Krebs on Security

JANUARY 12, 2021

New research into the malware that set the stage for the megabreach at IT vendor SolarWinds shows the perpetrators spent months inside the company’s software development labs honing their attack before inserting malicious code into updates that SolarWinds then shipped to thousands of customers. More worrisome, the research suggests the insidious methods used by the intruders to subvert the company’s software development pipeline could be repurposed against many other major software p

Government 307

Government Access IT Security 307

Data Breach Today

JANUARY 12, 2021

Software Vendor's Infrastructure Penetrated by September 2019 Investigators probing the supply-chain attack that hit SolarWinds say attackers successfully hacked the company's Microsoft Visual Studio development tools to add a backdoor into Orion network-monitoring security software builds. They warn that other vendors may have been similarly subverted.

Security 277

Security 277

AIIM

JANUARY 12, 2021

The workplace in 2021 will demand a different set of skills. Now more than ever, organizations need to embrace disruption as a springboard for competitive advantage and adopt new ways of working that invigorate organizational performance. The needed capabilities include the ability to leverage remote work as an advantage , increase information agility, and drive business growth despite these challenging times.

Digital transformation 105

Digital transformation Marketing IT 105

Data Breach Today

JANUARY 12, 2021

SWIFT's Guy Sheppard on the Challenges of Using AI to Enhance Security Many companies claim to be successfully using artificial intelligence for security, but the use cases are still not convincing because the technology is incapable of detecting unknown malware, says Guy Sheppard of SWIFT.

Artificial Intelligence 269

Artificial Intelligence Security 269

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

IT Governance

JANUARY 12, 2021

Cyber security risk assessments are essential for organisations to protect themselves from malicious attacks and data breaches. After all, it’s only once you’re aware of the ways you’re vulnerable that you can put appropriate defences in place. But what exactly does a risk assessment do? Essentially, it helps you answer these three questions: Under what scenarios is your organisation under threat?

Risk 113

Risk Security Libraries Data breaches 113

Security Affairs

JANUARY 12, 2021

Security firm Bitdefender released a tool that allows victims of the Darkside ransomware to recover their files without paying the ransom. Good news for the victims of the Darkside ransomware , they could recover their files for free using a tool that was released by the security firm Bitdefender. The decrypter seems to work for all recent versions of the Darkside ransomware.

Ransomware 112

Ransomware Encryption Security IT 112

Data Breach Today

JANUARY 12, 2021

Terabytes of Videos, Images and Posts From Conservative Social Media Site Saved Terabytes' worth of posts, images and videos from conservative social media site Parler have been forcibly obtained by security researchers, who have archived the material for investigators in the wake of the violent riot at the U.S. Capitol.

Archiving 228

Archiving Security 228

Threatpost

JANUARY 12, 2021

Researchers informed organization of a flaw that exposed GitHub credentials through the organization’s vulnerability disclosure program.

Access 128

Access Government 128

Data Breach Today

JANUARY 12, 2021

International Law Enforcement Effort Leads to Arrest of Alleged Operator A global law enforcement operation has taken down DarkMarket, which Europol describes as the world's largest underground marketplace of illegal goods on the dark web. The market has generated about $170 million in revenue selling drugs, malware, credit cards and more, officials say.

Marketing 227

Marketing 227

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

WIRED Threat Level

JANUARY 12, 2021

The “free speech” social network also allowed unlimited access to every public post, image, and video.

Access 145

Access Privacy Security 145

Data Breach Today

JANUARY 12, 2021

5 Data Security Firms Announce Acquisitions The new year has kicked off with a flurry of data security company acquisition activity; five deals have already been announced. Companies making acquisitions are striving to improve their secure access service edge - or SASE - posture, enter new markets or bolster their technology portfolios.

Marketing 208

Marketing Access Security 208

Threatpost

JANUARY 12, 2021

The first Patch Tuesday security bulletin for 2021 from Microsoft includes fixes for one bug under active attack, possibly linked to the massive SolarWinds hacks.

Security 111

Security 111

Data Breach Today

JANUARY 12, 2021

Researchers: OSAMiner Uses Run-Only AppleScripts for Obfuscation Sentinel Labs researchers have identified an updated version of the cryptominer OSAMiner that targets the macOS operating system to mine for monero. The latest iteration uses new techniques to help prevent detection by security tools.

Mining 199

Mining Security 199

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Threatpost

JANUARY 12, 2021

Capcom, the game developer behind Resident Evil, Street Fighter and Dark Stalkers, now says its recent attack compromised the personal data of up to 400,000 gamers.

Data breaches 109

Data breaches Personal data IT Security 109

Security Affairs

JANUARY 12, 2021

Google Project Zero researchers uncovered a sophisticated hacking campaign that targeted Windows and Android users. The Google Project Zero team has recently launched an initiative aimed at devising new techniques to detect 0-day exploits employed in attacks in the wild. While partnering with the Google Threat Analysis Group (TAG), the experts discovered a watering hole attack in Q1 2020 that was carried out by a highly sophisticated actor.

Security 102

Security Access IT Information Security 102

OpenText Information Management

JANUARY 12, 2021

What are your customers experiencing when they call your customer service team? Too often, when customers reach out for help in solving a problem or completing a business task, they feel dread in anticipation of the experience they might encountered to solving their problem. Often, this feeling is well justified. Many customer service reps and case managers deal with manual or fragmented processes, and a lack of access to critical … The post How to delight customers with engaging experienc

Access 98

Access Customer Experience Content services ECM 98

Security Affairs

JANUARY 12, 2021

Cybersecurity firm CrowdStrike announced to have discovered a third malware strain, named Sunspot , directly involved in the SolarWinds supply chain attack. According to a new report published by the cybersecurity firm Crowdstrike, a third malware, dubbed SUNSPOT, was involved in the recently disclose SolarWinds supply chain attack. SUNSPOT was discovered after the Sunburst / Solorigate backdoor and Teardrop malware, but chronologically it may have been the first code to be involved in the attac

Cybersecurity 100

Cybersecurity IT Security Information Security 100

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

OpenText Information Management

JANUARY 12, 2021

Fax is so secure that faxed documents and signatures are recognized in the courts as being legally binding. It stands to reason, then, that fax would be the bedrock of financial communications, but are there ways to make it even better? What about incorporating other business drivers such as improved business efficiency or enhanced customer experience?

Financial Services 90

Financial Services Cloud Customer Experience Paper 90

Dark Reading

JANUARY 12, 2021

Companies continue to value security operations centers but the economics are increasingly challenging, with high analyst turnover and questions raised over return on investment.

Security 91

Security 91

Threatpost

JANUARY 12, 2021

A sophisticated threat actor has hijacked email security connections to spy on targets.

Security 114

Security 114

Dark Reading

JANUARY 12, 2021

A third piece of malware is uncovered, but there's still plenty of unknowns about the epic attacks purportedly out of Russia.

127

127

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Threatpost

JANUARY 12, 2021

Europol announced a wide-ranging investigation that led to the arrest of the alleged DarkMarket operator and the seizure of the marketplace's infrastructure, including more than 20 servers.

Government 77

Government Security 77

Dark Reading

JANUARY 12, 2021

Microsoft patched 83 bugs, including a Microsoft Defender zero-day and one publicly known elevation of privilege flaw.

99

99

Threatpost

JANUARY 12, 2021

WhatsApp aimed to clear the air about its updated privacy policy after reports of mandatory data sharing with Facebook drove users to Signal and Telegram in troves.

Privacy 78

Privacy IT Security 78

Security Affairs

JANUARY 12, 2021

The European Medicines Agency (EMA) revealed that some of the Pfizer/BioNTech COVID-19 vaccine data were stolen from its servers. In December, a cyber attack hit the European Medicines Agency (EMA). At the time, the EMA did not provide technical details about the attack, nor whether it will have an impact on its operations while it is evaluating and approving COVID-19 vaccines.

Data breaches 72

Data breaches Access Personal data IT 72

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Dark Reading

JANUARY 12, 2021

Demand for secure remote access has skyrocketed during the pandemic. Here Omdia profiles more secure alternatives to virtual private network (VPN) technology.

Access 82

Access Security 82

Security Affairs

JANUARY 12, 2021

The world’s largest black marketplace on the dark web, DarkMarket, has been taken offline by law enforcement in an international operation. .

Security 80

Security IT Information Security 80

eSecurity Planet

JANUARY 12, 2021

Protecting your organization from IT security risks is an ongoing, fluid task. Proactively identifying, mitigating and remediating security threats is one of the biggest challenges today’s global businesses face. As a savvy tech leader, you are likely hyperfocused on performing security risk audits to keep your networks strong and protected. Automated security risk assessments can be a good way to take your cybersecurity defenses to the next level and make your organization more efficient at the

Risk 70

Risk Security Cybersecurity Compliance 70