Mon.Mar 28, 2022

article thumbnail

GUEST ESSAY: Embracing ‘Zero Trust’ can help cloud-native organizations operate securely

The Last Watchdog

Some 96 percent of organizations — according to the recently released 2021 Cloud Native Survey — are either using or evaluating Kubernetes in their production environment, demonstrating that enthusiasm for cloud native technologies has, in the words of the report’s authors, “crossed the adoption chasm.”. Related: The targeting of supply-chain security holes.

Cloud 211
article thumbnail

Okta: 'We Made a Mistake' Over Data Breach Investigation

Data Breach Today

Lesson for Others to Learn: Your Subcontractor, Your Breach-Tracking Responsibility Life comes at you fast, especially when you're a breached business such as Okta, which may have exposed customer data or otherwise put the businesses paying for your product at risk. Here's how after detecting the breach, Okta fumbled its response, and what others should learn from this experience.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Welcoming the Bulgarian Government to Have I Been Pwned

Troy Hunt

Data breaches impact us all as individuals, companies and as governments. Over the last 4 years, I've been providing additional access to data breach information in Have I Been Pwned for government agencies responsible for protecting their citizens. The access is totally free and amounts to APIs designed to search and monitor government owned domains and TLDs.

article thumbnail

Cybersecurity Defense Prioritized in White House Budget

Data Breach Today

President Biden's 2023 Budget Requests up to $5.8 Trillion for Cyber Efforts and Protections The White House's Fiscal Year Budget for 2023 asks to increase spending from this year with an emphasis on cybersecurity practices to improve defenses in both the private and public sectors. Funds were also requested to help close the talent gap, implement zero trust and more.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

CPPA Holding Public Pre-Rulemaking Meetings on the CPRA on March 29 and March 30

Hunton Privacy

On March 29 and March 30, 2022, the California Privacy Protection Agency (“CPPA”) will hold public pre-rulemaking informational sessions regarding the California Privacy Rights Act (“CPRA”) via video conference. As we previously reported , the CPPA, which has rulemaking authority under the CPRA and will be responsible for implementing and enforcing the CPRA, recently estimated that it will not publish final CPRA regulations until the third or fourth quarter of 2022.

Sales 108

More Trending

article thumbnail

Coming soon to a screen near you: the spring Jamf Event

Jamf

The new spring Jamf event offers a behind-the-scenes look at what we’re working on now to deliver enterprise-secure, consumer-simple technology to your organization.

Security 105
article thumbnail

FCC Adds Kaspersky, Chinese Telecoms to High-Risk Companies

Data Breach Today

Also, HackerOne Suspends Kaspersky's Access to Bug Bounty Platform The U.S. FCC's Public Safety and Homeland Security Bureau voted unanimously to ban Kaspersky Lab, China Telecom (Americas) Corp., and China Mobile International USA Inc., saying they pose a national security threat. And bug bounty platform HackerOne also suspended Kaspersky.

Risk 242
article thumbnail

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

Data Matters

On March 17, 2022, the U.S. Department of Health and Human Service’s Office for Civil Rights (“OCR”) issued industry guidance for Health Insurance Portability and Accountability Act (“HIPAA”) regulated entities to take preventative steps to protect against some of the more common, and often successful, cyber-attack techniques. For example, the number of breaches of unsecured electronic Personal Health Information (“ePHI”) reported to the OCR affecting 500 or more individuals due to hacking or IT

article thumbnail

Ediscovery: How the Federal Rules Apply in the Digital Age

Hanzo Learning Center

A lot has changed since the Federal Rules of Civil Procedure (FRCP) were first enacted in 1938. Yet the goals of discovery—and the Rules governing its conduct—remain as simple now as they were then. In a nutshell, parties should be able to identify, review, produce, and use relevant data to establish their claims and defenses during litigation and enable their opponents to do the same so that the deciding court hears a full and fair presentation of the issues.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Anonymous is working on a huge data dump that will blow Russia away

Security Affairs

The Anonymous collective hacked the Russian construction company Rostproekt and announced that a leak that will Blow Russia Away. . Anonymous continues its offensive against Russia, the collective announced the hack of the Russian construction company Rostproekt and announced a leak that will blow Russia away. Link to the stolen data from the company have been published on the leak site DDoSecrets.

Mining 98
article thumbnail

Making Better Push-Based MFA

KnowBe4

I used to be a huge fan of Push-Based Multifactor Authentication (MFA) , but real-world use has shown that most of today’s most popular implementations are not sufficiently protective against real attacks. In short, using social engineering , hackers have been able to bypass most Push-Based MFA like it was not even there.

article thumbnail

While Twitter suspends Anonymous accounts, the group hacked VGTRK Russian Television and Radio

Security Affairs

While Twitter suspends some Anonymous accounts, the collective hacked All-Russia State Television and Radio Broadcasting Company (VGTRK). On Friday, Anonymous announced that the affiliate group Black Rabbit World has leaked 28 GB of data stolen from the Central Bank of Russia. MESSAGE FROM #ANONYMOUS RABBIT: "People shouldn't be afraid of their government, governments should be afraid of their people." The Central Bank of Russian Federation leak (28 GB) has been published by Anonymou

article thumbnail

Buy Now, Pay Later Scams

KnowBe4

Fraudsters are taking advantage of the buy-now, pay-later (BNPL) payment model, according to Jim Ducharme, COO of Outseer. On the CyberWire’s Hacking Humans podcast , Ducharme explained that scammers can either impersonate victims or take over their accounts in order to make fraudulent purchases.

81
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon 

Security Affairs

Ukraine CERT-UA warns that the Belarus-linked GhostWriter APT group is targeting state entities of Ukraine with Cobalt Strike Beacon. Ukraine CERT-UA uncovered a spear-phishing campaign conducted by Belarus-linked GhostWriter APT group targeting Ukrainian state entities with Cobalt Strike Beacon. The phishing messages use a RAR-archive named “Saboteurs.rar”, which contains RAR-archive “Saboteurs 21.03.rar.” This second archive contains SFX-archive “Saboteurs filercs

article thumbnail

New Lapsus$ Hack Documents Make Okta’s Response Look More Bizarre

WIRED Threat Level

Documents shed some light on how Okta and its subprocessor Sitel reacted to a breach, but they don’t explain the apparent lack of urgency.

IT 88
article thumbnail

Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability

Security Affairs

The Muhstik botnet has been observed targeting Redis servers exploiting the recently disclosed CVE-2022-0543 vulnerability. Muhstik is a botnet that is known to use web application exploits to compromise IoT devices, it has been around for at least 2018. Botnet operators monetize their efforts via XMRig combined with DDoS-for-hire services. The botnet leverages IRC servers for command-and-control (C2) communications, experts noticed that it has consistently used the same infrastructure since it

article thumbnail

Utah Becomes Fourth State to Adopt Privacy Legislation via Troutman Pepper

IG Guru

Check out the article here. The post Utah Becomes Fourth State to Adopt Privacy Legislation via Troutman Pepper appeared first on IG GURU.

Privacy 84
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Shopping trap: The online stores’ scam that hits users worldwide?

Security Affairs

Shopping trap: Criminal gangs from China have been using copies of online stores of popular brands to target users all over the world. Malicious schemas linked to online stores are on the rise in 2022. Criminal gangs from China have been using copies of online stores of popular brands to target users all over the world and thereby trick victims. The targets of this massive campaign are online stores geolocated in different countries, including Portugal, France, Spain, Italy, Chile, Mexico, Colum

CMS 86
article thumbnail

Vodafone Portugal: The Attack on Brand Reputations and Public Confidence Through Cybercrime

Dark Reading

Companies must prepare effective, data-driven threat-response strategies as they monitor for reputational risks as well as cyberattacks.

Risk 84
article thumbnail

Ukrtelecom, a major mobile service and internet provider in Ukraine, foiled a “massive” cyberattack that hit its infrastructure

Security Affairs

Ukrtelecom, a major mobile service and internet provider in Ukraine, foiled a “massive” cyberattack that hit its infrastructure. On March 29, 2022, a massive cyber attack caused a major internet disruption across Ukraine on national provider Ukrtelecom. According to global internet monitor service NetBlock, real-time network data showed connectivity collapsed to 13% of pre-war levels.

IT 85
article thumbnail

The Future of Digital Cash Is Not on the Blockchain

WIRED Threat Level

If you want the privacy of paper money, you need something that leaves no paper trail.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Hive ransomware ports its encryptor to Rust programming language

Security Affairs

The Hive ransomware gang ported its encryptor to the Rust programming language and implemented new features. The Hive ransomware operation has developed a Rust version of their encryptor and added new features to prevent curious from snooping on the victim’s ransom negotiations. According to BleepingComputer , which focused on Linux VMware ESXi encryptor, the Hive ransomware operators have updated their encryptor by introducing features that were implemented in the past by the BlackCat/ALP

article thumbnail

Four ways strong user adoption ensures successful digital transformation

OpenText Information Management

It is no secret that effective digital transformation requires more than just a successful implementation or migration. Realizing real business value from both new and existing technology requires that users adopt new ways of working. Without strong adoption it is difficult, if not impossible, to realize the full value of your technology investments.

article thumbnail

Low-Code/No-Code Tools Are Popular, But Untrusted

Dark Reading

While low-code and no-code tools make application development more flexible, they open up security flaws.

article thumbnail

Okta Says It Goofed in Handling the Lapsus$ Attack

Threatpost

"We made a mistake," Okta said, owning up to its responsibility for security incidents that hit its service providers and potentially its own customers.

IT 68
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Security's Life Cycle Isn't the Developers' Life Cycle

Dark Reading

Whether it's PCI-DSS, SSDLC, or GDPR, the criteria that security standards expect businesses to uphold are neither realistic or feasible.

article thumbnail

How Organizations Can Champion Women in the Workplace Throughout the Entire Year

Rocket Software

Women’s History Month may only be one month long, but Rocket is committed to championing gender equity throughout the entire year, infusing the lessons learned this March throughout all we do. We know that, while there have been many advancements to celebrate to date—particularly for women in the world of tech—there is still a lot of change that needs to happen to create workplaces where all members feel empowered to succeed.

article thumbnail

Triton Malware Still Targeting Energy Firms

Dark Reading

The FBI's latest Private Industry Notification warns the energy sector that the group behind Triton is still up to no good.

72