Thu.Apr 29, 2021

article thumbnail

ISC(2): Only 13% of Cybersec Pros Had a Cyber Education

Data Breach Today

Study Points to Need for Extensive On-the-Job Training Only 13% of cybersecurity professionals had a cybersecurity education before getting into the sector reports (ISC)², pointing to the need for extensive on-the-job training.

Education 274
article thumbnail

Successful Information Management: What's Standing in Your Way?

AIIM

One would think that the rapid pace of changing technology is the primary struggle for organizations on their journey to transforming into a truly digital organization. However, based on our recent state of the intelligent information management industry research , that is simply not the case. At the top of the list of true obstacles that organizations face is money – "lack of budget and resources" (26%).

Education 266
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Google COVID-19 Contact-Tracing Tool Exposes Data: Lawsuit

Data Breach Today

Complain Alleges 'Exposure Notification System' Allows Third-Party Access to Personal Info A lawsuit alleges that a security flaw in a Google COVID-19 contact tracing tool is exposing personal and medical information of millions of users to third parties through device system logs. But Google says it reviewed the issue, updated code and is ensuring the fix is rolled out to users.

Access 273
article thumbnail

Task Force Seeks to Disrupt Ransomware Payments

Krebs on Security

Some of the world’s top tech firms are backing a new industry task force focused on disrupting cybercriminal ransomware gangs by limiting their ability to get paid, and targeting the individuals and finances of the organized thieves behind these crimes. In a 50-page report delivered to the Biden administration this week, top executives from Amazon , Cisco , FireEye , McAfee , Microsoft and dozens of other firms joined the U.S.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Civilian Cyber Reserve Program Proposed

Data Breach Today

Legislation Would Create Nation Guard-Style Program to Counter Cyberthreats A bipartisan group of lawmakers has introduced a legislative proposal that would create a program, similar to the National Guard, to deploy those with tech and security skills during significant cyberthreats, such as the recent SolarWinds and Microsoft Exchange attacks.

Security 272

More Trending

article thumbnail

Protect the Brand: Online Fraud and Cryptocurrency Scams

Data Breach Today

Phishing, online fraud, cryptocurrency scams – they are coming at lightning speed, threating enterprises and their brands. And just as fraudsters rely on automation to deliver these attacks, defenders can use automated tools to protect their brands. Jeff Baher of Bolster tells how.

Phishing 287
article thumbnail

Command injection flaw in PHP Composer allowed supply-chain attacks

Security Affairs

A vulnerability in the PHP Composer could have allowed an attacker to execute arbitrary commands and backdoor every PHP package. The maintainers of the PHP Composer package have addressed a critical vulnerability, tracked as CVE-2021-29472, that could have allowed an attacker to execute arbitrary commands and establish a backdoor in every PHP package.

Metadata 131
article thumbnail

Touhill Takes Charge at Carnegie Mellon SEI’s CERT

Data Breach Today

Ex-Federal CISO Sees New Opportunities for Partnerships, Defense He’s been an Air Force general, a CEO and the first federal CISO. Now Gregory Touhill is taking charge as director of the Carnegie Mellon University Software Engineering Institute's CERT Division. And he’s bringing all his past experience to bear in a new effort to forge partnerships and protections.

260
260
article thumbnail

SaaS Attacks: Lessons from Real-Life Misconfiguration Exploits

Threatpost

There is a way to protect users from deceptive OAuth apps, misconfigurations and misappropriated user permissions. SaaS Security Posture Management (SSPM) takes an automated approach to tracking, and even remediating, the exploitable misconfigurations in organizations’ SaaS apps.

Security 121
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Chinese Cyberespionage Campaign Used Another Backdoor

Data Breach Today

Bitdefender: Naikon Targeted Military Organizations in Southeast Asia A Chinese advanced persistent threat group known as Naikon deployed a new malware backdoor to wage a lengthy cyberespionage campaign against military organizations in Southeast Asia, security firm Bitdefender reports.

Military 271
article thumbnail

An alleged ransomware attack hit the Italian Banca di Credito Cooperativo causing chaos

Security Affairs

Banca di Credito Cooperativo (BCC), one of the largest Italian cooperative credit banks was hit by a ransomware attack. Banca di Credito Cooperativo (BCC), one of the largest Italian cooperative credit banks, was hit by a cyberattack allegedly carried out by one of the most aggressive ransomware gangs, Darkside. The attack paralyzed the operations at 188 branches causing serious problems to the customers of the bank as reported by the Italian newspaper La Repubblica.

article thumbnail

Chinese Cyber Espionage Campaign Used Another Backdoor

Data Breach Today

Bitdefender: Naikon Targeted Military Organizations in Southeast Asia A Chinese advanced persistent threat group known as Naikon deployed a new malware backdoor to wage a lengthy cyber espionage campaign against military organizations in Southeast Asia, security firm Bitdefender reports.

Military 267
article thumbnail

An issue in the Linux Kernel could allow the hack of your system

Security Affairs

An information disclosure issue in Linux Kernel allows KASLR bypass could be potentially exploited in attacks in the wild. An information disclosure flaw in the Linux kernel, tracked as CVE-2020-28588 , could allow attackers to bypass the Kernel Address Space Layout Randomization bypass (KASLR). The Kernel Address space layout randomization ( KASLR ) is a computer security technique designed to prevent the exploitation of memory-corruption vulnerabilities.

Security 111
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Fighting Ransomware: A Call for Cryptocurrency Regulation

Data Breach Today

Coalition Offers a Framework for Disrupting Attacks A coalition of government agencies and security firms has released a framework for how to disrupt ransomware attacks that calls for expanded regulation of the global cryptocurrency market to better track the virtual coins paid to cybercriminals during extortion schemes.

article thumbnail

The power and responsibility of 5G

Thales Cloud Protection & Licensing

The power and responsibility of 5G. madhav. Thu, 04/29/2021 - 08:33. Two years from now, 5G technology is predicted to host 25 billion device connections. Imagine that you are a market analyst, and you needed to forecast the number of 5G connected devices in the year 2025, less than 1500 days from today. You might try and calculate this by considering how many humans are on the planet, but that would simply not explain how there will be 25 billion devices in only two years - yet there are only 7

Cloud 104
article thumbnail

Experian API Flaw Raises Questions

Data Breach Today

Cybersecurity Experts Call for Systemic Improvements Some security experts are questioning whether Experian is doing enough to ensure security after a researcher discovered that an API the credit reporting firm uses to allow lenders to check the credit score of prospective borrowers could expose customer's scores.

article thumbnail

F5 Big-IP Vulnerable to Security-Bypass Bug

Threatpost

The KDC-spoofing flaw tracked as CVE-2021-23008 can be used to bypass Kerberos security and sign into the Big-IP Access Policy Manager or admin console.

Security 113
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Guilty Plea in SIM Swapping Scam to Steal Cryptocurrency

Data Breach Today

Prosecutors: Yearslong Scheme Resulted in Theft of $530,000 A Massachusetts man has pleaded guilty to running a yearslong scam that used SIM swapping and other hacking techniques to steal more than $530,000 worth of cryptocurrency.

199
199
article thumbnail

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. Experts from Kaspersky explained that in February 2019, multiple antivirus companies received a collection of malware samples, some of them cannot be associated with the activity of known APT groups. .

article thumbnail

The Challenge of Securing Non-People Identities

Dark Reading

Non-people identities, which can act intelligently and make decisions on behalf of a person's identity, are a growing cybersecurity risk.

Security 118
article thumbnail

Identifying People Through Lack of Cell Phone Use

Schneier on Security

In this entertaining story of French serial criminal Rédoine Faïd and his jailbreaking ways, there’s this bit about cell phone surveillance: After Faïd’s helicopter breakout, 3,000 police officers took part in the manhunt. According to the 2019 documentary La Traque de Rédoine Faïd , detective units scoured records of cell phones used during his escape, isolating a handful of numbers active at the time that went silent shortly thereafter.

100
100
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Experian API Leaks Most Americans’ Credit Scores

Threatpost

Researchers fear wider exposure, amidst a tepid response from Experian.

Cloud 142
article thumbnail

Weekly Update 241

Troy Hunt

What. A. Week. Heaps of data breaches, heaps of law enforcement and gov stuff and somehow, I still found time to put even more IP addresses into the house courtesy of even more IoT. I'm not sure if the latter gives me a break from the more professional tech stuff or just compounds the amount of stuff I've already got on my plate, but I'm having fun doing it anyway ??

IoT 90
article thumbnail

Multi-Gov Task Force Plans to Take Down the Ransomware Economy

Threatpost

A coalition of 60 global entities (including the DoJ) has proposed a sweeping plan to hunt down and disrupt ransomware gangs by going after their financial operations.

article thumbnail

Researchers Connect Complex Specs to Software Vulnerabilities

Dark Reading

Following their release of 70 different vulnerabilities in different implementations of TCP/IP stacks over the past year, two companies find a common link.

118
118
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Babuk Ransomware Gang Mulls Retirement

Threatpost

The RaaS operators have been posting, tweaking and taking down a goodbye note, saying that they'll be open-sourcing their data encryption malware for other crooks to use.

article thumbnail

An Ambitious Plan to Tackle Ransomware Faces Long Odds

WIRED Threat Level

A task force counting Amazon, Cisco, and the FBI among its members has proposed a framework to solve one of cybersecurity's biggest problems. Good luck.

article thumbnail

XDR Pushing Endpoint Detection and Response Technologies to Extinction

Dark Reading

Ironically, EDR's success has spawned demand for technology that extends beyond it.

IT 114