Mon.May 18, 2020

article thumbnail

This Service Helps Malware Authors Fix Flaws in their Code

Krebs on Security

Almost daily now there is news about flaws in commercial software that lead to computers getting hacked and seeded with malware. But the reality is most malicious software also has its share of security holes that open the door for security researchers or ne’er-do-wells to liberate or else seize control over already-hacked systems. Here’s a look at one long-lived malware vulnerability testing service that is used and run by some of the Dark Web’s top cybercriminals.

article thumbnail

GAO: Chemical Plants Vulnerable to Cyberattacks

Data Breach Today

DHS Cybersecurity Guidance Not Updated in a Decade U.S. facilities that produce, use or store hazardous chemicals are vulnerable to cyberattacks, in part because cybersecurity guidelines from the Department of Homeland Security are outdated, according to a recent GAO audit.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Texas Department of Transportation (TxDOT) hit by a ransomware attack

Security Affairs

A new ransomware attack hit the Texas government, the malware this time infected systems at the state’s Department of Transportation (TxDOT). The Texas government suffered two ransomware attacks in a few weeks, the first one took place on May 8, 2020 and infected systems at the Texas court. All @txcourts websites are down. We are aware of this issue and working to remedy it.

article thumbnail

Supercomputer Intrusions Trace to Cryptocurrency Miners

Data Breach Today

Likely Connected: Attacks Against Systems in US, UK, China, Germany and Beyond Cryptocurrency-mining hackers appear to be behind a recent spate of supercomputer and high-performance computing system intrusions. But it's unclear if attackers might also have had data-stealing or espionage intentions.

Mining 312
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

FBI warns US organizations of ProLock ransomware decryptor not working

Security Affairs

The FBI? issued a flash alert to warn organizations in the United States that the ProLock ransomware decryptor doesn’t work properly. Early this month, the FBI? issued a flash alert to warn organizations of the new threat actor targeting healthcare, government, financial, and retail industries in the US. “The decryption key or ‘decryptor’ provided by the attackers upon paying the ransom has not routinely executed correctly,” states the alert. “The decryptor ca

More Trending

article thumbnail

Scaling AI at Lufthansa: A Think digital 2020 spotlight

IBM Big Data Hub

In the airline industry, timing and synchronization are everything when it comes to the customer experience. Mitigating unforeseen circumstances against customer expectations and good old supply and demand are all issues well within the wheelhouse of AI’s predictive capabilities. It’s no wonder that Deutsche Lufthansa AG, Germany’s largest airline, recognized early on that with the right data and AI strategy, it could enhance the customer experience and better empower its employees while achievi

article thumbnail

Why Cyberthreats Tied to COVID-19 Could Hit Diverse Targets

Data Breach Today

Besides hospitals and academic institutions, dozens of nonprofits, including nongovernmental organizations - or NGOs - around the world must protect their COVID-19 research and related activities from those seeking to steal data or disrupt their operations, says cyber risk management expert Stanley Mierzwa.

Risk 232
article thumbnail

Spike in cyber security incidents since lockdown began

IT Governance

Almost half of organisations have suffered a cyber security incident as a result of the sudden shift to remote working, a new study has found. A Barracuda Networks survey discovered that 46% of organisations across the UK, US, France and Germany have suffered at least one “cybersecurity scare” since the coronavirus lockdown began. The results are unsurprising but nonetheless troubling.

article thumbnail

Game Theory: Why System Security Is Like Poker, Not Chess

ForAllSecure

The 1980’s film “Wargames” asked a computer to learn whether global thermonuclear war made sense. In the film, thermonuclear war didn’t make sense but what if, in real life, preemptive cyberattacks were our best hope for winning? Or better yet, what are the cyberwar scenarios and incentives when peace is the best strategy, just like “Wargames”? Or is it the reverse, where the best thing to do is invest in offense?

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

The FBI Backs Down Against Apple?Again

WIRED Threat Level

The agency cracked the Pensacola iPhones, but it still views Cupertino as a problem—even though it's easier to break into iPhones than it has been in years.

IT 96
article thumbnail

Mandrake, a high sophisticated Android spyware used in targeted attacks

Security Affairs

Security experts discovered a highly sophisticated Android spyware platform, dubbed Mandrake, that remained undetected for four years. Researchers from Bitdefender discovered a high-sophisticated Android spyware platform dubbed Mandrake, it was involved in highly targeted attacks against specific devices. Mandrake is an advanced cyberespionage platform, but experts believe the attacks are financially motivated.

article thumbnail

ProLock Ransomware Teams Up With QakBot Trojan to Infect Victims

Threatpost

ProLock is relatively new, but already the ransomware is making waves by using QakBot infections to access networks, gain persistence and avoid detection.

article thumbnail

Stored XSS in WP Product Review Lite plugin allows for automated takeovers

Security Affairs

A critical flaw in the WP Product Review Lite plugin installed on over 40,000 WordPress sites could potentially allow their take over. Attackers could exploit a critical vulnerability in the WP Product Review Lite WordPress plugin to inject malicious code and potentially take over vulnerable websites. The WP Product Review Lite plugin allows site owners to quickly create custom review articles using pre-defined templates, it is currently installed on over 40,000 WordPress sites.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Ransomware Gang Arrested for Spreading Locky to Hospitals

Threatpost

A group of four people calling themselves "Pentaguard" were arrested in house raids.

article thumbnail

European Commission?s Public Consultation on Proposed EU Artificial Intelligence Regulatory Framework

Data Matters

On 19 February 2020, the European Commission published a white paper on the use of artificial intelligence (“AI”) in the EU (the “White Paper”). The White Paper forms part of the Commission President, Ursula Von der Leyen’s, digital strategy, one of the key pillars of her administration’s five year tenure, recognising that the EU has fallen behind the US and China with respect to the strategic deployment of AI.

article thumbnail

Cryptocurrency Hardware Wallets Can Get Hacked, Too

WIRED Threat Level

New research shows vulnerabilities in popular cold storage options that would have revealed their PINs.

article thumbnail

ARMA Job Board Lists Over 100 Open Positions

IG Guru

Positions in Information Governance, Cyber Risk, Risk Analysis, Teaching, and HIM positions are some of the posted positions you can find here. The post ARMA Job Board Lists Over 100 Open Positions appeared first on IG GURU.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Legendary Help: Powering global supply chains during a time of crisis

Rocket Software

Global supply chains were one of the first industries impacted by the pandemic, and they continue to be one of the hardest hit industries. Non-essential manufacturing has slowed down as essential services become prioritized. International borders were also quickly closed as the virus spread, and even though shipping and receiving has been able to continue operating, moving supplies has slowed down.

article thumbnail

SINGAPORE: Important changes proposed to Singapore?s Personal Data Protection Act

DLA Piper Privacy Matters

Organisations should plan ahead for significant changes to Singapore’s Personal Data Protection Act (“ PDPA ”), proposed in a consultation paper published on 14 May 2020. It is likely that most of the amendments set out in the draft Personal Data Protection (Amendment) Bill 2020 (“ Bill ”) will be passed, since the PDPC has previously carried out three consultations on key policy proposals, and the Bill consolidates all of these earlier proposals.

article thumbnail

What if today?s contact center technology existed a quarter of a century ago?

OpenText Information Management

Some 26 years ago, I was a tech support representative working at a call center for a prominent software company. I started as a first-tier support agent, working primarily on consumer fax products before I moved up the ladder and became the international support liaison. I vividly remember my first few weeks onboarding. Each support agent … The post What if today’s contact center technology existed a quarter of a century ago?

article thumbnail

Ramsey Malware

Schneier on Security

A new malware, called Ramsey, can jump air gaps : ESET said they've been able to track down three different versions of the Ramsay malware, one compiled in September 2019 (Ramsay v1), and two others in early and late March 2020 (Ramsay v2.a and v2.b). Each version was different and infected victims through different methods, but at its core, the malware's primary role was to scan an infected computer, and gather Word, PDF, and ZIP documents in a hidden storage folder, ready to be exfiltrated at

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Edison Mail iOS Bug Exposes Emails to Strangers

Threatpost

A bug introduced in an iOS software update on the Edison Mail app allowed emails to be viewed by strangers.

Privacy 74
article thumbnail

Ready or not, here we come!

RFID Global Solution, Inc.

We can debate if the time should be now, in a few weeks or months from now, in slow and measured phases as recommended by health experts, or all at once, but it seems we are on a path to reopen the US economy. For manufacturing this presents a set of new challenges. The good … Ready or not, here we come! Read More ». The post Ready or not, here we come!

article thumbnail

As DevOps Accelerates, Security's Role Changes

Dark Reading

There remains a disconnect between developers and security teams, with uncertainty around who should handle software security.

article thumbnail

Nostalgia by Hironori Katagiri

Archives Blogs

This week’s #BeConnected Explore Our Campus looks at Nostalgia by Hironori Katagiri. This sculpture is located at the bottom of Pathfoot Drive on campus. This work is one of 14 works by Hironori Katagiri on campus. “Nostalgia” was made while Katagiri was artist in residence at the Scottish Sculpture Workshop in Lumsden as part of the Japan 2001 Festival.

IT 26
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Private Equity Firm Stalls $1.9B Forescout Acquisition

Dark Reading

Officials say "there can be no assurance" Forescout and Advent International will reach an agreement, though talks are ongoing.

59
article thumbnail

ISOO’s NISP to hold Teleconference on Cost Collection Tomorrow (May 19, 2020)

Archives Blogs

On Tuesday, May 19, 2020, from 10:30 a.m. to 12:30 p.m., ISOO’s National Industrial Security Program (NISP) will hold an interagency meeting by teleconference to discuss NISP cost collection. The discussion will be led by ISOO Associate Director Greg Pannoni, and will include representatives of the Department of Defense, the Office of the Director of National Intelligence, the Department of Homeland Security, the Department of Energy, and the Nuclear Regulatory Commission.

article thumbnail

A bug in Edison Mail iOS app impacted over 6,400 users

Security Affairs

A security bug in the iOS app has impacted over 6,400 Edison Mail users, the issue allowed some users to access other people’s email accounts. An update released for iOS application of the Edison Mail introduced a security bug that resulted in some users being given access to other people’s email accounts. “On Friday, May 15th, 2020, a software update enabled users to manage accounts across their Apple devices.