WIRED Threat Level

NOVEMBER 4, 2020

Take a deep breath and enjoy democracy at work.

Security 125

Security 125

Krebs on Security

NOVEMBER 4, 2020

Companies hit by ransomware often face a dual threat: Even if they avoid paying the ransom and can restore things from scratch, about half the time the attackers also threaten to release sensitive stolen data unless the victim pays for a promise to have the data deleted. Leaving aside the notion that victims might have any real expectation the attackers will actually destroy the stolen data, new research suggests a fair number of victims who do pay up may see some or all of the stolen data publi

Ransomware 339

Ransomware Data breaches Encryption Privacy 339

Data Breach Today

NOVEMBER 4, 2020

Time is Ripe for Interference, But US Projects Confidence After weeks of rising anxiety, Election Day proceeded in the U.S. with no public indications of interference. But experts say misinformation campaigns are still likely, and there's plenty of time for malicious activity as the vote tallying proceeds.

298

298

Schneier on Security

NOVEMBER 4, 2020

Accuracy isn’t great, but that it can be done at all is impressive. Murtuza Jadiwala, a computer science professor heading the research project, said his team was able to identify the contents of texts by examining body movement of the participants. Specifically, they focused on the movement of their shoulders and arms to extrapolate the actions of their fingers as they typed.

Data collection 141

Data collection Paper IT 141

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

Data Breach Today

NOVEMBER 4, 2020

NJ Case is Latest Involving a State AG Taking Action in a Health Data Breach In the latest health data breach enforcement action by a state, New Jersey regulators have slapped a supermarket cooperative with a large settlement for improper disposal of customer pharmacy information.

Data breaches 275

Data breaches 275

Data Breach Today

NOVEMBER 4, 2020

FireEye: UNC1945 Focuses on Telecom, Financial And Consulting Firm Targets A recently identified hacking group dubbed UNC1945 used a never-before-seen zero-day vulnerability in the Oracle Solaris operating system to target corporate networks and plant malware, according to FireEye Mandiant. This threat actor is known to focus on telecom, financial and consulting firm targets.

222

222

Security Affairs

NOVEMBER 4, 2020

Yesterday almost $1 billion worth of cryptocurrency contained in a password-protected BitCoin wallet was moved to another wallet. Ahead of the 2020 Presidential election a mysterious transaction was noticed by cyber security experts and researchers. Someone has transferred almost $1 billion worth of cryptocurrency contained in a password-protected BitCoin wallet to another wallet.

Passwords 139

Passwords Security IT Information Security 139

Data Breach Today

NOVEMBER 4, 2020

Researchers Say Spike In Emotet Infections Help Spread Banking Trojan The number of attacks related to Emotet continues to spike after the dangerous botnet re-emerged over the summer with a fresh phishing and spam campaign, according to research from HP-Bromium. During this time, Emotet is mainly infecting devices with the QBot or QakBot banking Trojan.

Phishing 216

Phishing 216

Security Affairs

NOVEMBER 4, 2020

Japanese video game developer and publisher Capcom has disclosed a cyberattack that impacted business operations over the weekend. Japanese game developer Capcom has admitted to have suffered a cyberattack over the weekend that is impacting business operations. The company has developed multiple multi-million-selling game franchises, including Street Fighter, Mega Man, Darkstalkers, Resident Evil, Devil May Cry, Onimusha, Dino Crisis, Dead Rising, Sengoku Basara, Ghosts ‘n Goblins, Monster

Ransomware 131

Ransomware Access IT Security 131

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Data Breach Today

NOVEMBER 4, 2020

FBI: Hackers Exploiting Configuration Vulnerabilities To Gain Access The FBI has issued a flash alert warning that unidentified threat actors are actively targeting vulnerable SonarQube instances to access source code repositories of U.S. government agencies and private businesses.

Access 188

Access Government 188

Data Matters

NOVEMBER 4, 2020

The results are in, and California voters have approved the California Privacy Rights Act (CPRA) which was listed on the ballot as Proposition 24. The law, most of which does not go into effect until January 1, 2023, will substantially overhaul and amend the California Consumer Privacy Act (CCPA) which went into effect just this year, on January 1, 2020, with final regulations issued just a few months ago, on August 14, 2020.

Privacy 122

Privacy B2B Sales Data breaches 122

Data Breach Today

NOVEMBER 4, 2020

After Buying Starwood, Marriott Didn't Spot Long-Running Breach for 2 More Years Takeaway from the U.K.'s GDPR privacy fine against hotel giant Marriott: During M&A, review an organization's cybersecurity posture before finalizing any acquisition. Because once a deal closes, you're fully responsible for data security - IT network warts and all.

Cybersecurity 175

Cybersecurity GDPR Privacy Security 175

Security Affairs

NOVEMBER 4, 2020

Cisco disclosed a zero-day vulnerability in the Cisco AnyConnect Secure Mobility Client software and the availability of PoC exploit code. Cisco has disclosed a zero-day vulnerability, tracked as CVE-2020-3556, in the Cisco AnyConnect Secure Mobility Client software with the public availability of a proof-of-concept exploit code. The CVE-2020-3556 flaw resided in the interprocess communication (IPC) channel of Cisco AnyConnect Client, it can be exploited by authenticated and local attackers to e

Security 131

Security Authentication Communications IT 131

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Data Breach Today

NOVEMBER 4, 2020

Brian Brackenborough and Nick Nagle on the Year Ahead Brian Brackenborough, CISO, Channel 4, the British television network, and Nick Nagle, CISO, Security Critical, a U.K.-based consultancy company, discuss the lessons learned in 2020 and how they might impact the year ahead, agreeing that 2021 provides an "opportunity for a re-set.

Security 175

Security 175

Hunton Privacy

NOVEMBER 4, 2020

On November 3, 2020, California voters approved California Proposition 24, the California Privacy Rights Act (“CPRA”). As we previously reported , the CPRA significantly amends and expands upon the California Consumer Privacy Act of 2018, which became enforceable earlier this year. The new and modified obligations under the CPRA will become operative on January 1, 2023, and, with the exception of access requests, will apply to personal information collected by businesses on or after January 1, 2

Privacy 119

Privacy Access 119

WIRED Threat Level

NOVEMBER 4, 2020

A criminal complaint alleges that a West Virginia man disguised the plastic components as wall hangers and sold hundreds of them online.

Security 137

Security 137

Security Affairs

NOVEMBER 4, 2020

Cyber Defense Magazine November 2020 Edition has arrived. We hope you enjoy this month’s edition…packed with over 150 pages of excellent content. 150 PAGESLOADED WITH EXCELLENT CONTENT Learn from the experts, cybersecurity best practices Find out about upcoming information security related conferences, expos and trade shows. Always free, no strings attached.

IT 121

IT Cybersecurity Marketing Information Security 121

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Threatpost

NOVEMBER 4, 2020

Cannabis journaling platform GrowDiaries exposed more than 3.4 million user records online, many from countries where pot is illegal.

Passwords 127

Passwords Data breaches Phishing Security 127

Security Affairs

NOVEMBER 4, 2020

Toymaker giant Mattel disclosed a ransomware attack, the incident took place in July and impacted some of its business operations. Toy industry giant Mattel announced that it has suffered a ransomware attack that took place on July 28th, 2020, and impacted some of its business operations. The good news that the company excluded the theft of internal information.

Ransomware 117

Ransomware Retail Encryption IT 117

Threatpost

NOVEMBER 4, 2020

More than 200 Google Forms impersonate top brands - including Microsoft OneDrive, Office 365, and Wells Fargo - to steal victims' credentials.

Phishing 115

Phishing Security 115

WIRED Threat Level

NOVEMBER 4, 2020

Ballot measures were approved in California to restrict commercial use of user data and in Michigan to require warrants for searches of electronic information.

Privacy 107

Privacy Security 107

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Threatpost

NOVEMBER 4, 2020

Pilot program again sparks privacy fears from ACLU as Amazon takes its partnership with law enforcement to the next level.

Privacy 120

Privacy IT Cloud Security 120

Dark Reading

NOVEMBER 4, 2020

Organizations that update business models to include cybersecurity as part of a strategic planning process may be able to better withstand unexpected disruptions.

Cybersecurity 106

Cybersecurity Security 106

OpenText Information Management

NOVEMBER 4, 2020

During this tumultuous year, digital tools have let us keep working even as we’ve shuttered once-busy office spaces, moved by the millions to home offices and learned to do many previously face-to-face tasks remotely. The result is that we’re more dependent than ever on technology – which leaves us more vulnerable than ever to cyber … The post Boost your digital fitness for cyber resilience in 2020 – and beyond appeared first on OpenText Blogs.

Security 94

Security 94

Dark Reading

NOVEMBER 4, 2020

Old software components and the inclusion of unnecessary code created a massive attack surface area in containers for scientific analysis, researchers say.

140

140

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Threatpost

NOVEMBER 4, 2020

A previous fix for the critical remote code execution bug was "incomplete," according to VMware.

Security 126

Security 126

Dark Reading

NOVEMBER 4, 2020

The new paradigm seeks to understand, integrate, and automate data workflows, and better yet, doesn't require significant investment or more personnel.

Cloud 103

Cloud 103

Threatpost

NOVEMBER 4, 2020

APT cloaks identity using script-kiddie messages and advanced deployment and targeting techniques.

Government 123

Government Security 123