WIRED Threat Level

NOVEMBER 2, 2022

Underwater cables keep the internet online. When they congregate in one place, things get tricky.

Security 100

Security 100

Data Breach Today

NOVEMBER 2, 2022

When A Cyberattack Is Cyberwar Still Being Litigated Five Years After NotPetya Wave Cookie and cracker giant Mondelez International settled litigation launched in 2018 against Zurich Insurance after the underwriter denied a claim for property damages stemming from the NotPetya malware wave. Similar litigation initiated by pharmaceutical giant Merck against its insurers continues.

Insurance 144

Insurance Healthcare IT 144

Security Affairs

NOVEMBER 2, 2022

Dropbox disclosed a security breach, threat actors gained unauthorized access to 130 of its source code repositories on GitHub. File hosting service Dropbox announced that threat actors gained unauthorized access to 130 of its source code repositories on GitHub. According to the advisory published by Dropbox, the company was the target of a phishing campaign that resulted in access to the GitHub repositories.

Access 113

Access Phishing Authentication Passwords 113

Data Breach Today

NOVEMBER 2, 2022

HHS OCR Explains How it is Considering Implementation of Certain Best Practices Federal regulators have issued new guidance explaining how they will consider the "recognized security practices" of healthcare entities and their business associates during HIPAA enforcement activities, such as breach investigations and security audits.

Security 130

Security IT 130

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Dark Reading

NOVEMBER 2, 2022

Vulnerable people are lured by Facebook ads promising high-paying jobs, but instead they're held captive and put to work in Cambodia running cyber scams.

111

111

Security Affairs

NOVEMBER 2, 2022

The OpenSSL project fixed two high-severity flaws in its cryptography library that can trigger a DoS condition or achieve remote code execution. The OpenSSL project has issued security updates to address a couple of high-severity vulnerabilities, tracked as CVE-2022-3602 and CVE-2022-3786 , in its cryptography library. The flaws impact versions 3.0.0 through 3.0.6 of the library.

Libraries 97

Libraries Encryption Authentication Communications 97

Data Breach Today

NOVEMBER 2, 2022

It's no secret: As pharmaceutical companies develop new health treatments, adversaries seek to steal or sabotage their intellectual property. This dynamic adds extra urgency to authentication. Tom Scontras of Yubico talks about how the pharma sector approaches authentication.

Authentication 130

Authentication Healthcare IT 130

Security Affairs

NOVEMBER 2, 2022

Threat actors are using previously undocumented Android spyware, dubbed SandStrike, to spy on a Persian-speaking religion minority. In Q3 2022, Kaspersky researchers uncovered a previously undocumented Android spyware, dubbed SandStrike, employed in an espionage campaign targeting the Persian-speaking religion minority, Bahá?í. The threat actors were distributing a VPN app embedding a highly sophisticated spyware.

Access 96

Access Security IT Information Security 96

Data Breach Today

NOVEMBER 2, 2022

Equifax BISO on the Need to Create a Cybersecurity Culture Across the Organization All employees should consider upholding the security of the organization part of their job regardless of their official role at the company, says Equifax Business Information Security Officer Michael Owens. But creating an organization-wide cybersecurity culture is easier said than done.

Cybersecurity 130

Cybersecurity Information Security Security 130

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Security Affairs

NOVEMBER 2, 2022

I’m deeply saddened by the absurd death of Vitali Kremez, he died during a scuba diving off the coast of Hollywood Beach in Florida. Vitali Kremez (36), founder and CEO of AdvIntel, has been found dead after scuba diving off the coast of Hollywood Beach in Florida. Vitali Kremez had entered the water on October 30 at about 9 am local time, but he was never seen returning to shore.

Security 96

Security Information Security IT 96

Data Breach Today

NOVEMBER 2, 2022

David Nolan Urges Security Heads to Focus on Business Value, Not Technical Details CISOs must focus on the business value they're providing, not the technical details of their work, when interacting with the C-suite and board. Don’t focus too narrowly on security risks and technical requirements and miss what the business wants to achieve, says David Nolan, CISO, The Aaron’s Co.

Risk 130

Risk Security 130

Security Affairs

NOVEMBER 2, 2022

Four malicious Android apps uploaded by the same developer to Google Play totaled at least one million downloads. Malwarebytes researchers discovered four malicious apps uploaded by the same developer ( Mobile apps Group ) to the official Google Play. The apps are infected with the Android/Trojan.HiddenAds.BTGTHB malware, the apps totaled at least one million downloads.

Phishing 96

Phishing Security IT Information Security 96

KnowBe4

NOVEMBER 2, 2022

Human societies have a bad habit of taking a specific, limited-in-scope fact and turning it into an overly broad generalization that gets incorrectly believed and perpetuated as if it were as comprehensively accurate as the original, more-limited fact it was based on.

Phishing 95

Phishing IT 95

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Dark Reading

NOVEMBER 2, 2022

An attack campaign using phishing attacks gives threat actors access to internal Dropbox code repositories, the latest in a series of attacks targeting developers through their GitHub accounts.

Phishing 91

Phishing Access 91

Jamf

NOVEMBER 2, 2022

Apple’s recent release of macOS Ventura adds extra security for USB and Thunderbolt accessories inserted into your computer.

Security 98

Security 98

Dark Reading

NOVEMBER 2, 2022

While the ransomware-for-hire group works to create ever more efficient exploits, companies can protect themselves with structured vulnerability management processes. Prioritize threats based on severity and risk.

Ransomware 84

Ransomware Risk 84

WIRED Threat Level

NOVEMBER 2, 2022

Rust makes it impossible to introduce some of the most common security vulnerabilities. And its rise can't come soon enough.

Security 96

Security IT 96

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Dark Reading

NOVEMBER 2, 2022

We can bridge that gap by spreading the word about the opportunities, the requirements, and the many tools available to help applicants break into the field.

Cybersecurity 87

Cybersecurity 87

Data Matters

NOVEMBER 2, 2022

Pursuant to legislation passed in 2021, covered entities and business associates subject to HIPAA and facing potential regulatory enforcement may receive some credit lessening to reduce enforcement penalties if they had implemented Recognized Security Practices (RSPs) within the prior 12 months. However, what may constitute RSPs and how a covered entity or business associate can demonstrate implementation of RSPs to receive such credit had not been clear.

Security 88

Security Privacy Cybersecurity Information Security 88

Dark Reading

NOVEMBER 2, 2022

The renowned security researcher, ethical hacker, and cybersecurity phenom was found Wednesday by the US Coast Guard.

Cybersecurity 100

Cybersecurity Security 100

Micro Focus

NOVEMBER 2, 2022

Change is one of the few constants in the world of the IT leader. The key to managing it is to focus on what the market is saying, plan accordingly, and get help where needed. The post Ebb and Flow: Coping with the Chaos of Digital Change appeared first on Micro Focus Blog.

Marketing 59

Marketing IT Digital transformation 59

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Dark Reading

NOVEMBER 2, 2022

The now-patched RCE flaw in Cosmos DB's Jupyter Notebook feature highlights some of the weaknesses that can arise from emerging tech in the cloud-native and machine learning worlds.

Cloud 78

Cloud 78

Hunton Privacy

NOVEMBER 2, 2022

On October 31, 2022, the Federal Trade Commission announced a proposed settlement with education technology provider Chegg in connection with the company’s alleged poor cybersecurity practices. . The FTC’s complaint alleges that Chegg’s lax cybersecurity procedures contributed to four separate data breaches that exposed the financial and medical information of employees and the personal information of 40 million customers.

Authentication 52

Authentication Security Encryption Data collection 52

Dark Reading

NOVEMBER 2, 2022

"SandStrike," the latest example of espionage-aimed Android malware, relies on elaborate social media efforts and back-end infrastructure.

85

85

Synergis Software

NOVEMBER 2, 2022

Dean Scavetta’s got a dry, self-effacing sense of humor and a strong New Jersey accent, which he attributes to growing up in a “majority Italian neighborhood” in South Jersey for all his life.

52

52

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Dark Reading

NOVEMBER 2, 2022

A proposed plan to charge users for the platform's coveted blue check mark has, unsurprisingly, inspired attackers to try to dupe people into giving up their credentials.

74

74

CGI

NOVEMBER 2, 2022

For several years now, the U.S. Food and Drug Administration (FDA) and the life sciences industry have collaborated to develop guidelines for improving quality best practices in the validation of computer systems and to harmonize with international standards. The FDA’s draft Computer Software Assurance for Manufacturing and Quality System Software (CSA) designates patient safety and product quality as the basis for risk assessment and provides mechanisms for reducing the effort of computer syste

Healthcare 52

Healthcare Manufacturing Risk 52

Dark Reading

NOVEMBER 2, 2022

Insurance and legislation affect how enterprises balance between protecting against breaches and recovering from them.

Risk 73

Risk Insurance 73