Fri.Feb 19, 2021

article thumbnail

Mexican Politician Removed Over Alleged Ties to Romanian ATM Skimmer Gang

Krebs on Security

The leader of Mexico’s Green Party has been removed from office following allegations that he received money from a Romanian ATM skimmer gang that stole hundreds of millions of dollars from tourists visiting Mexico’s top tourist destinations over the past five years. The scandal is the latest fallout stemming from a three-part investigation into the organized crime group by KrebsOnSecurity in 2015.

article thumbnail

IRS Warns of Fresh Fraud Tactics as Tax Season Starts

Data Breach Today

Site Spoofing, Phishing Campaigns Proliferate As tax season begins, the Internal Revenue Service is warning that it's seeing signs of fraudsters spoofing the agency's domains and incorporating its logos and language into phishing campaigns.

Phishing 263
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Router Security

Schneier on Security

This report is six months old, and I don’t know anything about the organization that produced it, but it has some alarming data about router security. Conclusion: Our analysis showed that Linux is the most used OS running on more than 90% of the devices. However, many routers are powered by very old versions of Linux. Most devices are still powered with a 2.6 Linux kernel, which is no longer maintained for many years.

Security 111
article thumbnail

'Cuba' Ransomware Gang Hits Payment Processor and Steals Data

Data Breach Today

California DMV and Washington Cities Among Those Issuing Data Breach Notifications The "Cuba" ransomware gang has hit Seattle-based Automatic Funds Transfer Services, which processes data from California's Department of Motor Vehicles as well as many cities in Washington. Victim organizations say AFTS is investigating the incident and that an unknown amount of individuals' data was exposed.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Privacy bug in the Brave browser exposes Tor addresses to user’s DNS provider

Security Affairs

A privacy bug in the Brave Browser caused the leak of the Tor onion URL addresses visited in the Tor mode by the users. A bug in the Private Window with Tor implemented in the Brave web browser could reveal the onion sites visited by the users. The Tor mode implemented in the Brave web browser allows users to access.onion sites inside Brave private browsing windows.

Privacy 106

More Trending

article thumbnail

European Commission Publishes Draft UK Data Transfer Adequacy Determination

Hunton Privacy

On February 19, 2021, the European Commission published a draft data protection adequacy decision relating to the UK. If the draft decision is adopted, organizations in the EU will be able to continue to transfer personal data to organizations in the UK without restriction, and will not need to rely upon data transfer mechanisms, such as the EU Standard Contractual Clauses, to ensure an adequate level of protection.

article thumbnail

Analysis: Sandworm's Hacking Campaign

Data Breach Today

This edition of the ISMG Security Report features an analysis of the impact of a hacking campaign linked to Russia’s Sandworm that targeted companies using Centreon IT monitoring software. Also featured: a discussion of CIAM trends; a critique of Bloomberg's update on alleged Supermicro supply chain hack.

Security 223
article thumbnail

Microsoft: SolarWinds Attackers Downloaded Azure, Exchange Code

Threatpost

However, internal products and systems were not leveraged to attack others during the massive supply-chain incident, the tech giant said upon completion of its Solorigate investigation.

IT 94
article thumbnail

Experts spotted the first malware tailored for Apple M1 Chip, it is just the beginning

Security Affairs

Apple launched its M1 chip and cybercriminals developed a malware sample specifically for it, the latest generation of Macs are their next targets. The popular security researcher Patrick Wardle discovered one of the first malware designed to target latest generation of Apple devices using the company M1 chip. The discovery suggests threat actors are tailoring their malware to target the latest generation of Mac devices using the own processors.

IT 89
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Mysterious Silver Sparrow Malware Found Nesting on 30K Macs

Threatpost

A second malware that targets Macs with Apple's in-house M1 chip is infecting machines worldwide -- but it's unclear why.

IT 116
article thumbnail

UPDATE: Will Virginia be the Second State to Enact Major Privacy Legislation?

Hunton Privacy

As we previously reported , significant data privacy bills, titled the Consumer Data Protection Act, are working their way through the Virginia legislature. If enacted, Virginia would be the second state to enact major data privacy legislation of general applicability. As of today, Virginia’s Senate and House of Delegates have passed identical bills, and they now move on to Virginia’s Governor, Ralph Northam.

Privacy 81
article thumbnail

Malformed URL Prefix Phishing Attacks Spike 6,000%

Threatpost

Sneaky attackers are flipping backslashes in phishing email URLs to evade protections, researchers said.

Phishing 114
article thumbnail

New Masslogger Trojan variant exfiltrates user credentials

Security Affairs

MassLogger Windows credential stealer infamous is back and it has been upgraded to steal credentials from Outlook, Chrome, and instant messenger apps. MassLogger Windows credential stealer is back and it has been upgraded to steal credentials from Outlook, Chrome, and instant messenger apps. Cisco Talos experts uncovered attacks against users in Turkey, Latvia, and Italy, the infections have some similarities with attacks that targeted users in Bulgaria, Lithuania, Hungary, Estonia, Romania, an

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Attackers Already Targeting Apple's M1 Chip with Custom Malware

Dark Reading

A proof-of-concept program infects systems with ARM64-compiled binaries and then reaches out to download additional functionality.

119
119
article thumbnail

66% of Workers Risk Breaching GDPR by Printing Work-Related Docs at Home via Infosecurity Magazine

IG Guru

Check out the article here. The post 66% of Workers Risk Breaching GDPR by Printing Work-Related Docs at Home via Infosecurity Magazine appeared first on IG GURU.

GDPR 74
article thumbnail

Modernize your legacy applications

OpenText Information Management

Many organizations continue to hold onto legacy applications and systems for compliance and regulatory reasons. But they find it expensive and technically burdensome to maintain these. While they could archive ageing applications and systems, decommissioning the data can be complex. A typical IT environment contains legacy systems with many applications and large volumes of data. … The post Modernize your legacy applications appeared first on OpenText Blogs.

article thumbnail

Weekly Update 231

Troy Hunt

I seem to have spread myself across a whole heap of different things this week which is fine (it's all stuff I love doing), but it has made for rather a "varied" video. I'm talking (somewhat vaguely) about the book I'm working on, how Facebook has nuked all news in Australia (which somehow means I can't even post a link to this blog post there), yet more data breaches, the awesome Prusa 3D printer I now have up and running and a whole heap more about the IoT things I've been doing.

IoT 65
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

How to Fine-Tune Vendor Risk Management in a Virtual World

Dark Reading

Without on-site audits, many organizations lack their usual visibility to assess risk factors and validate contracts and SLA with providers.

Risk 99
article thumbnail

Regulatory agenda of the Brazilian national data protection authority for the 2021-2022 biennium

Privacy and Cybersecurity Law

On January 28, 2021, due to the Data Privacy Day, the Brazilian National Data Protection Authority (“ANPD”), through Ordinance No. 11, made public the Regulatory Agenda approved by the Directing Council for the 2021-2022 biennium, through which it lists the topics to be regulated by the ANPD in this period and the respective deadlines for its beginning.

article thumbnail

Kia Denies Ransomware Attack as IT Outage Continues

Dark Reading

Kia Motors America states there is no evidence its recent systems outage was caused by a ransomware attack.

article thumbnail

EU Commission draft UK Data Protection Adequacy Decision published

Data Protection Report

Following nine months of assessment of the UK’s data protection laws (including the rules on access to data by public authorities), the European Commission has today published its draft decision on the adequate protection of personal data by the United Kingdom. The draft decision can be found here. The draft decision is welcome news to the UK government , which has stressed that adequacy will provide certainty for businesses and enable continued cooperation between the UK and EU.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

7 Benefits of Metadata Management

erwin

Metadata management is key to wringing all the value possible from data assets. However, most organizations don’t use all the data at their disposal to reach deeper conclusions about how to drive revenue, achieve regulatory compliance or accomplish other strategic objectives. What Is Metadata? Analyst firm Gartner defines metadata as “information that describes various facets of an information asset to improve its usability throughout its life cycle.

Metadata 110
article thumbnail

European Commission Publishes Draft UK Adequacy Decisions

Data Matters

On February 19, 2021, the European Commission ( EC ) published two draft implementing decisions to enable the continuing free-flow of personal data from the EU to the UK (the Draft Adequacy Decisions ) i.e., post-Brexit: (i) for transfers of personal data under the EU General Data Protection Regulation ( EU GDPR ); and (ii) for transfers of personal data under the Law Enforcement Directive ( LED ).

GDPR 68
article thumbnail

Hackers steal credit card data abusing Google’s Apps Script

Security Affairs

Hackers abuse Google Apps Script to steal credit cards, bypass CSP. Attackers are abusing Google’s Apps Script business application development platform to steal payment card information from e-stores. Sansec researchers reported that threat actors are abusing Google’s Apps Script business application development platform to steal credit card data provided by customers of e-commerce websites. “Attackers use the reputation of the trusted Google domain script.google.com to evade

article thumbnail

Credential-Stuffing Attack Targets Regional Internet Registry

Threatpost

RIPE NCC, the regional Internet registry for Europe, West Asia, and the former Soviet Union, said attackers attempted a credential-stuffing attack against its single-sign on service.

IT 102
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Friday Squid Blogging: Amazing Video of a Black-Eyed Squid Trying to Eat an Owlfish

Schneier on Security

From the Monterey Bay Aquarium. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.