Wed.Mar 03, 2021

article thumbnail

Accellion Attack Involved Extensive Reverse Engineering

Data Breach Today

Sophisticated Attackers Took the Time to Master a 20-Year-Old Product, FireEye Says Using a nearly 20-year-old file-transfer product: What could go wrong? Among the many lessons to be learned from the Accellion File Transfer Application mess is this: Attackers will devote substantial resources to reverse engineering hardware, software or a service if there's a financial upside.

359
359
article thumbnail

Clop ransomware gang leaks data allegedly stolen from cybersecurity firm Qualys

Security Affairs

Cybersecurity firm Qualys seems to have suffered a data breach, threat actors allegedly exploited zero-day flaw in their Accellion FTA server. Cybersecurity firm Qualys is the latest victim of a cyber attack, the company was likely hacked by threat actors that exploited a zero-day vulnerability in their Accellion FTA server. A couple of weeks ago, security experts from FireEye linked a series of cyber attacks against organizations running Accellion File Transfer Appliance (FTA) servers to the c

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Cybersecurity Leadership: Identity, Access, Complexity

Data Breach Today

CEOs and CISOs on Dealing With the ‘Work From Anywhere’ Challenge In this era of "work from anywhere," identity and access management solutions are challenged more than ever. What are the strategies and solutions recommended by top CEOs and CISOs in the cybersecurity sector? An expert panel weighs in.

Access 313
article thumbnail

Bug bounty hunter awarded $50,000 for a Microsoft account hijack flaw

Security Affairs

A researcher received a $50,000 bug bounty by Microsoft for having reported a vulnerability that could’ve allowed to hijack any account. Microsoft has awarded the security researcher Laxman Muthiyah $50,000 for reporting a vulnerability that could have allowed anyone to hijack users’ accounts without consent. According to the expert, the vulnerability only impacts consumer accounts.

Passwords 111
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Microsoft Patches Four Zero-Day Flaws in Exchange

Data Breach Today

Attackers Used Flaws to Download Full Contents of Email Accounts Microsoft issued emergency software patches on Tuesday for four zero-day vulnerabilities in its Exchange email server. The alarming vulnerabilities could allow a remote attacker into Exchange and possibly enable further lateral movement.

IT 307

More Trending

article thumbnail

AI Supremacy: Russia, China Could Edge Out US, Experts Warn

Data Breach Today

Cyberattack and Disinformation Risks From AI Loom Large, Commission Warns The U.S. is in danger of falling behind China and Russia in developing artificial intelligence technologies and countering cybersecurity threats that could develop as AI use becomes more widespread, according to a newly released report from the National Security Commission on Artificial Intelligence.

article thumbnail

Google Patches Actively-Exploited Flaw in Chrome Browser

Threatpost

A flaw (CVE-2021-21166) in the Audio component of Google Chrome is fixed in a new update being pushed out to Windows, Mac and Linux users.

Security 122
article thumbnail

GAO Report Highlights Need for Centralized Cyber Leadership

Data Breach Today

Watchdog Says Nation's Cybersecurity Readiness Regressed Over Last 2 Years A lack of centralized leadership, especially at the White House level, is hindering the federal government's ability to address numerous cybersecurity issues, including the SolarWinds supply chain attack that affected federal agencies and others, according to a new GAO report.

article thumbnail

Microsoft Exchange Zero-Day Attackers Spy on U.S. Targets

Threatpost

Full dumps of email boxes, lateral movement and backdoors characterize sophisticated attacks on civil-society targets by a Chinese APT.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Lazarus Group Tied to TFlower Ransomware

Data Breach Today

Sygnia Researchers Say Hackers Using Their MATA Framework to Deliver Malware The Lazarus Group, a North Korean hacking operation also known as Hidden Cobra, is deploying TFlower ransomware using its MATA malware framework, security firm Sygnia reports.

article thumbnail

Attackers took over the Perl.com domain in September 2020

Security Affairs

The Perl.com domain was hijacked in January, but a senior editor at the site revealed that the hackers took control of the domain in September 2020. The Perl.com domain was hijacked in January 2021, but according to Brian Foy , senior editor of Perl.com, the attack took place months before, in September 2020. Attackers have taken over the official domain name of The Perl Foundation perl.com and pointed it to an IP address associated with malware campaigns.

Sales 105
article thumbnail

Catches of the month: Phishing scams for March 2021

IT Governance

The Royal Mail is used in so many scams that it has a specific section on its website to help people detect and report fraudulent messages. That service has been especially busy recently after people received emails and texts supposedly from the Royal Mail demanding a shipping payment. We dedicate this month’s phishing round-up to these scams, explaining how you can spot bogus Royal Mail messages and why Brexit has helped attackers.

article thumbnail

Data Breach: Millions of Phone Numbers, Recordings, and Call Logs Compromised in Ringostat Data Leak

Security Affairs

WizCase experts found a major breach in phone-tracking service Ringostat ’s database, millions of Phone Numbers, Recordings, and Call Logs Compromised. WizCase security team has found a major breach in phone-tracking service Ringostat ’s database. This leak left vulnerable phone numbers, call recordings, call logs, and more to potential attack. The leaked data numbers in the millions and was accessible to anyone who possessed the link.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

CISA to Federal Agencies: Immediately Patch or 'Disconnect' Microsoft Exchange Servers

Dark Reading

The US Department of Homeland Security agency's new emergency directive comes in the wake of major zero-day attacks on email servers revealed by Microsoft this week.

Security 133
article thumbnail

Encoded Message in the Perseverance Mars Lander’s Parachute

Schneier on Security

NASA made an oblique reference to a coded message in the color pattern of the Perseverance Mars Lander ‘s parachute. More information.

article thumbnail

RTM Cybergang Adds New Quoter Ransomware to Crime Spree

Threatpost

The Russian-speaking RTM threat group is targeting organizations in an ongoing campaign that leverages a well-known banking trojan, brand new ransomware strain and extortion tactics.

article thumbnail

How SolarWinds Busted Up Our Assumptions About Code Signing

Dark Reading

With so much automation in code writing process, results are rarely double-checked, which opens the door to vulnerabilities and downright danger.

134
134
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow

Threatpost

Attackers have weaponized code dependency confusion to target internal apps at tech giants.

Cloud 122
article thumbnail

Intel: Paid Research Caught More Than 90% of Our Vulnerabilities

Dark Reading

Internal research and external bug-bounty programs combined to discover the vast majority of reported security issues in the company's software.

Security 129
article thumbnail

Unpatched Bug in WiFi Mouse App Opens PCs to Attack

Threatpost

Wireless mouse-utility lacks proper authentication and opens Windows systems to attack.

article thumbnail

More Details Emerge on the Microsoft Exchange Server Attacks

Dark Reading

The attacks seem more widespread than initially reported, researchers say, and a look at why the Microsoft Exchange Server zero-days patched this week are so dangerous.

84
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Malaysia Air Downplays Frequent-Flyer Program Data Breach

Threatpost

A third-party IT provider exposed valuable airline data that experts say could be a goldmine for cybercriminals. .

article thumbnail

Intel: More Than 90% of Our Vulnerabilities Found via Research

Dark Reading

Internal research and external bug-bounty programs combined to discover the vast majority of reported security issues in the company's software.

article thumbnail

Gab's CTO Introduced a Critical Vulnerability to the Site

WIRED Threat Level

A review of the open source code shows an account under the executive's name made a mistake that could lead to the kind of breach reported this weekend.

article thumbnail

Cyber Defense Magazine – March 2021 has arrived. Enjoy it!

Security Affairs

Cyber Defense Magazine March 2021 Edition has arrived. We hope you enjoy this month’s edition…packed with over 110 pages of excellent content. 110 PAGESLOADED WITH EXCELLENT CONTENT Learn from the experts, cybersecurity best practices Find out about upcoming information security related conferences, expos and trade shows. Always free, no strings attached.

IT 62
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Webinar: Improving Buy-In to IM Policies on March 9th, 2021 at 11:45 Central via ARMA Dallas Chapter

IG Guru

Registration closes Monday, March 8th at 3:00pm In many offices, IM policies are long and confusing, and no one reads them. Worse, they often sound like angry parents scolding naughty children. Adults bristle at disrespectfully worded statements, making compliance a battle. The reality is that the policy writers wanted to sound strict rather than disrespectful, but they […].

article thumbnail

What is a business glossary?

Collibra

A business glossary is a collection of data related terms described in clear language that everyone in an organization can understand. A business glossary ensures organizations speak the same language by clearing up ambiguity in business terminology. Those definitions form part of a business ontology – helping organizations understand how different terms relate to one another. .

article thumbnail

Okta to Buy Rival Auth0

Dark Reading

The deal, valued at $6.5 billion, will bring together competitors in the identity management space.

86