Tue.Apr 28, 2020

article thumbnail

Would You Have Fallen for This Phone Scam?

Krebs on Security

You may have heard that today’s phone fraudsters like to use use caller ID spoofing services to make their scam calls seem more believable. But you probably didn’t know that these fraudsters also can use caller ID spoofing to trick your bank into giving up information about recent transactions on your account — data that can then be abused to make their phone scams more believable and expose you to additional forms of identity theft.

article thumbnail

Shade Ransomware Operation Apparently Shuts Down

Data Breach Today

Those Claiming to Be Operators Say They've Released 750,000 Decryption Keys Those claiming to be operators of the Shade ransomware strain say they have closed down their operation and released more than 750,000 decryption keys, according to a message posted on GitHub.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

MY TAKE: Why COVID-19 ‘digital distancing’ is every bit as vital as ‘social distancing’

The Last Watchdog

As coronavirus-themed cyber attacks ramp up, consumers and companies must practice digital distancing to keep themselves protected. Related: Coronavirus scams leverage email As we get deeper into dealing with the coronavirus outbreak, the need for authorities and experts to communicate reliably and effectively with each other, as well as to the general public, is vital.

article thumbnail

How Telework Is Changing Cloud Security

Data Breach Today

Jim Reavis of the Cloud Security Alliance on Adjusting CISOs' Priorities Because the COVID-19 pandemic had led to more employees working from home, cloud services have become indispensable, but the pressure is on organizations to ensure security, says Jim Reavis, CEO of the Cloud Security Alliance.

Cloud 189
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

How to Apply Lean Principles to Policy Writing

AIIM

As important as Intelligent Information Management (IIM) policy writing is, it's probably not the only dish you have cooking on the stove. It's important, therefore, not to let that process commandeer more time from your day than it has to. The best way to do that is to keep your IIM policies lean. What Does It Mean for an IIM Policy to be Lean? We want both the final document and the policy creation/revision process to be free of unnecessary elements.

Paper 138

More Trending

article thumbnail

100k+ WordPress sites exposed to hack due to a bug in Real-Time Find and Replace plugin

Security Affairs

A bug in the Real-Time Find and Replace WordPress plugin could allow hackers to hackers to create rogue admin accounts on over 100,000 sites. A vulnerability in the Real-Time Find and Replace WordPress plugin could be exploited by attackers to create rogue admin accounts. The Real-Time Find and Replace WordPress plugin is currently installed on over 100,000 sites, it allows users to dynamically (i.e. at the time when a page is generated) replace code and text from themes and other plugins wit

GDPR 120
article thumbnail

Colorado Hospital Hit by Ransomware as COVID-19 Continues

Data Breach Today

Despite Pandemic, Healthcare Sector Faces Surge in Cybercrime Campaigns Despite the ongoing COVID-19 pandemic, the healthcare sector faces an ongoing surge of hack attacks that too often disrupt systems and patient care. Among the latest victims is a hospital in Pueblo, Colorado, which is still recovering after apparently having been hit by ransomware.

article thumbnail

Top cyber security tips for keeping kids safe online

IT Governance

If you’re among the millions of people working from home while also trying to entertain and educate your kids during the coronavirus pandemic, we imagine things have been pretty chaotic. Were it not for the option of sitting your kids in front of a laptop for a few hours to do their schoolwork or play games, things might be even worse. But while the technology gives you a break, do you have complete peace of mind about your children’s safety online?

Security 107
article thumbnail

'Zero Trust' and the Remote Worker

Data Breach Today

The shift to working at home during the COVID-19 pandemic is yet another reason to embrace the "zero trust" strategy, says Dave Lewis of Duo Security, who provides guidance.

Security 147
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

PhantomLance, a four-year-long cyberespionage spying campaign

Security Affairs

Kaspersky Lab uncovered an ongoing cyberespionage campaign, dubbed PhantomLance, that employed malicious apps hosted on the official Google Play. Kaspersky has spotted an ongoing campaign, dubbed PhantomLance, that employed malicious spying apps hosted by Google Play. The campaign has been active for at least four, experts discovered “dozens” of malicious apps in Google Play, some of which included a new Trojan.

Marketing 107
article thumbnail

Sophisticated Android Spyware Attack Spreads via Google Play

Threatpost

The PhantomLance espionage campaign is targeting specific victims, mainly in Southeast Asia -- and could be the work of the OceanLotus APT.

article thumbnail

SANDMAN AND FINEPROXY BEHIND THE DDOS ATTACKS AGAINST TIMETV.LIVE

Security Affairs

Timetv.live is the latest Azeri news site targeted by Denial of Service (DDoS) attacks launched by Sandman threat actor, the attack took place on March 21, 2020. Timetv.live is the latest Azeri news site targeted by Denial of Service attacks. The 21st of March, the website received a Denial of Service attack after the publishing of an article about Mubariz Mansimov, a businessman who has been imprisoned and claims that the arrest was ordered by the head of SOCAR – State Oil Company of Azerbaijan

article thumbnail

Data privacy quick guide: strengthen your data privacy muscles

Collibra

The emergence of the novel coronavirus has altered our lives in unprecedented ways. COVID-19 does not discriminate, so we’ve all had to change our behaviors and approaches to daily life. We’ve confined ourselves indoors, learned to be caregivers and teachers, and have begun to appreciate all the seemingly mundane things our previous lives offered. .

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

Security Affairs

The Outlaw Hacking Group is back, malware researchers from Cybaze-Yoroi ZLab have uncovered a new botnet that is targeting European organizations. Introduction. During our daily monitoring activities, we intercepted a singular Linux malware trying to penetrate the network of some of our customers. The Linux malware is the well-known “ Shellbot ”, it is a crimetool belonging to the arsenal of a threat actor tracked as the “Outlaw Hacking Group. ”.

Mining 100
article thumbnail

Hackers Leak Biopharmaceutical Firm’s Data Stolen in Ransomware Attack

Threatpost

The Clop ransomware group has reportedly leaked compromised data of biopharmaceutical company ExecuPharm after a recent cyberattack.

article thumbnail

Experts warn of deliveries scams that use a COVID-19 theme

Security Affairs

Kaspersky experts uncovered a new wave of phishing scams that use a COVID-19 theme and impersonate shipping carriers, including FedEx, UPS, and DHL. The COVID-19 outbreak is forcing people to work from home and make shopping online causing a consequent increase in the number of home deliveries. Crooks are attempting to exploit the crisis and are carrying out scams using COVID-19 delivery issues as a lure in the attempt to trick victims into visiting malicious links or open malicious attachments.

article thumbnail

How Spies Snuck Malware Into the Google Play Store—Again and Again

WIRED Threat Level

Malicious Android apps from the so-called PhantomLance campaign targeted hundreds of users, and at least two slipped past Google's defenses.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Fooling NLP Systems Through Word Swapping

Schneier on Security

MIT researchers have built a system that fools natural-language processing systems by swapping words with synonyms: The software, developed by a team at MIT, looks for the words in a sentence that are most important to an NLP classifier and replaces them with a synonym that a human would find natural. For example, changing the sentence "The characters, cast in impossibly contrived situations, are totally estranged from reality" to "The characters, cast in impossibly engineered circumstances, are

Paper 117
article thumbnail

Overcoming data obstacles in the banking industry with Industry Accelerators in Cloud Pak for Data

IBM Big Data Hub

During these times of uncertainty, all companies are being stressed in new ways; supply chains are being halted with employee sickness, retail store doors are closed to encourage social distancing, and health care facilities are overwhelmed by patient demand. In the wake of COVID-19, our banking clients are likewise looking to data science and AI to address four specific challenges: providing an extreme customer experience, mitigating operational risks, reducing operating expenses, and maximizin

article thumbnail

Enterprise Security Woes Explode with Home Networks in the Mix

Threatpost

Thanks to WFH, IoT refrigerators, Samsung TVs and more can now be back-channel proxies into the corporate network.

IoT 99
article thumbnail

Clinical Trials in the EU: Ongoing Uncertainty Around Data Protection Compliance for Sponsors

Data Matters

Ongoing confusion about lawful basis for data processing in a clinical study environment: European Data Protection Board and European Commission on the one hand and certain Member States on the other differ on the correct approach. Swiss sponsors operating clinical studies in the EU face ongoing uncertainty around the appropriate lawful basis for processing study subject personal data in spite of guidance being published by the European Commission and the European Data Protection Board.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

WordPress Plugin Bug Opens 100K Websites to Compromise

Threatpost

Legions of website visitors could be infected with drive-by malware, among other issues, thanks to a CSRF bug in Real-Time Search and Replace.

article thumbnail

What's Your Cybersecurity Architecture Integration Business Plan?

Dark Reading

To get the most out of your enterprise cybersecurity products, they need to work together. But getting those products talking to each other isn't easy.

article thumbnail

Troves of Zoom Credentials Shared on Hacker Forums

Threatpost

Several new databases have been uncovered on underground forums sharing recycled Zoom credentials.

Security 102
article thumbnail

Top Endpoint Detection and Response (EDR) Solutions

eSecurity Planet

Endpoint Detection and Response (EDR) solutions offer continuous monitoring and response to advanced security threats. Here are the top EDR vendors.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

‘Black Rose Lucy’ is Back, Now Pushing Ransomware

Threatpost

Researchers say incidents of mobile malware are becoming more common and growing more sophisticated.

article thumbnail

5 Big Lessons from the Work-from-Home SOC

Dark Reading

Accustomed to working in the same room, security teams now must find ways to operate effectively in the new remote reality.

article thumbnail

The Covid-19 Pandemic Reveals Ransomware's Long Game

WIRED Threat Level

Hackers laid the groundwork months ago for attacks. Now they're flipping the switch.