Thu.Mar 17, 2022

article thumbnail

Enhance your security posture by detecting risks on authenticator devices

Thales Cloud Protection & Licensing

Enhance your security posture by detecting risks on authenticator devices. Anonymous (not verified). Thu, 03/17/2022 - 09:46. Numerous attacks due to compromised mobile devices. Mobile device usage has become crucial to business agility and productivity for years but the number of compromised devices is growing too, as shown by the Verizon Mobile Security Index 2021 Report: 40% of respondents said that mobile devices are the company’s biggest IT security threat. 53% said the consequences of a br

article thumbnail

Sanctions Against Russia and Belarus Affect Bug Hunters

Data Breach Today

This report analyzes how sanctions levied against Russia and Belarus for the invasion of Ukraine are affecting security researchers in those countries who participate in bug bounty programs. It also examines lessons to be learned from data breaches and developments in passwordless authentication.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST ESSAY: Marshaling automated cybersecurity tools to defend automated attacks

The Last Watchdog

Cybersecurity tools evolve towards leveraging machine learning (ML) and artificial intelligence (AI) at ever deeper levels, and that’s of course a good thing. However, we often see results that feel cookie cutter and counter-productive, raising the question: can AI really do as good of a job as a human? Related: Business logic hacks plague websites.

article thumbnail

XDR: Four Key Business Benefits

Data Breach Today

XDR: Because it's new to the market, it comes with a trail of hype. Stephen Davis of Rapid7 cuts through the buzz and discusses four tangible business benefits that are likely from XDR adoption - including high-fidelity detections and accelerated incident response.

Marketing 246
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Anonymous continues to support Ukraine against the Russia

Security Affairs

The collective Anonymous and its affiliated groups continue to target the Russian government and private organizations. The collective Anonymous, and other groups in its ecosystem, continue to target the Russian government and private organizations. Let’s summarize the most interesting attacks observed in the last few days. Yesterday Anonymous announced the hack of the website of the Ministry of Emergencies of Russia, the hackers defaced them and published the message: “Don’t t

Military 143

More Trending

article thumbnail

B1txor20 Linux botnet use DNS Tunnel and Log4J exploit

Security Affairs

Researchers uncovered a new Linux botnet, tracked as B1txor20, that exploits the Log4J vulnerability and DNS tunnel. Researchers from Qihoo 360’s Netlab have discovered a new backdoor used to infect Linux systems and include them in a botnet tracked as B1txor20. The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured an unknown ELF file that was spreading by exploiting the Log4J vulnerability.

Honeypots 129
article thumbnail

CafePress Data Breach: Owner Agrees to Feds' Settlement

Data Breach Today

22 Million Accounts Breached Owing to Multiple Security Failures, Regulator Says The current and former owners of CafePress, a site for selling customizable merchandise, have agreed to a draft Federal Trade Commission settlement tied to multiple security shortcomings that failed to prevent or detect a 2019 data breach that exposed 22 million users' account details.

article thumbnail

Microsoft releases open-source tool for checking MikroTik Routers compromise

Security Affairs

Microsoft released an open-source tool to secure MikroTik routers and check for indicators of compromise for Trickbot malware infections. Microsoft has released an open-source tool, dubbed RouterOS Scanner, that can be used to secure MikroTik routers and check for indicators of compromise associated with Trickbot malware infections. “This analysis has enabled us to develop a forensic tool to identify Trickbot-related compromise and other suspicious indicators on MikroTik devices.

article thumbnail

Banking Committee Chair: Crypto Can 'Endanger Security'

Data Breach Today

Also: Elizabeth Warren, Colleagues Introduce Bill Targeting Sanctions Evasion U.S. lawmakers on Thursday again discussed illicit finance with regard to cryptocurrencies - in light of recent warnings that the Russian government may increasingly rely on digital currencies to stabilize its sanctioned economy. And Sen. Elizabeth Warren introduced a sanctions-related bill.

Security 242
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

California AG Issues Decision on Disclosure of Inference Data in Response to CCPA Access Requests

Hunton Privacy

On March 10, 2022, in its first formal written opinion interpreting the California Consumer Privacy Act’s (“CCPA’s”) compliance obligations, the California Attorney General (“AG”) confirmed that the CCPA grants a consumer the right to access inferences drawn from personal information collected about the consumer, even if such inferences are generated by the business (unless the business can demonstrate that a statutory exception to the CCPA applies).

Access 108
article thumbnail

2 Critical Bugs, 1 High-Severity Bug Affect Veeam Products

Data Breach Today

Company Has Issued Patches for All 3 Vulnerabilities A security researcher found two critical vulnerabilities and one high-severity vulnerability in two separate Veeam products that may allow attackers to perform remote code execution and allow local privilege execution on victims' systems, respectively. Veeam has issued patches for all three bugs.

Security 242
article thumbnail

Dev Sabotages Popular NPM Package to Protest Russian Invasion

Threatpost

In the latest software supply-chain attack, the code maintainer added malicious code to the hugely popular node-ipc library to replace files with a heart emoji and a peacenotwar module.

Libraries 107
article thumbnail

UK Regulator Raises Concerns Over NortonLifeLock-Avast Deal

Data Breach Today

Firms Asked for 'Clear-Cut Solution' to Address Anti-Competition Concerns Cybersecurity company NortonLifeLock's $8.6 billion plan to purchase rival Avast has hit a snag. On Thursday, the U.K.'s regulatory body expressed anti-competition concerns about the proposed deal. The Competition and Markets Authority has given the firms five days to provide a "clear-cut solution.

Marketing 257
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Meta Hit with £14 Million Fine for a Dozen GDPR Breaches

IT Governance

Meta has been fined €17 million (about £14.2 million) for twelve breaches of EU data protection rules. The tech giant, formerly known as Facebook, violated several GDPR (General Data Protection Regulation) requirements, and more than 30 million people have been affected. According to the Irish DPC (Data Protection Commissioner) , which investigated the breaches, Meta failed to implement appropriate technical and organisational measures to protect EU users’ personal data.

GDPR 98
article thumbnail

“Change Password”

Schneier on Security

Oops : Instead of telling you when it’s safe to cross the street, the walk signs in Crystal City, VA are just repeating ‘CHANGE PASSWORD.’ Something’s gone terribly wrong here.

Passwords 103
article thumbnail

Using data intelligence to connect and power business

Collibra

The process of collecting, analyzing, and managing data is vital to the success of any modern business. Those who use Data Intelligence—the easy access of high-quality data across an organization—to connect and power their business don’t just elevate themselves in an era of digital transformation, but also create a notable, competitive edge over organizations that do not. .

article thumbnail

Opensource from hell: malicious JavaScript distributed via opensource libraries, again

Outpost24

Opensource from hell: malicious JavaScript distributed via opensource libraries, again. 17.Mar.2022. Florian Barre. Thu, 03/17/2022 - 08:01. Martin Jartelius, CSO, Outpost24. Ghost Labs. Teaser. It’s open source, anyone can audit it, but is it safe? In this blog our CSO explores why distribution of malicious scripts via libraries is causing a stir amongst the open-source community and how you can defend against it.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Ukraine SBU arrested a hacker who supported Russia during the invasion

Security Affairs

The Security Service of Ukraine (SBU) announced the arrest of a “hacker” who helped Russian Army during the invasion. The Security Service of Ukraine (SBU) announced to have arrested a hacker who provided technical support to Russian troops during the invasion, the man provided mobile communication services inside the Ukrainian territory.

article thumbnail

6 Reasons Not to Pay Ransomware Attackers

Dark Reading

Paying a ransom might appear to be the best option, but it comes with its own costs.

article thumbnail

node-ipc NPM Package sabotage to protest Ukraine invasion

Security Affairs

The developer behind the popular “node-ipc” NPM package uploaded a destructive version to protest Russia’s invasion of Ukraine. RIAEvangelist, the developer behind the popular “ node-ipc ” NPM package, shipped a new version that wipes Russia, Belarus systems to protest Russia’s invasion of Ukraine. The Node-ipc node module allows local and remote inter-process communication with support for Linux, macOS, and Windows.

article thumbnail

Jamf Threat Labs identifies Safari vulnerability allowing for Gatekeeper bypass

Jamf

The Jamf Threat Labs recently discovered a new macOS vulnerability in the Safari browser that could lead to the execution of an unsigned and un-notarized application, without displaying security prompts to the user, by using a specially crafted zip file. We reported our findings to Apple and in the latest macOS release (12.3), Apple patched the vulnerability (CVE-2022-22616).

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

SolarWinds Warns of Attacks Targeting Web Help Desk Users

Security Affairs

SolarWinds warns customers of potential cyberattacks targeting unpatched installs of its Web Help Desk (WHD) product. SolarWinds has published a security advisory to warn customers of the risk of cyberattacks targeting unpatched Web Help Desk (WHD) installs. The WHD is described by SolarWinds as an affordable Help Desk Ticketing and Asset Management Software.

Risk 96
article thumbnail

Our Role in Shaping a More Sustainable Future

Micro Focus

Join us at Micro Focus Universe as we host discussions with industry leaders to explore this year’s International Women’s Day (IWD) theme ‘Break the Bias’ – and identify what role the IT industry can play in addressing the climate crisis. As we prepare to host our largest customer and partner event of the year, Micro. View Article.

IT 89
article thumbnail

Stopping Russian Cyberattacks at Their Source

Dark Reading

Step up training with cybersecurity drills, teach how to avoid social engineering traps, share open source monitoring tools, and make multifactor authentication the default.

article thumbnail

How APIs integrate and streamline your digital ecosystem

OpenText Information Management

The ability to access, share and derive value from all the information across your organization depends on seamless integration in your digital ecosystem, which is likely expanding by the day. Adopting an Application Programming Interface (API) integration is a stress-free approach to streamlining an organization’s digital landscape and successfully thriving in an agile business model. … The post How APIs integrate and streamline your digital ecosystem appeared first on OpenText Blogs.

Access 85
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Enhance your security posture by detecting risks on authenticator devices

Thales Cloud Protection & Licensing

Enhance your security posture by detecting risks on authenticator devices. Anonymous (not verified). Thu, 03/17/2022 - 09:46. Numerous attacks due to compromised mobile devices. Mobile device usage has become crucial to business agility and productivity for years but the number of compromised devices is growing too, as shown by the Verizon Mobile Security Index 2021 Report: 40% of respondents said that mobile devices are the company’s biggest IT security threat. 53% said the consequences of a br

article thumbnail

ThreatMapper Updated With New Scanning Tools

Dark Reading

ThreatMapper 1.3.0 features secret scanning and the ability to enumerate a software bill of materials (SBOM) at runtime to help secure serverless, Kubernetes, container and multi-cloud environments.

Cloud 82
article thumbnail

KnowBe4 Named a Leader in The Forrester Wave for Security Awareness and Training Solutions

KnowBe4

We’re thrilled to announce that KnowBe4 has been named a Leader in The Forrester Wave TM : Security Awareness and Training Solutions, Q1 2022 report based on our current offering, strategy and market presence.