Krebs on Security
JANUARY 19, 2023
T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately 37 million current customer accounts. Image: customink.com In a filing today with the U.S.
Data Breach Today
JANUARY 19, 2023
Unauthorized Party Obtained Access to Company API for Approximately 6 Weeks T-Mobile disclosed Thursday that hackers had access for approximately 6 weeks to an application programming interface that exposed customer data including names, dates of birth and email addresses. No payment information or passwords were part of the breach, the company said.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Dark Reading
JANUARY 19, 2023
The credential-stuffing attack, likely fueled by password reuse, yielded personal identifiable information that can be used to verify the authenticity of previously stolen data.
Data Breach Today
JANUARY 19, 2023
Evidence Suggests Victims Ponied Up 40% Less in Ransom Payments, Researchers Say The total amount of ransom payments being sent by victims to ransomware groups appears to have taken a big dip, declining by 40% from $766 million in 2021 to $457 million in 2022 due to victims simply being unwilling to pay, blockchain intelligence firm Chainalysis reports.
Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage
Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.
Dark Reading
JANUARY 19, 2023
The "BoldMove" backdoor demonstrates a high level of knowledge of FortiOS, according to Mandiant researchers, who said the attacker appears to be based out of China.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Schneier on Security
JANUARY 19, 2023
A group of Swiss researchers have published an impressive security analysis of Threema. We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers. We present seven different attacks against the protocol in three different threat models. As one example, we present a cross-protocol attack which breaks authentication in Threema and which exploits the lack of proper key separation between diff
Data Breach Today
JANUARY 19, 2023
Jim Rosenthal on Why Supply Chain Tools Must Go Beyond Detection and Include Fixes BlueVoyant has strengthened its ability to monitor the remediation of supply chain issues and integrate that with questionnaire activity, CEO Jim Rosenthal says. Existing supply chain tools tend to generate lots of risk information but then put the burden on the client to interact with suppliers.
IT Governance
JANUARY 19, 2023
NortonLifeLock customers have been warned that their accounts may have been compromised in a security breach. The company, which specialises in antivirus software and identity theft protection, said that 925,000 people were targeted in a credential-stuffing attack. Customers’ full names, phone numbers and mailing addresses are thought to have been exposed in the incident.
Data Breach Today
JANUARY 19, 2023
The Crypto Wallet to Launch Compensation Portal Soon for Further Details Cryptocurrency wallet BitKeep says it will compensate victims of a December 2022 hack that cost the users $8 million. The wallet says it will pay victims in USDT stablecoin to counter asset fluctuation. This isn't the first time BitKeep has made customers whole following a hack.
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
KnowBe4
JANUARY 19, 2023
Mandiant has published a report describing phishing emails that have breached organizations in the industrial sector. Mandiant explains that the majority of phishing attacks are untargeted and opportunistic. Most attackers wait to see which organizations they can compromise, and then decide how to monetize their successful attacks.
Data Breach Today
JANUARY 19, 2023
Ciaran Martin Warns High-Profile Attacks Will Increase in 2023 The former head of the U.K.'s National Cyber Security Centre warns that destructive ransomware targeting large enterprises is likely to surge in 2023, adding that recent attacks on Royal Mail and The Guardian newspaper are examples of these early-stage attacks.
Security Affairs
JANUARY 19, 2023
Researchers found a new critical remote code execution (RCE) flaw impacting multiple services related to Microsoft Azure. Researchers from Ermetic found a remote code execution flaw, dubbed EmojiDeploy, that impacts Microsoft Azure services and other cloud services including Function Apps, App Service and Logic Apps. The issue is achieved through CSRF (Cross-site request forgery) on the ubiquitous SCM service Kudu.
Data Breach Today
JANUARY 19, 2023
Steve Harvey on Why Boards Want to Understand the Risk Factors, Not Just the Rating Security ratings provide a strong indication of potential risk, but boards increasingly want to drill into the underlying risk factors, says CEO Steve Harvey. BitSight has invested in both workflows around third-party risk and research and identification of CVEs on behalf of government agencies.
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
John Battelle's Searchblog
JANUARY 19, 2023
Watching the hype cycle build around OpenAI’s ChatGPT, I can’t help but wonder when the first New York Times or Atlantic story comes out calling the top – declaring the whole thing just another busted Silicon Valley fantasy, this year’s version of crypto or the metaverse. Anything tagged as “ the talk of Davos ” is destined for a ritual media takedown, after all.
Data Breach Today
JANUARY 19, 2023
UK Postal Service Testing Workarounds to Tackle Ransomware-Induced Package Backlog The United Kingdom's Royal Mail says it can again deliver simple letters to international destinations as it enters a second week of grappling with the fallout of a ransomware attack. It is testing operational workarounds to reduce its backlog of packages to be delivered.
Security Affairs
JANUARY 19, 2023
A high-severity flaw (CVE-2023-20010) was found in Cisco Unified Communications Manager and Unified Communications Manager Session Management Edition. Cisco fixed a high-severity SQL injection flaw, tracked as CVE-2023-20010 (CVSS score of 8.1), in Unified Communications Manager and Unified Communications Manager Session Management Edition. Unified Communications Manager solutions provide reliable, secure, scalable, and manageable call control and session management.
Dark Reading
JANUARY 19, 2023
Multiple misconfigurations in a service that underpins many Azure features could have allowed an attacker to remotely compromise a cloud user's system.
Advertisement
“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.
KnowBe4
JANUARY 19, 2023
Africa’s largest law firm ordered to pay R5.5 million to a woman who fell victim to a hacking syndicate. When Judith Hawarden was buying a house, hackers changed the bank account number in a PDF emailed to her by ENSafrica, the law firm handling the conveyancing.
OpenText Information Management
JANUARY 19, 2023
Recently, the Association of Corporate Counsel (ACC) Foundation, in collaboration with Ernst & Young, LLP, released the 2022 State of Cybersecurity Report, An In-house Perspective. The report contained several interesting findings regarding the growing influence of corporate legal departments on their organization’s cybersecurity strategy. Let’s look at some of the report findings and four recommendations … The post What we can learn from the ACC 2022 State of Cybersecurity Report appe
Security Affairs
JANUARY 19, 2023
US CISA added the vulnerability CVE-2022-44877 in CentOS Control Web Panel utility to its Known Exploited Vulnerabilities Catalog. The US CISA added the Centos Web Panel 7 unauthenticated remote code execution flaw ( CVE-2022-44877 ) to its Known Exploited Vulnerabilities Catalog. The flaw impacts the software before 0.9.8.1147, it was addressed with the release of 0.9.8.1147 version on October 25, 2022.
WIRED Threat Level
JANUARY 19, 2023
Some 1,700 spoofed apps, 120 targeted publishers, 12 billion false ad requests per day—Vastflux is one of the biggest ad frauds ever discovered.
Advertisement
If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.
Security Affairs
JANUARY 19, 2023
Researchers released Proof-of-concept exploit code for remote code execution flaw CVE-2022-47966 impacting multiple Zoho ManageEngine products. The CVE-2022-47966 flaw is an unauthenticated remote code execution vulnerability that impacts multiple Zoho products with SAML SSO enabled in the ManageEngine setup. The issue also impacts products that had the feature enabled in the past.
Dark Reading
JANUARY 19, 2023
Craft specific awareness training for high-exposure teams like finance, and reinforce other critical awareness training across the organization.
Security Affairs
JANUARY 19, 2023
Popular email marketing and newsletter platform Mailchimp was hacked and the data of dozens of customers were exposed. The popular email marketing and newsletter platform Mailchimp was hacked twice in the past six months. The news of a new security breach was confirmed by the company, the incident exposed the data of 133 customers. Threat actors targeted the company’s employees and contractors to gain access to an internal support and account admin tool. “On January 11, the Mailchim
Dark Reading
JANUARY 19, 2023
There's a fine line between a hacker and an attacker, but it pays to be proactive. Consider tests by ethical hackers, a red team, or pen testers, and then bolster your company's defenses against malicious attacks.
Advertisement
Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.
Data Matters
JANUARY 19, 2023
On 17 January 2023, the new Network and Information Systems Security Directive (“ NIS2 Directive ”), which is aimed at establishing a minimum level of cybersecurity standards across the EU and is set to replace its predecessor (the NIS or “ NIS1 Directive ” ), entered into force. The new NIS2 Directive aims to further harmonize and strengthen cybersecurity and resilience throughout the EU in response to a continued increase in digitization and rise in cyber (and in particular ransomware) threats
Dark Reading
JANUARY 19, 2023
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
IBM Big Data Hub
JANUARY 19, 2023
Data privacy regulations, such as the General Data Protection Regulation (GDPR) in the European Union or the California Consumer Privacy Act (CCPA) in the state of California, are inescapable. By 2024, for instance, 75% of the entire world’s population will have its personal data protected by encryption, multifactor authentication, masking and erasure, as well as data resilience.
Expert insights. Personalized for you.
288 
Let's personalize your content