Data Breach Today
MAY 10, 2023
Nickolas Sharp, 37, Must Also Pay $1.6 Million In Restitution Nickolas Sharp, a one-time employee of Ubiquity who pleaded guilty to insider hacking received Wednesday a six year prison sentence. He admitted guilt on Feb. 2 to three criminal counts including transmitting a program to a protected computer that intentionally caused damage.
Dark Reading
MAY 10, 2023
While Intel is still investigating the incident, the security industry is bracing itself for years of potential firmware insecurity if the keys indeed were exposed.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Data Breach Today
MAY 10, 2023
May Patch Tuesday Fixes 38 Bugs Including 3 Zero Days Microsoft issued an optional patch Tuesday as part of its monthly dump of fixes that addresses for the second time a Secure Boot zero-day vulnerability exploited by BlackLotus UEFI malware. The patch is optional since the attacker must have admin privileges or physical access to the device.
KnowBe4
MAY 10, 2023
A newly identified criminal organization has been observed running a large number of business email compromise (BEC) scams. Since February 2021, Abnormal Security reports the gang has been responsible for some 350 BEC campaigns against a range of companies. No particular sector is favored, but the scammers favor larger organizations, with more than 100 of the targets being multinational corporations with offices in several countries.
Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage
Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.
Data Breach Today
MAY 10, 2023
Akamai Says Exploit Sidesteps Patched Vulnerability Exploited by Russian Hackers Security researchers say a slight modification to a Microsoft Exchange zero day attack used by Russian state hackers can bypass a patch the computing giant introduced in March. Microsoft patched the modified attack during this month's dump of fixes, rating the bug as "important" but not "critical.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Data Breach Today
MAY 10, 2023
Bitdefender Spots Novel 'DownEx' Malware Targeting Foreign Government Agencies A possibly Russian state hacking group has been deploying a novel backdoor dubbed DownEx against international governmental targets located in Kazakhstan and Afghanistan, reports Bitdefender. At least one victim appears to be an embassy located in Kazakhstan.
Schneier on Security
MAY 10, 2023
Reuters is reporting that the FBI “had identified and disabled malware wielded by Russia’s FSB security service against an undisclosed number of American computers, a move they hoped would deal a death blow to one of Russia’s leading cyber spying programs.” The headline says that the FBI “sabotaged” the malware, which seems to be wrong.
Data Breach Today
MAY 10, 2023
Mixed Ruling in Motion to Dismiss One Case, While Meta Seeks Dismissal of Consolidated Suit Two separate proposed class action data privacy lawsuits involving the use of Meta Pixel tracking tools in healthcare entity websites are continuing to proceed with new legal developments this week in a Northern California federal court.
The Security Ledger
MAY 10, 2023
A bunch of recent surveys of IT and security pros send a clear message: threats and risks from vulnerable software supply chains are real, and they’re starting to freak people out. The post The surveys speak: supply chain threats are freaking people out appeared first on The Security Ledger with Paul F. Roberts. Related Stories Forget the IoT. Meet the IoZ: our Internet of Zombie things Episode 249: Intel Federal CTO Steve Orrin on the CHIPS Act and Supply Chain Security IoCs vs.
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
Data Breach Today
MAY 10, 2023
Tory Government Presses Ahead with Data Protection and Digital Information Bill Members of the U.K. Parliament considering modifications to national privacy law heard assurances Wednesday that the European Union will go along with them. "U.K. GDPR retains all the rights of the European citizens," said John Edwards, U.K. Information Commissioner said Wednesday.
Dark Reading
MAY 10, 2023
Boards love to say they have low risk tolerance, but are they willing to make the expensive and painful decisions to make it truly happen?
Data Breach Today
MAY 10, 2023
European Commission Legal Service Says Proposal Likely Violates Europeans' Rights A European Commission effort to require instant messenger apps such as WhatsApp and iMessage to scan for child sexual abuse material would likely violate Europeans' human rights and weaken encryption protections for consumers, a leaked document from the commission's internal legal service says.
IT Governance
MAY 10, 2023
Welcome to our May 2023 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over personal data. This month, we look at another scam taking advantage of the public’s fascination with ChatGPT, another data breach at Booking.com, and another news story about blue checkmarks – but this time it’s not at the tech company you’re thinking of.
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
Data Breach Today
MAY 10, 2023
IRC CISO on Modernizing Security Controls to Detect Rather Than Respond to Problems The International Rescue Committee has identified new processes and ways to safeguard information in the midst of rapid digital transformation, according to CISO JT Jacoby. The IRC went from having multi-factor authentication deployed on just 1,500 devices in November to more than 10,000 today.
WIRED Threat Level
MAY 10, 2023
The social network's new privacy feature is technically flawed, opt-in, and limited in its functionality. All this for just $8 a month.
Data Breach Today
MAY 10, 2023
Mixed Ruling in Motion to Dismiss One Case, While Meta Seeks Dismissal of Consolidated Suit Two separate proposed class action data privacy lawsuits involving the use of Meta Pixel tracking tools in healthcare entity websites are continuing to proceed with new legal developments this week in a Northern California federal court.
Dark Reading
MAY 10, 2023
"White Phoenix" automated tool for recovering data on partially encrypted files hit with ransomware is available on GitHub.
Advertisement
“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.
Data Breach Today
MAY 10, 2023
OTC Markets CISO on Ransomware, Regulations Affecting the Financial Services Space OTC Markets Group in recent years has gone from having almost sector-specific cybersecurity regulations to highly robust ones, said CISO Vlad Brodsky. Since 2016, the New York-based financial market has been subject to stringent policies and procedures to ensure OTC's cybersecurity and resiliency.
Dark Reading
MAY 10, 2023
While the goal of the site's new DR Global section is to expand international coverage, the initial focus will be cybersecurity professionals in the Middle East and Africa.
Security Affairs
MAY 10, 2023
A new sophisticated malware strain, dubbed DownEx, was involved in attacks aimed at Government organizations in Central Asia. In late 2022, Bitdefender Labs researchers first observed a highly targeted cyberattack targeting foreign government institutions in Kazakhstan that involved a new sophisticated strain of malware dubbed DownEx. Later the researchers detected another attack in Afghanistan that allowed them to collect additional samples of this malware.
KnowBe4
MAY 10, 2023
The once-in-a-lifetime royal occurrence sparked countless websites designed to steal personal information and credit card details, causing security experts to issue warnings.
Advertisement
If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.
Security Affairs
MAY 10, 2023
The US government announced to have disrupted the peer-to-peer (P2P) network of computers compromised by the Snake malware. The Snake implant is one of the most sophisticated implants used by Russia-linked threat actors for cyberespionage purposes. The malware has been designed and used by Center 16 of Russia’s Federal Security Service (FSB) in cyber espionage operations on sensitive targets.
Dark Reading
MAY 10, 2023
Cryptomining is a logical partner for an existing IoT-focused DDoS botnet, so the RapperBot authors customized XMRig to make it happen.
KnowBe4
MAY 10, 2023
New data shows a resurgence in successful ransomware attacks with organizations in specific industries, countries and revenue bands being the target.
Thales Cloud Protection & Licensing
MAY 10, 2023
The Retail Data Threat Environment and Why CIAM is a Key Cornerstone to Better Cybersecurity. madhav Thu, 05/11/2023 - 06:06 The retail landscape has changed significantly. Digital payments have increased at an unprecedented rate , the global pandemic changed our shopping habits, and the “work from everywhere” culture has quite frankly blossomed. Cybersecurity awareness, however, has not kept up.
Advertisement
Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.
WIRED Threat Level
MAY 10, 2023
The unidentified attackers have targeted people on both sides of Russia’s war against Ukraine, carrying out espionage operations that suggest state funding.
CILIP
MAY 10, 2023
Winds of change in the world of academic publishing? Extraordinary news from the world of academic journal publishing this weekend, which saw the entire editorial board of Neuroscience resign en-masse in protest at the publisher’s unethical profit margins (‘Too greedy’: mass walkout at global science journal over ‘unethical’ fees, Observer 07.05.2023).
WIRED Threat Level
MAY 10, 2023
We talk to the Signal Foundation’s Meredith Whittaker about how the surveillance economy is newer than we all might realize—and what we can do to fight back.
Expert insights. Personalized for you.
260 
Let's personalize your content