Wed.Aug 05, 2020

article thumbnail

How WastedLocker Evades Anti-Ransomware Tools

Data Breach Today

Sophos Says Malware Designed to Avoid Security Measures WastedLocker, a ransomware strain that reportedly shut down Garmin's operations for several days in July, is designed to avoid security tools within infected devices, according to a technical analysis from Sophos.

article thumbnail

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Security Affairs

ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum. ZDNet has reported in exclusive that a list of plaintext usernames and passwords for 900 Pulse Secure VPN enterprise servers, along with IP addresses, has been shared on a Russian-speaking hacker forum. ZDNet has obtained a copy of the list with the help of threat intelligence firm KELA and verified confirmed the authenticity of the data.

Passwords 134
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Behavioral Biometrics: Avoiding Mistakes

Data Breach Today

Too many companies that are implementing behavioral biometrics to combat fraud lack a complete understanding of how to make the most of the technology, says David Lacey, managing director at IDCARE, Australia and New Zealand's not-for-profit national identity and cyber support service.

260
260
article thumbnail

Does remote working affect the cost of a data breach?

IT Governance

Since the start of the COVID-19 pandemic, experts have warned that the switch to remote working would negatively affect organisations’ ability to detect and contain security incidents. Of course, many employers didn’t have a choice. Government guidelines in the UK and many other parts of the world urged people to work from home wherever possible. So what affect has this had on organisations’ cyber security?

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

FBI Warns of Serious Risks Posed by Using Windows 7

Data Breach Today

Bureau Says Attackers Can Use Vulnerable RDP Connections to Access Networks The FBI is warning organizations that are still using Microsoft Windows 7 they are in danger of attackers exploiting vulnerabilities in the unsupported operating system to gain network access. The agency points to an uptick in such attack attempts.

Risk 279

More Trending

article thumbnail

Garmin Reportedly Paid a Ransom

Data Breach Today

Company Says 'Temporary Limitations' on Services Continue Garmin, a fitness tracker and navigation device firm, apparently paid a ransom to recover from a July 23 security incident that encrypted several of its systems, according to two news reports as well as expert analysis. The company says it's still experiencing 'temporary limitations" on services.

article thumbnail

Exclusive: TIM’s Red Team Research finds 4 zero-days in WOWZA Streaming Engine product

Security Affairs

Researchers from TIM’s Red Team Research (RTR) have discovered another 4 new zero-day vulnerabilities in the WOWZA Streaming Engine product. Last month, the TIM’s Red Team Research (RTR) disclosed 2 new vulnerabilities affecting the Oracle Business Intelligence product with High severity. Today, the TIM’s Red Team Research led by Massimiliano Brolli, discovered 4 new vulnerabilities that have been addressed by the manufacturer WOWZA Streaming Engine, between the end of 2019 and

article thumbnail

A Flaw Used by Stuxnet Wasn't Fully Fixed

Data Breach Today

Black Hat Conference Research Spots Windows Print Spooler Problems Vulnerabilities in the Microsoft Windows print spooler, an aging but important component, will be discussed at the Black Hat security conference on Thursday. The vulnerabilities are rooted in patches that Microsoft created to fix issues exploited by Stuxnet, the malware that hampered Iran's nuclear program.

Security 225
article thumbnail

A Cyber ‘Vigilante’ is Sabotaging Emotet’s Return

Threatpost

During Black Hat USA 2020, Threatpost talks to Sherrod DeGrippo, with Proofpoint, about Emotet's recent return -and how a cyber vigilante is attempting to thwart the malware's comeback.

Phishing 117
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

NSA: Beware of Devices Collecting Location Data

Data Breach Today

Warning Intended Primarily for National Security, Defense Users The NSA has issued an alert warning those working in the national security and defense sectors to mitigate the risks posed by mobile and internet of things devices, along with apps, that collect location data.

Risk 172
article thumbnail

Dutch Hackers Found a Simple Way to Mess With Traffic Lights

WIRED Threat Level

By reverse-engineering apps intended for cyclists, security researchers found they could cause delays in at least 10 cities from anywhere in the world.

Security 125
article thumbnail

Flaw in popular NodeJS ‘express-fileupload’ module allows DoS attacks and code injection

Security Affairs

Expert found a flaw in a popular NodeJS module that can allow attackers to perform a denial-of-service (DoS) attack on a server or get arbitrary code execution. The NodeJS module “ express-fileupload ,” which has more that 7.3 million times downloads from the npm repository. The NodeJS module is affected by a ‘Prototype Pollution’ CVE-2020-7699 vulnerability that can allow attackers to perform a denial-of-service (DoS) attack on a server or inject arbitrary code. “T

article thumbnail

Office Drama on MacOS - Detecting sandbox escapes

Jamf

Patrick Wardle, principle security researcher at Jamf, presented at BlackHat on an interesting approach to escaping the App Sandbox in macOS with a little help from Microsoft Office.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

A Hacker Guide To Deep Learning Based Side Channel Attacks

Elie

This talk provides a step-by-step introduction on how to use deep learning to perform AES side-channel attacks.

118
118
article thumbnail

Why Confidential Computing Is a Game Changer

Dark Reading

Confidential Computing is a transformational technology that should be part of every enterprise cloud deployment. It's time to start unlocking the possibilities together.

Cloud 102
article thumbnail

Privacy Expert Posts Infographic about Shcrems II and Privacy Shield

IG Guru

A High-Level Visual of the Schrems II JudgmentMost likely, privacy pros will need to have conversations with non-privacy business colleagues in their company regarding the impact of Schrems II as data transfers are at risk. While there is still significant uncertainty about how to best comply and document compliance, helping your business colleagues understand the […].

Privacy 94
article thumbnail

Black Hat 2020: Open-Source AI to Spur Wave of ‘Synthetic Media’ Attacks

Threatpost

The explosion of open-source AI models are lowering the barrier of entry for bad actors to create fake video, audio and images - and Facebook, Twitter and other platforms aren't ready.

Privacy 90
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Attack of the Clone: Next-Gen Social Engineering

Dark Reading

NeoEYED CTO Tamaghna Basu tells us how he created an AI bot to mimic him, how it could be used in social engineering attacks, and what the experience taught him about the value of true human connections.

IT 89
article thumbnail

Twitter Fixes High-Severity Flaw Affecting Android Users

Threatpost

A vulnerability in Twitter for Android could have allowed attackers to access private direct messages (DMs) and other data.

Access 109
article thumbnail

iOS 14’s Best Privacy Feature? Catching Data-Grabbing Apps

WIRED Threat Level

Apple's new operating system hasn't been released to the public yet, but its new permission notifications are already shaming developers into cleaning up their acts.

Privacy 91
article thumbnail

NSA Warns Smartphones Leak Location Data

Threatpost

The agency known for its own questionable surveillance activity advised how mobile users can limit others’ ability to track where they are.

IT 102
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

3 Tips for Securing Open Source Software

Dark Reading

Maintaining myriad open source components can be tough. Here's how teams can begin to address open source security and continue to innovate.

article thumbnail

Black Hat 2020: In a Turnaround, Voting Machine Vendor Embraces Ethical Hackers

Threatpost

Voting machine technology seller Election Systems & Software (ES&S) offered an olive branch to security researchers with new safe harbor terms and vulnerability disclosure policies at Black Hat USA 2020.

article thumbnail

A Most Personal Threat: Implantable Medical Devices

Dark Reading

Alan Michaels, director of the Electronic Systems Lab at the Virginia Tech Hume Center, explains why implanted medical devices could pose a threat to secure communication facilities.

article thumbnail

Black Hat 2020: Scaling Mail-In Voting Spawns Broad Challenges

Threatpost

Voting Village security celeb Matt Blaze delves into the logistics of scaling up mail-in voting ahead of November's election.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Cyber Defense Magazine – August 2020 has arrived. Enjoy it!

Security Affairs

Cyber Defense Magazine august 2020 Edition has arrived. We hope you enjoy this month’s edition…packed with over 147 pages of excellent content. OVER 145 PAGESALWAYS FREE – LOADED WITH EXCELLENT CONTENT Learn from the experts, cybersecurity best practices Find out about upcoming information security related conferences, expos and trade shows.

B2C 76
article thumbnail

Black Hat 2020: Linux Spyware Stack Ties Together 5 Chinese APTs

Threatpost

The groups, all tied to the Winnti supply-chain specialist gang, were seen using the same Linux rootkit and backdoor combo.

97
article thumbnail

Tales from the Trenches Show Security Issues Endemic to Healthcare

Dark Reading

The CISO for Indiana University Health says simple policies, good communication, and strong authentication go much further than vendor tools in solving security problems.

Security 109