Wed.Jun 15, 2022

article thumbnail

When it Comes to Using Screenshots as Evidence, It’s All About Authentication

Hanzo Learning Center

Complex data sources – such as chat messages or a SaaS application’s user interface – are called that for a reason in the world of ediscovery: namely because it’s challenging to reproduce the data in a way that’s useful for attorneys and investigators.

article thumbnail

Social Media and the Threat to Cybersecurity

Data Breach Today

CISO of Maricopa County, Arizona on Strengthening Election Security "Social media is probably the newest and most impactful thing that we've seen from a cybersecurity perspective at Maricopa County," says its CISO, Lester Godsey. The only response to misinformation and disinformation campaigns, he says, is to use the same platform and respond with the facts.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Microsoft Patch Tuesday, June 2022 Edition

Krebs on Security

Microsoft on Tuesday released software updates to fix 60 security vulnerabilities in its Windows operating systems and other software, including a zero-day flaw in all supported Microsoft Office versions on all flavors of Windows that’s seen active exploitation for at least two months now. On a lighter note, Microsoft is officially retiring its Internet Explorer (IE) web browser, which turns 27 years old this year.

Cloud 221
article thumbnail

Medical Center Ransomware Attack Affects 700,000

Data Breach Today

Incident Is Latest on Growing List of Recent Major Healthcare Data Hacks An Arizona medical center that suffered a ransomware attack in April has begun notifying 700,000 individuals of a data breach compromising sensitive medical and personal information. The incident is among the latest major health data breaches involving ransomware.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Top 5 Cyber Security Risks for Businesses

IT Governance

In an increasingly digital world, there are an escalating number of cyber security risks for business to address. Criminal hackers are adept at spotting weaknesses, while organisations do themselves no favours when they fail to adequately protect their systems. IT Governance identified more than 1,200 publicly disclosed data breaches in 2021 , while another report found that security incidents cost almost £3 million on average.

Risk 144

More Trending

article thumbnail

House and Senate Release a Bipartisan U.S. Federal Privacy Bill

Hunton Privacy

On June 3, 2022, House Energy and Commerce Chair Rep. Frank Pallone (D-NJ), Ranking Member Rep. Cathy McMorris Rodgers (R-WA) and Senate Commerce, Science and Transportation Committee Ranking Member Sen. Roger Wicker (R-MS) released a new comprehensive federal privacy bill, the American Data Privacy and Protection Act (“ADPPA”). While the ADPPA contains a number of similarities to the Consumer Online Privacy Rights Act (“COPRA”), which was previously introduced in 2019 by Senate Commerce Committ

Privacy 116
article thumbnail

Responding to Federal Directives on Critical Infrastructure

Data Breach Today

Mark Cristiano of Rockwell Automation on Why Uptime Is Crucial for Infrastructure Critical infrastructure providers face a unique set of challenges when it comes to securing their environment from the cruciality of uptime to complying with new federal directives, according to Mark Cristiano, commercial director for Rockwell Automation's global services business.

Security 245
article thumbnail

Collibra lands at #4 on Best Workplaces in New York™ 2022

Collibra

We are incredibly honored and excited to share that Great Place to Work and Fortune magazine have included Collibra as one of this year’s Best Workplaces in New York! This is our first time being named to this list, coming in at #4, and we are incredibly grateful to our employees for their contributions to our culture and work environment – leading to this recognition. .

Analytics 111
article thumbnail

BlackCat Extortion Technique: Public Access to Breached Data

Data Breach Today

BlackCat User Publishes Downloadable Stolen Data on Typosquatted Website Personal data allegedly obtained during a cyberattack using BlackCat ransomware was published on a typosquatted open internet website. This new extortion technique shows an escalation by ransomware groups in their willingness to use personal data to bludgeon victims into paying extortion money.

Access 238
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

In Cybersecurity, What You Can’t See Can Hurt You

Threatpost

The dangers to SMBs and businesses of all sizes from cyberattacks are well known. But what’s driving these attacks, and what do cybersecurity stakeholders need to do that they’re not already doing?

article thumbnail

Harnessing the Power of Open Source to Protect Networks

Data Breach Today

Corelight CEO Brian Dye on Why Network Visibility Is Challenging for Smaller Firms Organizations face major challenges gaining visibility into networks that grow more complex by the day, and Corelight CEO Brian Dye says the open-source community can help with gathering evidence and insights from networks so that the perimeter is better secured.

Security 233
article thumbnail

7 Ways to Bring AI to Cybersecurity

Dark Reading

Academic researchers are developing projects to apply AI to detect and stop cyberattacks and keep critical infrastructure secure, thanks to grants from C3.ai Digital Transformation Institute.

article thumbnail

Latest Email Breaches Compromised PHI of Nearly 300,000

Data Breach Today

Incidents Highlight Ongoing Email Security Challenges Several major email breaches reported by healthcare entities in recent days and weeks have affected the health data of nearly 300,000 individuals. Experts say the incidents highlight the ongoing challenges many organization face involving phishing attacks and similar email compromises.

Phishing 219
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Wormable Panchan Peer-to-Peer Botnet Harvests Linux Server Keys

Dark Reading

The Japanese-language Panchan botnet has been discovered stealing SSH keys from Linux servers across Asia, Europe, and North America, with a focus on telecom and education providers.

article thumbnail

Making it easier to give back to our communities through impactful pro bono and volunteer projects

CGI

To help realize our ESG goal for pro bono projects and support volunteering as a company value, we are launching a new digital volunteering tool called CGI for Good.

IT 98
article thumbnail

How Information Security Teams Can Help Reduce Stress and Burnout

Dark Reading

Work across the organization and take practical steps to ease user stress — prioritize user productivity by offering the right tools to avoid shadow IT and cultivate a transparent security culture. Remember the security team, too, and automate as many processes as possible.

article thumbnail

Let’s give a look at the Dark Web Price Index 2022

Security Affairs

PrivacyAffairs released the Dark Web Index 2022, the document provides the prices for illegal services/products available in the black marketplaces. Privacy Affairs published the Dark Web Index, an analysis of prices for illegal services/products available in the black marketplaces and related to the period between February 2021 and June 2022. The document updates the information provided in the Dark Web Index 2022 report.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

M1 Chip Vulnerability

Schneier on Security

This is a new vulnerability against Apple’s M1 chip. Researchers say that it is unpatchable. Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory, however, have created a novel hardware attack, which combines memory corruption and speculative execution attacks to sidestep the security feature. The attack shows that pointer authentication can be defeated without leaving a trace, and as it utilizes a hardware mechanism, no software patch can fix it.

article thumbnail

Panchan Golang P2P botnet targeting Linux servers in cryptomining campaign

Security Affairs

Researchers discovered a new Golang-based peer-to-peer (P2P) botnet, dubbed Panchan, targeting Linux servers in the education sector since March 2022. Akamai security researchers discovered a new Golang-based P2P Botnet, tracked as Panchan, that is targeting Linux servers that has been active since March 2022. Panchan uses basic SSH dictionary attack to implement wormable behavior, it also harvests SSH keys and uses them for lateral movement.

Mining 93
article thumbnail

Why We Need Security Knowledge and Not Just Threat Intel

Dark Reading

Organizations that can break out of siloed data and apply context can transform intelligence into actionable, relevant security knowledge.

article thumbnail

Travel-related Cybercrime Takes Off as Industry Rebounds

Threatpost

Upsurge in the tourism industry after the COVID-19 pandemic grabs the attention of cybercriminals to scam the tourists.

104
104
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

'Hertzbleed' Side-Channel Attack Threatens Cryptographic Keys for Servers

Dark Reading

A novel timing attack allows remote attackers with low privileges to infer sensitive information by observing power-throttling changes in the CPU.

93
article thumbnail

A critical flaw in Citrix Application Delivery Management allows resetting admin passwords

Security Affairs

Citrix fixed a critical flaw in Citrix Application Delivery Management (ADM), tracked as CVE-2022-27511, that can allow attackers to reset admin passwords. Citrix fixed a critical vulnerability in Citrix Application Delivery Management (ADM), tracked as CVE-2022-27511, that can be exploited by attackers to reset admin passwords. Citrix Application Delivery Management (ADM) is a comprehensive platform that enables automation, orchestration, management, and analytics for application delivery acros

article thumbnail

Russia Is Taking Over Ukraine’s Internet

WIRED Threat Level

In occupied Ukraine, people’s internet is being routed to Russia—and subjected to its powerful censorship and surveillance machine.

IT 97
article thumbnail

Rocket Announces a VS Code Extension for ASG-PRO/JCL

Rocket Software

ASG-PRO/JCL is a DevOps-enabled JCL management solution that helps mainframe data centers achieve and operate a production Job Control Language (JCL) environment that is error-free, standardized, and optimized.? . The newest release of ASG-PRO/JCL now includes a VS Code Extension, making JCL management more accessible for new mainframe professionals.

Access 81
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Critical Citrix Bugs Impact All ADM Servers, Agents

Dark Reading

Citrix ADM vulnerabilities could lead to admin password reset and disruption of ADM license service, company warns.

article thumbnail

Hertzbleed Side-Channel Attack allows to remotely steal encryption keys from AMD and Intel chips

Security Affairs

Hertzbleed attack: Researchers discovered a new vulnerability in modern Intel and AMD chips that could allow attackers to steal encryption keys. Researchers from University of Texas, University of Illinois Urbana-Champaign, and the University of Washington, devised a new side-channel attack technique dubbed Hertzbleed that could allow remote attackers to steal encryption keys from modern Intel and AMD chips. “Hertzbleed is a new family of side-channel attacks: frequency side channels.

article thumbnail

24+ Billion Credentials Circulating on the Dark Web in 2022 — So Far

Dark Reading

Username and password combinations offered for sale on the Dark Web by criminals has increased 65% since 2020.

Sales 98