Krebs on Security

AUGUST 25, 2021

In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin. After several years of working with investigators, Schober says he’s confident he has located two young men in the United Kingdom responsible for using a clever piece of digital clipboard-stealing malware that let them siphon his crypto holdings. Schober is now suing each of their parents in a civil case that seeks to extract what their children would not return voluntarily.

Libraries 324

Libraries Access IT 324

Data Breach Today

AUGUST 25, 2021

Experts Offer Insights on Improving Understanding of Risks Threat modeling can help give organizations the extra insights needed to secure their on-premises and cloud environments at a time when attackers are using increasingly sophisticated methods to gain entry to networks and maintain persistence. Experts offer tips on making the right moves.

Cloud 313

Cloud Risk Security 313

Imperial Violet

AUGUST 25, 2021

QR codes seem to have won the battle for 2D barcodes, but they're not just a bag of bits inside. Their payload is a series of segments , each of which can have a different encoding. Segments are bitstrings, concatenated without any byte-alignment, and terminated with an empty segment of type zero. If you want to squeeze the maximum amount of data into a QR code without it turning into a gray square, understanding segmentation helps.

Libraries 138

Libraries IT 138

Data Breach Today

AUGUST 25, 2021

Attacker Extols the Malware While Also Advising Would-Be Victims on Optimal Defenses Want defensive advice from a ransomware-wielding attacker? In a tell-all interview, a LockBit 2.0 representative not only extols the virtues of his malware, but also advises would-be victims to hire red teams, keep their software updated and educate employees to resist social engineering attacks.

Ransomware 307

Ransomware Education 307

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Schneier on Security

AUGUST 25, 2021

Vice has an article about how data brokers sell access to the Internet backbone. This is netflow data. It’s useful for cybersecurity forensics, but can also be used for things like tracing VPN activity. At a high level, netflow data creates a picture of traffic flow and volume across a network. It can show which server communicated with another, information that may ordinarily only be available to the server owner or the ISP carrying the traffic.

Communications 141

Communications Cybersecurity Government Access 141

eSecurity Planet

AUGUST 25, 2021

Software vulnerabilities are a grave threat to the security of computer systems. They often go undetected for years until it is too late and the consequences are irreversible. In order to find these weaknesses, software security testers and developers often have to manually test the entire codebase and determine if any vulnerabilities exist. However, this can take months or even years of work due to the scale of modern software projects.

Security 133

Security Artificial Intelligence IT Cybersecurity 133

Data Breach Today

AUGUST 25, 2021

Researchers Say iPhone Exploit Used to Install Spyware Researchers at The Citizen Lab at the University of Toronto say they've found a new zero-click iMessage exploit that's been used by the government of Bahrain to install the NSO Group's Pegasus spyware on the devices of human rights and political activists.

Government 301

Government 301

Security Affairs

AUGUST 25, 2021

Financially motivated threat actor FIN8 employed a previously undocumented backdoor, tracked as ‘Sardonic,’ in recent attacks. The financially motivated threat actor FIN8 has been observed employing a previously undetected backdoor, dubbed Sardonic , on infected systems. The new backdoor was spotted by researchers from cybersecurity firm Bitdefender, it was discovered while investigating an unsuccessful attack carried out by FIN8 aimed at an unnamed financial institution in the U.S.

Retail 120

Retail Insurance Cybersecurity Phishing 120

Data Breach Today

AUGUST 25, 2021

Report Describes How Image Recognition Tools Can Be Deceived The artificial intelligence systems used by image recognition tools, such as those that certain connected cars use to identify street signs, can be tricked to make an incorrect identification by a low-cost but effective attack using a camera, a projector and a PC, according to Purdue University researchers.

Artificial Intelligence 274

Artificial Intelligence 274

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

eSecurity Planet

AUGUST 25, 2021

Zero trust architecture is an emerging technology in cybersecurity that offers an alternative to the traditional castle-and-moat approach to security. Instead of focusing only on your perimeter to defend against attacks from the outside, zero trust assumes that threats are ubiquitous and pervasive. Therefore, each user, device, and application within your network must verify that it isn’t a threat before it can proceed.

Cybersecurity 113

Cybersecurity Access Risk Security 113

Data Breach Today

AUGUST 25, 2021

11 Months After Patch Issued, Many Tools Remain Unpatched A little-explored critical vulnerability in the WebAdmin of Sophos’ SG UTM - software used to configure the firewall and threat detection settings of Sophos’s Unified Threat Management hardware tool - remains a threat where unpatched some 11 months after a patch was issued, a researcher says.

232

232

Threatpost

AUGUST 25, 2021

Then again, you don’t even need the actual device – in this case, a SteelSeries peripheral – since emulation works just fine to launch with full SYSTEM rights.

Security 110

Security 110

Security Affairs

AUGUST 25, 2021

F5 has addressed more than a dozen severe vulnerabilities in its BIG-IP networking device, including one rated as critical severity under specific conditions. Security vendor F5 has addressed more than a dozen high-severity vulnerabilities in its BIG-IP networking device, including an issue that was considered as critical severity when exploited under specific conditions.

Authentication 104

Authentication Access Security Cybersecurity 104

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

eSecurity Planet

AUGUST 25, 2021

Amazon Web Services has unveiled a revamped competency for managed security service providers (MSSPs) that is intended to make it simpler for end customers to identify AWS partners that have the most security services expertise. As IT organizations of all sizes continue to struggle with cloud security issues, many of them are looking to AWS to identify external security expertise they can tap, said Doug Yeum, channel chief for AWS.

Cloud 84

Cloud Security Sales Compliance 84

Security Affairs

AUGUST 25, 2021

Threat actors claim to have a database containing private information on roughly 70 million AT&T customers, but the company denies any security breach. ShinyHunters group claims to have a database containing private information on roughly 70 million AT&T customers, but the company denies that they have been stolen from its systems. ShinyHunters is a popular hacking crew that is known to have offered for sale data stolen from tens of major organizations, including Tokopedia , Homechef , C

Data breaches 101

Data breaches Sales Authentication Security 101

WIRED Threat Level

AUGUST 25, 2021

After another “zero-click” attack, security experts say it's time for more extreme measures to keep iMessage users safe.

Security 102

Security IT 102

Security Affairs

AUGUST 25, 2021

The South Korean multinational Samsung revealed that it can disable its Samsung TV sets remotely using the TV Block feature. Samsung TV sets can be remotely disabled by the vendor using a built-in feature dubbed TV Block. The company revealed the capability to disable any device worldwide in a press release issued earlier this month in response to the numerous looting that impacted Samsung warehouses and stores in July following South African riots.

IT 98

IT Sales Marketing Security 98

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Threatpost

AUGUST 25, 2021

The new APT uses an undocumented backdoor to infiltrate the education, retail and government sectors.

Retail 106

Retail Education Government 106

Security Affairs

AUGUST 25, 2021

Experts spotted a modified version of WhatsApp for Android, which offers extra features, but that installs the Triada Trojan on the devices. Researchers from Kaspersky spotted a modified version of WhatsApp for Android, which offers extra features, but which installs the Triada Trojan on the devices. WhatsApp users sometimes look for mods that offer extra features such as animated themes, self-destructing messages which automatically delete themselves, the option of hiding certain conversations

Access 91

Access IT Security Information Security 91

Threatpost

AUGUST 25, 2021

Hao Kou Chi pleaded guilty to four felonies in a hacker-for-hire scam that used socially engineered emails to trick people out of their credentials.

Privacy 84

Privacy 84

OpenText Information Management

AUGUST 25, 2021

OpenText™ Gupta SQLBase 12.3 increases access security, provides the tools to comply with data protection regulations like GDPR. The query power and update functionality are improved for more computational power in query results and update statements. The SQLBase EDP deployment tool now lets users configure the file contents of custom installers to be created giving … The post What’s new in OpenText Gupta SQLBase 12.3 appeared first on OpenText Blogs.

GDPR 63

GDPR Access Security 63

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Threatpost

AUGUST 25, 2021

Networking giant issues two critical patches and six high-severity patches.

Cloud 111

Cloud Security 111

IG Guru

AUGUST 25, 2021

1. What is InfoGov World and why should I attend?InfoGov World Expo 2021 will be the world’s first trans-Atlantic Information Governance conference presented in a 3D world. The inaugural event will feature 100+ speakers from around the world, 100 sessions, an immersive virtual expo hall, networking events, a career fair, and two days of training […].

Information governance 63

Information governance Government Artificial Intelligence Records Management 63

Jamf

AUGUST 25, 2021

Post-pandemic pedagogy and creative constraints: Taylor Mali helps educators to tap into the sources of inspiration that will allow them to thrive.

Education 52

Education 52

The Schedule

AUGUST 25, 2021

Election Timeline + Logistics. Ballots will open on Wednesday, August 25, and remain open for 2 weeks, closing on Wednesday, September 8. Ballot Page: [link]. The “View Ballot” link will direct users to the usual SurveyMonkey election ballot. Users must be logged in to access the page. Once they submit one ballot, users will be redirected back to the main page to complete their next ballot.

Records Management 40

Records Management Libraries Archiving Access 40

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Adam Shostack

AUGUST 25, 2021

If you’re seeing this in your feed, have you also seen a bad Star Wars joke? Because I’ve got one on the new blog. Please add [link] , or replace the feed you’re reading with it. (This is the adam.shostack.org version of this post; the new post is just at shostack.org).

IT 40

IT 40

Archive-It

AUGUST 25, 2021

by the Archive-It team. Partners, have your say! Your feedback is vital to Archive-It’s development, so we want to make sure that every partner’s voice is heard. We invite all active Archive-It partners to respond to the Archive-It Satisfaction Survey. It takes about five minutes to answer a few multiple-choice and short answer questions, but your input will help immensely to improve and grow our web archiving services.

Archiving 26

Archiving IT Libraries Access 26

Data Breach Today

AUGUST 25, 2021

Administration Official: Gathering Will Also Address Hiring More Security Pros The Biden administration is hosting a White House meeting Wednesday with technology, banking, insurance and education executives to focus on cybersecurity and national security issues such as protecting critical infrastructure from attacks and how to hire more security professionals to meet demand.

Insurance 246

Insurance Education Cybersecurity Security 246