Data Breach Today
DECEMBER 14, 2020
Fellow Victim FireEye Traces Breaches to Trojanized SolarWinds Software Updates The U.S. Commerce Department confirmed on Sunday it had been targeted by hackers, and the U.S. Treasury has also reportedly been struck. The intrusions appear linked to subverted software updates for SolarWinds' Orion network monitoring product, which is widely used by companies and the U.S. government.
Dark Reading
DECEMBER 14, 2020
An unprecedented 2020 has shaken up security leaders' usual list of must-have technologies. What's on the horizon? They share with us their spending plans for 2021.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Data Breach Today
DECEMBER 14, 2020
Mitigation Advice Includes Immediate Updates and Scans for Signs of Compromise Warning: The breach of FireEye disclosed last week traces to a sophisticated campaign involving Trojanized versions of SolarWinds Orion software used by hundreds of large businesses and government agencies. Experts are urging users to immediately upgrade the software and begin looking for signs of compromise.
Security Affairs
DECEMBER 14, 2020
Apple addressed this week serious code execution vulnerabilities that affect its iOS and iPadOS mobile operating systems. Apple released security updates to fix multiple severe code execution vulnerabilities in its iOS and iPadOS mobile operating systems. The IT giant released iOS 14.3 and iPadOS 14.3 version to address eleven security vulnerabilities, including code execution flaws.
Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage
Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.
Data Breach Today
DECEMBER 14, 2020
Researchers: Campaign Looks To Harvest Users' Office 365 Credentials An ongoing phishing campaign designed to harvest Office 365 credentials is using a Microsoft Outlook migration message, according to researchers at Abnormal Security. These fake messages have landed in about 80,000 inboxes so far.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Data Breach Today
DECEMBER 14, 2020
Ex-Federal CISO Gregory Touhill on the Need for Improving Cyber Deterrence Strategy He was the first U.S. federal CISO, and before that he was an Air Force general. So when Gregory Touhill reacts to the coordinated supply chain attack on SolarWinds, he does so in military terms. His message to the global cybersecurity community: "Shields up.
Security Affairs
DECEMBER 14, 2020
Hackers broke into the networks of federal agencies and FireEye by compromising SolarWinds’ Orion Network Management Products. The cyber espionage group has tampered with updates released by IT company SolarWinds, which provides its products to government agencies, military, and intelligence offices, two people familiar with the matter told the Reuters agency. .
Data Breach Today
DECEMBER 14, 2020
Federal Agencies Ordered to Immediately 'Disconnect or Power Down' SolarWinds Orion What should incident responders grappling with the complex online attack campaign that successfully distributed a Trojanized version of SolarWinds Orion network-monitoring software to customers focus on first? See these four essential alerts, which are already being updated.
Security Affairs
DECEMBER 14, 2020
18,000 SolarWinds customers may have been impacted by the attack against its supply chain, the company said in a SEC filing. SolarWinds revealed that 18,000 customers might have been impacted by the cyber attack against its supply chain. The alarming data emerged in a filing with the Securities and Exchange Commission (SEC) on Monday. “On December 13, 2020, SolarWinds delivered a communication to approximately 33,000 Orion product customers that were active maintenance customers during and
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
Data Breach Today
DECEMBER 14, 2020
Researchers: 'PGMiner' Malware Uses Brute-Force Methods to Guess Passwords Researchers with Palo Alto Networks' Unit 42 are tracking a relatively new cryptomining botnet called "PGMiner," which is targeting PostgreSQL database servers to illegally mine for monero. Currently, the malware only targets Linux-based database servers.
IT Governance
DECEMBER 14, 2020
In a Christmas in which we’ll be relying on technology more than ever – whether for online shopping or staying in contact with loved ones – we must all be aware of cyber security threats. According to the UK government , the 2019 festive period saw online shoppers in England and Wales lose, on average, £775. That’s why it has created the Cyber Aware campaign , which contains guidance on topics such as password security and software updates that will protect you from criminals’ most common attack
Data Breach Today
DECEMBER 14, 2020
Tom Kellermann of VMware Carbon Black on the Impact, Scale of Intrusion The supply chain attack targeting SolarWinds was planned for months and intensified since the November election, says Tom Kellermann, head of cybersecurity strategy for VMware Carbon Black. "Unprecedented" is how he describes the scale of the attack and level of sophistication.
Security Affairs
DECEMBER 14, 2020
Sophos and ReversingLabs released SoReL-20M, a database containing 20 million Windows Portable Executable files, including 10M malware samples. Sophos and ReversingLabs announced the release of SoReL-20M , a database containing 20 million Windows Portable Executable files, including 10 million malware samples. The SoReL-20M database includes a set of curated and labeled samples and security-relevant metadata that could be used as a training dataset for a machine learning engine used in anti-malw
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
Data Breach Today
DECEMBER 14, 2020
SolarWinds' Hack Prompts an Assessment of the Work That Still Needs to Be Done In light of the widespread apparent impact of the hack of SolarWinds' network management tools, it's time for a frank assessment of the lack of cybersecurity progress in recent years. Consider a "60 Minutes" report from 2015 - and where we're at today.
Threatpost
DECEMBER 14, 2020
Emails from legitimate, compromised accounts are being sent to numerous enterprise employees with the aim of stealing their O365 credentials.
Dark Reading
DECEMBER 14, 2020
Nation-state attackers used poisoned SolarWinds network management software updates to distribute malware; US government orders federal civilian agencies to immediately power down the technology.
Threatpost
DECEMBER 14, 2020
The newly discovered Python-based malware family targets the Outlook processes, and browser credentials, of Microsoft Windows victims.
Advertisement
“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.
Hunton Privacy
DECEMBER 14, 2020
On December 10, 2020, the French Data Protection Authority (the “CNIL”) announced that it has levied fines of €60 million on Google LLC and €40 million on Google Ireland Limited under the French cookie rules for their alleged failure to (1) obtain the consent of users of the French version of Google’s search engine (google.fr) before setting advertising cookies on their devices; (2) provide users with adequate information about the use of cookies; and (3) implement a fully effective opt-ou
Threatpost
DECEMBER 14, 2020
This is the third breach in the past few weeks for the world’s most popular streaming service.
WIRED Threat Level
DECEMBER 14, 2020
A supply chain attack against IT company SolarWinds has exposed as many as 18,000 companies to Cozy Bear's attacks.
OpenText Information Management
DECEMBER 14, 2020
Was 2020 the year that Life Sciences showed its mettle? It’s certainly been the year that, when faced with an incredible global pandemic, the industry rose to the challenge. That we’re even close to a vaccine for COVID-19 is some form of minor miracle. Part of the reason for this success is the digital transformation the industry has been embarked upon for … The post Top 4 trends for digital transformation in Life Sciences in 2021 appeared first on OpenText Blogs.
Advertisement
If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.
IG Guru
DECEMBER 14, 2020
by Angela S. Most companies ignore the importance of information governance in ensuring good cybersecurity. Advancing technology, such as cloud computing, increasing compliance mandates, and increasing amounts of data to be secured have made it essential to improve your cybersecurity strategies. Any company’s information governance should match the cybersecurity protocols implemented.
Schneier on Security
DECEMBER 14, 2020
This is a weird story of a building owner commissioning an artist to paint a mural on the side of his building — except that he wasn’t actually the building’s owner. The fake landlord met Hawkins in person the day after Thanksgiving, supplying the paint and half the promised fee. They met again a couple of days later for lunch, when the job was mostly done.
The Texas Record
DECEMBER 14, 2020
TSLAC’s annual joint conference with DIR took on a new life this year, going completely virtual via Zoom. We were even able to expand our audience! Last year we set attendance records for our in-person event with approximately 400 in attendance. This year we more than 520 attendees. They represented 78 state agencies and institutions of higher learning, as well as 190 different local government entities in and outside of Texas.
Jamf
DECEMBER 14, 2020
Hackers are inreasingly using ransomware to attack K-12 education institutions, particularly remote learning infrastructure. Here's what you need to know.
Advertisement
Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.
Schneier on Security
DECEMBER 14, 2020
This is a current list of where and when I am scheduled to speak: I’m speaking (online) at Western Washington University on January 20, 2021. Details to come. I’ll be speaking at an Informa event on February 28, 2021. Details to come. The list is maintained on this page.
WIRED Threat Level
DECEMBER 14, 2020
It remains unclear how effective the warnings will be, but the attempt alone is a promising development.
Threatpost
DECEMBER 14, 2020
The insider threat will go to jail for two years after compromising Cisco's cloud infrastructure.
Expert insights. Personalized for you.
336 
Let's personalize your content