee, speaks about the privacy concerns over using smart devices on the ABA’s Our Curious Amalgam podcast, Is Your Assistant Spying on You? Understanding the Privacy Law Issues Involving In-Home Assistants.

Privacy 68
article thumbnail

Using Application Telemetry to Reveal Insider & Evasive Threats

Dark Reading

Data from application processes and other systems leave a trail of threat crumbs that can be used to detect and shut down attacks.

84
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

xHelper: The Russian Nesting Doll of Android Malware

Threatpost

Ultimately delivering the Triada payload, xHelper goes to great lengths to become virtually indestructible once installed on a smartphone.

article thumbnail

Privacy & Digital-Rights Experts Worry Contact-Tracing Apps Lack Limits

Dark Reading

Mobile-phone-based tracking of people can help fight pandemics, but privacy and security researchers stress that it needs to be done right.

Privacy 101
article thumbnail

CGI Client Global Insights: A look at top capital market trends and priorities

CGI

CGI Client Global Insights: A look at top capital market trends and priorities. Based on the 2019 CGI Client Global Insights, capital market firms are making the largest IT investments, compared to their peers in other banking sectors, as they seek to protect customers, get more value from massive amounts of data, and simplify operations. These firms also are striving to gain specialized skills and retain the digital talent they need to grow and run the business.