Krebs on Security

SEPTEMBER 30, 2022

Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. It’s not clear who’s behind this network of fake CISOs or what their intentions may be. But the fabricated LinkedIn identities are confusing search engine results for CISO roles at major companies, and they are being indexed as gospel by various downstream data-scraping sources.

Information Security 295

Information Security Communications IT Cybersecurity 295

Data Breach Today

SEPTEMBER 30, 2022

The United States is arguably involved in a cyberwar against Russia and China - and appears to be losing. In this episode of "Cybersecurity Unplugged," Tom Kellerman of Contrast Security and Richard Bird of Traceable.ai discuss what the U.S. government and companies need to do to win this cyberwar.

Cybersecurity 217

Cybersecurity Government Security 217

IT Governance

SEPTEMBER 30, 2022

UK organisations suffer the third highest rate of ransomware attacks globally, with small businesses most at risk, a report by NordLocker has found. According to its analysis , 260 organisations in the UK fell victim to ransomware between January 2020 and June 2022, a figure that’s only exceeded by Canada (276) and – in a distant lead – the US (2,379).

Ransomware 136

Ransomware Manufacturing Data breaches Risk 136

Data Breach Today

SEPTEMBER 30, 2022

The latest edition of the ISMG Security Report discusses what went wrong for Optus in the wake of one of Australia's biggest data breach incidents, the state of code security today and the growing trend of private equity firms pursuing take-private deals.

Data breaches 173

Data breaches Security 173

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Security Affairs

SEPTEMBER 30, 2022

Researchers from Mandiant have discovered a novel malware persistence technique within VMware ESXi Hypervisors. Mandiant detailed a novel technique used by malware authors to achieve administrative access within VMware ESXi Hypervisors and take over vCenter servers and virtual machines for Windows and Linux to perform the following actions: Send commands to the hypervisor that will be routed to the guest VM for execution Transfer files between the ESXi hypervisor and guest machines running benea

Metadata 127

Metadata Archiving Access IT 127

Schneier on Security

SEPTEMBER 30, 2022

Depending on where you are when you download your Android apps, it might collect more or less data about you. The apps we downloaded from Google Play also showed differences based on country in their security and privacy capabilities. One hundred twenty-seven apps varied in what the apps were allowed to access on users’ mobile phones, 49 of which had additional permissions deemed “dangerous” by Google.

Privacy 119

Privacy Security GDPR Communications 119

Data Breach Today

SEPTEMBER 30, 2022

ShiftRight Acquisition to Simplify Management, Operations Across DLP, CASB & CNAPP Zscaler has bought out of stealth a startup established by the founders of Lacework to automate security management and dramatically reduce incident resolution time. ShiftRight will give customers real-time visibility into their security posture and help them manage an influx of risks and incidents.

Risk 130

Risk Security 130

Security Affairs

SEPTEMBER 30, 2022

Security researchers are warning of a new Microsoft Exchange zero-day that are being exploited by malicious actors in the wild. Cybersecurity firm GTSC discovered two Microsoft Exchange zero-day vulnerabilities that are under active exploitation in attacks in the wild. Both flaws were discovered by the researchers as part of an incident response activity in August 2022, they are remote code execution issues.

Cybersecurity 112

Cybersecurity Security IT Information Security 112

Data Breach Today

SEPTEMBER 30, 2022

OIG Security Audit of Texas VA Facility Found Familiar Problems A watchdog security audit of a south Texas VA center identified a variety of deficiencies related to legacy systems still in use years after no longer being supported with vendor updates. The findings represent the state of security at many organizations across the healthcare sector, experts say.

IT 130

IT Security 130

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

IT Governance

SEPTEMBER 30, 2022

This week, we discuss a potential fine of £27 million for TikTok, a data breach caused by a phishing attack on American Airlines and a $35 million penalty for Morgan Stanley Smith Barney LLC after ”extensive” security failures. Now available on Spotify , Amazon Music , Apple Podcasts and SoundCloud. The post IT Governance Podcast Episode 9: TikTok, American Airlines and Morgan Stanley Smith Barney appeared first on IT Governance UK Blog.

Government 102

Government IT Data breaches Phishing 102

Data Breach Today

SEPTEMBER 30, 2022

Onepoint Bid Follows Atos Proposal to Extract More Value From Beleaguered Business Atos turned down an unsolicited $4.12 billion offer from rival Onepoint to acquire the French conglomerate's $4.8 billion cybersecurity, big data and digital business. Atos received a letter of intent Tuesday related to the acquisition of its Evidian business by Onepoint and private equity fund ICG.

Cybersecurity 130

Cybersecurity Big data IT 130

KnowBe4

SEPTEMBER 30, 2022

Researchers at SentinelOne have warned that North Korea’s Lazarus Group is using phony Crypto.com job offers to distribute macOS malware. The researchers aren’t sure how the lures are being distributed, but they suspect the attackers are sending spear phishing messages on LinkedIn. SentinelOne notes that this campaign “appears to be extending the targets from users of crypto exchange platforms to their employees in what may be a combined effort to conduct both espionage and cryptocurrency theft.

Phishing 94

Phishing 94

Data Breach Today

SEPTEMBER 30, 2022

Cybersecurity Veteran Focuses on Advising Government, Financial Sectors Over his 23-year career in cybersecurity, Tom Kellermann has focused on policy, endpoints and even strategic investments. Now, in his new role as senior vice president of cyber strategy at Contrast Security, his mission is to protect code security - particularly in the public and financial sectors.

Security 130

Security Cybersecurity Government 130

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Dark Reading

SEPTEMBER 30, 2022

Organizations looking to get ahead in cloud security have gone down the path of deploying CSPM tooling with good results. Still, there’s a clear picture that data security and security operations are next key areas of interest.

Cloud 92

Cloud Security 92

Security Affairs

SEPTEMBER 30, 2022

Several hacker groups are assisting protestors in Iran using Telegram, Signal and other tools to bypass government censorship. Check Point Research (CPR) observed multiple hacker groups using Telegram, Signal and the darkweb to support protestors in Iran in bypassing regime censorship. The hackers are sharing tools and tips to bypass censorship, including opening VPN servers, to avoid restrictions introduced in the country following the death of Mahsa Amini.

Government 82

Government Communications Access Security 82

Dark Reading

SEPTEMBER 30, 2022

Capital One lures leveraged the bank's new partnership with Authentify, showing that phishers watch the headlines, and take advantage.

Phishing 106

Phishing 106

WIRED Threat Level

SEPTEMBER 30, 2022

For decades, security researchers warned about techniques for hijacking virtualization software. Now one group has put them into practice.

Security 88

Security 88

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Dark Reading

SEPTEMBER 30, 2022

China-based threat actor used poisoned vSphere Installation Bundles to deliver multiple backdoors on systems, security vendor says.

Security 97

Security 97

Jamf

SEPTEMBER 30, 2022

In this JNUC 2022 session contributed by JNUC sponsor Insight, learn about pairing Microsoft Power Automate with Jamf Pro in order to make sure that end-user macOS devices are kept current with OS updates.

72

72

Dark Reading

SEPTEMBER 30, 2022

The chip giant has developed new features and services to make it more difficult for malicious hackers and insiders to access sensitive data from applications in the cloud.

Cloud 81

Cloud Access IT 81

OpenText Information Management

SEPTEMBER 30, 2022

It’s time to look up. Information is cumulative, exponential and accelerating. It is everywhere. Frictionless, machine-generated, expanding and disruptive, exploding across all domains. Information is exponential. So is the opportunity. OpenText World 2022 is happening on October 4-6 at The Venetian Resort Las Vegas (and online). This is the most important OpenText World ever—because we … The post OpenText World 2022—Elevate business with the information advantage appeared first on OpenTex

IT 64

IT 64

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Dark Reading

SEPTEMBER 30, 2022

Call it cross-border enlightened self-interest: As one of the US's premier trade partners and closest neighbors, what's bad for Mexico is bad for the US.

IT 87

IT Security 87

Data Matters

SEPTEMBER 30, 2022

On September 22, 2022, the Federal Energy Regulatory Commission (FERC) issued a Notice of Proposed Rulemaking (NOPR) regarding Incentives for Advanced Cybersecurity Investment, requesting comment on proposed revisions to regulations implementing the Federal Power Act (FPA). The revisions would provide incentive-based rate treatments for the transmission of electric energy in interstate commerce and the sale of electric energy at wholesale in interstate commerce by utilities for certain voluntary

Energy and Utilities 78

Energy and Utilities Cybersecurity Sales Privacy 78

Dark Reading

SEPTEMBER 30, 2022

2,700 cybersecurity career pursuers have already passed the (ISC)2 Certified in Cybersecurity℠ exam, with more than 53,000 more people registered for a free course and exam.

Cybersecurity 80

Cybersecurity 80

WIRED Threat Level

SEPTEMBER 30, 2022

The messenger protocol had gained popularity for its robust security, but vulnerabilities allowed attackers to decrypt messages and impersonate users.

Encryption 66

Encryption Security IT 66

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Dark Reading

SEPTEMBER 30, 2022

APT group Witchetty (aka LookingFrog) has exploited the ProxyShell and ProxyLogon vulnerabilities to gain initial access and deploy new custom cyber tools against government agencies and a stock exchange.

Government 77

Government Access 77

OpenText Information Management

SEPTEMBER 30, 2022

In the public sector, cloud deployment is increasingly becoming a key enabler for digital transformation. Governments are looking to meet citizen expectations for convenient, digital experiences while managing vast amounts of data spread across disparate systems. And, with technical resources in short supply, many government organizations are struggling to innovate with current systems and infrastructure. … The post Why cloud migration is key to public sector success appeared first on Ope

Cloud 59

Cloud Digital transformation Government Content services 59

Dark Reading

SEPTEMBER 30, 2022

Literacy, levels of personal freedom, and other macro-social factors help determine how strong average passwords are in a given locale, researchers have found.

Passwords 74

Passwords 74