Fri.Jul 10, 2020

article thumbnail

Malware Found Pre-Installed on Low-Cost Android Smartphones

Data Breach Today

Phones Sold Through US Government-Subsidized Program For the second time this year, security researchers have found malware embedded in low-cost Android smartphones distributed through a U.S. government program, security firm Malwarebytes reports.

article thumbnail

Report: Most Popular Home Routers Have ‘Critical’ Flaws

Threatpost

Common devices from Netgear, Linksys, D-Link and others contain serious security vulnerabilities that even updates don’t fix.

Security 134
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

5 Billion Unique Credentials Circulating on Darknet

Data Breach Today

Bank Account Credentials Sell for an Average of $71, Report Finds Five billion unique user credentials are circulating on darknet forums, with cybercriminals offering to sell access to bank accounts as well as domain administrator access to corporate networks, according to the security firm Digital Shadows.

Access 305
article thumbnail

Hackers are scanning the web for vulnerable Citrix systems

Security Affairs

Threat actors are scanning the Internet for Citrix systems affected by the recently disclosed vulnerabilities. This week Citrix has addressed 11 vulnerabilities affecting the ADC, Gateway, and SD-WAN WANOP networking products. The vulnerabilities could be exploited by attackers for local privilege escalation, to trigger a DoS condition, to bypass authorization, to get code injection, and to launch XSS attacks.

Honeypots 111
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Zoom-Themed Phishing Campaign Targets Office 365 Credentials

Data Breach Today

Fraudsters Using Fake Account Alerts to Steal Microsoft Credentials A recently uncovered phishing campaign is using spoofed Zoom account alerts to steal Microsoft Office 365 credentials, according to a report from Abnormal Security. These attacks come as use of the platform soars due to work-from-home arrangements.

Phishing 293

More Trending

article thumbnail

Mac Malware Primarily Infostealer, Not Ransomware

Data Breach Today

Malwarebytes: New Research Discloses Data Exfiltration Capability The Mac malware originally labeled as "EvilQuest," which researchers initially identified as a poorly designed ransomware variant, apparently is primarily an information stealer with ransomware-like elements designed to confuse security tools, according to the security firm Malwarebytes.

article thumbnail

2020 Likely To Break Records for Breaches

Adam Levin

2020 is on the path to becoming a record-breaking year for data breaches and compromised personal data. A recent article released by cybersecurity and antivirus firm Bitdefender shows that 8.4 billion records have already been exposed, and that’s only accounting for the first quarter of 2020. For comparison, that’s a 273% increase over the first two quarters of 2019 combined.

article thumbnail

Cybercrime Research: For the Greater Good, or Marketing?

Data Breach Today

As Governments Underinvest in Law Enforcement, Private Firms Fill Intelligence Gap U.S. prosecutors this week unsealed an indictment against the alleged hacker "Fxmsp" after his identity was revealed in a cybersecurity firm's report. That sequence of events has raised questions about information sharing and highlighted law enforcement's reliance on private cybersecurity researchers.

Marketing 195
article thumbnail

Evilnum Group targets European and British fintech companies

Security Affairs

A threat actor tracked as Evilnum targeted financial technology companies, mainly the British and European ones, ESET researchers reported. Evilnum threat actor was first spotted in 2018 while using the homonym malware. Over the years, the group added new tools to its arsenal, including custom and homemade malware along with software purchased from the Golden Chickens malware-as-a-service (MaaS) provider.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Updated Joker Android Malware Adds Evasion Techniques

Data Breach Today

Malicious Code Hid Within Apps Posted to Google Play Store Check Point Research reports that a new version of the Joker mobile malware that infects Android devices has emerged. The malware, hidden in apps in the Google Play store, has once again evaded Google's security tools.

Security 204
article thumbnail

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Security Affairs

Two security researchers have found undocumented Telnet admin account accounts in 29 FTTH devices from Chinese vendor C-Data. Two security researchers have discovered undocumented Telnet admin account accounts in 29 Fiber-To-The-Home (FTTH) devices from Chinese vendor C-Data. The CDATA OLTs are sold under different brands, including Cdata, OptiLink, V-SOL CN, and BLIY.

article thumbnail

Analysis: Monitoring the Risks Posed by Remote Workers

Data Breach Today

The latest edition of the ISMG Security Report analyzes the surge in the use of employee monitoring tools for the increasingly remote workforce. Also featured: Discussions about IoT security guidelines and CCPA compliance requirements.

Risk 170
article thumbnail

Popular TP-Link Family of Kasa Security Cams Vulnerable to Attack

Threatpost

Researcher warns the highly-rated Kasa family of security cameras have bugs that gives hackers access to private video feeds and settings.

Security 107
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Coordinating Disclosures of Medical Device Vulnerabilities

Data Breach Today

As cyberthreats facing healthcare organizations soar, medical device maker Becton, Dickinson and Co. has ramped up its process for coordinated disclosure of vulnerabilities to help identify, assess and communicate issues to regulators and industry stakeholders, says BD's Dana-Megan Rossi.

article thumbnail

Privacy and Personal Information Protection Under the Civil Code of China

Hunton Privacy

The Civil Code of China (the “Civil Code”) was approved by the National People’s Congress of China on May 28, 2020 and will take effect January 1, 2021. Part Four of the Civil Code explicitly stipulates that the “Right of Privacy” is one of the “Rights of Personality” covered therein and includes a chapter on “Privacy and Personal Information Protection,” which contains detailed provisions to protect privacy and personal information.

Privacy 92
article thumbnail

Our Blog is Moving!

HL Chronicle of Data Protection

To our valued readers of the Chronicle of Data Protection blog: we are changing how we deliver our content. As of today, we have moved the blog to a new technology platform: Hogan Lovells Engage. We are working to make this transition as seamless as possible. For starters, Chronicle of Data Protection content will be made publicly available, at our new location on Hogan Lovells Engage.

Privacy 92
article thumbnail

New Zealand Advances New Privacy Bill

Hunton Privacy

On June 26, 2020, New Zealand Justice Minister Andrew Little announced that the bill to repeal and replace New Zealand’s existing Privacy Act 1993 (the “Privacy Bill”) had passed its third reading in Parliament. The Privacy Bill received royal assent on June 30, 2020. The Privacy Bill retains certain aspects of the Privacy Act 1993, but includes some significant changes.

Privacy 90
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

KingComposer fixes a reflected XSS impacting 100,000 WordPress sites

Security Affairs

An XSS vulnerability in the KingComposer page builder for WordPress impacts 100,000 websites using the WordPress plugin. . Researchers at Wordfence Threat Intelligence team discovered a reflected cross-site scripting (XSS) vulnerability, tracked as CVE-2020-15299 , in the KingComposer WordPress plugin that potentially impacts 100,000 websites. . KingComposer a fast drag-and-drop page builder for WordPress websites, which comes complete with top-notch features embedded and a truly intuitive UI.

article thumbnail

French Council of State Partially Annuls CNIL Cookie Guidelines on Use of Cookie Walls

Data Matters

On June 19, 2020, the French Conseil d’État (“ Council of State ”) issued a decision partially annulling the Guidelines of the French Data Protection Authority (the “ CNIL ”) on cookies and other tracking tools (“ Guidelines ”). The Council of State ruled that the CNIL’s Guidelines could not prohibit the use of ‘cookie walls’, a practice which consists of blocking user access to a website where the user refuses to consent to cookies and other tracking tools.

GDPR 74
article thumbnail

Juniper Networks addressed many issues in its products

Security Affairs

Juniper Networks addressed several vulnerabilities in its firewalls, most of them can be exploited by attackers for denial-of-service (DoS) attacks. Juniper Networks addressed several vulnerabilities in its products, most of them can be exploited by attackers for denial-of-service (DoS) attacks. Half a dozen of the flaws are DoS issues that have been rated high severity.

IT 80
article thumbnail

Amazon Bans Employees From Using TikTok on Their Phones

WIRED Threat Level

US lawmakers have repeatedly raised security concerns over the app's Chinese ownership. Are US businesses next?

Security 102
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Smartwatch Hack Could Trick Dementia Patients into Overdosing

Threatpost

Attackers could hack the smartwatch and send dementia patients alerts for taking their medication.

Passwords 106
article thumbnail

Microsoft Halts a Global Fraud Campaign That Targeted CEOs

WIRED Threat Level

A sophisticated scheme was designed to trick businesses in more than 60 countries into wiring large sums of money to attackers.

article thumbnail

Weekly Update 199

Troy Hunt

Wow! Loving that 4K camera ?? Or perhaps more specifically, just loving that camera and lens and I reckon it'll still be awesome in 1080p. But this week, I decided to go all out in super hi-def just to see how it looked. The captured video was 13.1GB but rendered down at 2.3GB out of Premiere so it's obviously applied some compression, but still looks amazing IMHO.

article thumbnail

China Closing Its Squid Spawning Grounds

Schneier on Security

China is prohibiting squid fishing in two areas -- both in international waters -- for two seasons, to give squid time to recover and reproduce. This is the first time China has voluntarily imposed a closed season on the high seas. Some experts regard it as an important step forward in China's management of distant-water fishing (DWF), and crucial for protecting the squid fishing industry.

IT 101
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

The 'Super Smash Bros.' Community Reckons With Sexual Misconduct Allegations

WIRED Threat Level

Dozens of people have come forward over the past week, many pointing to a culture that they say enabled rampant predatory behavior.

article thumbnail

Biden Campaign Hires 2 Top Cybersecurity Executives

Dark Reading

The campaign has filled the positions of CISO and CTO in the runup to the 2020 presidential election.

article thumbnail

Google Bans Stalkerware Ads – With a Loophole

Threatpost

Starting in August Google is banning ads of products or services promoting stalkerware.

Security 100