Tue.May 24, 2022

article thumbnail

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

The Last Watchdog

Google, Microsoft and Apple are bitter arch-rivals who don’t often see eye-to-eye. Related: Microsoft advocates regulation of facial recognition tools. Yet, the tech titans recently agreed to adopt a common set of standards supporting passwordless access to websites and apps. This is one giant leap towards getting rid of passwords entirely. Perhaps not coincidently, it comes at a time when enterprises have begun adopting passwordless authentication systems in mission-critical parts of their inte

article thumbnail

Zuckerberg Sued Over Cambridge Analytica Scandal

Data Breach Today

Lawsuit by DC AG Alleges Facebook CEO Didn't Protect Users Sufficiently Mark Zuckerberg, CEO of Facebook parent Meta, is being sued for failing to protect users of the social media platform during the Cambridge Analytica privacy scandal. The lawsuit on behalf of the District of Columbia was initiated by Washington, D.C. Attorney General Karl A. Racine.

Privacy 246
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

NOYB open letter on the new EU – US data deal

DLA Piper Privacy Matters

Max Schrems, through his organisation, ‘My Privacy is None of your Business’ (“ noyb.eu ”) has issued an open letter to U.S. and EU officials about the announcement of an ‘agreement in principle’ for a new Trans-Atlantic Data Privacy Framework (“ letter ”). The letter coincides with a visit to Washington, D.C. by a delegation of several members of the European Parliament’s Civil Liberties Committee, to discuss EU-U.S. cooperation in the protection of personal data.

Privacy 145
article thumbnail

3 Health Data Hacks Affect 1.4 Million Individuals

Data Breach Today

Incidents Reported by Pediatric Hospital, Managed Care Plan, Government Contractor Hacking incidents recently reported as major breaches by three different types of health sector entities - a children's hospital, a managed care plan and a government contractor - have in total compromised the sensitive information of more than 1.4 million individuals.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Why Cyber Insurance is Essential in 2022

IT Governance

Organisations must always look for cost-effective ways to address the cyber security risks they face. With more than 1,200 publicly disclosed data breaches last year , and organisations spending almost £3 million on average responding to security incidents , effective risk management is a top priority. One of the most common ways to mitigate the risk of a cyber security incident is cyber insurance.

Insurance 137

More Trending

article thumbnail

Top 6 Reasons Organizations Choose Daymark Government Services

Daymark

Given the current cyber threat landscape, protecting data has never been more critical. We’ve been helping organizations architect and deploy secure data center and cloud environments for over 20 years. As a Microsoft Gold Partner, Tier 1 Microsoft Direct Cloud Service Provider and AOS-G, GCC and GCC High reseller, we have the proven expertise and technical certifications to design, implement and provide on-going support for highly customized secure enclaves or “greenfield” environments in Micro

article thumbnail

Semperis Raises $200M to Extend AI, ML to Identity Security

Data Breach Today

The AD Security Vendor Wants to Defend More Cloud Apps and Cloud Identity Providers Semperis has closed a Series C funding round to expand geographically and enhance identity protection and threat mitigation with AI and ML capabilities. The AD security provider plans to use the $200 million to expand into safeguarding additional cloud applications and cloud identity providers.

Security 241
article thumbnail

Nation-state malware could become a commodity on dark web soon, Interpol warns

Security Affairs

Interpol Secretary warns that nation-state malware will become available on the cybercrime underground in a couple of years. Interpol Secretary General Jurgen Stock declared that nation-state malwre will become available on the darknet in a couple of years. In the ongoing conflict between Russia and Ukraine, the malware developed by both nation-state actors and non state actors represents a serious risk for critical infrastructure and organizations worldwide.

Military 106
article thumbnail

Strong Password Policy Isn't Enough, Study Shows

Dark Reading

New analysis reveals basic regulatory password requirements fall far short of providing protection from compromise.

Passwords 124
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

The Justice Department Will No Longer Charge Security Researchers with Criminal Hacking

Schneier on Security

Following a recent Supreme Court ruling , the Justice Department will no longer prosecute “good faith” security researchers with cybercrimes: The policy for the first time directs that good-faith security research should not be charged. Good faith security research means accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability, where such activity is carried out in a manner designed to avoid any harm to indiv

article thumbnail

Trend Micro addressed a flaw exploited by China-linked Moshen Dragon APT

Security Affairs

Trend Micro addressed a DLL hijacking issue in Trend Micro Security actively exploited by a China-linked threat group to deploy malware. Trend Micro addressed a DLL hijacking flaw in Trend Micro Security that a China-linked threat actor actively exploited to deploy malware. In early May, SentinelOne researchers observed a China-linked APT group, tracked as Moshen Dragon, targeting the telecommunication sector in Central Asia with ShadowPad and PlugX malware.

article thumbnail

New IRS Phishing Scam Uses Fake Notices to Steal Microsoft 365 Credentials

KnowBe4

Scammers use an “overdue tax bill” along with a sophisticated and obfuscated javascript-based “invoice” attachment to identify targeted victims, validate credentials, and transmit them within seconds.

article thumbnail

Microsoft Elevation-of-Privilege Vulnerabilities Spiked Again in 2021

Dark Reading

But there was a substantial drop in the overall number of critical vulnerabilities that the company disclosed last year, new analysis shows.

100
100
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

New Phishing Attack Uses Malicious Chatbot For Real Time Social Engineering

KnowBe4

Researchers at Trustwave have observed a phishing campaign that uses a chatbot to add legitimacy to the scam. The chatbot is on a harmless website, and is designed to convince the user to visit the phishing site by striking up a conversation and walking the victim through the process.

article thumbnail

Crypto Hacks Aren’t a Niche Concern; They Impact Wider Society

Dark Reading

Million-dollar crypto heists are becoming more common as the currency starts to go mainstream; prevention and enforcement haven't kept pace.

98
article thumbnail

Open Source Intelligence May Be Changing Old-School War

WIRED Threat Level

Intelligence collected from public information online could be impacting traditional warfare and altering the calculus between large and small powers.

article thumbnail

'There's No Ceiling': Ransomware's Alarming Growth Signals a New Era, Verizon DBIR Finds

Dark Reading

Ransomware has become so efficient, and the underground economy so professional, that traditional monetization of stolen data may be on its way out.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

New Scam Uses Fraud Support Social Engineering to Take Victims for Thousands of Dollars

KnowBe4

A new scam borrows a page from the tech support scams that target older victims telling them potential fraud has been found, offering to “help” solve the issue and ultimately asking for banking details.

84
article thumbnail

The Surveillance State Is Primed for Criminalized Abortion

WIRED Threat Level

A new report lays out existing US police surveillance capabilities that can easily be repurposed to monitor pregnant people.

Privacy 89
article thumbnail

FBI Director Warns of “Unprecedented” Cyberespionage Attacks Originating in China

KnowBe4

FBI Director Christopher Wray highlighted China’s role in cyberespionage in a recent 60-Minutes news segment , saying the level of attacks the U.S. is seeing is “unprecedented in history.”.

article thumbnail

New Connecticut Privacy Law Makes Path to Compliance More Complex

Dark Reading

As states address privacy with ad-hoc laws, corporate compliance teams try to balance yet another set of similar but diverging requirements.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Microsoft warns of new highly evasive web skimming campaigns

Security Affairs

Threat actors behind web skimming campaigns are using malicious JavaScript to mimic Google Analytics and Meta Pixel scripts to avoid detection. Microsoft security researchers recently observed web skimming campaigns that used multiple obfuscation techniques to avoid detection. The threat actors obfuscated the skimming script by encoding it in PHP, which, in turn, was embedded in an image file, using this trick the code is executed when a website’s index page is loaded.

article thumbnail

DeFi Is Getting Pummeled by Cybercriminals

Dark Reading

Decentralized finance lost $1.8 billion to cyberattacks last year — and 80% of those events were the result of vulnerable code, analysts say.

81
article thumbnail

Jodi Daniels of Red Clover Advisors: 5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity via Authority Magazine

IG Guru

Check out the article here. The post Jodi Daniels of Red Clover Advisors: 5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity via Authority Magazine appeared first on IG GURU.

article thumbnail

DBIR Makes a Case for Passwordless

Dark Reading

Verizon's "2022 Data Breach Investigations Report" repeatedly makes the point that criminals are stealing credentials to carry out their attacks.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Phishing Scammers Benefit from Shady SEO Practices to Rank Better Than Legitimate Domains

KnowBe4

So-called “Black Hat SEO” services have popped up on Dark Web forums bringing advantageous search results to anyone willing to pay a small monthly fee.

article thumbnail

New Attack Shows Weaponized PDF Files Remain a Threat

Dark Reading

Notable new infection chain uses PDF to embed malicious files, load remote exploits, shellcode encryption, and more, new research shows.

article thumbnail

Discover how you can master modern work

OpenText Information Management

The nature of work has changed. Employees demand flexible work environments where they’re equipped with the tools and information they need to complete their daily tasks and collaborate freely with colleagues and partners. Companies that treat information as their most valuable asset and make sure their employees have access to the right information, where and … The post Discover how you can master modern work appeared first on OpenText Blogs.

Access 62