Tue.Nov 03, 2020

article thumbnail

Microsoft Will Patch Zero-Day Flaw Found by Google

Data Breach Today

Google's Project Zero Disclosed Bug Without Patch Due to Exploitation Microsoft plans to patch on Nov. 10 a zero-day kernel vulnerability found by Google's Project Zero bug-hunting team. Google released the details of the flaw after a week because attackers are using it in the wild.

IT 194
article thumbnail

Two Charged in SIM Swapping, Vishing Scams

Krebs on Security

Two young men from the eastern United States have been hit with identity theft and conspiracy charges for allegedly stealing bitcoin and social media accounts by tricking employees at wireless phone companies into giving away credentials needed to remotely access and modify customer account information. Prosecutors say Jordan K. Milleson , 21 of Timonium, Md. and 19-year-old Kingston, Pa. resident Kyell A.

Phishing 292
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Additional Hacking Tools Tied to North Korea-Linked Group

Data Breach Today

Kimsuky Group Employs Fresh Spying Tools, Infrastructure, Cybereason Reports Researchers with Cybereason have uncovered a fresh set of malicious tools tied to a North Korean-linked hacking group called Kimsuky, according to a recent analysis. This same advanced persistent threat group is also the subject of a new joint alert by CISA and the FBI.

281
281
article thumbnail

[Podcast] Exploring the New Norm of IIM in State and Local Government

AIIM

More and more records managers in state and local government operations tell me that their job is changing. In addition to stacks and stacks of scanned files, and a confluence of different types of electronic files, the inclusion of audio and video records are becoming more and more common. Indeed, many managers now must capture, store, and manage things like audio from 911 dispatch, police camera footage, and other documentary evidence that fall outside the typical scope of “records.”.

ECM 128
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Marriott and BA's Reduced Privacy Fines: GDPR Realpolitik

Data Breach Today

Final Fines Set Precedent, Avoid Court Cases, Likely Reflect EU Penalty Benchmarks Large, recently levied privacy fines against the likes of British Airways, H&M and Marriott show regulators continuing to bring the EU's General Data Protection Regulation to bear after businesses get breached. But in the case of Marriott and BA, were the final fines steep enough?

Privacy 325

More Trending

article thumbnail

Russian Botnet Operator Sentenced to 8 Years in Prison

Data Breach Today

DOJ: Aleksandr Brovko Was Part of $100 Million Banking Fraud Scheme Aleksandr Brovko, a Russian national, has been sentenced to eight years in federal prison for stealing personally identifiable data and online banking credentials using a botnet, according to the U.S. Justice Department. Federal prosecutors estimate the losses at $100 million.

261
261
article thumbnail

Malicious npm library removed from the repository due to backdoor capabilities

Security Affairs

The npm security team has removed a malicious JavaScript library named “ twilio-npm ” from its repository because contained malicious code. The npm security team has removed a malicious JavaScript library named “ twilio-npm ” from its repository because contained a code for establishing backdoors on the computers of the programmers.

Libraries 113
article thumbnail

NCSC Reports Record Number of Cyber Incidents Amid COVID-19

Data Breach Today

UK Cyber Agency Responded to Over 700 Cyberthreats Over 12-Month Period The U.K. NCSC responded to over 700 cyber incidents over a 12-month period, 200 of which were related to the COVID-19 pandemic, according to the cyber agency's annual report. NCSC also notes that's it's preparing to step-up its response to cyber incidents involving the NHS and vaccine development.

IT 257
article thumbnail

34M Records from 17 Companies Up for Sale in Cybercrime Forum

Threatpost

A diverse set of companies, including an adaptive-learning platform in Brazil, an online grocery service in Singapore and a cold-brew coffee-maker company, are caught up in the large data trove.

Sales 111
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

CISA and Oracle Warn Over WebLogic Server Vulnerability

Data Breach Today

Software Giant Issues Rare Out-of-Band Fix For 'Severe' Bug CISA and Oracle are urging users to apply an emergency patch for a vulnerability in the software giant's WebLogic Server product. This "severe" bug is already under active exploitation and could allow an attacker to run malicious code, security experts say.

Security 235
article thumbnail

Google fixes the second zero-day in Chrome in 2 weeks actively exploited

Security Affairs

Google released Chrome 86.0.4240.183 for Windows, Mac, and Linux to fix 10 security vulnerabilities, including an RCE zero-day exploited in the wild. Google has released Chrome 86.0.4240.183 for Windows, Mac, and Linux that address ten security vulnerabilities including a remote code execution (RCE) zero-day (CVE-2020-16009) exploited by threat actors in the wild.

Libraries 106
article thumbnail

Blackbaud Expects Cyber Insurer Will Cover Most Attack Costs

Data Breach Today

Impacted Clients, Lawsuits Pile Up; SEC Filing Provides Incident Details Despite the soaring list of customers reporting data breaches tied to the May ransomware attack on Blackbaud - and numerous legal actions filed against the company - the fundraising software vendor recently told Wall Street that it expects cyber insurance to cover the bulk of its costs associated with the incident.

Insurance 176
article thumbnail

Adobe addressed 4 critical vulnerabilities in Acrobat products

Security Affairs

Adobe has addressed 14 vulnerabilities in its Acrobat products, including critical flaws that can be exploited by attackers for arbitrary code execution. Adobe has addressed 14 vulnerabilities in its Acrobat products, including critical flaws that can be exploited by attackers for arbitrary code execution. The vulnerabilities impact the Windows and macOS versions of Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020, Acrobat 2017, and Acrobat Reader 2017. “Adobe has released

Security 105
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Precious Metal Trader JM Bullion Acknowledges Breach

Data Breach Today

Payment Card Numbers And Other Customer Data May Have Been Compromised In a notification letter filed to the Montana Department of Justice, precious metal trader JM Bullion has revealed that an unknown amount of customer information has been compromised in a data breach. The security incident took place over a five-month period earlier this year.

article thumbnail

Russian cybercriminal Aleksandr Brovko sentenced to 8 years in jail

Security Affairs

Russian cybercriminal Aleksandr Brovko has been sentenced to eight years in jail for his role in a botnet scheme that caused at least $100 million in financial damage. . The Russian cybercriminal Aleksandr Brovko (36) has been sentenced to eight years in jail for his role in a sophisticated botnet scheme that caused at least $100 million in financial damage. .

article thumbnail

Two Chrome Browser Updates Plug Holes Actively Targeted by Exploits

Threatpost

Patches for both the Chrome desktop and Android browser address high-severity flaws with known exploits available in the wild.

Security 120
article thumbnail

UNC1945, a sophisticated threat actor used Oracle Solaris Zero-Day exploit

Security Affairs

A sophisticated threat actor, tracked as UNC1945, has been observed exploiting vulnerabilities in the Oracle Solaris operating systems for over two years. Researchers from FireEye reported that a sophisticated threat actor, tracked as UNC1945, has been observed targeting Oracle Solaris operating systems for over two years. The codename “UNC” used to track the group is used by FireEye for uncategorized groups.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

CGI Client Global Insights: Six ways retail banks can accelerate their digital journey

CGI

CGI Client Global Insights: Six ways retail banks can accelerate their digital journey. In this blog, Andy provide six recommendations for driving greater results from digitization in retail banking based on our 2020 CGI Client Global Insights. shobana.lv@cgi.com. Tue, 11/03/2020 - 05:19.

Retail 94
article thumbnail

APT Groups Finding Success with Mix of Old and New Tools

Threatpost

The APT threat landscape is a mixed bag of tried-and-true tactics and cutting-edge techniques, largely supercharged by geo-politics, a report finds.

Security 102
article thumbnail

Securing the 2020 Election: 'We're Not Out of the Woods Yet'

Dark Reading

Election Day brought instances of misinformation, robocalls, and technical glitches, but officials are more worried about coming days and weeks.

Security 107
article thumbnail

Adobe Warns Windows, MacOS Users of Critical Acrobat and Reader Flaws

Threatpost

The critical-severity Adobe Acrobat and Reader vulnerabilities could enable arbitrary code execution and are part of a 14-CVE patch update.

Security 103
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

9 Cyber Disaster-Recovery Planning Tips for a Disaster-Prone Time

Dark Reading

This year has been the ultimate test of business resilience, and if anything is now clear, it's this: It's time for security pros to rewrite their playbooks in preparation a more dangerous wave of attacks.

Security 116
article thumbnail

Despite Hacking Fears, Election Day Has a Mostly Smooth Start

WIRED Threat Level

Plenty of hours remain. But so far, the worst-case scenarios about ransomware and other meltdowns have seemingly not come to pass.

article thumbnail

Reworking the Taxonomy for Richer Risk Assessments

Dark Reading

By accommodating unique requirements and conditions at different sites, security pros can dig deeper get a clearer sense of organizational risk.

Risk 96
article thumbnail

Media Comms Giant Says Ransomware Hit Will Cost Millions

Threatpost

Aussie firm Isentia said "remediation and foregone revenue" could total $8.5 million AUS or more.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Cybercrime: Nation-States Go Prime Time

Dark Reading

Critical infrastructure remains a high-value target, but 90% of nation-states also attack other industry sectors.

102
102
article thumbnail

Oracle Rushes Emergency Fix for Critical WebLogic Server Flaw

Threatpost

The remote code-execution flaw (CVE-2020-14750) is low-complexity and requires no user interaction to exploit.

89
article thumbnail

APT Groups Get Innovative -- and More Dangerous -- in Q3

Dark Reading

In "curious" trend, more threat actors diversified their tool sets in third quarter than usual.

104
104