Krebs on Security
DECEMBER 18, 2020
U.S. government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. According to sources, among those was a flaw in software virtualization platform VMware , which the U.S.
Data Breach Today
DECEMBER 18, 2020
Cybercriminals Are Using Phone Calls to Pressure Victims The FBI is warning of increased activity - including disruption of a police dispatch system - by the operators of DoppelPaymer, a ransomware variant linked to high-profile attacks over the last several months. The cybercriminals also are calling victims to pressure them into paying ransoms.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
DECEMBER 18, 2020
The NSA has published an advisory outlining how “malicious cyber actors” are “are manipulating trust in federated authentication environments to access protected data in the cloud.” This is related to the SolarWinds hack I have previously written about , and represents one of the techniques the SVR is using once it has gained access to target networks.
Data Breach Today
DECEMBER 18, 2020
The latest edition of the ISMG Security Report features an analysis of what we know so far about the impact of the SolarWinds supply chain hack and how to respond.
Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage
Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.
Schneier on Security
DECEMBER 18, 2020
Gizmodo is reporting that schools in the US are buying equipment to unlock cell phones from companies like Cellebrite: Gizmodo has reviewed similar accounting documents from eight school districts, seven of which are in Texas, showing that administrators paid as much $11,582 for the controversial surveillance technology. Known as mobile device forensic tools (MDFTs), this type of tech is able to siphon text messages, photos, and application data from student’s devices.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Security Affairs
DECEMBER 18, 2020
Threat actors continue to trade critical medical data in the Dark Web while organizations are involved in the response to the COVID-19 pandemic. Cybercrime organizations continue to be very active while pharmaceutical organizations are involved in the development of a COVID-19 vaccine and medicines to cure the infections. Experts from Cyble discovered in several forums on the dark web, the offer for enormous repositories of critical medical that wee stolen from multiple organizations.
Data Breach Today
DECEMBER 18, 2020
Feds Say Defunct Service Sold Encryption Technology to Criminal Gangs Assets worth $4 million have been seized by authorities in Singapore from the former CEO of Phantom Secure, a now-defunct encrypted telecommunications services provider that offered services to transnational organized criminal syndicates, according to the U.S. Justice Department.
Security Affairs
DECEMBER 18, 2020
A threat actor is spreading ransomware dubbed CoderWare that masquerades as Windows and Android versions of the recent Cyberpunk 2077. Crooks are spreading fake Windows and Android versions of installers for the new Cyberpunk 2077 video game that is delivering the CoderWare ransomware. Cyberpunk 2077 is a 2020 action role-playing video game developed and published by CD Projekt, it was one of the most.
Data Breach Today
DECEMBER 18, 2020
Researchers: 28 Third-Party Extensions Could Steal Data, Download Malware Researchers at the security firm Avast have found 28 malicious third-party browser extensions used with Google Chrome and Microsoft Edge that have been downloaded about 3 million times. These extensions are capable of spreading malware, stealing information and altering search engine results.
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
Threatpost
DECEMBER 18, 2020
Examining the backdoor's DNS communications led researchers to find a government agency and a big U.S. telco that were flagged for further exploitation in the spy campaign.
Security Affairs
DECEMBER 18, 2020
Microsoft confirms that it was also breached in the SolarWinds supply chain hack, but excluded that the attack impacted its customers. Microsoft has confirmed that it was one of the companies breached in the recent SolarWinds supply chain attack, but the IT giant denied that the nation-state actors compromised its software supply-chain to infect its customers.
Hunton Privacy
DECEMBER 18, 2020
On December 14, 2020, the Federal Trade Commission announced that it had issued orders to nine social media and video streaming companies, requesting information on how the companies collect, use and present personal information, their advertising and user engagement practices and how their practices affect children and teens. The orders will assist the FTC in conducting a study of these policies, practices and procedures.
Dark Reading
DECEMBER 18, 2020
New details continue to emerge each day, and there may be many more lessons to learn from what could be among the largest cyberattacks ever.
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
Threatpost
DECEMBER 18, 2020
The ongoing, growing campaign is “effectively an attack on the United States and its government and other critical institutions,” Microsoft warned.
Dark Reading
DECEMBER 18, 2020
Attack on thousands of other companies as "moment of reckoning" for governments and industry, company president says.
Threatpost
DECEMBER 18, 2020
Threat actors impersonate Google Play store in scam as Sony pulls the game off the PlayStation store due to myriad performance issues.
Dark Reading
DECEMBER 18, 2020
There's much in store for the future of cybersecurity, and the most interesting things aren't happening on Earth.
Advertisement
“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.
Threatpost
DECEMBER 18, 2020
Researchers predict software security will continue to struggle to keep up with cloud and IoT in the new year.
Collibra
DECEMBER 18, 2020
Implementing the right metadata management solution can positively impact an organization’s data strategy to maximize data use and reuse. Read previous blog posts on metadata management best practices and metadata management frameworks to see how metadata management can impact your organization’s data strategy to drive value from data. This blog takes the journey forward and explores how active metadata graphs and machine learning can help build a foundation for Data Intelligence within your org
Threatpost
DECEMBER 18, 2020
"Insider threat" or "human error" shows up a lot as the major cause of data breaches across all types of reports out there. But often it's not defined, or it's not clearly defined, so people conjure up their own definition.
Data Matters
DECEMBER 18, 2020
The thesis articulated in the article linked here is that (1) nearly all companies relying on standard contractual clauses for data transfers to the US under the EU General Data Protection Regulation are not electronic communications service providers for purposes of FISA 702 (i.e., only companies in the business of providing communications services would be covered) and (2) data transfers from Europe to the US under SCCs may not be targeted under FISA 702 and EO 12333 because they are (i) quint
Advertisement
If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.
IG Guru
DECEMBER 18, 2020
Registration closes Monday, January 11th at 3:00pm Hometown Security-DHS/CISA Free Tools and Services The U.S. Department of Homeland Security’s (DHS) most important mission it to protect the American people. As part of this mission, DHS fosters collaboration between the private sector and the public sector to mitigate risk and enhance the security and resilience of […].
Dark Reading
DECEMBER 18, 2020
The operators behind DoppelPaymer have begun calling victims to pressure them into paying ransom, officials say.
DLA Piper Privacy Matters
DECEMBER 18, 2020
Authors: Heidi Waem , Frederik Ringoot , Alizée Stappers. On 26 November 2020, the Belgian Data Protection Authority (BDPA) entered into a collaboration agreement with DNS Belgium, an association responsible for the registry of.be domain names. The agreement enables DNS to suspend or even delete.be websites involved in (alleged) data protection infringements, on simple request of the BDPA.
Docuware
DECEMBER 18, 2020
I n addition to traditional holiday and winter activities, many DocuWare team members will be catching up on their reading, listening to podcasts and browsing LinkedIn and Twitter. We’ve asked them about their favorites and hope you enjoy this curated list of their top picks. Here’s a look at what’s keeping members of the DocuWare team informed and entertained this year.
Advertisement
Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.
Security Affairs
DECEMBER 18, 2020
An enhanced version of the old all-source intelligence discipline could serve the purpose. By Boris Giannetto. Hybrid, interconnected and complex threats require hybrid, interconnected and complex tools. An enhanced version of the old all-source intelligence discipline could serve the purpose. Today’s society hinges on technologies and they will have most likely an ever-increasing clout in the future, thanks to the development of supercomputing, artificial intelligence, quantum and space technol
The Security Ledger
DECEMBER 18, 2020
In this podcast, sponsored by LastPass, former U.S. CISO Greg Touhill joins us to talk about news of a vast hack of U.S. government networks, which he calls a "five alarm fire" reportedly set by Russia. The post Episode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware! appeared first on The Security Ledger. Related Stories Episode 194: What Happened To All The Election Hacks?
Schneier on Security
DECEMBER 18, 2020
Stuffed squid for Christmas Eve. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.
Expert insights. Personalized for you.
355 
Let's personalize your content