Fri.May 01, 2020

article thumbnail

Phishing Campaigns Target Senior Executives via Office 365

Data Breach Today

Top Victims Include Financial Services and Law Firms, Group-IB Warns A sophisticated, highly targeted phishing campaign has hit high-level executives at more than 150 businesses, stealing confidential documents and contact lists, says security firm Group-IB. The campaign, which targets Office 365 users, appears to trace to attackers operating from Nigeria and South Africa.

Phishing 332
article thumbnail

Maze Ransomware operators claim to have stolen millions of credit cards from Banco BCR

Security Affairs

Maze Ransomware operators claim to have gained access to the network of Banco BCR of Costa Rica and stolen 11 million credit card credentials. Maze Ransomware operators claim to have hacked the network of the state-owned Bank of Costa Rica Banco BCR and to have stolen internal data, including 11 million credit card credentials. Banco BCR has equity of $806,606,710 and assets of $7,607,483,881, it is one of the most solid banks in Central America.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Work-at-Home: The Impact on Security

Data Breach Today

Survey Sizes Up Increased Risks, New Duties for Security Staff The shift to working at home is opening the door to cybersecurity incidents. Some 23% of respondents to a small survey conducted by the training organization (ISC)2 say their organization has experienced an increase in cybersecurity incidents since transitioning to remote work.

Security 246
article thumbnail

COVID-19 disinformation and misinformation campaigns continue to proliferate

Security Affairs

COVID-19 disinformation and misinformation campaigns continue to proliferate around the world, with potentially harmful consequences for society. During a COVID-19 crisis, while most of the people have to maintain social distancing and work from home, threat cyber are attempting to conduct disinformation and misinformation campaigns. The main difference between misinformation and disinformation is that the latter is the sharing of specially crafted incorrect information to influence the sentimen

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Darknet Markets Push Fake Coronavirus Vaccines, Test Kits

Data Breach Today

A New Study Shows Shady Markets Are Attempting to Capitalize on the Pandemic Researchers are seeing a spike in opportunism by fraudsters and cybercriminals seeking to profit from the COVID-19 crisis. Underground online markets are offering a range of pandemic-related goods, from face masks to fraudulent vaccines.

Marketing 208

More Trending

article thumbnail

CISA Urges Federal Agencies to Use Approved DNS Service

Data Breach Today

Agency Planning to Support Newer Encryption Technology in the Future The Cybersecurity and Infrastructure Security Agency is reminding government agencies to continue using an approved DNS resolution service at a time when a large portion of the federal workforce has been shifted to home offices because of the COVID-19 pandemic.

article thumbnail

Microsoft Teams Impersonation Attacks Flood Inboxes

Threatpost

Two separate attacks have targeted as many as 50,000 different Teams users, with the goal of phishing Office 365 logins.

Phishing 143
article thumbnail

Addressing Telehealth, Telework Security Amid COVID-19

Data Breach Today

With more employees working remotely and a much heavier demand for telehealth services, entities need to consider extra, accelerated steps in keeping data and systems secure, says Martin Littmann, Kelsey-Seybold Clinic CISO, and Stephen Moore, a former security leader at Anthem.

Security 204
article thumbnail

Hackers are targeting recently patched WebLogic security vulnerability

Security Affairs

Oracle warns of attacks against recently patched WebLogic security bug. Oracle warns of attacks in the wild exploiting a recently patched vulnerability in WebLogic servers for which a PoC code is available on GitHub. IT giant Oracle published a security alert to warn organizations running WebLogic servers of ongoing attacks that exploit the CVE-2020-2883 vulnerability.

Security 111
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Analysis: Ransomware's Costly Impact

Data Breach Today

The latest edition of the ISMG Security Report analyzes the rising costs of ransomware attacks and the latest victims. Also featured: An assessment of Australia's new contact-tracing app designed to help battle the spread of COVID-19, and a discussion of applying the "zero trust" model to the remote workforce.

article thumbnail

Me on COVID-19 Contact Tracing Apps

Schneier on Security

I was quoted in BuzzFeed: "My problem with contact tracing apps is that they have absolutely no value," Bruce Schneier, a privacy expert and fellow at the Berkman Klein Center for Internet & Society at Harvard University, told BuzzFeed News. "I'm not even talking about the privacy concerns, I mean the efficacy. Does anybody think this will do something useful?

Privacy 145
article thumbnail

Over 800K WordPress sites are at risk due to a flaw in Ninja Forms plugin

Security Affairs

The development team oh the Ninja Forms WordPress plugin fixed a high severity security flaw that can let attackers take over websites. The developers behind the Ninja Forms WordPress plugin have addressed a Cross-Site Request Forgery (CSRF) vulnerability that could lead to Stored Cross-Site Scripting (Stored XSS) attacks. Ninja Forms is a drag and drop form builder plugin for WordPress builder that allows users to easily create complex forms within just a few minutes.

Risk 107
article thumbnail

Upgraded Cerberus Spyware Spreads Rapidly via MDM

Threatpost

No longer a simple Android banker, Cerberus is now a full-fledged RAT that can take complete control of devices and automatically spread via mobile device management servers.

MDM 100
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Europol analyses on criminal operations in Europe during COVID-19 Crisis

Security Affairs

Threat actors and criminal organizations continue to take advantage of the COVID-19 pandemic to make money, Europol warns. Europol published a report that highlights how criminals organizations are adapting their operations attempting to take advantage of the COVID-19 pandemic. The trend is similar to the one observed during previous financial crises, but the speed of the criminal phenomena is higher.

article thumbnail

TrickBot Attack Exploits COVID-19 Fears with DocuSign-Themed Ploy

Threatpost

Threat actors are spreading the tricky trojan through fake messages in another opportunistic COVID-19-related campaign, said IBM X-Force.

103
103
article thumbnail

Philippines NPC Investigating COVID-19 Related Breaches

Hunton Privacy

On April 25, 2020, the Philippines National Privacy Commission (“NPC”) issued a statement that it is investigating several breach notifications it has received relating to the unauthorized disclosure of sensitive personal information of confirmed and suspected COVID-19 patients (the “Statement”). According to MLex , a communications officer for the NPC has confirmed that the regulator will focus primarily on remedial measures rather than on the imposition of fines as it investigates the 17 breac

article thumbnail

Best Practices for Managing a Remote SOC

Dark Reading

Experts share what it takes to get your security analysts effectively countering threats from their home offices.

Security 108
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Overcoming the 4 Biggest Obstacles to Connected Customer Experiences in Times of Uncertainty and Beyond

Reltio

Business leaders at Global 2000 companies are guiding their companies through uncharted territory during this time of great uncertainty. What’s encouraging is many are continuing to invest in improving digital engagement. Building personalized and connected customer experiences is more important than ever. They want to be there for their customers through good times and bad and they are focused on serving, protecting and retaining their customers.

article thumbnail

Fake Microsoft Teams Emails Phish for Credentials

Dark Reading

Employees belonging to organizations in industries such as energy, retail, and hospitality have been recipients, Abnormal Security says.

Phishing 131
article thumbnail

EDPB’s New Guidelines – Clinical Trials in the EU and COVID-19

HL Chronicle of Data Protection

We currently live in a world where the rapid spread of COVID-19 has provoked the urge to initiate the search for an effective vaccine or medicines to fight against it. In this context, the EDPB has recently published its Guidelines 03/2020 on the processing of data concerning health for the purpose of scientific research in the context of the COVID-19 outbreak (Guidelines) with the clear objective of ensuring that patients’ and trial subjects’ privacy is not disregarded while clinica

GDPR 80
article thumbnail

Weekly Update 189

Troy Hunt

Last week, I got the vid out a day late and by early afternoon today it looked like I was heading the same way. So, for the first time I ended up just live streaming it direct to YouTube. I actually quite liked the interaction, although I picked the quietest time in the day with most of the world asleep and obviously the audio quality wasn't the same as sitting in my office but still, not a bad end result I reckon.

IoT 79
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Is data monetization the way forward for manufacturers?

OpenText Information Management

At OpenText™, we’ve been talking a lot about how to build resilience into organizations. In the latest edition of the Manufacturing Leadership Council Journal, I wrote about the advantage of monetizing data for manufacturers. This is even more important as companies look to establish quick and consistent revenue streams as the global economy recovers.

article thumbnail

Public sector crisis management: planning technology in the response phase to support successful recovery

CGI

Public sector crisis management: planning technology in the response phase to support successful recovery. Many governments are grappling with urgent pandemic challenges, from insufficient supplies, to evolving public health guidance, to disseminating timely and accurate information—all while making herculean efforts to “flatten the curve” to save lives.

article thumbnail

Industrial Networks' Newest Threat: Remote Users

Dark Reading

We know remote working isn't going away anytime soon, so it's crucial we be extra vigilant about security for industrial networks and critical infrastructure.

Security 108
article thumbnail

Transitioning customer communications from paper to digital

OpenText Information Management

When it comes to customer communications, Millennials, we’re told, prefer text and social media messages to phone calls and email. While most of the research into customer communications has focused on the customer, few have looked into what companies think and what has been their experience communicating with their customers? So, OpenText teamed up with … The post Transitioning customer communications from paper to digital appeared first on OpenText Blogs.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Apple Makes It Easier to Unlock iPhone While Wearing a Mask

Dark Reading

The beta release of iOS 13.5 brings an updated FaceID so that users wearing masks can bypass facial recognition and unlock their phone with a code.

IT 96
article thumbnail

What Is Fleeceware and How Can You Protect Yourself?

WIRED Threat Level

Sneaky developers are charging big bucks for basic apps. Here's how to spot a scam in sheep's clothing.

article thumbnail

DHS CISA Launches Site for Teleworking Security

Dark Reading

The new website is intended to be a one-stop source for information on securing teleworkers and their employers.