Fri.Aug 13, 2021

article thumbnail

Cybercriminals Reportedly Created Blockchain Analytics Tool

Data Breach Today

Researchers Say the Tool Is Designed To Help Gangs Launder Bitcoin Cybercriminals have developed a blockchain analytics tool on the darknet that could help a gang launder illegally obtained bitcoin, and they are actively marketing it, according to the cryptocurrency analytics firm Elliptic. The tool, however, is rated as not entirely effective.

article thumbnail

New Anti Anti-Money Laundering Services for Crooks

Krebs on Security

A new dark web service is marketing to cybercriminals who are curious to see how their various cryptocurrency holdings and transactions may be linked to known criminal activity. Dubbed “ Antinalysis,” the service purports to offer a glimpse into how one’s payment activity might be flagged by law enforcement agencies and private companies that try to link suspicious cryptocurrency transactions to real people.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Assessing AI Security Solutions: Questions to Ask

Data Breach Today

Nat Smith of Gartner Offers Advice on Cutting Through the Hype Nat Smith, senior director security analyst at Gartner, describes what factors potential buyers should consider when vendors pitch artificial intelligence-enabled security solutions.

article thumbnail

SynAck ransomware gang releases master decryption keys for old victims

Security Affairs

The SynAck ransomware gang released the master decryption keys for their operations and rebranded as a new group dubbed El_Cometa group. Good news for the victims of the SynAck ransomware gang, the group released the master decryption keys to allow victims to decrypt their files for free. The gang has now rebranded as the new El_Cometa group. The news was first reported by TheRecord website, the master decryption keys work for victims that were infected between July 2017 and early 2021. “T

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

ISMG Editors’ Panel: Cyberattacks Now Risk Kinetic Response

Data Breach Today

Also: Top Healthcare CISOs' Cybersecurity Concerns; Fresh NIST Resiliency Guidance What are the latest cybersecurity issues? Join four Information Security Media Group editors as they describe the top issues of the week, including the risk of cyberattacks provoking a kinetic response, as well as top healthcare CISOs' tips for handling supply chain security, resiliency and ransomware.

Risk 274

More Trending

article thumbnail

Malicious Docker Images Used to Mine Monero

Data Breach Today

Images on Docker Hub Contained Cryptominers A recently uncovered cryptomining scheme used malicious Docker images to hijack organizations’ computing resources to mine cryptocurrency, according to the cybersecurity firm Aqua Security.

Mining 274
article thumbnail

Using AI to Scale Spear Phishing

Schneier on Security

The problem with spear phishing it that it takes time and creativity to create individualized enticing phishing emails. Researchers are using GPT-3 to attempt to solve that problem: The researchers used OpenAI’s GPT-3 platform in conjunction with other AI-as-a-service products focused on personality analysis to generate phishing emails tailored to their colleagues’ backgrounds and traits.

Phishing 131
article thumbnail

Ongoing Issues With Security, Privacy, Complexity

Data Breach Today

Rebecca Herold, host of the podcast show "Data Security and Privacy with the Privacy Professor," weighs in on the state of cybersecurity and privacy education and gives her recommendations on how to remedy the many issues the security community faces today.

Privacy 261
article thumbnail

Weekly Update 256

Troy Hunt

Well this week went on for a bit, an hour and 6 mins in all. The 2 Apple things were particularly interesting due to the way in which both catching CSAM baddies and catching baddies who steal your things involves using technology that can be abused. Is it good tech because it can do good things? Bad tech because it can do bad things? Or is tech just morally neutral and we need to look at it more holistically?

Security 125
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Ransomware Gangs Try to Exploit 'PrintNightmare' Flaws

Data Breach Today

Meanwhile, Microsoft Has Published an Advisory on Another Zero-Day Bug Security researchers are tracking several ransomware gangs that are attempting to exploit a series of bugs in Microsoft Windows collectively called "PrintNightmare." Meanwhile, Microsoft has published an out-of-band alert about another zero-day flaw related to the PrintNightmare vulnerabilities.

article thumbnail

Vice Society ransomware also exploits PrintNightmare flaws in its attack

Security Affairs

Another ransomware gang, the Vice Society ransomware operators, is using Windows print spooler PrintNightmare exploits in its attacks. The Vice Society ransomware operators are actively exploiting Windows print spooler PrintNightmare vulnerability in their attacks against Windows servers. The PrintNightmare flaws (tracked as ( CVE-2021-1675 , CVE-2021-34527 , and CVE-2021-36958 ) reside in the Windows Print Spooler service, print drivers, and the Windows Point and Print feature.

article thumbnail

Poly Network Hacker Reportedly Returns Most of Stolen Funds

Data Breach Today

Security Experts Point Out Vulnerability in Smart Contract System The hacker behind the $612 million breach of the blockchain-based Poly Network system has reportedly returned all stolen assets. Security experts have highlighted a critical vulnerability and a need for further DeFi security regulations.

article thumbnail

Upcoming TPI Panel: What Have We Learned About Privacy from the Pandemic, and What Does it Mean Going Forward?

Data Matters

Please join us for a panel discussion titled, “What Have We Learned About Privacy from the Pandemic, and What Does it Mean Going Forward?” at the Technology Policy Institute (TPI) 2021 Aspen Forum on Monday, August 16. In addition to the COVID-19 pandemic and its impact on data privacy, the panel will discuss privacy legislation, the Biden Administration and Federal Trade Commission (FTC), Schrems, and disruptive technologies.

Privacy 97
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Scripps Health Reports Financial Toll of Ransomware Attack

Data Breach Today

Costs So Far Total Nearly $113 Million, Including $91.6 Million in Lost Revenue The recent ransomware attack that disrupted Scripps Health's IT systems and patient care for nearly a month has so far cost the San Diego-based organization nearly $113 million, including $91.6 million in lost revenue, according to a financial report the nonprofit entity filed this week.

article thumbnail

Dumping user’s Microsoft Azure credentials in plaintext from Windows 365

Security Affairs

A security expert devised a method to retrieve a user’s Microsoft Azure credentials in plaintext from Microsoft’s new Windows 365 Cloud PC service using Mimikatz. Benjamin Delpy , the popular security researcher and author of the Mimikatz tool, has devised a method to retrieve a user’s Microsoft Azure credentials in plaintext from Microsoft’s new Windows 365 Cloud PC service using Mimikatz.

Cloud 105
article thumbnail

Analysis: Self-Driving Tractors at Risk of Being Hacked

Data Breach Today

This edition of the ISMG Security Report offers an analysis of how tractors manufactured by John Deere are at risk of being hacked. Also featured: a description of the infrastructure bill passed by the Senate that would boost cybersecurity funding and an update on the reboot of the AlphaBay darknet market.

Risk 130
article thumbnail

Amazon’s Plan to Track Worker Keystrokes: A Sign of Controls to Come?

Threatpost

Data theft, insider threats and imposters accessing sensitive customer data have apparently gotten so bad inside Amazon, the company is considering rolling out keyboard-stroke monitoring for its customer-service reps. A confidential memo from inside Amazon explained that customer service credential abuse and data theft was on the rise, according to Motherboard which reviewed the document. […].

Access 102
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

NordVPN vs ExpressVPN: Compare Top VPNs

eSecurity Planet

If you’re shopping for an enterprise VPN , there’s a good chance NordVPN and ExpressVPN are on your list. Both vendors offer competitive VPN solutions that enable you and your employees to use the internet while maintaining privacy. However, each option offers its own advantages over competitors. To determine which VPN is the best choice for you, it’s important to compare each vendor in terms of what’s most important to you and your business.

article thumbnail

WordPress Sites Abused in Aggah Spear-Phishing Campaign

Threatpost

The Pakistan-linked threat group's campaign uses compromised WordPress sites to deliver the Warzone RAT to manufacturing companies in Taiwan and South Korea.

Phishing 102
article thumbnail

Jesse Wilkins announces departure from AIIM

IG Guru

Check out his post on LinkedIn here. The post Jesse Wilkins announces departure from AIIM appeared first on IG GURU.

98
article thumbnail

SolarWinds 2.0 Could Ignite Financial Crisis – Podcast

Threatpost

That’s what NY State suggests could happen, given the utter lack of cybersec protection at many private equity & hedge fund firms. Can AI help avert it?

IT 102
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Positive Work Environment

RFID Global Solution, Inc.

Positive Work Environment – a catchphrase which entices every IT employee. Research shows that a positive work environment empowers employees, which in turn multiplies creativity and productivity. Is there any correlation between an effective IT Asset Management system and a positive work environment? Or to take it one step further, is it possible that introducing an … Positive Work Environment Read More ».

IT 52
article thumbnail

Exchange Servers Under Active Attack via ProxyShell Bugs

Threatpost

There’s an entirely new attack surface in Exchange, a researcher revealed at Black Hat, and threat actors are now exploiting servers vulnerable to the RCE bugs.

article thumbnail

Matt Tait Warns of Stolen Zero Days at Black Hat USA 2021

ForAllSecure

Matt Tait opened Day 1 of Black Hat USA 2021 with a remote keynote presentation on supply chain compromises entitled “Supply Chain Infections and the Future of Contactless Deliveries.” Tait is Chief Operating Officer, Corellium which produces emulation software for Android, IOs. Previously he’s worked for UK's GCHQ and Google's Project Zero team. “The number of Zero Days being exploited in the wild is completely off the charts,” Tait said, starting his presentation.

article thumbnail

Cyberattackers Embrace CAPTCHAs to Hide Phishing, Malware

Threatpost

CAPTCHA-protected malicious URLs are snowballing lately, researchers said.

Phishing 135
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Best Digital Forensics Tools & Software for 2021

eSecurity Planet

For everything from minor network infractions to devastating cyberattacks and data privacy troubles , digital forensics software can help clean up the mess and get to the root of what happened. Since the inception of data forensics almost forty years ago, methods for investigating security events have given way to a market of vendors and tools offering digital forensics software (DFS).

article thumbnail

Google open-sourced Allstar tool to secure GitHub repositories

Security Affairs

Google has open-sourced the Allstar tool that can be used to secure GitHub projects and prevent security misconfigurations. Google has open-sourced the Allstar tool that can be used to secure GitHub projects by enforcing a set of security policies to prevent misconfiguration. “Allstar is a GitHub App installed on organizations or repositories to set and enforce security policies.

Security 102
article thumbnail

Friday Squid Blogging: A Good Year for Squid?

Schneier on Security

Improved ocean conditions are leading to optimism about this year’s squid catch. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.

Security 104