Mon.Mar 04, 2019

article thumbnail

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

The Last Watchdog

A common thread runs through the cyber attacks that continue to defeat the best layered defenses money can buy. Related: We’re in the midst of ‘cyber Pearl Harbor’ Peel back the layers of just about any sophisticated, multi-staged network breach and you’ll invariably find memory hacking at the core. In fact, memory attacks have quietly emerged as a powerful and versatile new class of hacking technique that threat actors in the vanguard are utilizing to subvert conventional IT s

article thumbnail

Hackers Sell Access to Bait-and-Switch Empire

Krebs on Security

Cybercriminals are auctioning off access to customer information stolen from an online data broker behind a dizzying array of bait-and-switch Web sites that sell access to a vast range of data on U.S. consumers, including DMV and arrest records, genealogy reports, phone number lookups and people searches. In an ironic twist, the marketing empire that owns the hacked online properties appears to be run by a Canadian man who’s been sued for fraud by the U.S.

Access 181
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Who Faces Biggest Financial Risks From Cyberattacks?

Data Breach Today

Moody's Says Hospitals, Banks Among Those That Have the Most Significant Potential Impact Four business sectors - hospitals, banks, securities firms and market infrastructure providers - potentially face the most significant financial impact from cyberattacks that could lead to a weakened credit profile, according to a new report from Moody's Investors Service.

Risk 204
article thumbnail

Improving the Public Comment Process for Records Schedules

National Archives Records Express

We are changing the process for public review and comment of proposed records schedules to one using the Federal eRulemaking Portal, [link]. We posted a Federal Register notice detailing this change in process today. Currently, we publish notice in the Federal Register of agency records schedules open for comment. People who wish to review and comment on the schedules must request copies of the actual documents, submit comments, and receive responses via mail or email.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

CoreDNS: The DNS for cloud-native computing

DXC Technology

I have a t-shirt which reads, from top to bottom: “It’s not DNS. There’s no way it’s DNS. It was DNS!” As every sysadmin knows, all too many network problems boil down to a Domain Name System (DNS) blunder. That’s already annoying, but when you have to deal with a DNS headache with fast-moving containers […].

Cloud 86

More Trending

article thumbnail

Microsoft enabled Retpoline mitigations against the Spectre Variant 2 for Windows 10

Security Affairs

Microsoft started rolling out a new software update for Windows 10 systems to apply mitigations against the Spectre attacks. Over the weekend, Microsoft started distributing software updates for Windows 10 systems to enable the Retpoline mitigations against Spectre attacks. . In January 2018 security experts at Google Project Zero disclosed Meltdown and Spectre side-channel attacks that impact most modern processors, including those from Intel, AMD, and ARM.

Cloud 82
article thumbnail

The Latest in Creepy Spyware

Schneier on Security

The Nest home alarm system shipped with a secret microphone , which -- according to the company -- was only an accidental secret : On Tuesday, a Google spokesperson told Business Insider the company had made an "error." "The on-device microphone was never intended to be a secret and should have been listed in the tech specs," the spokesperson said. "That was an error on our part.".

article thumbnail

Google Project Zero discloses zero-day in Apple macOS Kernel

Security Affairs

Cybersecurity expert at Google Project Zero has publicly disclosed details and proof-of-concept exploit for a high-severity security vulnerability in macOS operating system. Google Project Zero white hat hacker Jann Horn disclosed the flaw according to the 90-days disclosure policy of the company because Apple failed to address the issue within 90 days of being notified.

article thumbnail

TPI Podcast on Privacy Legislation Features Sidley Partner Alan Raul

Data Matters

On February 26, 2019, the Technology Policy Institute’s Two Thing Minimum podcast featured Sidley Partner and founder of the Privacy and Cybersecurity practice, Alan Raul, alongside former FTC Acting Chairman and Commissioner of the FTC Maureen Ohlhausen. The topic of the day was the future of privacy legislation in 2019. Topics ranged from politics, U.S.

Privacy 68
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Necurs Botnet adopts a new strategy to evade detection

Security Affairs

The Necurs Botnet continues to evolve, a new strategy aims at hiding in the shadows, and leverages new payloads to recruits new bots. Necurs botnet is currently the second largest spam botnet , it has been active since at least 2012 and was involved in massive campaigns spreading malware such as the Locky ransomware , the Scarab ransomware , and the Dridex banking Trojan.

article thumbnail

Rethinking how things get done, part 2: 9 recommendations for increasing innovation

CGI

Rethinking how things get done, part 2: 9 recommendations for increasing innovation. shobana.lv@cgi.com. Mon, 03/04/2019 - 02:34. In today’s dynamic market, competition is increasing at a dramatic rate not only from traditional competitors, but also from players in adjacent sectors and new digital entrants, putting tremendous pressure on enterprises to innovate.

article thumbnail

Container Escape Hack Targets Vulnerable Linux Kernel

Threatpost

A proof-of-concept hack allows adversaries to tweak old exploits, have code jump containers and attack underlying infrastructure.

Cloud 79
article thumbnail

Top 10 Sessions to Catch at RSA Conference 2019

eSecurity Planet

Here are our picks for the top RSA conference sessions that could help you improve cybersecurity within your own organization.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Chronicle Releases Chapter One: Backstory

Dark Reading

Google spinoff Alphabet rolls out a new cloud-based security data platform that ultimately could displace some security tools in organizations.

Cloud 74
article thumbnail

Annual RSA Conference Exclusive 2019 Edition of Cyber Defense Magazine is arrived

Security Affairs

We’re honored to bring you our 7th Annual edition of Cyber Defense Magazine (CDM), exclusively in print at the RSA Conference (RSAC) 2019. Cyber Defense eMagazine – Annual RSA Conference 2019 Edition. Sponsored by: Regent University’s Institute for Cybersecurity. Setting the Standard in Cyber Training & Education. and by the RSA Conference 2019 Team!

article thumbnail

Project Zero Discloses High-Severity Apple macOS Flaw

Threatpost

Google Project Zero researchers detailed a new high-severity macOS flaw after Apple failed to patch it by the 90-day disclosure deadline.

IT 74
article thumbnail

Google Reveals "BuggyCow," a Rare MacOS Zero-Day Vulnerability

WIRED Threat Level

Google's Project Zero researchers find a potentially powerful privilege escalation trick in how Macs manage memory.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Here's What Happened When a SOC Embraced Automation

Dark Reading

Despite initial apprehension, security pros immediately began to notice some benefits.

article thumbnail

Teen Becomes First to Earn $1M in Bug Bounties with HackerOne

Threatpost

He is also the all-time top-ranked hacker on HackerOne’s leaderboard, out of more than 330,000 hackers competing for the top spot.

64
article thumbnail

Startup Armor Scientific Launches Multifactor Identity System

Dark Reading

Company aims to replace usernames and passwords by combining GPS location, biometrics, and keys issued through a blockchain-based network.

article thumbnail

Smart Ski Helmet Headphone Flaws Leak Personal, GPS Data

Threatpost

A rash of security flaws in the Outdoor Tech CHIPS smart headphones, which fit in ski helmets, allow bad actors to collect data like emails, passwords, GPS location - and even listen to conversations in real time.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Delivering ROI through mitigated risk

Jamf

In the conclusion of our three-part blog series, we examine how Jamf Pro delivers a compelling return on investment (ROI) by mitigating security risks.

Risk 56
article thumbnail

BSides SF 2019: Remote-Root Bug in Logitech Harmony Hub Patched and Explained

Threatpost

Users of Logitech’s Harmony Hub get long-awaited answers about the critical bugs that left their home networks wide open to attack.

article thumbnail

Cross cultural aspects of breach response strategies

DXC Technology

The phones are ringing off the hook at headquarters, your web site traffic is exploding and your email boxes have reached capacity. Why? Your enterprise systems have been hacked, exposing millions of confidential customer personal and financial records. It’s impossible to determine where in the world the hack originated, but the implications are surely global […].

article thumbnail

Bounty Hunters Find 100K+ Bugs Under HackerOne Program in 2018

Dark Reading

Organizations signed up with the vulnerability disclosure platform shelled out a record $19 million for bug discoveries in their systems.

58
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Visitor Kiosk Access Systems Riddled with Bugs

Threatpost

Student researchers working with IBM X-Force Red team find security holes in five leading visitor management systems.

Access 60
article thumbnail

Backstory: An Alphabet Moonshot Wants to Store the Security Industry's Data

WIRED Threat Level

Alphabet-owned Chronicle has announced Backstory, an effort to store network intelligence data and help trace cybersecurity incidents back to their roots.

article thumbnail

RSAC 2019: An Antidote for Tech Gone Wrong

Threatpost

As many ponder the big ethical questions around cyber, some are proposing public interest technologist as a solution.