Mon.Apr 06, 2020

article thumbnail

Zoom Promises Geo-Fencing, Encryption Overhaul for Meetings

Data Breach Today

Web Conferencing Provider Blames Routing of Keys via China on Scaling-Up Error Zoom, responding to research that identified encryption and infrastructure shortcomings in its audio and video conferencing software, has promised to further revamp its security controls. With COVID-19 driving a surge in working from home, researchers have been closely reviewing the security of such software.

article thumbnail

BEST PRACTICES: Mock attacks help local agencies, schools prepare for targeted cyber scams

The Last Watchdog

Cyber criminals who specialize in plundering local governments and school districts are in their heyday. Related : How ransomware became a scourge Ransomware attacks and email fraud have spiked to record levels across the U.S. in each of the past three years, and a disproportionate number of the hardest hit organizations were local public agencies. Lucy Security, a security training company based in Zug, Switzerland that works with many smaller public entities, has been in the thick of this onsl

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Right Roles for SIEM and EDR

Data Breach Today

Cybereason's Sam Curry on Honing Threat Hunting Capabilities When it comes to threat hunting, what are the complementary uses of SIEM and EDR technologies? What are the unique use cases for each, and how can they coexist? Sam Curry of Cybereason shares tips in advance of a virtual roundtable discussion.

IT 238
article thumbnail

Thank You GoDaddy / Sucuri. A New Chapter Begins.

PerezBox

April 5th, 2020 marked the end of my three year journey with GoDaddy, and 9+ years with Sucuri. The time has come to say goodbye and venture off on a. Read More. The post Thank You GoDaddy / Sucuri. A New Chapter Begins. appeared first on PerezBox.

142
142
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

NIST Specialist Offers Telework Security Insights

Data Breach Today

With the COVID-19 pandemic forcing large portions of the workforce to shift to telework, CISOs need to rethink corporate policies on the use of video conferencing platforms and other communications tools, says NIST's Jeff Greene, who offers risk mitigation advice.

Security 194

More Trending

article thumbnail

Researcher Finds Flaws in HP's Software Assistant Tool

Data Breach Today

Bill Demirkapi Says Software Is Risky With Unpatched Issues A security researcher found 10 flaws within HP's Software Assistant Tool, which is installed across HP's desktop and laptop computers. Bill Demirkapi, who found the flaws, says the software is risky because only seven of the flaws have been patched by HP.

Security 185
article thumbnail

DarkHotel APT uses VPN zero-day in attacks on Chinese government agencies

Security Affairs

DarkHotel nation-state actor is exploiting a VPN zero -day to breach Chinese government agencies in Beijing and Shanghai. Chinese security-firm Qihoo 360 has uncovered a hacking campaign conducted by a DarkHotel APT group (APT-C-06) aimed at Chinese government agencies in Beijing and Shanghai. State-sponsored hackers used a zero-day vulnerability in Sangfor SSL VPN servers to gain access to victims’ networks.

article thumbnail

Using Metrics to Tell a Security Risk Story

Data Breach Today

Metrics can help CISOs clearly communicate the potential impact of risks to senior executives and win support for a risk management strategy, say Randall Frietzsche, enterprise CISO of Denver Health, and consultant Dave Bailey of CynergisTek, who describe a step-by-step approach in a joint interview.

Risk 147
article thumbnail

No, I Won't Link to Your Spammy Article

Troy Hunt

If you're reading this, chances are you've arrived here from a link I sent you via email. That email would have been a reply to one you originally sent to me that would have sounded something like this: Hi, I came across your blog on [thing] and I must admit, it was really nicely written. I also have an article on [thing] and I think it would be a great addition to your blog.

Phishing 117
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Prosecutors: 'Zoom-Bombing' Could Lead to Charges

Data Breach Today

Video Conferencing Hacking Violates U.S. Laws, Prosecutors Say Those who hack video conferences, such as via "Zoom bombing," are violating federal and state laws and could face prosecution, U.S. law enforcement officials say.

147
147
article thumbnail

Micro Focus: a solution to the skills issue

Micro Focus

IBM Mainframe COBOL, enterprise-class, core application environments are often the lifeblood of an organisation. Whether commercial or government, revenue generating or providing vital services, these trusted systems underpin many of the most critical services that IT provides. These systems are typically so stable, reliable and secure that ignoring them can be easy.

article thumbnail

Beyond Zoom: How Safe Are Slack and Other Collaboration Apps?

Threatpost

COVID-19’s effect on work footprints has created an unprecedented challenge for IT and security staff. Many departments are scrambling to enable collaboration apps for all -- but without proper security they can be a big risk.

Risk 109
article thumbnail

ENISA released a Tool to map dependencies to International Standards

Security Affairs

The European Agency for Cybersecurity ENISA has released a tool for the mapping of international security standards to interdependencies’ indicators. ENISA has released a tool for the mapping of international security standards to interdependencies’ indicators that have been introduced and demonstrated in the report Good practices on interdependencies between OES and DSPs.

Risk 105
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

CNIL Stresses Importance of ISO 27701 for Global Data Protection Compliance

Hunton Privacy

On April 2, 2020, the French Data Protection Authority (the “CNIL”) published a press release highlighting the importance of the ISO/IEC 27701 standard for the protection of personal data. The CNIL reminds that this is an international standard that defines the management system and security measures that need to be implemented for the processing of personal data (“personally identifiable information” under the ISO/IEC 27701 standard), by extending the requirements of two well-known information

article thumbnail

Key Ring digital wallet exposes data of 14 Million users in data leak

Security Affairs

vpnMentor researchers discovered that the popular digital wallet application Key Ring exposed data belonging to millions of users in a huge data leak. The digital wallet application Key Ring recently exposed information from its 14 million users. Key Ring is a mobile application that allows users to create a digital wallet on their devices and use them to store scans and photos of membership and loyalty cards.

Retail 104
article thumbnail

Clinical labs rise to a health crisis

OpenText Information Management

You’ve seen the videos – people in Madrid, Rome, New York, Atlanta and cities all around the world step onto their porches and balconies as they shelter-in-place to cheer and applaud the efforts of healthcare workers, grocery store employees and other essential workers who must continue to provide services during the COVID-19 pandemic. As people … The post Clinical labs rise to a health crisis appeared first on OpenText Blogs.

102
102
article thumbnail

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Security Affairs

Experts uncovered a hacking campaign that is breaching Docker clusters to deploy a new crypto-mining malware tracked as Kinsing. Cloud security firm Aqua Security uncovered a hacking campaign carried out during the past months, hackers are scanning the Internet for Docker servers running API ports exposed without a password. Then the attackers break into the installs and deploy a new crypto-miner tracked as Kinsing. “We’ve been tracking an organized attack campaign that targets misconfigur

Mining 99
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Obtaining and sharing employee health status information in a pandemic

Data Protection Report

Employers across the world are facing extremely difficult challenges in keeping their workplaces safe for their employees, contractors and visitors during the COVID-19 pandemic. Although the prevailing instinct is likely to be to protect and to prevent the spread of the virus at all costs, under data protection laws this still needs to be weighed against the privacy rights of employees.

Privacy 96
article thumbnail

Russian telco Rostelecom hijacks traffic for IT giants, including Google, Amazon and Facebook

Security Affairs

Russian telco operator Rostelecom was involved in BGP hijacking incident that impacted hundreds of CDNs and cloud providers last week. Last week, Russia’s state-owned telco Rostelecom was involved in an apparent incident that hijacked the traffic for more than 200 content delivery networks (CDNs) and cloud hosting providers, including giants like Google, Amazon, Facebook, Akamai, Cloudflare, GoDaddy, and Digital Ocean.

IT 87
article thumbnail

FBI Threatens ‘Zoom Bombing’ Trolls With Jail Time

Threatpost

The FBI is cracking down on the practice of Zoom bombing, saying the hijacking of web conferences can be punishable by jail time.

article thumbnail

Cloud Governance Wars - Box vs Office 365

Gimmal

A war has been brewing over the ability to govern content in the cloud. Box and Office 365 are arguably the two leading SaaS based content services providers in the market today. While Microsoft is the 800-pound gorilla providing a little bit of everything, Box is winning users by providing software that is easier to implement and use. Both vendors have been ramping up their governance and compliance capabilities over the past several years and have launched major initiatives into the world of c

Cloud 80
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Emotat Malware Causes Physical Damage

Schneier on Security

Microsoft is reporting that an Emotat malware infection shut down a network by causing computers to overheat and then crash. The Emotet payload was delivered and executed on the systems of Fabrikam -- a fake name Microsoft gave the victim in their case study -- five days after the employee's user credentials were exfiltrated to the attacker's command and control (C&C) server.

Phishing 112
article thumbnail

How Marriott Customers Can Protect Themselves From The Latest Breach

Adam Levin

Marriott International announced a data breach that may have exposed the information of 5.2 million guests. Among the information potentially compromised are names, birthdates, mailing addresses, phone numbers, email addresses, and birthdates. This is the second major data breach that Marriott has experienced in recent years; in 2018, the company announced that the information of 327 million customers of subsidiary Starwoodhad been compromised in a similar incident. .

article thumbnail

Government VPN Servers Targeted in Zero-Day Attack

Threatpost

The attacks are being carried out against Chinese government interests worldwide, according to Qihoo 360.

article thumbnail

Release of Universal Electronic Records Management Requirements, Version 2

National Archives Records Express

We are pleased to announce the release of the Universal Electronic Records Management (ERM) Requirements , Version 2 as part of our Federal Electronic Records Modernization Initiative (FERMI). Through this initiative, we have been working to improve the way agencies acquire ERM services and solutions. We first released the Universal ERM Requirements in August 2017.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Microsoft: Emotet Attack Shut Down an Entire Business Network

Dark Reading

The infection started with a phishing email and spread throughout the organization, overheating all machines and flooding its Internet connection.

article thumbnail

Apple Safari Flaws Enable One-Click Webcam Access

Threatpost

The white hat hacker who discovered the vulnerabilities received a $75,000 from Apple's bug-bounty program.

Access 75
article thumbnail

This Map Shows the Global Spread of Zero-Day Hacking Techniques

WIRED Threat Level

The collection of countries using those secret hacking techniques has expanded far beyond the usual suspects.