Tue.Mar 03, 2020

article thumbnail

The Case for Limiting Your Browser Extensions

Krebs on Security

Last week, KrebsOnSecurity reported to health insurance provider Blue Shield of California that its Web site was flagged by multiple security products as serving malicious content. Blue Shield quickly removed the unauthorized code. An investigation determined it was injected by a browser extension installed on the computer of a Blue Shield employee who’d edited the Web site in the past month.

Insurance 268
article thumbnail

DoppelPaymer Ransomware Slams Supplier to Boeing and Tesla

Data Breach Today

Crypto-Locking Malware Gang Dumps Confidential Data Stolen From Visser Precision Visser Precision, a U.S. manufacturer that supplies Boeing, Lockheed Martin, Tesla and SpaceX, appears to have been hit by the DoppelPaymer ransomware gang, which has begun leaking internal data, and threatening to leak more unless the victim pays a ransom.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How Long Should I Keep This Business Record For?

AIIM

This is perhaps one of the most-asked questions in all of records management. Too often I hear one of two, equally bad answers: Keep Records for Seven years: This seems to be the de facto answer, especially for financial services records. As near as I can tell, this comes from the U.S. Internal Revenue Service rules around when they can audit individual and corporate tax returns.

article thumbnail

Big HIPAA Fine for Solo Doctor Practice

Data Breach Today

HHS OCR Cites Major Security Shortcomings A gastroenterologist has been smacked with a $100,000 HIPAA settlement after federal investigators found the physician's practice had never conducted a risk analysis.

Risk 224
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Tracking the COVID-19 coronavirus using Micro Focus IDOL

Micro Focus

“How do I know what I do not know?” Micro Focus IDOL (Intelligent Data Operating Layer) is an AI platform which derives contextual and conceptual insights from miltiple data sources. It can identify relationships that exist within virtually any type of information and Micro Focus runs a demo environment that indexes a limited subset of. View Article.

IT 136

More Trending

article thumbnail

The North Korean Kimsuky APT threatens South Korea evolving its TTPs

Security Affairs

Cybaze-Yoroi ZLab analyzed a new implant employed by a North Korea-linked APT group, tracked as Kimsuky, in attacks on South Korea. I ntroduction. Recently we have observed a significant increase in state-sponsored operations carried out by threat actors worldwide. APT34 , Gamaredon , and Transparent Tribe are a few samples of the recently uncovered campaigns, the latter was spotted after four years of apparent inactivity.

IT 127
article thumbnail

The Cost of CISO Stress

Data Breach Today

Nominet's Stuart Reed Shares Results of New Stress Survey CISO stress levels are higher this year than last. What is the impact on these individuals and their enterprises? And what should be done to alleviate this stress? Stuart Reed of Nominet analyzes the latest CISO Stress report.

191
191
article thumbnail

Further Information on ICE Schedules in the News

National Archives Records Express

There have been many stories in the news about Immigration and Customs Enforcement (ICE) records and when these records will be eligible for destruction. Some of the more recent stories raise concerns about a three-year retention for “detainees’ complaints about civil rights violations and shoddy medical care.” . Any member of the public, including detainees in ICE custody, can file complaints about civil rights and civil liberties regarding Department of Homeland Security (DHS) policies, progra

Archiving 121
article thumbnail

Managing the Risks Posed By APIs

Data Breach Today

Shreyans Mehta of Cequence Security on the API Security Landscape APIs are exposing a lot of business logic to exploitation, says Shreyans Mehta, co-founder & CTO and Cequence Security, who offers insights on enhancing API security.

Risk 197
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Cisco offers free 90-day Webex Licenses due to coronavirus outbreak

Security Affairs

Cisco has decided to extend its business licenses for the free Webex account that will be available for 90-day due to Coronavirus/COVID-19 outbreak. Cisco has announced an enhancement of its free Webex account offerings and is offering free 90-day business licenses to limit the spread of Coronavirus. WebEx is a popular web conferencing and videoconferencing application.

Sales 118
article thumbnail

RSA President on 'The Human Element'

Data Breach Today

Rohit Ghai Opens up on Digital Risk Management, RSA's Future As RSA 2020 neared its close, RSA President Rohit Ghai visited ISMG Studios to discuss the event's theme, "The Human Element," as well as digital risk management and the pending sale of RSA.

Sales 172
article thumbnail

Woman scammed out of £95,000 after her solicitor was hacked

IT Governance

Amid all the cyber crime statistics, it can be easy to overlook the everyday effects that scams have on people. Attacks aren’t just a case of money being lost or organisations being disrupted; they are stories of people undergoing traumatic experiences and dealing with the consequences. The Guardian’s scams section recently told the story of Sally Flood, who was defrauded out of £95,000 after cyber criminals hacked her solicitor’s email address.

Phishing 110
article thumbnail

Cybersecurity for the Midmarket

Data Breach Today

Global Cyber Alliance's Phil Reitinger Describes Efforts to Bolster SMB, Election Security In 2019, the Global Cyber Alliance debuted its toolkit to help small and midsized organizations bolster cybersecurity. How has the toolkit been received and refined? Phil Reitinger, who heads the alliance, discusses progress.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

A bug in the Walgreens mobile app leaked customers’ messages

Security Affairs

Pharmacy store chain Walgreens has disclosed a data breach that impacted some customers of its mobile application. Pharmacy store chain Walgreens has disclosed a data breach that impacted some customers of its mobile application. The mobile app allows users to refill prescriptions by scanning barcode , manage medications with Pill Reminder, set Rx alerts for refills and pickups, set up a video chat with doctors, refill and check prescription status, print photos, create personalized folded photo

article thumbnail

2 Chinese Nationals Indicted for Laundering Cryptocurrency

Data Breach Today

Prosecutors: Stolen Virtual Currency Tied to North Korean Hacking Group Two Chinese nationals have been indicted by the U.S. Justice Department for allegedly laundering $100 million in cryptocurrency stolen by North Korean hackers in 2018.

161
161
article thumbnail

CGI Client Global Insights: A look at top retail banking trends and priorities

CGI

CGI Client Global Insights: A look at top retail banking trends and priorities. Retail banks continue to grapple with the challenges of digitization, attempting to efficiently manage and evolve a variety of channels, reach people in a broad range of demographics, and invest in emerging technologies to stay ahead of an ever-increasingly competitive marketplace.

Retail 104
article thumbnail

Nemty ransomware operators launch their data leak site

Security Affairs

The operators behind the Nemty ransomware set up a data leak site to publish the data of the victims who refuse to pay ransoms. Nemty ransomware first appeared on the threat landscape in August 2019, the name of the malware comes after the extension it adds to the encrypted file names. The ransomware deletes shadow copies of encrypted files to make in impossible any recovery procedure.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Enabling Secure Code Signing at Scale

Thales Cloud Protection & Licensing

This blog is co-written with Shian Sung from Keyfactor. In today’s development environment, it’s important for every organization to utilize code signing as a way to ensure that the applications and updates they deliver are trusted. This starts from the build process and goes all the way through to the release in order to develop code that maintains a strong root of trust, and with a high degree of authenticity and integrity.

article thumbnail

US officials charge two Chinese men for laundering cryptocurrency for North Korea

Security Affairs

The Department of Justice has charged the two Chinese nationals for laundering cryptocurrency for North Korea-linked APT groups. The US Treasury Department and the Department of Justice have imposed sanctions and charged two Chinese nationals, Tian Yinyin ( ???) and Li Jiadong (???), for helping North Korea-linked hackers in laundering cryptocurrency.

article thumbnail

DoppelPaymer Ransomware Used to Steal Data from Supplier to SpaceX, Tesla

Threatpost

Cyber attack at Visser Precision, which builds custom parts for the aerospace and automotive industries, reveals sensitive company data.

article thumbnail

Wi-Fi Chip Vulnerability

Schneier on Security

There's a vulnerability in Wi-Fi hardware that breaks the encryption : The vulnerability exists in Wi-Fi chips made by Cypress Semiconductor and Broadcom, the latter a chipmaker Cypress acquired in 2016. The affected devices include iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices, and Wi-Fi routers from Asus and Huawei, as well as the Raspberry Pi 3.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Let’s Encrypt to Revoke Millions of TLS Certs

Threatpost

On Wednesday millions of Transport Layer Security certificates will be revoked because of a Certificate Authority Authorization bug.

article thumbnail

Blockchain: Poised to Transform Business

Data Matters

Listen to The Sidley Podcast for an informative discussion of how blockchain, digital assets and virtual currencies are changing the way we transact. Blockchain technology has the ability to transform how business and everyday commercial transactions are conducted across industries. This emerging technology represents more than just an incremental improvement in business practices — it could actually disrupt how we do business.

article thumbnail

The Cybercrime Pandemic Keeps Spreading

Dark Reading

The World Economic Forum says cyberattacks will be one of the top global business risks over the next 10 years.

Risk 127
article thumbnail

Cobalt Ulster Strikes Again With New ForeLord Malware

Threatpost

Threatpost talks to Alex Tilley, senior security researcher with Dell SecureWorks' Counter Threat Unit Research Team, about a recently discovered campaign linked to an Iranian APT.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Financial institutions can gain new AI model risk management capabilities with IBM Watson OpenScale

IBM Big Data Hub

Many financial institutions are rapidly developing and adopting AI models. They’re using the models to achieve new competitive advantages such as being able to make faster and more successful underwriting decisions. However, AI models introduce new risks.

Risk 73
article thumbnail

With New SOL4Ce Lab, Purdue U. and DoE Set Sights on National Security

Dark Reading

The cooperative research initiative brings together faculty and students to "focus on problems and cutting-edge ways to solve them.

article thumbnail

MediaTek Bug Actively Exploited, Affects Millions of Android Devices

Threatpost

An exploit published by a developer is easy to use and has already been used to build malicious apps that gain root access on Android devices.

Access 67