Data Breach Today

JANUARY 6, 2021

Vermont Health Network Postpones Next Phases The lingering aftershocks of an October ransomware attack and ongoing COVID-19 response challenges are forcing the University of Vermont Health Network to delay the next phases of an enterprisewide electronic health record rollout.

Ransomware 316

Ransomware 316

Lenny Zeltser

JANUARY 6, 2021

Malware analysis sits at the intersection of incident response, forensics, system and network administration, security monitoring, and software engineering. You can get into this field by building upon your existing skills in any of these disciplines. As someone who’s helped thousands of security professionals learn how to analyze malware at SANS Institute , I have a few tips for how you can get started.

Metadata 145

Metadata IT Access Security 145

Data Breach Today

JANUARY 6, 2021

Agency Recommends Replacement of Old TLS and SSL Protocols The U.S. National Security Agency has released guidance on how the Defense Department, other federal agencies and the contractors that support them should replace obsolete encryption protocols that can enable cyber intrusions. NSA also advises other organizations to take the same steps.

Encryption 299

Encryption Security 299

Dark Reading

JANUARY 6, 2021

There's a fine line between protecting against suspicious, malicious, or unwanted activity and making users jump through hoops to prove themselves.

Security 142

Security 142

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Data Breach Today

JANUARY 6, 2021

After Apparent Ransomware Attack, Patient Information Posted Apex Laboratory a Farmingdale, New York-based blood testing facility, is notifying patients about the leak of their information, including test results. The security incident - which appears to involve ransomware - happened in July.

Ransomware 272

Ransomware Security 272

Data Breach Today

JANUARY 6, 2021

US Justice Department to Appeal Extradition Rejection A U.K. court denied Julian Assange bail Wednesday as the U.S. Justice Department prepares to appeal a judge's ruling earlier this week rejecting their request to extradite the WikiLeaks founder to the U.S. to face criminal charges. Assange will remain in a high-security prison during the appeals process.

Security 265

Security 265

WIRED Threat Level

JANUARY 6, 2021

WikiLeaks successor DDoSecrets has amassed a controversial new collection of corporate secrets and is sharing them in the name of transparency.

Ransomware 136

Ransomware Privacy Security 136

Data Breach Today

JANUARY 6, 2021

Messages Contain Malware, Attempt to Steal Banking Credentials The Australian Cyber Security Center is warning that fraudsters have recently started sending phishing emails that spoof the agency and contain malware designed to steal banking credentials.

Phishing 179

Phishing Security 179

Schneier on Security

JANUARY 6, 2021

This is bad : More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via either the SSH interface or the web administration panel. […]. Installing patches removes the backdoor account, which, according to Eye Control researchers, uses the “zyfwp” username and the “PrOw!

Passwords 117

Passwords Access 117

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Data Breach Today

JANUARY 6, 2021

Lawsuit Alleges Software Vendor Misled Investors Over the Security of Its Products A SolarWinds shareholder has filed a lawsuit claiming the company included misleading statements - regarding the security of its products - in its filings with the U.S. Securities and Exchange Commission.

Security 173

Security IT 173

Threatpost

JANUARY 6, 2021

More than 100,000 Zyxel networking products could be vulnerable to a hardcoded credential vulnerability (CVE-2020-29583) potentially allowing cybercriminal device takeover.

113

113

Security Affairs

JANUARY 6, 2021

WhatsApp is notifying users that starting February 8, 2021, they will be obliged to share their data with Facebook, leaving them no choice. This is bad news for WhatsApp users and their privacy, the company is notifying them that starting February 8, 2021, they will be requested to share their data with Facebook companies. Curiously the announcement comes a few days after the company has updated its Privacy Policy and Terms of Service. ,, “Respect for your privacy is coded into our DNA,

IT 109

IT Privacy Metadata Security 109

Threatpost

JANUARY 6, 2021

The NSA released new guidance providing system administrators with the tools to update outdated TLS protocols.

Systems administration 121

Systems administration Government Security 121

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Security Affairs

JANUARY 6, 2021

Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn. The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The vulnerability received a CVSS score of 7.8, it could be exploited by an attacker to login with administrative privileges and take over the networking devices.

Passwords 104

Passwords Cloud Security Access 104

Dark Reading

JANUARY 6, 2021

Leaked information includes source code of Nissan mobile apps, diagnostics tool, and market research tools and data, among other assets.

Marketing 110

Marketing 110

Hunton Privacy

JANUARY 6, 2021

The Federal Trade Commission issued a call for presentations on consumer privacy and data security research for its sixth annual PrivacyCon , which is to be held on July 27, 2021. The call for presentations asks for empirical research and demonstrations, including economic analyses, with implications for privacy and data security policy and law. The FTC identified nearly two dozen issues of particular interest for this year’s gathering of stakeholders, including: Analysis of Privacy Consideratio

Privacy 88

Privacy Risk Security IT 88

Security Affairs

JANUARY 6, 2021

Google released an Android security update that addressed tens of flaws, including a critical Android remote code execution vulnerability. Google released an Android security update that addresses 43 flaws, including a critical remote code execution vulnerability in the Android System component tracked as CVE-2021-0316. Google addressed the flaws with the release of Security patch levels of 2021-01-05 or later. “The most severe of these issues is a critical security vulnerability in the Sy

Security 86

Security Information Security IT 86

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Threatpost

JANUARY 6, 2021

Report outlines deep cybersecurity challenges for the public/private seagoing sector.

Cybersecurity 124

Cybersecurity Government Security 124

Dark Reading

JANUARY 6, 2021

In the past two months alone, attacks against the sector soared 45% - more than double the rate of other sectors, Check Point says.

137

137

Jamf

JANUARY 6, 2021

TrustRadius awarded Jamf first place in "Feature Set," "Usability" and "Customer Support" categories for mobile device management (MDM) software.

MDM 93

MDM 93

WIRED Threat Level

JANUARY 6, 2021

Employees admitted to using stolen passwords and URL guessing to access confidential data.

Passwords 108

Passwords Access Security 108

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Dark Reading

JANUARY 6, 2021

Three percent of email accounts were breached, the Department of Justice reports.

107

107

Collibra

JANUARY 6, 2021

An augmented data catalog is crucial for all data-driven organizations. According to Gartner, who coined the term, an augmented data catalog is a data catalog that uses machine learning to automate the manual task of cataloging data. An augmented data catalog is a must have for data and analytics leaders. Why do organizations need an augmented data catalog?

Metadata 64

Metadata Analytics Government Compliance 64

Dark Reading

JANUARY 6, 2021

Open source tools can be great additions to your cloud security arsenal. Here are a half-dozen to get you started.

Security 115

Security Cloud 115

IG Guru

JANUARY 6, 2021

Check out the article here. The post Fire destroys Motorcycle Week’s offices; man rescued from building via The Laconia Daily Sun appeared first on IG GURU.

Records Management 60

Records Management Archiving Information governance Risk 60

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Dark Reading

JANUARY 6, 2021

As the digital risk landscape evolves and grows, organizations must stay vigilant against online threats.

Risk 110

Risk 110

ForAllSecure

JANUARY 6, 2021

As we look into the new year, we see three trends emerging for application security. DevOps/DevSecOps drive fuzzing mainstream. The 2020 Standard C++ Foundation annual survey showed that 37% of developers are now using fuzzing in concert with continuous deployment. We expect fuzzing to continue to grow and become standard in DevOps/DevSecOps pipelines.

Data Privacy 52

Data Privacy Cybersecurity Marketing Security 52

Info Source

JANUARY 6, 2021

Company Promotes Bill Strogis as Chief Revenue Officer and Appoints Paz Macdonald as Vice President of Marketing, Among Others. NEW YORK, Jan. 6, 2021 /PRNewswire/ — Hyperscience , the automation company, today announced key company hires and executive promotions. Bill Strogis was promoted to CRO, leveraging his extensive sales experience to further drive revenue growth around the globe.

Sales 52

Sales Marketing B2B Customer Experience 52