Tue.May 18, 2021

article thumbnail

Introducing MITRE ATT&CK Defender

Data Breach Today

Rick Gordon of MITRE Engenuity Details New Training, Certification A recent study showed that even though 82% of cybersecurity professionals are familiar with the MITRE ATT&CK framework, only 8% said they used it regularly. This led to development of the new MITRE ATT&CK Defender training and certification. Rick Gordon of MITRE Engenuity explains.

article thumbnail

What are the Benefits of Knowledge Management?

AIIM

Quick question: What’s your business’s most prized asset? Is it a tangible asset, like a high-rise building in an upmarket area? Is it owning groundbreaking high-tech tools? What about your inventory, cash, or cash equivalents? In today’s knowledge economy, it's knowledge assets that are vital to a company’s growth. When you think about it, knowledge assets are more important than tangible assets.

Marketing 232
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

RSA Cryptographers' Panel: SolarWinds, NFTs and More

Data Breach Today

Machine Leading and Quantum Computing Challenges Also Among the Topics Analyzed What do the world's leading encryption and security experts think about non-fungible tokens, supply chain attacks, coordinated vulnerability disclosure and the state of quantum computing? The cryptographers' panel at RSA Conference 2021 addressed all these issues.

article thumbnail

GUEST ESSAY: 3 sure steps to replace legacy network security systems — in a measured way

The Last Watchdog

Keeping up with the pace of technology, information, and the evolving threat landscape is a challenge for all enterprises. Related: DHS launches 60-day cybersecurity sprints. To make matters more difficult, implementing new security software and processes to address these issues is another big hurdle, often causing disruption—and not the good kind. But with mounting pressure to replace legacy, perimeter-centric defenses with cloud- and hybrid-cloud protection, many organizations are stuck betwee

Security 215
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Taking on SOAR: The Challenges and Opportunities

Data Breach Today

Experts Say the Technologies Won't Mean Fewer SOC Analyst Jobs Security orchestration, automation and response technologies, or SOAR, give organizations the ability to manage an increasing number of alerts. But security experts say there's no worry that SOAR will replace people. In fact, SOAR could help with staff retention.

Security 261

More Trending

article thumbnail

Neuberger: Ransomware Requires International Response

Data Breach Today

NSC Adviser Outlines Administration's Cybersecurity Priorities at RSA 2021 The threat posed by ransomware attacks, including the growth of cybercriminal cartels, double extortion schemes and big game hunting targeting larger organizations, requires an international response, Anne Neuberger, the deputy national security adviser for cyber and emerging technology, told attendees Tuesday at RSA Conference 2021.

article thumbnail

Adding a Russian Keyboard to Protect against Ransomware

Schneier on Security

A lot of Russian malware — the malware that targeted the Colonial Pipeline, for example — won’t install on computers with a Cyrillic keyboard installed. Brian Krebs wonders if this could be a useful defense: In Russia, for example, authorities there generally will not initiate a cybercrime investigation against one of their own unless a company or individual within the country’s borders files an official complaint as a victim.

article thumbnail

Driving Healthcare Innovation With a Security Mindset

Data Breach Today

ChristianaCare CISO Anahi Santiago on Securing Hospitals Without Borders Telehealth, a remote workforce, cloud migration - these were dreams, but not reality for many healthcare CISOs pre-pandemic. Today's a new world, and ChristianaCare CISO Anahi Santiago is happy to be helping to secure it. She discusses security's role in this new innovation.

Security 261
article thumbnail

Discovery of Simps Botnet Leads To Ties to Keksec Group

Security Affairs

Uptycs’ threat research team discovered a new botnet, tracked as Simps botnet, attributed to Keksec group, which is focused on DDOS activities. Uptycs’ threat research team has discovered a new Botnet named ‘Simps’ attributed to Keksec group primarily focussed on DDOS activities. We discovered the Simps Botnet binaries downloaded via shell script sample and Remote Code Execution vulnerability exploits by Gafgyt – detailed in our earlier post. .

IoT 126
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

FDA: Strong Smartphone Magnets Can Affect Cardiac Devices

Data Breach Today

But Do Powerful Consumer Device Magnets Also Pose Security Risks? The FDA is warning that strong magnets in some cellphones and smartwatches can interfere with the performance and safety of certain pacemakers and other implantable devices. But do they also pose security risks?

Risk 272
article thumbnail

Analysis of NoCry ransomware: A variant of the Judge ransomware

Security Affairs

Researchers at Tesorion released a decryptor for Judge ransomware that also decrypts files encrypted by the NoCry ransomware. In January this year, we published a blog post on our analysis of the Judge ransomware. We announced a free decryptor for Judge victims in this blog post, which is available through the NoMoreRansom initiative. Our decryptor has been helping victims to recover their files for free since its release.

article thumbnail

Tracking DarkSide Ransomware Gang's Profits

Data Breach Today

Elliptic Says It Traced Payments by Colonial Pipeline and Many Others The DarkSide ransomware gang apparently collected over $90 million in ransom payments from about 47 victims, including Colonial Pipeline Co., since the gang began operating in August 2020, according to the blockchain analytics firm Elliptic, which says it analyzed bitcoin wallet activity.

article thumbnail

Ecuador Approves Data Protection Law

Hunton Privacy

On May 10, 2021, the Ecuadorian National Assembly unanimously approved the Organic Law on Data Protection (the “Data Protection Law”), which President Moreno is expected to sign. The Data Protection Law is based on the EU General Data Protection Regulation (the “GDPR”) and requires data controllers to implement safeguards to protect personal data, appoint a data protection officer and provide notice to individuals before processing certain persona data.

GDPR 118
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Magecart Skimming Tactics Evolve

Data Breach Today

Malwarebytes Describes Updated Attack Techniques Magecart Group 12, known for skimming payment cards from e-commerce websites, is now using PHP web shells to gain remote administrative access to sites that run an older version of Adobe's Magento software, according to analysis by Malwarebytes.

Access 200
article thumbnail

An Interview With Barry Primes

The Texas Record

Barry Primes. Recently, I decided to talk to a person who has extensive knowledge in the records management field. Barry Primes has spent 30 years in records management in the federal, local, military, and private sector. Currently, he is transitioning to the Records Management Officer of the Harris County Appraisal District (or HCAD). His wealth of knowledge made him the first person I thought of for such an interview.

article thumbnail

ERP systems are still plagued by bad data

OpenText Information Management

The enterprise resource planning (ERP) software market is set for rapid growth. Worth approximately $39 billion in 2019, it is set to reach $78.4 billion by 2026. Organizations of all sizes are increasingly looking to ERP to help drive their business. And yet, data quality remains a major challenge, undermining the value of these investments. Automated … The post ERP systems are still plagued by bad data appeared first on OpenText Blogs.

article thumbnail

Why Anti-Phishing Training Isn't Enough

Dark Reading

Not only is relying on employees' awareness insufficient to prevent sophisticated social engineering attacks, some training methods can create other problems.

Phishing 104
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

European Council extends sanctions against foreign threat actors

Security Affairs

European Council extended for one year the sanctions against foreign threat actors that threaten the European Union and its member states. The European Council announced that it will extend for one year the framework for sanctions against threat actors that launched cyberattacks against the infrastructure of the European Union and its member states.

article thumbnail

Unsuccessful Conti Ransomware Attack Still Packs Costly Punch

Threatpost

Separate attacks last week on the country’s Department of Health and Health Service Executive forced the shutdown of networks and services that still haven’t been fully restored.

article thumbnail

DarkSide ransomware made $90 million since October 2020

Security Affairs

Researchers from blockchain analysis firm Elliptic estimated that Darkside ransomware gang has made over $90 million from its attacks. Experts from blockchain analysis firm Elliptic estimated that the Darkside ransomware gang has earned over $90 million from ransom payments from its victims since October 2020. The researchers examined the Bitcoin wallets used by ransomware gang to receive the ransom payments from victims over the past nine months. “In total, just over $90 million in Bitcoi

article thumbnail

Best 11 Quotes From Cryptographers' Panel

Dark Reading

Cryptographers at an RSA Conference panel aren't worried about adversarial quantum cryptography. Machine learning, though, causes pressing practical issues.

90
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Transferring EU Data To US After New Contractual Safeguards

Data Matters

This article was first published by Law 360 on May 17, 2021. In light of new standard contractual clauses, or SCCs, to be issued shortly by the European Commission, as well as imminent new guidance from the European Data Protection Board, companies transferring personal data to the U.S. should consider taking steps to help ensure their data transfers are recognized as U.S. person communications.

article thumbnail

How to Get Employees to Care About Security

Dark Reading

Want to a security awareness program that sticks? Make it fun and personal -- and offer free lunch.

article thumbnail

What Can Businesses Do to Adapt to the Evolving Technology, Breach Threats and Regulatory Challenges?

Thales Cloud Protection & Licensing

What Can Businesses Do to Adapt to the Evolving Technology, Breach Threats and Regulatory Challenges? madhav. Tue, 05/18/2021 - 12:57. The past 12 months have seen dramatic changes for organizations as they adapted to the pandemic to maintain business operations and continue their digital transformation. Increased remote working and accelerated cloud transformation have driven organizations to rethink how they do security, especially cloud security.

article thumbnail

How to Get Employees to Care About Security

Dark Reading

Want to a security awareness program that sticks? Make it fun and personal -- and offer free lunch.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Irish High Court Permits DPC Inquiry into Facebook Transfers to Proceed

Hunton Privacy

On May 14, 2021, the Irish High Court dismissed Facebook Ireland’s (“Facebook”) challenge to the Irish Data Protection Commissioner’s (“DPC”) investigation into Facebook’s international transfers of personal data. The DPC commenced its “own volition” inquiry following the July 2020 decision of the Court of Justice of the European Union (“CJEU”) in the Schrems II case (C-311/18 Data Protection Commissioner v.

GDPR 74
article thumbnail

Researchers Create Covert Channel Over Apple AirTag Network

Dark Reading

Small amounts of data could be sent from nearly anywhere using Apple's "Find My" network, hidden in the large volume of traffic as AirTags become widely used, two researchers say.

105
105
article thumbnail

OpenText World Asia Pacific 2021–Grow with OpenText

OpenText Information Management

Digitalization has only just begun. It is no longer about ensuring connectivity in the short-term for a distributed workforce. It is about a much more complex nexus of forces. Businesses must support modern work, connect to global commerce, help build sustainable communities, and engage their customers in new ways, all while keeping their information … The post OpenText World Asia Pacific 2021–Grow with OpenText appeared first on OpenText Blogs.

IT 74