Wed.May 11, 2022

article thumbnail

Another Report of SEO in Phishing

KnowBe4

Researchers at Netskope have observed a 450% increase in phishing downloads over the past twelve months, largely driven by attackers using SEO (search engine optimization) to improve the search engine ranking of malicious sites. Most of these downloads were malware-laden PDF files.

article thumbnail

New LookingGlass CEO Bryan Ware to Diversify Customer Base

Data Breach Today

New Attack Surface Management Tool Should Help Reach New Clients New CEO Bryan Ware plans to leverage LookingGlass' nascent attack surface management capabilities to capture clients in verticals such as pharmaceuticals, manufacturing and utilities. The company tapped former CISA leader Ware to serve as its next CEO following the acquisition of Next5.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

ICE Is a Domestic Surveillance Agency

Schneier on Security

Georgetown has a new report on the highly secretive bulk surveillance activities of ICE in the US: When you think about government surveillance in the United States, you likely think of the National Security Agency or the FBI. You might even think of a powerful police agency, such as the New York Police Department. But unless you or someone you love has been targeted for deportation, you probably don’t immediately think of Immigration and Customs Enforcement (ICE).

article thumbnail

Material Security Raises $100M to Protect Sensitive Content

Data Breach Today

Company Will Extend Its Protection of Sensitive Data at Rest Beyond Email Material Security has closed a $100 million funding round on a $1.1 billion valuation to extend its protection of sensitive content at rest beyond email. The startup will take patents for defending content in old emails and apply them to SaaS applications such as Dropbox, Google Drive and Slack.

Security 277
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

CISA adds CVE-2022-1388 flaw in F5 BIG-IP to its Known Exploited Vulnerabilities Catalog

Security Affairs

US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-1388 flaw in F5 BIG-IP products to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added critical CVE-2022-1388 flaw in F5 BIG-IP products to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulne

IT 102

More Trending

article thumbnail

Better Together: How Data Loss Prevention Can Shed Light on Ediscovery and Internal Investigations

Hanzo Learning Center

Some things that are great on their own turn out to be even better as half of a dynamic duo. We’re talking peanut butter and jelly. Burgers and fries. Hall and Oates. And now: data loss prevention (DLP) and ediscovery.

98
article thumbnail

Gain a Competitive Advantage with Third-Party Security

Data Breach Today

Solving the Specific Problem of Secure Third-Party Access Third parties need to equip themselves with the technology that is mindful of the current third-party risk landscape.

Security 244
article thumbnail

Data Mesh 101: A straightforward overview of the hottest topic in enterprise data

Collibra

It’s perhaps a shocking truth: We live in an era of stunning digital transformation that is only going to become more data-driven each day. The raw numbers are staggering. The datasphere is forecast to reach 97 zettabytes in 2022 — and double (!) to 181 zettabytes by 2025. By 2025, it’s estimated that 463 exabytes of data will be created every day.

article thumbnail

How to Identify Critical Access Points

Data Breach Today

Most Critical Access Points are Defined by Frequency, Risk and Urgency The more privileges needed, the more critical the access point is — and the more protection it needs.

Access 245
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Cyber-Espionage Attack Drops Post-Exploit Malware Framework on Microsoft Exchange Servers

Dark Reading

IceApple's 18 separate modules include those for data exfiltration, credential harvesting, and file and directory deletion, CrowdStrike warns.

102
102
article thumbnail

UK Proposes Regulations to Curb Illicit Use of Crypto

Data Breach Today

Aim Is to 'Make It Harder' to Engage in Fraud, Ransomware Payments The United Kingdom has announced two proposed pieces of legislation - the Financial Services and Markets Bill and the Economic Crime and Corporate Transparency Bill - to regulate the digital assets industry and curb the use of virtual currency in illicit activity.

article thumbnail

The Danger of Online Data Brokers

Dark Reading

Enterprises should consider online data brokers as part of their risk exposure analysis if they don't already do so.

Risk 113
article thumbnail

Hybrid War: 'It's Going to Get a Lot Worse'

Data Breach Today

Academic John Walker on Leveraging OSINT Tools in War Russia's use of wiper malware, DDoS attacks and targeted disinformation show it no longer depends on traditional methods in its war with Ukraine. John Walker, a professor and counterintelligence expert, says organizations need to be "more realistic" about how they handle cyberattacks.

IT 231
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Threat Actors Are Stealing Data Now to Decrypt When Quantum Computing Comes

Dark Reading

The technique, called store-now, decrypt later (SNDL), means organizations need to prepare now for post-quantum cryptography.

107
107
article thumbnail

Okta's Data Breach Debacle After Lapsus$ Attack: Postmortem

Data Breach Today

Perfect Storm: How a Minor Security Event Became a Customer Relationship Headache A hacking group called Lapsus$ caused major headaches for identity vendor Okta in March when it dropped incriminating but misleading screenshots of a security breach. Brett Winterford of Okta breaks down what happened and discusses why visibility into third-party support operations is important.

article thumbnail

Novel Phishing Trick Uses Weird Links to Bypass Spam Filters

Threatpost

A novel form of phishing takes advantage of a disparity between how browsers and email inboxes read web domains.

Phishing 113
article thumbnail

US, UK, EU, Ukraine Attribute Viasat Cyberattack to Russia

Data Breach Today

Russia Continues Its Cyber Offensive, Launches New DDoS Attacks on Ukraine Viasat's satellite communications suffered an outage an hour before the Russian invasion of Ukraine began on Feb. 24. The company said it was a cyberattack, but did not identify the attacker. The U.S., U.K., EU and Ukraine have now attributed this attack to Russia.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

NSA Warns Managed Service Providers Are Now Prime Targets for Cyberattacks

Dark Reading

International cybersecurity authorities issue guidance to help information and communications service providers secure their networks.

article thumbnail

Thousands of Top Websites See What You Type—Before You Hit Submit

WIRED Threat Level

A surprising number of the top 100,000 websites effectively include keyloggers that covertly snag everything you type into a form.

Privacy 103
article thumbnail

Breaking Down the Strengthening American Cybersecurity Act

Dark Reading

New federal cybersecurity rules will set timelines for critical infrastructure sector organizations — those in chemical, manufacturing, healthcare, defense contracting, energy, financial, nuclear, or transportation — to report ransomware payments and cyberattacks to CISA. All parties have to comply for it to work and help protect assets.

article thumbnail

Access-to-info system at Library and Archives Canada in ‘bleak state’: watchdog via Times Colonist

IG Guru

Check out the article here. The post Access-to-info system at Library and Archives Canada in ‘bleak state’: watchdog via Times Colonist appeared first on IG GURU.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Microsoft Simplifies Security Patching Process for Exchange Server

Dark Reading

Delivering hotfixes and system updates separately will allow manual patching without requiring elevated permissions, Microsoft said.

Security 100
article thumbnail

Hundreds of organisations breached patient data rules, reveals BMJ

The Guardian Data Protection

Drug firms, private healthcare providers and universities among those that may be failing to protect confidentiality, says report Hundreds of organisations, including drug companies, private healthcare providers and universities, have breached patient data sharing agreements but not had their access to patient data withdrawn, a report reveals. “High risk” breaches were revealed to have occurred at healthcare groups, pharmaceutical giants and educational institutions including Virgin Care, GlaxoS

article thumbnail

Top 6 Security Threats Targeting Remote Workers

Dark Reading

Remote work is here to stay, which means security teams must ensure that security extends beyond corporate devices and protects employees wherever they are.

article thumbnail

How to mitigate cyber attacks in healthcare

Jamf

Healthcare organizations are a particularly tempting target for cyber attackers. How can healthcare organizations prevent cyber attacks? And how can these organizations be ready to mitigate the damage when they detect one?

72
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Actively Exploited Zero-Day Bug Patched by Microsoft

Threatpost

Microsoft's May Patch Tuesday roundup also included critical fixes for a number of flaws found in infrastructure present in many enterprise and cloud environments.

Cloud 75
article thumbnail

Android 13 Tries to Make Privacy and Security a No-Brainer

WIRED Threat Level

With its latest mobile OS update, Google aims to simplify the adoption of Android’s protective features for users and developers alike.

Privacy 85
article thumbnail

Novel Nerbian RAT Lurks Behind Faked COVID Safety Emails

Dark Reading

Malicious emails with macro-enabled Word documents are spreading a never-before-seen remote-access Trojan, researchers say.

Access 85