Fri.Jun 24, 2022

article thumbnail

After Conti Ransomware Brand Retires, Spinoffs Carry On

Data Breach Today

Attacks Tied to Apparent Spinoffs or Subsidiaries Black Basta and Hive Have Surged The Conti ransomware group officially pulled the plug on its operation in May. But experts say the group's activities have continued in the form of numerous already-launched subsidiaries or spinoffs, which appear to include Alphv/BlackCat, AvosLocker, Black Basta and HelloKitty, among others.

article thumbnail

On the Dangers of Cryptocurrencies and the Uselessness of Blockchain

Schneier on Security

Earlier this month, I and others wrote a letter to Congress, basically saying that cryptocurrencies are an complete and total disaster, and urging them to regulate the space. Nothing in that letter is out of the ordinary, and is in line with what I wrote about blockchain in 2019. In response, Matthew Green has written —not really a rebuttal—but a “a general response to some of the more common spurious objections …people make to public blockchain systems.” In it, he

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Aura Lays Off 70 Staff After Raising $350M Over Past Year

Data Breach Today

Company Says Layoffs Are the Result of Customer Acquisition Strategy Changes Aura has laid off 70 employees as a result of customer acquisition strategy changes just a year after raising $350 million. The layoffs came about as a result of an agreement inked with MetLife earlier this year that made it Aura's exclusive go-to-market partner for the employee benefits channel.

Marketing 257
article thumbnail

Cybersecurity Agencies Release Guidance for PowerShell Security

eSecurity Planet

PowerShell is one of the most common tools used by hackers in “living off the land” attacks, when malicious actors use an organization’s own tools against itself. This week, U.S. cybersecurity agencies joined their counterparts in the UK and New Zealand to offer guidance so organizations can use PowerShell safely. PowerShell is a command line tool and associated scripting language built on the.NET framework.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Attackers Use Log4Shell to Hack Unpatched VMware Products

Data Breach Today

Unpatched Systems Should Be Treated as Compromised, say U.S. Cyber Agencies Watch out for APT and state-sponsored hackers using the Log4Shell vulnerability to gain unauthorized entry into unpatched VMware Horizon Systems and Unified Access Gateway servers, says a joint advisory from CISA and the U.S. Coast Guard Cyber Command.

Access 242

More Trending

article thumbnail

Russian Cyberattacks on Ukraine Underscored By Microsoft

Data Breach Today

Data Wipers and Phishing Remain Widely Used Attack Tools in the Kremlin's War A report from the company behind the world's most ubiquitous operating system depicts active cyber scrimmage between Russia and Ukraine and Russia and a slew of other countries. Fighting it is the work of private-public collaboration, Microsoft President Brad Smith writes.

Phishing 247
article thumbnail

Boost productivity with Magellan Search+

OpenText Information Management

“Findability challenges have been growing over the past decade, as both digital information and the myriad of systems that organizations use to contain it proliferate” states APQC researchers in their whitepaper How Knowledge Management Affects Employee Productivity. Based on a survey on employee productivity, they conclude that a knowledge worker spends up to 4.5 hours … The post Boost productivity with Magellan Search+ appeared first on OpenText Blogs.

IT 113
article thumbnail

Ransomware Gang Uses Log4Shell

Data Breach Today

AvosLocker Makes Use of Unpatched VMWare Virtual Desktop Software Ransomware group AvosLocker made use of unpatched VMWare Horizon applications to hack into an unidentified organization’s systems, says analysis from Cisco Talos. The race between systems administrators and hackers to patch the Log4j vulnerability is ongoing.

article thumbnail

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

Google’s Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on users. Researchers from Google’s Threat Analysis Group (TAG) revealed that the Italian surveillance firm RCS Labs was helped by some Internet service providers (ISPs) in Italy and Kazakhstan to infect Android and iOS users with their spyware.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Weekly Update 301

Troy Hunt

First up, I'm really sorry about the audio quality on this one. It's the exact same setup I used last week (and carefully tested first) but it's obviously just super sensitive to the wind. If you look at the trees in the background you can see they're barely moving, but inevitably that was enough to really mess with the audio quality.

article thumbnail

Threat actors continue to exploit Log4Shell in VMware Horizon Systems

Security Affairs

The U.S. CISA and the Coast Guard Cyber Command (CGCYBER) warn of attacks exploiting the Log4Shell flaw in VMware Horizon servers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), published a joint advisory to warn of hacking attempts exploiting the Log4Shell flaw in VMware Horizon servers to compromise target networks. “CISA and the United States Coast Guard Cyber Command (CGCYBER) have released a joint Cybersecurity Adv

Access 111
article thumbnail

Parking fines: DVLA breached law over sharing drivers’ details

The Guardian Data Protection

Agency could face compensation claims after data watchdog rules it applied wrong part of the law The Driver and Vehicle Licensing Agency (DVLA) breached data protection laws in the way it passed on motorists’ personal details to private parking firms, the UK’s data watchdog has ruled. It could now potentially face compensation claims from motorists as a result, according to one expert.

IT 99
article thumbnail

The Concerning Statistics About Mental Health in Cybersecurity

The Security Ledger

Are cyber professionals as good at protecting their mental health as their IT environments? Thomas Kinsella, COO of Tines, talks about the worrying mental health statistics in cyber and how to protect your team. The post The Concerning Statistics About Mental Health in Cybersecurity appeared first on The Security Ledger with Paul F. Roberts. Related Stories Identity Fraud: The New Corporate Battleground Understanding the Economic Impact of Credential Stuffing Attacks How to Bring the Power of No

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

7 Steps to Stronger SaaS Security

Dark Reading

Continuous monitoring is key to keeping up with software-as-a-service changes, but that's not all you'll need to get better visibility into your SaaS security.

Security 102
article thumbnail

HIPAA – Current and Upcoming Changes

Record Nations

Just like many other laws in our country, HIPAA is always evolving. HIPAA is one of, if not the most important law regarding the safekeeping and dissemination of medical records. The past few years have brought about a number of changes, that in turn, required HIPAA to evolve. Everything from the COVID-19 pandemic, new technologies, […]. The post HIPAA – Current and Upcoming Changes appeared first on Record Nations.

93
article thumbnail

Google Warns Spyware Being Deployed Against Android, iOS Users

Threatpost

The company is warning victims in Italy and Kazakhstan that they have been targeted by the malware from Italian firm RCS Labs.

Privacy 95
article thumbnail

Without Conti On The Scene, LockBit 2.0 Leads Ransomware Attacks

Dark Reading

Analysts say an 18% drop in ransomware attacks seen in May is likely fleeting, as Conti actors regroup.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Ford Heritage Vault Takes You Deep into Automaker’s History via Autoweek

IG Guru

After over 100 years in business, you’d be right to assume Ford’s historical archive is dense. But the scope of what Ford had stored away in its Dearborn archives is largely unknown because the company hasn’t really leveraged its historical documents. The post Ford Heritage Vault Takes You Deep into Automaker’s History via Autoweek appeared first on IG GURU.

article thumbnail

Why We're Getting Vulnerability Management Wrong

Dark Reading

Security is wasting time and resources patching low or no risk bugs. In this post, we examine why security practitioners need to rethink vulnerability management.

Risk 80
article thumbnail

UK security services must seek approval to access telecoms data, judges rule

The Guardian Data Protection

Liberty hails decision that prior independent authorisation is needed for people’s communications data The security and intelligence services must acquire “prior independent authorisation” to obtain people’s communications data from telecom providers, a civil rights campaign group has said, after it won a high court challenge. Liberty hailed a “landmark victory” and said two judges ruled it was unlawful for MI5, MI6 and GCHQ to obtain individuals’ communications data from telecom providers witho

Access 56
article thumbnail

APT Groups Swarming on VMware Servers with Log4Shell

Dark Reading

CISA tells organizations running VMware servers without Log4Shell mitigations to assume compromise.

103
103
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

SEC Requests Comment on Regulation of Information Providers Under the U.S. Investment Advisers Act

Data Matters

On June 15, 2022, the U.S. Securities and Exchange Commission (Commission) issued a request for comment with respect to whether certain index, model, pricing, and other information providers should be regulated as investment advisers under the Investment Advisers Act of 1940. The Commission suggests fresh consideration is needed in light of changes in technology and market practices in the decades since these topics were last given significant attention — especially given the continuing expans

article thumbnail

The Cybersecurity Talent Shortage Is a Myth

Dark Reading

We have a tech innovation problem, not a staff retention (or recruitment) problem.

article thumbnail

Vulnerabilities in the Jacuzzi SmartTub app could allow to access users’ data

Security Affairs

Researchers discovered multiple vulnerabilities in Jacuzzi SmartTub app web interface that can expose private data. Multiple vulnerabilities in Jacuzzi SmartTub app web interface could have disclosed private data to attackers, security researcher Eaton Zveare warns. The experts attempted to notify the company without success, meantime the flaws have been addressed.

Access 80
article thumbnail

Threat Intelligence Services Are Universally Valued by IT Staff

Dark Reading

Most of those surveyed are concerned about AI-based attacks and deepfakes, but suggest that their organization is ready.

IT 77
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Friday Squid Blogging: Squid Cubes

Schneier on Security

Researchers thaw squid frozen into a cube and often make interesting discoveries. (Okay, this is a weird story.). As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.