Fri.Feb 26, 2021

article thumbnail

Chinese Attack Tool Gains Gmail Access

Data Breach Today

Campaign Targets Tibetan Organizations Proofpoint reports that Chinese state-sponsored hackers are using a new customized malicious Mozilla Firefox browser extension that facilitates access and control of victims’ Gmail accounts. So far, the hackers are targeting Tibetan organizations.

Access 340
article thumbnail

New Ryuk ransomware implements self-spreading capabilities

Security Affairs

French experts spotted a new Ryuk ransomware variant that implements self-spreading capabilities to infect other devices on victims’ local networks. Experts from French national cyber-security agency ANSSI have spotted a new Ryuk ransomware variant that implements worm-like capabilities that allow within local networks. “On top of its usual functions, this version holds a new attribute allowing it to self replicate over the local network.” reads the report published by the ANSS

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

House SolarWinds Hearing Focuses on Updating Cyber Laws

Data Breach Today

Lawmakers and Witnesses See Expanded Role for CISA Following Attack A pair of U.S. House committees held their first public hearings into the SolarWinds attack, with lawmakers and witnesses offering support for expanding federal cybersecurity laws to address the security failures. This includes a larger role for CISA to conduct threat hunting.

article thumbnail

The Problem with Treating Data as a Commodity

Schneier on Security

Excellent Brookings paper: “ Why data ownership is the wrong approach to protecting privacy.” From the introduction: Treating data like it is property fails to recognize either the value that varieties of personal information serve or the abiding interest that individuals have in their personal information even if they choose to “sell” it.

Privacy 100
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

DHS to Provide $25 Million More for Cybersecurity Grants

Data Breach Today

CISA May Launch Other Grants as Well The U.S. Department of Homeland Security will provide an additional $25 million in grants to state and local cybersecurity preparedness programs with a particular focus on combatting ransomware, Secretary Alejandro Mayorkas announced Thursday.

More Trending

article thumbnail

Analysis: Feds Crack Down on Cryptocurrency Scams

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of a federal crackdown on ICO cryptocurrency scams. Also featured: An update on the SonicWall hack investigation and the use of digital IDs to verify COVID-19 testing.

Security 281
article thumbnail

Data Breach: Turkish legal advising company exposed over 15,000 clients

Security Affairs

Data Breach: WizCase team uncovered a massive data leak containing private information about Turkish Citizens through a misconfigured Amazon S3 bucket. The server contained 55,000 court papers regarding over 15,000 legal cases, which affected hundreds of thousands of people. What’s Going On? Our online security team has uncovered a massive data breach originating from a misconfigured Amazon Bucket, which was operated by a Turkish Legal advising company, INOVA YÖNETIM & AKTÜERYAL DANI?

article thumbnail

Microsoft Patches Windows Remote Code Flaw

Data Breach Today

The Flaw in Windows Graphics Component Can Enable Web-Based Attacks Microsoft has patched a critical vulnerability in Windows that can be exploited by tricking users to visit websites that use a malicious font. The flaw was found by Google's Project Zero bug-hunting team.

278
278
article thumbnail

Amazon Dismisses Claims Alexa ‘Skills’ Can Bypass Security Vetting Process

Threatpost

Researchers found a number of privacy and security issues in Amazon's Alexa skill vetting process, which could lead to attackers stealing data or launching phishing attacks.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

NPower Shuts Down App After Breach

Data Breach Today

UK Power Company Says Banking Data Exposed British energy firm NPower has shut down its customer app after hackers accessed sensitive personal data, according to a local news report.

article thumbnail

Lazarus Targets Defense Companies with ThreatNeedle Malware

Threatpost

A spear-phishing campaigned linked to a North Korean APT uses “NukeSped” malware in cyberespionage attacks against defense companies.

Phishing 106
article thumbnail

Microsoft Releases Queries for SolarWinds Attack Detection

Data Breach Today

Others Now Can Use CodeQL Queries Available in GitHub Repository Microsoft is making available the CodeQL queries it used to detect malicious implants in the massive supply chain attack that affected SolarWinds, tech firms and government agencies.

article thumbnail

Stalkerware Volumes Remain Concerningly High, Despite Bans

Threatpost

COVID-19 impacted volumes for the year, but the U.S. moved into third place on the list of countries most infected by stalkerware.

Security 105
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Clubhouse's Security and Privacy Lag Behind Its Huge Growth

WIRED Threat Level

The platform has promised to do better after a string of incidents. But the hardest part might be managing user expectations.

Privacy 104
article thumbnail

Protecting Sensitive Cardholder Data in Today’s Hyper-Connected World

Threatpost

Retailers that lacked significant digital presence pre-COVID are now reaching new audiences through e-commerce sites that are accessible anytime, from anywhere, on any device.

Retail 84
article thumbnail

Weekly Update 232

Troy Hunt

I honestly don't know where my time goes. I get up, have great plans for all the things I want to do then next minute, the day is gone. There's probably some hints in the range of different things I'm speaking about this week and the book is certainly now consuming a heap of time, but at least I'm doing what I love. Also, at about the 29 minute mark, I started getting a little static in the audio.

IoT 78
article thumbnail

Malware Gangs Partner Up in Double-Punch Security Threat

Threatpost

From TrickBot to Ryuk, more malware cybercriminal groups are putting their heads together when attacking businesses.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Dutch Research Council (NWO) confirms DoppelPaymer ransomware attack

Security Affairs

Dutch Research Council (NWO) confirmed that the recent cyberattack that forced it to take its servers offline was caused by the DoppelPaymer ransomware gang. On February 14, Dutch Research Council (NWO) was hit by a cyber attack that compromised its network and impacted its operations. In response to the incident, the Dutch Research Council (NWO) was forced to take its servers offline.

article thumbnail

Attackers Turn Struggling Software Projects Into Trojan Horses

Dark Reading

While access to compromised systems has become an increasingly common service, some cybercriminals are going straight to the source: buying code bases and then updating the application with malicious code.

Access 105
article thumbnail

Microsoft releases open-source CodeQL queries to assess Solorigate compromise

Security Affairs

Microsoft announced the release of open-source CodeQL queries that it experts used during its investigation into the SolarWinds supply-chain attack. Microsoft has announced the availability of open-source CodeQL queries that the IT giant used during its investigation into the SolarWinds attack. In early 2021, the US agencies FBI, CISA, ODNI, and the NSA released a joint statement that blames Russia for the SolarWinds supply chain attack.

IT 74
article thumbnail

Tackling the challenges of remote working during a pandemic

OpenText Information Management

Planning flight operations is a complex and time-critical task, made even more challenging during the coronavirus pandemic. Eurowings, a specialist low-cost European airline and part of the Lufthansa Group, has had to adapt to ensure both its operations and staff stay safe. Eurowings faced several challenges when looking for ways to ensure secure remote access … The post Tackling the challenges of remote working during a pandemic appeared first on OpenText Blogs.

Access 70
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Hackers are selling access to Biochemical systems at Oxford University Lab

Security Affairs

Hackers have broken into the biochemical systems of an Oxford University lab where researchers are working on the study of Covid-19. Hackers compromised the systems at one of the most advanced biology labs at the Oxford University that is involved in the research on the Covid-19 pandemic. The news was disclosed by Forbes and the Oxford University confirmed the security breach that impacted the Division of Structural Biology (known as “Strubi”). “Oxford University confirmed on Thursday it h

Access 72
article thumbnail

NSA Releases Guidance on Zero-Trust Architecture

Dark Reading

A new document provides guidance for businesses planning to implement a zero-trust system management strategy.

125
125
article thumbnail

Yeezy Fans Face Sneaker-Bot Armies for Boost ‘Sun’ Release  

Threatpost

Sneaker bots ready to scoop up the new Yeezy Boost 700 “Sun” shoes to resell at a huge markup. .

article thumbnail

Securing Super Bowl LV

Dark Reading

A peek at open XDR technology, and defense that held up better than the Kansas City Chiefs.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Podcast: Ransomware Attacks Exploded in Q4 2020

Threatpost

Researchers said they saw a seven-times increase in ransomware activity in the fourth quarter of 2020, across various families – from Ryuk to Egregor.

article thumbnail

The Edge Pro Tip: Fasten Your Seatbelts

Dark Reading

An unprecedented 2020 has shaken up security leaders' usual list of must-have technologies for 2021. Where do they plan to spend next?

article thumbnail

Collibra presents Black History Month: Celebrating Black excellence in tech

Collibra

Throughout February, Collibra celebrated US Black History Month by organizing events that highlighted the theme of ‘Black Excellence in Tech.’ BLEND*, our Black and Latinx employee resource group (ERG), organized five inspiring, impactful and educational events for the entire company to participate in. . What is US Black History Month? US Black History Month celebrates and recognizes the achievements of the Black and African American community and their central role in US history.