Thu.Apr 30, 2020

article thumbnail

Ransomware: Average Business Payout Surges to $111,605

Data Breach Today

Ryuk and Sodinokibi Largely Responsible for One-Third Increase in Average Payments The average ransom paid by victims to ransomware attackers, when they paid, reached $111,605 in the first quarter of this year, up by one-third from the previous quarter, reports ransomware incident response firm Coveware, which sees the Sodinokibi, Ryuk and Phobos malware families continuing to dominate.

article thumbnail

How Cybercriminals are Weathering COVID-19

Krebs on Security

In many ways, the COVID-19 pandemic has been a boon to cybercriminals: With unprecedented numbers of people working from home and anxious for news about the virus outbreak, it’s hard to imagine a more target-rich environment for phishers, scammers and malware purveyors. In addition, many crooks are finding the outbreak has helped them better market their cybercriminal wares and services.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

LabCorp Shareholder Sues Company Over Data Breaches

Data Breach Today

CIO Is Among a Dozen LabCorp Executives, Directors Named in Lawsuit A shareholder has filed a lawsuit against LabCorp and 12 of its executives and directors - including the medical testing company's CIO - over two data breaches, including the 2019 breach of one of its vendors, American Medical Collection Agency, which affected millions of patients.

article thumbnail

BEST PRACTICES: How testing for known memory vulnerabilities can strengthen DevSecOps

The Last Watchdog

DevOps wrought Uber and Netflix. In the very near future DevOps will help make driverless vehicles commonplace. Related: What’s driving ‘memory attacks’ Yet a funny thing has happened as DevOps – the philosophy of designing, prototyping, testing and delivering new software as fast as possible – has taken center stage. Software vulnerabilities have gone through the roof.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

RDP Brute-Force Attacks Rise During COVID-19 Crisis: Report

Data Breach Today

Attackers Targeting At-Home Workers Connecting to Corporate Networks The number of brute-force attacks targeting RDP connections has spiked since the COVID-19 pandemic forced employees all over the world to work at home, according to an analysis from security firm. These types of attacks can lead to malware infections, cyber espionage and other threats.

Security 201

More Trending

article thumbnail

Contact-Tracing Apps: Privacy Group Raises Concerns

Data Breach Today

As Google and Apple Prepare an Infrastructure, Electronic Frontier Foundation Urges Caution As Google and Apple prepare to offer a jointly developed infrastructure for contact-tracing smartphone apps to help fight the COVID-19 pandemic, the Electronic Frontier Foundation, a privacy advocacy group, is raising concerns about the risks involved.

Privacy 187
article thumbnail

COVIDSafe App Teardown & Panel Discussion

Troy Hunt

I've written a bunch about COVID-19 contact tracing apps recently as they relate to security and privacy, albeit in the form of long tweets. I'm going to avoid delving into the details here because they're covered more comprehensively in the resources I want to consolidate below, firstly the original thread from a fortnight ago as news of an impending app in Australia was breaking: Ok folks, let's talk about the Coronavirus tracking app as news of Australia adopting Singapore's "Trac

Privacy 133
article thumbnail

Experts found critical flaws in 3 popular e-Learning WordPress Plugins

Security Affairs

Security researchers from Check Point Research Team discovered critical vulnerabilities in three popular e-learning plugins for WordPress sites. Security researchers at Check Point Research Team are warning of recently discovered vulnerabilities in some popular online learning management system ( LMS ) WordPress plugins. The impact could be serious because these WordPress plugins are used for WordPress sites by several organizations and universities use to offer online training courses, especial

Education 107
article thumbnail

User-Friendly Cybersecurity: Is a Better UX the Key to a Better Defense?

Dark Reading

Frictionless security, improved interfaces, and more usable design may improve the efficacy of security tools and features (and make life easier for users and infosec pros alike). So why has there been so much resistance?

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. Researchers from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. The malware first appeared in the threat landscape in March, in implements information stealer/RAT capabilities. . “The Cybereason Nocturnus team is investigating EventBot, a new

article thumbnail

The Netherlands: Fine imposed on employer processing fingerprints employees

DLA Piper Privacy Matters

By Stephanie Reinders Folmer and Richard van Schaik. The Dutch Data Protection Authority ( Autoriteit Persoonsgegevens , “ Dutch DPA “) issued a fine of EUR 725,000 for a company unlawfully processing fingerprints of its employees for attendance and time registration purposes. Under the GDPR, biometric data (e.g. fingerprints) processed for the purpose of identifying a natural person are considered a special category of personal data.

GDPR 101
article thumbnail

RDP brute-force attacks rocketed since beginning of COVID-19

Security Affairs

The number of RDP brute-force attacks is skyrocketing in mid-March due to remote working imposed during the COVID-19 pandemic. Researchers from Kaspersky Lab are observing a significant increase in the number of RDP brute-force attacks since the beginning of the COVID-19 pandemic. Earlier this month, researchers from Shodan reported a 41% increase in the number of RDP endpoints exposed online, since the beginning of the COVID-19 pandemic.

Passwords 105
article thumbnail

Your guide to Data and AI sessions at IBM Think Digital

IBM Big Data Hub

As the world confronts new challenges, business priorities and job roles are rapidly shifting. Rethinking your entire strategy and the way you work means data and AI will a more central role in how organizations move forward.

105
105
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

New Android Malware Targets PayPal, CapitalOne App Users

Threatpost

Researchers warn that the EventBot Android malware, which targets over 200 financial apps, could be the "next big mobile malware.".

Security 110
article thumbnail

Ascending to new heights of CSR

Micro Focus

Today, I am pleased to announce that Micro Focus is joining over 80 companies who have pledged their support to North American-based Ascend’s COVID-19 Action Agenda. Micro Focus joins the ranks of Goldman Sachs & Co, Bank of America, Deloitte, The Coca Cola Company, Facebook, Procter & Gamble, Uber, Pfizer and many more global companies. View Article.

90
article thumbnail

???????????????????????????? ? DXC????????????????

DXC Technology

????????????????? ???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????ICT?????????????????????????????????? ?????????????????????????????????????????????? ?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

CMS 89
article thumbnail

Critical WordPress e-Learning Plugin Bugs Open Door to Cheating

Threatpost

The flaws in LearnPress, LearnDash and LifterLMS could have allowed unauthenticated students to change their grades, cheat on tests and gain teacher privileges.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Chegg discloses the third data breach in the last two years

Security Affairs

The American education technology firm Chegg discloses a security breach, it already sent notifications to its employees. The US education technology company Chegg discloses a security breach that took place in early April, the firm already sent notifications to its employees. The data breach notification sent on April 28 inform the employee of a security breach that impacted some of their personal information.

article thumbnail

Microsoft's Records Management Tool Aims to Simplify Data Governance

Dark Reading

Records Management is intended to help businesses manage security and data governance as more struggle to handle increased amounts of data and regulatory requirements.

article thumbnail

Crooks spread malware via pirated movies during COVID-19 outbreak

Security Affairs

Microsoft warns of a spike in malware spreading via pirate streaming services and movie piracy sites during the COVID-19 pandemic. With most people forced to stay at home due to the ongoing COVID-19 pandemic, the popularity of pirate streaming services and movie piracy sites is rocketed. Crooks are attempting to take advantage of COVID-19 pandemic spreading malware via pirate streaming services and movie piracy sites during the COVID-19 outbreak, Microsoft warns.

Mining 82
article thumbnail

Brazilian President Provisionally Delays LGPD Applicability

Hunton Privacy

On April 29, 2020, the Brazilian President issued Provisional Measure #959/2020 , which provisionally delays the applicability date of the Brazilian data protection law ( Lei Geral de Proteção de Dados Pessoais – “LGPD”) to May 3, 2021. Under the Brazilian legislative process, Provisional Measures are temporary urgent measures issued by the Executive Power.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Microsoft Teams lifecycle management in 2020

OpenText Information Management

The recent – almost instantaneous – shift to remote work has resulted in a huge increase in the usage of Microsoft® Teams for Office 365™ customers. Microsoft estimates more than 44 million daily Teams users, with 19 million joining in just one week. This increase in the use of Teams has caused organizations to consider … The post Microsoft Teams lifecycle management in 2020 appeared first on OpenText Blogs.

article thumbnail

Microsoft Sway Abused in Office 365 Phishing Attack

Threatpost

The "PerSwaysion" attackers have leveraged a plethora of Microsoft services to compromise at least 150 executives in a highly targeted phishing campaign.

article thumbnail

What’s new in OpenText RightFax 20.2

OpenText Information Management

OpenText™ is pleased to announce that OpenText™ RightFax™ 20.2 is now available for download. The newest version of RightFax is packed with new features and functionality designed to help businesses optimize workflows, shorten revenue cycle times, improve user productivity, and simplify the administrative and user experience. Simplify secure patient information exchange for Epic RightFax 20.2 … The post What’s new in OpenText RightFax 20.2 appeared first on OpenText Blogs.

article thumbnail

Shade Threat Actors Call It Quits, Release 750K Encryption Keys

Threatpost

The team behind the ransomware, first spotted in late 2014 and typically targeting Russian victims, apologized to victims in a post on GitHub.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

AI planning advice for enterprise decision-makers

DXC Technology

Most enterprises don’t yet have full-blown artificial intelligence (AI) initiatives spanning their business units. Some may be running limited pilot programs, while others still may be assessing how AI can benefit the business before committing valuable enterprise resources. Indeed, the real-world impact on enterprise strategic goals should be the guiding star of any technology implementation. […].

article thumbnail

Salt Bugs Allow Full RCE as Root on Cloud Servers

Threatpost

Researchers say the bugs are easy to exploit and will likely be weaponized within a day.

Cloud 103
article thumbnail

Healthcare Targeted By More Attacks But Less Sophistication

Dark Reading

An increase in attacks targeting healthcare organizations suggests that perhaps new cybercriminals are getting into the game.

88