Mon.Aug 29, 2022

article thumbnail

The 3 Questions CISOs Must Ask to Protect Their Sensitive Data

Dark Reading

CISOs must adopt a new mindset to take on the moving targets in modern cybersecurity.

article thumbnail

Okta Customer Data Exposed via Phishing Attack on Twilio

Data Breach Today

Twilio: Attackers Accessed Data for 163 Customers; Signal Also Affected Identity and access management giant Okta says some customer data was exposed by the "relentless phishing campaign" that breached Twilio, which it uses to provide some SMS services. Twilio says attackers accessed data for 163 customer organizations.

Phishing 246
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Black Hat Fireside Chat: Taking the fight to the adversaries — with continuous, proactive ‘pen tests’

The Last Watchdog

Penetration testing – pen tests – traditionally have been something companies might do once or twice a year. Related : Cyber espionage is on the rise. Bad news is always anticipated. That’s the whole point. The pen tester’s assignment is to seek out and exploit egregious, latent vulnerabilities – before the bad guys — thereby affording the organization a chance to shore up its network defenses.

article thumbnail

Printing Vendor's Breach Tally Soars to Nearly 2.7 Million

Data Breach Today

OneTouchPoint Is Among Growing List of Vendors Reporting Huge Health Data Breaches An apparent ransomware incident involving a printing and mailing vendor affects more than double the number of people originally reported as being affected, and the total now nearly reaches 2.7 million individuals. Why are so many vendors reporting huge breaches?

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

GUEST ESSAY: Stolen logons, brute force hacking get used the most to breach web, email servers

The Last Watchdog

Web application attacks directed at organizations’ web and mail servers continue to take the lead in cybersecurity incidents. Related: Damage caused by ‘business logic’ hacking. This is according to Verizon’s latest 2022 Data Breach Investigations Report ( DBIR ). In the report’s findings, stolen credentials and exploited vulnerabilities are the top reasons for web breaches.

Passwords 168

More Trending

article thumbnail

OSFI’s Technology and Cyber Risk Management Guideline: Part 1

Data Protection Report

On July 13, 2022, the Office of the Superintendent of Financial Institutions (OSFI) released its final Guideline B-13 (the Guideline), setting out technology and cyber risk management expectations for all federally regulated financial institutions (FRFIs), such as banks, insurance and trust companies. FRFIs will need ensure that they have taken steps to comply with the requirements of the Guideline prior to it coming into effect on January 1, 2024.

Risk 117
article thumbnail

During a War, Cyber Intel Firm Opens Ukraine Office

Data Breach Today

Alex Holden Planned a Ukraine Office. Russia Invaded. He Opened it Anyway. Alex Holden, CISO and founder of the cyber intelligence company Hold Security, was preparing to open an office in Ukraine when Russian invaded in February. He went ahead with his plan anyway. Here’s why he did it.

Security 241
article thumbnail

Enabling an intelligent energy transition

CGI

The energy transition, one of the pillars of the fight against climate change on a global scale, has gained in urgency for the European Union (EU) as a result of the consequences of the Russian invasion of Ukraine in terms of energy. In this journey, technologies such as IoT, data analytics and artificial intelligence are and will continue to be key allies.

article thumbnail

As States Ban Ransom Payments, What Could Possibly Go Wrong?

Data Breach Today

North Carolina Ban Impacts State/Local Governments, Public Schools and Universities As ransomware continues to pummel organizations left, right and center, two states have responded by banning certain types of ransom payments, and more look set to soon follow suit. But experts warn such bans could have "terrible consequences," leading to costlier and more complicated recovery.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Levels of Assurance for DoD Microelectronics

Schneier on Security

The NSA has has published criteria for evaluating levels of assurance required for DoD microelectronics. The introductory report in a DoD microelectronics series outlines the process for determining levels of hardware assurance for systems and custom microelectronic components, which include application-specific integrated circuits (ASICs), field programmable gate arrays (FPGAs) and other devices containing reprogrammable digital logic.

IT 97
article thumbnail

Receipt for €8M iOS Zero-Day Sale Pops Up on Dark Web

Dark Reading

Documents appear to show that Israeli spyware company Intellexa sold a full suite of services around a zero-day affecting both Android and iOS ecosystems.

Sales 101
article thumbnail

Nitrokod crypto miner infected systems across 11 countries since 2019

Security Affairs

Researchers spotted a Turkish-based crypto miner malware campaign, tracked as Nitrokod, which infected systems across 11 countries. Check Point researchers discovered a Turkish based crypto miner malware campaign, dubbed Nitrokod, which infected machines across 11 countries. The threat actors dropped the malware from popular software available on dozens of free software websites, including Softpedia and uptodown.

Mining 94
article thumbnail

NATO Investigates Dark Web Leak of Data Stolen from Missile Vendor

Dark Reading

Documents allegedly belonging to an EU defense dealer include those relating to weapons used by Ukraine in its fight against Russia.

IT 96
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

CISA adds 10 new flaws to its Known Exploited Vulnerabilities Catalog

Security Affairs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 10 new flaws to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 10 new vulnerabilities to its Known Exploited Vulnerabilities Catalog , including a high-severity security flaw ( CVE-2021-38406 CVSS score: 7.8) impacting Delta Electronics industrial automation software.

IT 93
article thumbnail

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Threatpost

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

Phishing 105
article thumbnail

Twilio breach let attackers access Authy two-factor accounts of 93 users

Security Affairs

Threat actors behind the Twilio hack also gained access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service. Early August, the communications company Twilio discloses a data breach , threat actors had access to the data of some of its customers. The attackers accessed company systems using employee credentials obtained through a sophisticated SMS phishing attack.

Access 92
article thumbnail

Cyber-Insurance Firms Limit Payouts, Risk Obsolescence

Dark Reading

Businesses need to re-evaluate their cyber-insurance policies as firms like Lloyd's of London continue to add restrictions, including excluding losses related to state-backed cyberattackers.

Insurance 110
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

US FTC sued US data broker Kochava for selling sensitive and geolocation data

Security Affairs

The U.S. FTC sued US data broker Kochava for selling sensitive and precise geolocation data collected from hundreds of millions of mobile devices. The U.S. Federal Trade Commission (FTC) filed a lawsuit against the US-based data broker Kochava for selling sensitive and precise geolocation data collected from hundreds of millions of mobile devices. “Defendant’s violations are in connection with acquiring consumers’ precise geolocation data and selling the data in a format that allows entiti

article thumbnail

3 Ways No-Code Developers Can Shoot Themselves in the Foot

Dark Reading

Low/no-code tools allow citizen developers to design creative solutions to address immediate problems, but without sufficient training and oversight, the technology can make it easy to make security mistakes.

article thumbnail

Scammers used a deepfake AI hologram of Binance executive to scam crypto projects

Security Affairs

Scammers used a deepfake AI hologram of the Binance chief communications officer for fraudulent activities. Patrick Hillmann, chief communications officer of Binance, confirmed that scammers used his Deepfake AI hologram to trick users into online meetings and target the projects of clients of the company. Hillmann explained in a blog post that the attack was orchestrated by a “sophisticated hacking team” that used video footage of interviews and TV appearances to create the deepfake video. R

article thumbnail

The Telegram-Powered News Outlet Waging Guerrilla War on Russia

WIRED Threat Level

Anti-Putin media network February Morning has become a central player in the underground fight against the Kremlin.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Legacy Disposition Program Series: Article Two—Tangible First Steps

ARMA International

This article is a continuation of the Legacy Disposition White Paper article series. Where article one focused on establishing the basics—defining various disposition strategies, highlighting the importance of implementing said strategies in a firm’s IG environment, and walking through the steps leading up to implementation; this article will provide tangible steps for starting a disposition initiative of your very own.

Paper 68
article thumbnail

A Peek Into CISA's Post-Quantum Cryptography Roadmap

Dark Reading

To help organizations with their plans, NIST and the Department of Homeland Security developed the Post-Quantum Cryptography Roadmap.

article thumbnail

FTC sues company for selling data that could be used to track consumers

The Guardian Data Protection

The lawsuit against data broker Kochava seeks to halt the sale of sensitive geolocation data and delete what was collected The US Federal Trade Commission (FTC) on Monday sued Idaho-based data broker Kochava for selling geolocation data from hundreds of millions of mobile devices that could be used to track consumers. The FTC said consumer data could be used to trace people’s movements to and from sensitive locations including “reproductive health clinics, places of worship, homeless and domesti

Sales 64
article thumbnail

Reltio Named One of America’s Fastest-Growing Private Companies by Inc. Magazine

Reltio

Three-Year Revenue Growth of 133%. Reltio’s continued growth and our recent eclipse of the $100 million annualized recurring revenue (ARR) milestone has landed us on Inc. Magazine’s list of America’s fastest-growing private companies for the sixth year in a row. These are rare feats, especially during these challenging times. The annual list represents the most prestigious ranking of the nation’s fastest-growing private companies.

MDM 52
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

iOS + VPN: Data leaks, misconfigurations and what comes next?

Jamf

VPN software and the data leaks one security researcher detected have kicked off media coverage relating to Apple’s security stance and VPN software is handled in iOS. Are VPNs in iOS broken or is this simply another nail in legacy VPN’s coffin in light of more secure technologies, like ZTNA that better address the challenges of the current threat landscape and modern computing needs?

article thumbnail

Author of Infonomics releases new book titled Data Juice

IG Guru

Check out the book on Amazon.

article thumbnail

DIR 8-30-2022

Info Source

DIR 8-30-2022. To open and read this issue as a PDF (or to download): Click here.

40