WIRED Threat Level

APRIL 5, 2022

The blockchain isn’t as “anonymous” as you might think.

Blockchain 102

Blockchain Privacy Security 102

Data Breach Today

APRIL 5, 2022

Witnesses at Hearing Also Discuss Role of Government in Security Incident Response A water trade association, at a congressional hearing Tuesday, urged the federal government to institute minimum cybersecurity standards for water systems. This comes as water providers see a big increase in the risk they face by connecting their legacy machines to the internet.

Risk 246

Risk IT Government Cybersecurity 246

The Last Watchdog

APRIL 5, 2022

As the dust settles following the recently disclosed hack of NewsCorp , important lessons are emerging for the cybersecurity and journalism communities. Related: How China challenged Google in Operation Aurora. The Chinese government is well known for its censorship– and frequent harassment and intimidation of foreign journalists. These are the foremost reasons China is ranked fourth worst globally regarding press freedoms.

Passwords 219

Passwords Access Cloud Government 219

Data Breach Today

APRIL 5, 2022

Firmware Updated; Users Advised to Patch to Avoid DDoS Attacks A new ongoing malware campaign is currently being conducted in the wild, targeting unpatched TOTOLINK routers. By leveraging a newly released exploit code, threat actors can use this variant of the Mirai botnet, called Beastmode, to potentially infect vulnerable devices.

242

242

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

eSecurity Planet

APRIL 5, 2022

MITRE Engenuity has released the latest round of its ATT&CK endpoint security evaluations, and the results show some familiar names leading the pack with the most detections. The MITRE evaluations are unique in that they emulate advanced persistent threat (APT) and nation-state hacking techniques, making them different from tests that might look at static malware samples, for example.

Security 122

Security Cybersecurity Ransomware IT 122

Dark Reading

APRIL 5, 2022

Security features to come include a TPM-like security processor for protecting artifacts that a computer uses during the secure boot-up process, as well as a control for blocking unsigned and untrusted apps.

Security 121

Security 121

OpenText Information Management

APRIL 5, 2022

“Going paperless” is a commonly stated goal in a school district’s digital transformation plan, but it’s just the beginning of a journey toward the increased efficiency, effectiveness and modern work culture that technology can bring to bear. Freeing up physical space and reducing costs are certainly benefits, but the real gains school districts typically seek … The post It’s not just about going paperless appeared first on OpenText Blogs.

Digital transformation 116

Digital transformation Education Government 116

Schneier on Security

APRIL 5, 2022

Brian Krebs has a detailed post about hackers using fake police data requests to trick companies into handing over data. Virtually all major technology companies serving large numbers of users online have departments that routinely review and process such requests, which are typically granted as long as the proper documents are provided and the request appears to come from an email address connected to an actual police department domain name.

Paper 106

Paper Access Encryption Risk 106

Threatpost

APRIL 5, 2022

This fresh malware strain extends the functionality of typical trojans with advanced functionality and a series of modules for launching various types of threat activity.

Ransomware 108

Ransomware 108

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Security Affairs

APRIL 5, 2022

Anonymous continues to support Ukraine against the Russian criminal invasion targeting the Russian military and propaganda. Anonymous leaked personal details of the Russian military stationed in Bucha where the Russian military carried out a massacre of civilians that are accused of having raped and shot local women and children. Leaked data include names, ranks and passport details of Russians serving in the 64 Motor Rifle Brigade which occupied Bucha prior to March 31.

Military 107

Military Cybersecurity Security Government 107

KnowBe4

APRIL 5, 2022

[EYE OPENER] A Lack of Employee Cyber Hygiene is the Next Big Threat. Email not displaying? | View Knowbe4 Blog. CyberheistNews Vol 12 #14 | Apr. 5th., 2022. [EYE OPENER] A Lack of Employee Cyber Hygiene is the Next Big Threat. A new report suggests that everything from endpoints, to passwords, to training, to security policies, to a lack of awareness is all contributing to much higher risk of cyberattack.

Passwords 94

Passwords Risk Security IT 94

Security Affairs

APRIL 5, 2022

Ukraine CERT-UA spotted a spear-phishing campaign conducted by Russia-linked Armageddon APT targeting local state organizations. Ukraine CERT-UA published a security advisory to warn of spear-phishing attacks conducted by Russia-linked Armageddon APT (aka Gamaredon , Primitive Bear, Armageddon, Winterflounder, or Iron Tilden) targeting local state organizations.

Military 104

Military Phishing File names Archiving 104

KnowBe4

APRIL 5, 2022

Cybercriminals Groups and “as a Service” threat actor affiliates alike seem to be doing well, according to a new report on the state of ransomware from Palo Alto Networks’ Unit42.

Ransomware 91

Ransomware 91

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

WIRED Threat Level

APRIL 5, 2022

More than just a market for illegal drugs, the dark-web site allowed criminals to launder or cash out hundreds of millions in stolen cryptocurrencies.

Marketing 101

Marketing Security 101

Dark Reading

APRIL 5, 2022

Remain calm, maintain control, and triage responses appropriately to ensure that the organization can remain resilient against threats during this crisis and through others to come.

89

89

IG Guru

APRIL 5, 2022

Mile High Denver ARMA 2022 Spring Seminar is Almost here. The seminar has been pre-approved for 4 IGP CEUs and 5 CRM CEUs Register In addition to the spring seminar right around the corner, the MHD Chapter is raising money to help the families of the Marshall Fire that affected the Boulder community on December 30th, 2021. […]. The post Mile High Denver ARMA 2022 Spring Seminar on April 19 appeared first on IG GURU.

Records Management 83

Records Management Education Information governance Government 83

Dark Reading

APRIL 5, 2022

Mandiant has now tied the group to at least eight unattributed clusters of activity targeting organizations across various industries and regions.

95

95

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Security Affairs

APRIL 5, 2022

The U.S. CISA added the recently disclosed remote code execution (RCE) vulnerability Spring4Shell to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the recently disclosed CVE-2022-22965 (aka Spring4Shell , CVSS score: 9.8) flaw in the Spring Framework, along with three other issues, to its Known Exploited Vulnerabilities Catalog.

IT 82

IT Cybersecurity Cloud Security 82

KnowBe4

APRIL 5, 2022

The group behind the recent attacks on Okta, NVIDIA, and Microsoft may be moving on to less-prominent organizations, using their data destruction extortion model on new victims.

81

81

Dark Reading

APRIL 5, 2022

Nudge Security plans a general launch of its cloud-based service later this year.

Security 116

Security Cloud IT 116

KnowBe4

APRIL 5, 2022

It appears that the use of Microsoft CHM files is gaining popularity, and from the way this latest attack works, it’s a rather ingenious and flexible method that could become more prevalent.

IT 80

IT Phishing 80

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Threatpost

APRIL 5, 2022

The popular underground market traded in drugs, stolen data, forged documents and more -- raking in billions in Bitcoin.

Marketing 97

Marketing Security 97

KnowBe4

APRIL 5, 2022

Social engineering continues to be a core component of the Iranian government’s hacking operations, according to researchers at Recorded Future.

Phishing 87

Phishing 87

Dark Reading

APRIL 5, 2022

The group is targeting the biggest weak spot in most security postures: finding anomalous behavior by authorized entities.

Security 92

Security 92

Jamf

APRIL 5, 2022

A new vulnerability has been discovered within the Java Spring Framework which may allow for remote execution on a server.

81

81

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Dark Reading

APRIL 5, 2022

But "old habits are hard to break," with 48% of developers still shipping code with vulnerabilities.

Security 128

Security 128

Jamf

APRIL 5, 2022

April is designated as Distracted Driving Awareness Month in the United States, so it’s a good time to think about what counts as distracted driving and how to meaningfully avoid it. Featuring an integration with Jamf MDM solutions, LifeSaver Mobile is a digital solution that can help keep employees safe on the road.

MDM 52

MDM IT 52

Dark Reading

APRIL 5, 2022

Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

81

81