Wed.Feb 24, 2021

article thumbnail

Senators Grill Cybersecurity Execs on SolarWinds Attack

Data Breach Today

FireEye, Microsoft, CrowdStrike Offer New Details and Recommendations The CEOs of SolarWinds, Microsoft, FireEye and CrowdStrike rolled out a series of cybersecurity recommendations to a U.S. Senate panel Tuesday while detailing how foreign actors gained access into their firms' systems as a result of the SolarWinds supply chain attack.

article thumbnail

Hackers Tied to Russia's GRU Targeted the US Grid for Years

WIRED Threat Level

A Sandworm-adjacent group has successfully breached US critical infrastructure a handful of times, according to new findings from the security firm Dragos.

Security 134
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Senate SolarWinds Hearing: 4 Key Issues Raised

Data Breach Today

Issues Include Attackers' Use of Amazon's Infrastructure The Senate Intelligence Committee's hearing about the supply chain attack that affected SolarWinds and dozens of other companies and federal agencies answered some questions about what went wrong but also raised four key issues.

284
284
article thumbnail

Airplane manufacturer Bombardier has disclosed a security breach, data leaked online

Security Affairs

Hackers posted data stolen from manufacturer of business jets Bombardier on Clop ransomware leak site following alleged FTA hack. Hackers exploited vulnerabilities in Accellion FTA file-sharing legacy servers to steal data from the airplane maker Bombardier and leak data on the site operated by the Clop ransomware gang. The wave of attacks exploiting multiple zero-day vulnerabilities in the Accellion File Transfer Appliance (FTA) software began in mid-December 2020, threat actors use to deploy a

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Federal Reserve's Money Transfer Services Suffer Outage

Data Breach Today

Operational Error Blamed for Nationwide System Crash The Federal Reserve's online money transfer system, including Fedwire Funds and Fedcash, suffered an outage for more than three hours Wednesday afternoon, citing technical issues for the event and not a cyber incident. Systems were restored by late afternoon.

279
279

More Trending

article thumbnail

Phishing Campaign Mimics FedEx, DHL Express

Data Breach Today

Fake Messages About Package Delivery Designed to Steal Credentials A phishing campaign tried to steal credentials by sending emails that purported to come from DHL Express and FedEx, reports security firm Armorblox.

Phishing 213
article thumbnail

Twelve-Year-Old Vulnerability Found in Windows Defender

Schneier on Security

Researchers found, and Microsoft has patched, a vulnerability in Windows Defender that has been around for twelve years. There is no evidence that anyone has used the vulnerability during that time. The flaw, discovered by researchers at the security firm SentinelOne, showed up in a driver that Windows Defender — renamed Microsoft Defender last year — uses to delete the invasive files and infrastructure that malware can create.

IT 102
article thumbnail

Updated Minebridge RAT Targets Security Researchers

Data Breach Today

Zscaler: Malware Buries Itself Into TeamViewer The operators behind the Minebridge remote-access Trojan have updated the malware, which is targeting security researchers by using a malicious payload disguised in an attached document, according to the security firm Zscaler.

Security 184
article thumbnail

Microsoft Lures Populate Half of Credential-Swiping Phishing Emails

Threatpost

As more organizations migrate to Office 365, cybercriminals are using Outlook, Teams and other Microsoft-themed phishing lures to swipe user credentials.

Phishing 109
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Cybersecurity Agencies Warn of Accellion Vulnerability Exploits

Data Breach Today

Latest Victims Include Australia's Transport for New South Wales and Canada's Bombardier The cybersecurity agencies of five countries have issued a joint advisory warning that hackers are exploiting vulnerabilities in the Accellion File Transfer Appliance to steal data and execute ransomware. Australia's Transport for New South Wales and Canada's Bombardier are the latest victims to be revealed.

article thumbnail

Sidley Ranked in Chambers Global 2021

Data Matters

We are proud to announce that Sidley received 83 practice area rankings and 119 lawyer rankings in the 2021 edition of Chambers Global. Of these, 16 practice area rankings and 14 lawyer rankings were in Band 1. Sidley’s Privacy and Cybersecurity practice received two honors. Partner Alan Raul is ranked Band 1 for Privacy & Data Security (USA). The practice is also newly ranked in the Data Protection category.

Privacy 88
article thumbnail

Ransomware Attack Cripples Finnish IT Provider TietoEVRY

Data Breach Today

Incident Disrupted Service to 25 Customers Finnish IT giant TietoEVRY announced Tuesday that ransomware crippled its infrastructure, forcing it to take down affected systems to contain the spread of the malware.

article thumbnail

APT32 state hackers target human rights defenders with spyware

Security Affairs

Vietnam-linked APT32 group targeted Vietnamese human rights defenders (HRDs) between February 2018 and November 2020. Vietnam-linked APT32 (aka Ocean Lotus) group has conducted a cyberespionage campaign targeting Vietnamese human rights defenders (HRDs) and a nonprofit (NPO) human rights organization from Vietnam between February 2018 and November 2020.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Using ID Screening to Fight COVID-19 Economic Relief Fraud

Data Breach Today

Dr. Gary Shiffman of Giant Oak on the Role of Artificial Intelligence High-speed identity screening can play a critical role in cracking down on fraud tied to COVID-19 economic relief efforts without impeding legitimate access to funds, says Dr. Gary Shiffman, CEO of Giant Oak, which offers artificial intelligence technology.

article thumbnail

Mozilla Patches Bugs in Firefox, Now Blocks Cross-Site Cookie Tracking

Threatpost

Mozilla said its Total Cookie Protection feature in Firefox 86 prevents invasive, cross-site cookie tracking.

IT 113
article thumbnail

Ukraine: nation-state hackers hit government document management system

Security Affairs

Ukraine ‘s government attributes a cyberattack on the government document management system to a Russia-linked APT group. The Ukraine ‘s government blames a Russia-linked APT group for an attack on a government document management system, the System of Electronic Interaction of Executive Bodies (SEI EB). According to Ukrainian officials, the hackers aimed at disseminating malicious documents to government agencies.

article thumbnail

Tax Season Ushers in Quickbooks Data-Theft Spike

Threatpost

Quickbooks malware targets tax data for attackers to sell and use in phishing scams.

Phishing 122
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

SolarWinds Attackers Lurked for 'Several Months' in FireEye's Network

Dark Reading

Top execs from FireEye, SolarWinds, Microsoft, and CrowdStrike testified before the US Senate Intelligence Committee today on the aftermath - and ongoing investigations - into the epic attacks.

104
104
article thumbnail

VMWare Patches Critical RCE Flaw in vCenter Server

Threatpost

The vulnerability, one of three patched by the company this week, could allow threat actors to breach the external perimeter of a data center or leverage backdoors already installed to take over a system.

80
article thumbnail

Botnet Uses Blockchain to Obfuscate Backup Command & Control Information

Dark Reading

The tactic makes it much harder for defenders to take down botnets via sinkholing and other standard techniques, Akamai says.

article thumbnail

Are you prepared for the French eInvoicing mandate starting in 2023?

OpenText Information Management

The French government has recently announced new eInvoicing requirements to help tackle evasion of the value added tax (VAT). Starting in 2023, new eInvoicing and eReporting obligations will apply to business-to-government (B2G) and business-to-business (B2B) transactions, including cross-border B2B and domestic business-to-consumer (B2C) transactions.

B2B 67
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

The Realities of Extended Detection and Response (XDR) Technology

Dark Reading

While the term XDR has become pervasive, the technology and market remain a work in progress with lots of innovation and market confusion.

article thumbnail

Get to know OpenText Migrate at Microsoft Ignite

OpenText Information Management

Join OpenText™ at Microsoft Ignite March 2-4, 2021. As a sponsor this year, we can’t wait to meet you (virtually) and demonstrate how OpenText™ Migrate is the perfect match for migrating to Microsoft Azure. One tool, one process, seamless migrations with OpenText Migrate From data center migrations to application modernization, OpenText Migrate makes it easier … The post Get to know OpenText Migrate at Microsoft Ignite appeared first on OpenText Blogs.

article thumbnail

New APT Group Targets Airline Industry & Immigration

Dark Reading

LazyScript bears similarities to some Middle Eastern groups but appears to be a distinct operation of its own, Malwarebytes says.

IT 81
article thumbnail

Nvidia’s Anti-Cryptomining GPU Chip May Not Discourage Attacks

Threatpost

The hotly anticipated GeForce RTX 3060, a ray-tracing-friendly, advanced gaming graphics chip, will also throttle Ethereum mining.

Mining 72
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Universities Face Double Threat of Ransomware, Data Breaches

Dark Reading

Lack of strong security policies put many schools at risk of compromise, disrupted services, and collateral damage.

article thumbnail

CIPL Hosts Webinar on China’s Data Protection Landscape

Hunton Privacy

On February 23, 2021, the Centre for Information Policy Leadership at Hunton Andrews Kurth hosted a webinar on China’s Data Privacy Landscape and Upcoming Legislation. During the presentation, representatives from CIPL and Hunton provided an overview of the increasingly complex data privacy and security landscape in China and examined key similarities and differences between China’s proposed Personal Information Protection Law (the “PIPL”) and the EU General Data Protection Regulation (the “GDPR

GDPR 59
article thumbnail

61% of Malware Delivered via Cloud Apps: Report

Dark Reading

Researchers report the majority of malware is now delivered via cloud applications - a jump from 48% last year.

Cloud 84