Mon.Feb 21, 2022

article thumbnail

Xenomorph Android banking trojan distributed via Google Play Store

Security Affairs

Xenomorph Android trojan has been observed distributed via the official Google Play Store targeting 56 European banks. Researchers from ThreatFabric have spotted a new Android banking trojan, dubbed Xenomorph , distributed via the official Google Play Store that has over 50,000 installations. The banking Trojan was used to target 56 European banks and steal sensitive information from the devices of their customers.

Marketing 120
article thumbnail

QR Codes: A Growing Security Problem

eSecurity Planet

Quick response (QR) codes are a convenient format for storing all kinds of information in a readable and secure way, at least when correctly implemented. With the ongoing COVID-19 pandemic, for example, governments have recently implemented QR codes to create Digital COVID Certificates for vaccination, tests status and other reasons. QR technology isn’t new, and security features like two-factor authentication (2FA) or multi-factor authentication (MFA) often invite users to generate such c

Security 104
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Open Source Code: The Next Major Wave of Cyberattacks

Dark Reading

The ubiquity of open source software presents a significant security risk, as it opens the door for vulnerabilities to be introduced (intentionally or inadvertently) to those who use it.

Risk 98
article thumbnail

Retention vs. Records Management

Gimmal

Records management is an important component of any information governance strategy , but do you know what goes into your records management strategy to be successful? Many people often confuse records management for simple document retention, but true records management goes much deeper than merely retaining a document for a certain amount of time.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Stealing Bicycles by Swapping QR Codes

Schneier on Security

This is a clever hack against those bike-rental kiosks: They’re stealing Citi Bikes by switching the QR scan codes on two bicycles near each other at a docking station, then waiting for an unsuspecting cyclist to try to unlock a bike with his or her smartphone app. The app doesn’t work for the rider but does free up the nearby Citi Bike with the switched code, where a thief is waiting, jumps on the bicycle and rides off.

IT 97

More Trending

article thumbnail

AI in retail and the rise of the purpose-driven consumer

IBM Big Data Hub

That retail has experienced extreme disruption in recent years is beyond questioning. Even before Covid turned the world on its head, headlines about the so-called “retail apocalypse” were near-ubiquitous in the media. Since then, we’ve seen lockdowns, fluctuating openings and closings, some firms going out of business altogether, celebrations of essential retail workers and a surge in online shopping that brought record profits while yielding more ambiguous results for others.

Retail 91
article thumbnail

How SMS PVA services could undermine SMS-based verification

Security Affairs

Crooks abuse some SMS PVA services that allow their customers to create disposable user accounts to conduct malicious activities. While investigating SMS PVA services (phone-verified account services), Trend Micro researchers discovered a rogue platform using a botnet of thousands of Android devices used to carry out malicious activities. SMS PVA services provide alternative mobile numbers used by customers to register for online services and platforms.

article thumbnail

ICRM Salary Survey Report Now Available to Members

IG Guru

Hello to all of our Members and Candidates, The ICRM Board and Marketing Committee are proud to release to you our 2022 Salary Survey Report. As many of you may remember, we sent the original Salary Survey to over 1,100 Members, via SurveyMonkey, near the end of July last year, with 320 + responses. We would […]. The post ICRM Salary Survey Report Now Available to Members appeared first on IG GURU.

article thumbnail

NFT Investors Lose $1.7M in OpenSea Phishing Attack

Threatpost

Attackers took advantage of a smart-contract migration to swindle 17 users.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

US State Privacy Update: California Privacy Protection Agency Announces Revised Rulemaking Timeline Under The CPRA

Privacy and Cybersecurity Law

On February 17, the California Privacy Protection Agency (CPPA) announced it will not complete its rulemaking under the California Privacy Rights Act (CPRA) until Q3 or Q4 of this year, marking a slip from its statutory deadline of July 1, 2022. Below we outline key details around this announcement, and what it means for organizations planning for CPRA compliance throughout this year.

Privacy 52
article thumbnail

GUEST ESSAY: 6 steps any healthcare organization can take to help mitigate inevitable cyber attacks

The Last Watchdog

The headlines are disturbing: Breach of patient records ; Surgeries and appointments cancelled due to IT outage ; and even, Death attributed to ransomware attack on hospital. Related: High-profile healthcare hacks in 2021. The risks are real, and the impact of cybersecurity events continues to grow. A cyber catastrophe may seem inevitable, but there are basic practices and actionable steps any healthcare organization can take to begin reducing the clear and present risk of being impacted by a cy