Fri.Nov 11, 2022

article thumbnail

Texas Hospital Says Ransomware Breach Affected 500,000

Data Breach Today

Also: CommonSpirit Health Says Some IT Systems Still Affected 6 Weeks After Attack A recent ransomware attack at a Texas hospital that knocked out phone and email systems for weeks is now even worse following OakBend Medical Center's admission that the hackers downloaded data from the medical records of up to 500,000 individuals.

article thumbnail

Uyghurs Targeted With Spyware, Courtesy of PRC

Dark Reading

Chinese government employs spyware to detect so-called "pre-crimes" including using a VPN, religious apps, or WhatsApp, new analysis reveals.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Australia Blames Russian Hackers for Medibank Hack

Data Breach Today

Australian PM Says Russia Should 'Be Held Accountable' for Data Leaks The Australian government says hackers from Russia are behind the attack on Medibank, the country's largest private health insurer. Prime Minister Anthony Albanese said not just hackers but "the nation where these attacks are coming from should also be held accountable.

Insurance 233
article thumbnail

Jamf + Ditto: Building a more collaborative classroom

Jamf

Enhance your Jamf-managed classroom devices' screen mirroring and digital signage by using Ditto, created by Squirrels, the creators of Reflector and AirParrot.

105
105
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

ISMG Editors: $3B Crypto Seizure Shows Blockchain's Security

Data Breach Today

Also: New EU Report on Spyware; UK Cybersecurity Technical Director Bids Farewell In the latest weekly update, ISMG editors discuss implications of the seizure of $3.36 billion in stolen bitcoin, whether the EU is complicit in the spread of advanced spyware, and the departure of the U.K.'s Dr. Ian Levy, technical director of NCSC, with some important parting words.

More Trending

article thumbnail

Ukrainian Cyber Police Bust Fake Investing Ring

Data Breach Today

Transnational Crime Organization Ran Pseudo Crypto Investment Scheme Across Europe The Cyber Police of Ukraine arrested five cybercrime gang members for their participation in a transnational scheme to fleece buyers into a supposed cryptocurrency and securities investment platform. The gang has established call centers around Europe, including three in Kyiv and Ivano-Frankivsk.

Security 130
article thumbnail

An initial access broker claims to have hacked Deutsche Bank

Security Affairs

An initial access broker claims to have hacked Deutsche Bank and is offering access to its systems for sale on Telegram. A threat actor ( 0x_dump ) claims to have hacked the multinational investment bank Deutsche Bank and is offering access to its network for sale online. The security researcher Dominic Alvieri was one of the first experts to report the announcement published by the initial access broker on Telegram.

Access 94
article thumbnail

Should Banks Be Held Liable for Authorized Fraud?

Data Breach Today

Aite-Novarica Group's Trace Fooshee on Policy, Strategy and Fraud-Fighting Tools The United Kingdom and many other countries are considering ways to make banks liable for authorized payment fraud and lift the burden from millions of victims of online scams. Trace Fooshee, strategic adviser at Aite-Novarica Group, shares his views on why this might not be such a great idea.

130
130
article thumbnail

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Security Affairs

Lookout researchers discovered two long-running surveillance campaigns targeting the ethnic minority Uyghurs. Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. The threat actors behind the campaigns used two Android spyware to spy on the victims and steal sensitive information.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Cookies for MFA Bypass Gain Traction Among Cyberattackers

Dark Reading

Multifactor authentication has gained adoption among organizations as a way of improving security over passwords alone, but increasing theft of browser cookies undermines that security.

article thumbnail

‘Dark Ships’ Emerge From the Shadows of the Nord Stream Mystery

WIRED Threat Level

Satellite monitors discovered two vessels with their trackers turned off in the area of the pipeline prior to the suspected sabotage in September.

article thumbnail

Researcher received a $70k award for a Google Pixel lock screen bypass

Security Affairs

Google fixed a high-severity security bug affecting all Pixel smartphones that can allow attackers to unlock the devices. Google has addressed a high-severity security bug, tracked as CVE-2022-20465, affecting all Pixel smartphones that could be exploited to unlock the devices. The Google Pixel Lock Screen Bypass was reported by security researcher David Schütz that was awarded $70,000 for this flaw. “The issue allowed an attacker with physical access to bypass the lock screen protections

article thumbnail

GitHub Adds New Security Features for Open Source Community

eSecurity Planet

GitHub has announced new features that could improve both developers’ experience and supply chain security. The “private vulnerability” reports announced at GitHub Universe 2022 will allow open-source maintainers to receive private issues from the community. Maintainers will be able to receive reports and collaborate with security professionals and all other issuers to patch vulnerabilities.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Man charged for role in LockBit ransomware operation

Security Affairs

The U.S. DoJ charged a Russian-Canadian national for his alleged role in LockBit ransomware attacks against organizations worldwide. The U.S. Department of Justice (DoJ) charged Mikhail Vasiliev, a dual Russian and Canadian national, for his alleged participation in the LockBit ransomware operation. According to the press release published by DoJ, the man is currently in custody in Canada and is awaiting extradition to the United States.

article thumbnail

NSA Over-surveillance

Schneier on Security

Here in 2022, we have a newly declassified 2016 Inspector General report—”Misuse of Sigint Systems”—about a 2013 NSA program that resulted in the unauthorized (that is, illegal) targeting of Americans. Given all we learned from Edward Snowden, this feels like a minor coda. There’s nothing really interesting in the IG document, which is heavily redacted.

Privacy 81
article thumbnail

Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine

Security Affairs

Microsoft linked Prestige ransomware attacks against organizations in Ukraine and Poland to Russia-linked threat actors. In Mid-October, Microsoft Threat Intelligence Center (MSTIC) researchers uncovered previously undetected ransomware, tracked as Prestige ransomware , employed in attacks targeting organizations in the transportation and related logistics industries in Ukraine and Poland.

article thumbnail

Knock, Knock: Aiphone Bug Allows Cyberattackers to Literally Open (Physical) Doors

Dark Reading

The bug affects several Aiphone GT models using NFC technology and allows malicious actors to potentially gain access to sensitive facilities.

Access 89
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

New Book: A Hacker’s Mind

Schneier on Security

I have a new book coming out in February. It’s about hacking. A Hacker’s Mind: How the Powerful Bend Society’s Rules, and How to Bend them Back isn’t about hacking computer systems; it’s about hacking more general economic, political, and social systems. It generalizes the term hack as a means of subverting a system’s rules in unintended ways.

article thumbnail

Why Cybersecurity Should Highlight Veteran-Hiring Programs

Dark Reading

Military veterans tend to have the kind of skills that would make them effective cybersecurity professionals, but making the transition is not that easy.

article thumbnail

The right Content Services platform on your Cloud journey

OpenText Information Management

Today, the power of digital transformation has been realized by every enterprise organization across the globe. The transformation to become flexible and adaptable starts with the journey from on-premises to the Cloud. Cloud service providers like OpenText™, Google, Microsoft, and Amazon provide tools to facilitate the migration of data to the cloud.

article thumbnail

Why CVE Management as a Primary Strategy Doesn't Work

Dark Reading

With only about 15% of vulnerabilities actually exploitable, patching every vulnerability is not an effective use of time.

82
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

CFPB Re-Opens Public Comment on Prior Orders Seeking Information on Big Tech Payment Platforms

Hunton Privacy

On October 31, 2022, the Consumer Financial Protection Bureau (“CFPB”) announced that it will re-open the public comment period on their October 2021 Orders for six large technology companies operating payments platforms to provide information about their business practices. The October 2021 Orders requested that Amazon, Apple, Facebook, Google, PayPal and Square provide information about their data collection and use, their policies for removing individuals and businesses from their platforms,

article thumbnail

Cybersecurity 'Nutrition' Labels Still a Work in Progress

Dark Reading

Pretty much every aspect of the effort to create easy-to-understand labels for Internet-of-Things (IoT) products is up in the air, according to participants in the process.

IoT 84
article thumbnail

EU Digital Markets Act Enters into Force

Hunton Privacy

On November 1, 2022, the Digital Markets Act (the “DMA”) entered into force. The DMA introduces new rules for certain core platforms services acting as “gatekeepers” in the digital sector (including search engines, social networks, online advertising services, cloud computing, video-sharing services, messaging services, operating systems and online intermediation services).

article thumbnail

Report: Digital Supply Chain Breaches Impact 98% of Organizations

The Security Ledger

Results from a survey of 2,000 enterprises found an increasing supply chain risk, with 98% of respondents reported having been "negatively impacted" by a breach in their supply chain. The post Report: Digital Supply Chain Breaches Impact 98% of Organizations appeared first on The Security Ledger with Paul F. Roberts. Related Stories Episode 237: Jacked on the Beanstalk – DeFi’s Security Debt Runs Wide, Deep Episode 243: The CSTO is a thing- a conversation with Chris Hoff of LastPass Hybrid

Risk 52
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

A Case Study: Using Db2 for z/OS Monitor Reports to Zero In on a Performance Problem

Robert's Db2

I had an interesting exchange recently with a Db2 for z/OS systems programmer. This individual had been asked to assist in determining the cause of a performance problem impacting a Db2-accessing application. The sysprog shared with me a Db2 monitor-generated accounting report showing activity for the application process, and a Db2 monitor statistics report covering the same time period for the same Db2 subsystem.

Access 62
article thumbnail

Attorney Mindfulness When Addressing Emails and Texts: ABA Formal Opinion Provides Ethical Guidance to Lawyers on Electronic Communications

eDiscovery Law

In their roles as advisors, advocates, counselors, negotiators, and client representatives, lawyers communicate extensively though electronic means, particularly email and increasingly text messages. However, the fact that use of these electronic communication tools is commonplace in legal practice doesn’t mean that attorneys shouldn’t exercise caution when crafting their communications.

article thumbnail

U.S. Department of Commerce Appoints Members for New Internet of Things Advisory Board via NIST

IG Guru

Check out the post here.