Mon.Jun 13, 2022

article thumbnail

Why User Awareness Training Misses the Mark

Data Breach Today

Oz Alashe, CEO of CybSafe, Discusses New Approaches to Changing User Behavior A great deal of awareness training has been offered to users - including phishing simulations - but none of it seems to have led to a significant change in their poor security behaviors and decision-making skills, says Oz Alashe, CEO of CybSafe.

Phishing 230
article thumbnail

SHARED INTEL: VCs pumped $21.8 billion into cybersecurity in 2021 — why there’s more to come

The Last Watchdog

At the start of this year, analysts identified a number of trends driving the growth of cybersecurity. Among them: an expanding digital footprint, growing attack surfaces, and increasing government regulation. Related: Taking API proliferation seriously. Last year saw an unprecedented $21.8 billion in venture capital poured into cybersecurity companies globally.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Malaysian Hacktivists Target Indian Websites as Payback

Data Breach Today

DragonForce Malaysia's Alleged Victim List Comprises Government, Private Entities Hacktivist group DragonForce Malaysia says it hacked and defaced about 70 Indian government and private sector organizations' websites in a dayslong attack last week. The attacks were reportedly payback for anti-Muslim remarks made by a spokesperson of India's ruling political party.

article thumbnail

Facebook Phishing Scam Steals Millions of Credentials

KnowBe4

Researchers at PIXM have uncovered a major Facebook Messenger phishing scam that’s “potentially impacted hundreds of millions of Facebook users.” More than eight million people have visited just one of these phishing pages so far this year.

Phishing 127
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Feds Signal New Guidance on 'Recognized Security Practices'

Data Breach Today

Video to Address HITECH Act Changes Affecting HIPAA Enforcement Actions Federal regulators have signaled plans to release video guidance on the "recognized security practices" they will consider when taking HIPAA enforcement actions against organizations. New audio telehealth guidance was also unveiled.

Security 238

More Trending

article thumbnail

Expel Quarterly Threat Report: Cybersecurity data, trends, and recs from Q1 2022

Data Breach Today

The new Expel Quarterly Threat Report provides even more data on what we’re seeing, detection opportunities, and resilience recs to help protect your organization — now on a quarterly basis.

article thumbnail

UK Consults on Algorithmic Processing

Data Matters

Algorithms touch upon multiple aspects of digital life, and their use potentially falls within several separate – though converging – regulatory systems. More than ever, a ‘joined up’ approach is required to assess them, and the UK’s main regulators are working together to try to formulate a coherent policy, setting an interesting example that could be a template for global approaches to digital regulation.

Paper 97
article thumbnail

Russia Warns of Military Action If US Attacks Infrastructure

Data Breach Today

Russian Foreign Ministry Says Aggressive Actions in Cyberspace Won’t Go Unanswered Top Russian diplomat Andrei Krutskikh is pressuring the U.S. to back down in cyberspace after the director of U.S. Cyber Command, Army Gen. Paul Nakasone, acknowledged America has conducted a "full spectrum" of virtual operations in support of Ukraine.

Military 228
article thumbnail

The Future of RegTech for AI Governance

IBM Big Data Hub

The use of artificial intelligence (AI) is now commonplace throughout society. The adoption of AI is driven by its utility and the improvements in efficiency it creates. Every day, most of us rely on AI for tasks like autocompleting our text messages, navigating our route to a new location, and recommending what movie to watch next. Beyond these common uses of AI, there are also uses that regulators are beginning to identify as areas where there may be a higher risk.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

FRANCE: The CNIL provides further insights following its formal notices against the use of Google Analytics

DLA Piper Privacy Matters

Authors: Denise Lebeau-Marianna, Tess Muckensturm and Divya Shanmugathas. Since our last post , the French Supervisory Authority (the “CNIL”) has published a Q&A and a post on June 7, 2022 regarding Google Analytics, where it highlights the key points of its formal notices and gives some practical advice to website operators. Lessons to be drawn from the formal notices regarding the use of Google Analytics.

article thumbnail

Jamf celebrates 20 years of helping organizations succeed with Apple

Jamf

Jamf celebrated our 20-year anniversary on June 10, 2022. Thank you, Jamf Nation, for helping us to grow and reach so many milestones along the way!

104
104
article thumbnail

QC-ing the QC

ARMA International

This article is my advice for a holistic approach to QA/QC for document capture projects. It is also a recommendation to audit the effectiveness of QC methodologies used (or to be used) by a service provider. I tried my best to harness lessons learned and expertise gained during more than half a century in the computer industry, half of which has been focused on digital document capture.

article thumbnail

Russia-linked APT targets Ukraine by exploiting the Follina RCE vulnerability

Security Affairs

Ukraine’s Computer Emergency Response Team (CERT) warns that the Russia-linked Sandworm APT group may exploit the Follina RCE vulnerability. Ukraine’s Computer Emergency Response Team (CERT) is warning that the Russia-linked Sandworm APT may be exploiting the recently discovered Follina RCE. The issue, tracked as CVE-2022-30190, impacts the Microsoft Windows Support Diagnostic Tool (MSDT).

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Tony Jarvis on Shifting Security Gears as We Move to the Cloud

Dark Reading

In this new episode of Tech Talks, Darktrace's Tony Jarvis and Dark Reading's Terry Sweeney discuss how to protect networks after the death of the perimeter.

Cloud 98
article thumbnail

GALLIUM APT used a new PingPull RAT in recent campaigns

Security Affairs

China-linked Gallium APT employed a previously undocumented RAT, tracked as PingPull, in recent cyber espionage campaign targeting South Asia, Europe, and Africa. China-linked Gallium APT (aka Softcell) used a previously undocumented remote access Trojan dubbed PingPull in recent attacks aimed at organizations in Southeast Asia, Europe, and Africa. Researchers from Palo Alto Networks defined the PingPull RAT as a “difficult-to-detect” backdoor that leverages the Internet Control Mess

article thumbnail

Exposed Travis CI API Leaves All Free-Tier Users Open to Attack

Dark Reading

Public Travis CI logs loaded with GitHub, AWS, Docker Hub account tokens, and other sensitive data could be leveraged for lateral cloud attacks.

Cloud 98
article thumbnail

HelloXD Ransomware operators install MicroBackdoor on target systems

Security Affairs

Experts observed the HelloXD ransomware deploying a backdoor to facilitate persistent remote access to infected hosts. The HelloXD ransomware first appeared in the threat landscape on November 30, 2021, it borrows the code from Babuk ransomware , which is available in Russian-speaking hacking forums since September 2021. Unlike other ransomware operations, this ransomware gang doesn’t use a leak site, instead, it contacts victims through TOX chat and onion-based messenger instances.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Cryptanalysis of ENCSecurity’s Encryption Implementation

Schneier on Security

ENCSecurity markets a file encryption system, and it’s used by SanDisk, Sony, Lexar, and probably others. Despite it using AES as its algorithm, it’s implementation is flawed in multiple ways—and breakable. The moral is, as it always is, that implementing cryptography securely is hard. Don’t roll your own anything if you can help it.

article thumbnail

3 Big Takeaways From the Verizon DBIR 2022

Dark Reading

The annual report is always filled with useful security information. Here are several of the most important lessons from this year's edition.

article thumbnail

Shanghai’s Censors Can’t Hide Stories of the Dead

WIRED Threat Level

Many people reportedly died after struggling to access medical care during a brutal lockdown. The families want to make sure these deaths are counted.

Access 73
article thumbnail

Corel Acquires Awingu

Dark Reading

The combination of Awingu and the Parallels Remote Application Server platform will enable end users to securely work from anywhere, at any time, on any device, or OS.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

The Death of Nonpartisan Presidential History via The Atlantic

IG Guru

Check out the article here. The post The Death of Nonpartisan Presidential History via The Atlantic appeared first on IG GURU.

article thumbnail

CISA Recommends Organizations Update to the Latest Version of Google Chrome

Dark Reading

Google last week reported seven vulnerabilities in the browser, four of which it rated as high severity.

IT 98
article thumbnail

Level up eDiscovery review efficiency – before review even starts 

OpenText Information Management

More so than ever, legal departments are under intense resource and budget pressure when it comes to eDiscovery. These challenges are exacerbated by new forms of risk, including cybersecurity threats, escalating data volumes, the rise of new business communication, such as chat, heightened regulatory and data privacy mandates, and a whistleblower culture.

article thumbnail

Kaiser Permanente Breach Exposes Data on 70K Patients

Dark Reading

Employee email compromise potentially exposed patients' medical information, including lab test results and dates of services.

86
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Bluetooth Signals Can Be Used to Track Smartphones, Say Researchers

Threatpost

Researchers demonstrated a possible way to track individuals via Bluetooth signals.

Privacy 81
article thumbnail

DoS Vulnerability Allows Easy Envoy Proxy Crashes

Dark Reading

The DoS vulnerability allows an attacker to create a Brotli "zip bomb," resulting in acute performance issues on Envoy proxy servers.

79
article thumbnail

Celebrating Flag Day

Unwritten Record

Mrs. Laura B. Prisk, who is the originator of the Flag Day idea. Local ID: 165-WW-429P-1247, National Archives Identifier: 45532768. This post was created in collaboration with Heather Sulier, Archives Technician in the Still Picture Branch. Flag Day celebrates the adoption of the official flag of the United States on June 14. “The Flag Act of 1777” was passed by the Second Continental Congress on June 14, 1777 and adopted the official design of the United States flag.