Tue.May 23, 2023

article thumbnail

Panel | The Four Steps to Build a Modern Data Protection Platform

Data Breach Today

With data distributed across multiple clouds serving an increasingly remote workforce, can existing data protection programs truly be successful? Most data protection solutions have been built on a foundation of legacy technologies and operations that only drive up complexity and costs. A best-in-class data protection program should be easy to operate, reduce costs, and ultimately drive down data loss risk.

Cloud 260
article thumbnail

RSAC Fireside Chat: The need to stop mobile apps from exposing API keys, user credentials in runtime

The Last Watchdog

As digital transformation accelerates, Application Programming Interfaces (APIs) have become integral to software development – especially when it comes to adding cool new functionalities to our go-to mobile apps. Related: Collateral damage of T-Mobile hack Yet, APIs have also exponentially increased the attack vectors available to malicious hackers – and the software community has not focused on slowing the widening of this security gap.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

North Korea's BlueNoroff Group Targets macOS Systems

Data Breach Today

BlueNoroff Changed Attack Tactics in 2023 After Its TTPs Were Leaked The BlueNoroff hacker group, which is associated with the North Korean military's Reconnaissance General Bureau, is using RustBucket malware to target macOS systems of users primarily in the United States and Asia - a tactic observed for the first time since the group began its operations.

Military 254
article thumbnail

Digitizing Records: Getting Started

National Archives Records Express

Digital Imaging Lab [technologies] at Archives 2–[photographed for] Prologue use. National Archives Identifier: 184340999 We continue our series of posts to support the publication of 36 CFR section 1236 subpart E – Digitizing Permanent Records , which provides the requirements for digitizing permanent records. Records management is a crucial part of any agency operation, and the rise of digital technology has led many agencies to digitize their records for improved efficiency and ac

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

NY AG Fines Practice Management Firm $550K in 2020 Breach

Data Breach Today

Practicefirst Failed to Patch Critical Firewall Flaw That Led to Breach, AG Says A practice management software firm has agreed to pay a $550,000 fine and implement a comprehensive data security program to settle an enforcement action by New York state regulators after a 2020 ransomware attack that affected 1.2 million individuals nationwide, including 428,000 New Yorkers.

More Trending

article thumbnail

IT Worker Admits Piggybacking on Hacker's Extortion Attempt

Data Breach Today

Analyst Altered Ransom Note, Substituting His Own Cryptocurrency Wallet Address An IT security analyst has confessed to trying to blackmail his employer by altering ransom notes sent from a hacker to a board member and changing the cryptocurrency payment address to one he controlled. After his employer detected the unusual activity, U.K. police traced it back to the worker.

IT 159
article thumbnail

Hanzo Collaboration Data Snapshot Survey Results from CLOC

Hanzo Learning Center

Once again, the CLOC Global Institute (CGI) has come and gone. But while we were there, Hanzo took a quick snapshot survey of Legal Operations professionals to gain insights into how people are using collaboration data and how it's affecting in-house legal departments.

IT 98
article thumbnail

EU Committee Probes TikTok, UK's Updated GDPR

Data Breach Today

LIBE Committee Hears From Heads of UK and Irish Privacy Regulators European Union lawmakers have criticized the British government's updated privacy bill over concerns that it fails to adequately protect European citizens' fundamental rights. Lawmakers also heard from the Irish data authority on the status of its pending TikTok inquiry.

GDPR 146
article thumbnail

Can you use AI for IT scripting?

Jamf

As Artificial Intelligence (AI) continues to make inroads into the workplace, our webinar explores if advanced chatbox technology belongs in the IT admin toolbox in writing useful shell scripts.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Sharp Decline in Crypto Hacks in Q1 2023 Unlikely to Last

Data Breach Today

Law Enforcement, Regulatory Action in US Likely Led to 70% Drop in Hacks Law enforcement and regulatory action over the past year in the United States most likely dissuaded hackers from stealing cryptocurrency, making the amount stolen in the first quarter of the year the lowest compared to each of the four quarters in 2022, TRM Labs said.

130
130
article thumbnail

Google announced its Mobile VRP (vulnerability rewards program)

Security Affairs

Google introduced Mobile VRP (vulnerability rewards program), a new bug bounty program for reporting vulnerabilities in its mobile applications. Google announced a new bug bounty program, named Mobile VRP (vulnerability rewards program), that covers its mobile applications. Google’s Mobile VRP is a bug bounty program for reporting vulnerabilities in first-party Android applications developed or maintained by Google.

IT 91
article thumbnail

How the New UK Fraud Strategy Targets Scams

Data Breach Today

Ken Palla on Implementing the Plan to Pursue Fraud, Block Fraud and Empower People The U.K. government earlier this month introduced a strategy to reduce fraud and scams called Fraud Strategy: Stopping Scams and Protecting the Public. Ken Palla, retired director of MUFG Bank, said this as an important step to combat authorized scams, which have now eclipsed unauthorized fraud.

article thumbnail

German arms manufacturer Rheinmetall suffered Black Basta ransomware attack

Security Affairs

The German automotive and arms manufacturer Rheinmetall announced it was victim of a Black Basta ransomware attack that took place last month. Rheinmetall is a German automotive and arms manufacturer that is listed on the Frankfurt stock exchange. The company this week announced it was victim of a ransomware attack conducted by the Black Basta ransomware group.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Credible Handwriting Machine

Schneier on Security

In case you don’t have enough to worry about, someone has built a credible handwriting machine: This is still a work in progress, but the project seeks to solve one of the biggest problems with other homework machines, such as this one that I covered a few months ago after it blew up on social media. The problem with most homework machines is that they’re too perfect.

IT 87
article thumbnail

The Firefox Test

John Battelle's Searchblog

The Information today reports that Mozilla plans to integrate GPT-like chat technology into its widely used Firefox browser. Mozilla has long partnered with Google for search, yielding a reputed hundreds of millions in revenue as a result. The tech press has breathlessly speculated that, freshly invigorated thanks to ChatGPT, Microsoft’s Bing might steal a major distribution partner from Google.

IT 85
article thumbnail

The previously undocumented GoldenJackal APT targets Middle East, South Asia entities

Security Affairs

A previously undocumented APT group tracked as GoldenJackal has been targeting government and diplomatic entities in the Middle East and South Asia since 2019. Kaspersky researchers shared details about the activity of a previously undocumented APT group, tracked as GoldenJackal, which has been active since 2019. The primary motivation of the group appears to be the espionage.

article thumbnail

Microsoft: BEC Attackers Evade 'Impossible Travel' Flags With Residential IP Addresses

Dark Reading

Threat actors are circumventing geo-location-based security detections, using a combination of cybercrime-as-a-service platforms and the purchasing of local IP addresses.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

A deeper insight into the CloudWizard APT’s activity revealed a long-running activity

Security Affairs

Experts warn of a threat actor, tracked as CloudWizard APT, that is targeting organizations involved in the region of the Russo-Ukrainian conflict. On March 2023, researchers from Kaspersky spotted a previously unknown APT group, tracked as Bad Magic (aka Red Stinger), that targeted organizations in the region of the Russo-Ukrainian conflict. The attackers were observed using PowerMagic and CommonMagic implants.

article thumbnail

SuperMailer Abuse Bypasses Email Security for Super-Sized Credential Theft

Dark Reading

Secure email gateways and end users alike are being fooled by a cyberattack campaign that's enjoying skyrocketing volumes against businesses in every industry, globally.

article thumbnail

Configure an IBM Cloud Code Engine application to use custom domains

IBM Big Data Hub

IBM Cloud Code Engine is a fully managed, serverless platform that runs your containerized workloads, including web apps, microservices, event-driven functions or batch jobs. Code Engine even builds container images for you from your source code. All these workloads can seamlessly work together because they are all hosted within the same Kubernetes infrastructure.

Cloud 79
article thumbnail

To Lock Down PII, Privacy and Security Must Work Side by Side via Government Technology

IG Guru

North Carolina Chief Privacy Officer Cherie Givens talks about what she learned from building privacy programs at federal agencies and what common pitfalls states should avoid when establishing their own policies.

Privacy 76
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

LogRhythm vs Splunk: Top SIEM Solutions Compared

eSecurity Planet

If you’re in the market for a security information and event management (SIEM) solution, both LogRhythm and Splunk have a lot to offer, with strong support from customers and industry analysts. Both solutions appear in eSecurity Planet ’s list of top SIEM products , and SIEM buyers often compare the two. What follows is a closer look at key features of each product, with an examination of their strengths and weaknesses.

Cloud 72
article thumbnail

There’s Finally a Way to Improve Cloud Container Registry Security

WIRED Threat Level

“Container registries” are ubiquitous software clearinghouses, but they’ve been exposed for years. Chainguard says it now has a solution.

Cloud 82
article thumbnail

What is smart transportation?

IBM Big Data Hub

Every day, people encounter multiple obstacles while traveling to their intended destinations. Sitting in traffic, waiting for the bus to arrive 15 minutes later than scheduled, driving around for 30 minutes to find a parking spot—the modern world is full of inconveniences due to underlying inefficiencies in our transportation systems. However, stalled cars and harried people waiting for public transportation aren’t just an individual nuisance.

article thumbnail

[Microsoft Warning] A 38% Spike In Business Email Compromise with new Cybercrime-as-a-Service

KnowBe4

Microsoft has observed a thirty-eight percent increase in cybercrime-as-a-service (CaaS) offerings for launching business email compromise (BEC) attacks between 2019 and 2022.

70
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

What Security Professionals Need to Know About Aggregate Cyber Risk

Dark Reading

Widespread cyber incidents will happen, but unlike for natural disasters, specific security controls can help prevent a catastrophe.

Risk 84
article thumbnail

AI-generated Disinformation Dipped The Markets Yesterday

KnowBe4

The Insider reported that an apparently AI-generated photo faking an explosion near the Pentagon in D.C. went viral. The Arlington Police Department confirmed that the image and accompanying reports were fake. But when the news was shared by a reputable Twitter account on Monday, the market briefly dipped.

article thumbnail

Enterprises Must Prepare Now for Shorter TLS Certificate Lifespans

Dark Reading

Shorter certificate lifespans are beneficial, but they require a rethink of how to properly manage them.

91