Data Breach Today
APRIL 14, 2021
Intelligence Hearing Focuses on Need for Federal Breach Notification Law, Fixing 'Blind Spots' The SolarWinds supply chain attack that led to follow-on attacks on nine government agencies and 100 companies points to the need for a federal law requiring prompt breach notification, several senators said at a Wednesday hearing.
Schneier on Security
APRIL 14, 2021
In January, we learned about a Chinese espionage campaign that exploited four zero-days in Microsoft Exchange. One of the characteristics of the campaign, in the later days when the Chinese probably realized that the vulnerabilities would soon be fixed, was to install a web shell in compromised networks that would give them subsequent remote access.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Data Breach Today
APRIL 14, 2021
But Nation Won't Pursue Legal Action in the Case The Russian state-sponsored group Fancy Bear was responsible for breaches at the Swedish Sports Confederation that resulted in hackers accessing sensitive athlete information, including doping test results, according to the Swedish Prosecution Authority. But Sweden will not pursue legal action in the case.
Security Affairs
APRIL 14, 2021
For the second time in a week, a Chromium zero-day remote code execution exploit code has been released on Twitter, multiple browsers impacted. A new Chromium zero-day remote code execution exploit has been released on Twitter this week, kile the previous one that affects current versions of Google Chrome, Microsoft Edge, and likely other Chromium-based browsers.
Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage
Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.
Data Breach Today
APRIL 14, 2021
Remediation Effort at Organizations in at Least 8 States May Be First of Its Kind in the US In an unprecedented action, the FBI is removing web shells from on-premises Microsoft Exchange servers at organizations in at least eight states that were infected in a wave of attacks earlier this year. Security experts offer an analysis of the bold move that the FBI took without notifying the organizations.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Data Breach Today
APRIL 14, 2021
CrowdStrike’s Mark Goudie on Why Plans Must Be Tailor-Made and Frequently Tested An incidence response plan is worthless unless it's customized to meet an organization's needs and tested on a regular basis, says Mark Goudie, regional director services, APJ, at CrowdStrike.
Security Affairs
APRIL 14, 2021
FBI log into web shells that hackers installed on Microsoft Exchange email servers across the US and removed the malicious code used by threat actors. A US judge granted the FBI the power to log into web shells that were injected by nation-state hackers on Microsoft Exchange servers across the US and remove the malware, announced the US Department of Justice. “Authorities have executed a court-authorized operation to copy and remove malicious web shells from hundreds of vulnerable computer
Data Breach Today
APRIL 14, 2021
Dave DeWalt, former CEO of FireEye and McAfee, has been appointed vice chair of the board of LogDNA, a log management company, and he’s committed to the popular “shift left” movement. But he’s also got a keen eye on the broader cybersecurity marketplace and shares insights on its seismic changes.
Threatpost
APRIL 14, 2021
Not a Gouda situation: An attack on a logistics firm is suspected to be related to Microsoft Exchange server flaw.
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
Data Breach Today
APRIL 14, 2021
Fed Releases a Definition That Could Make It Easier to Identify Red Flags Now that the Federal Reserve has issued a definition for synthetic ID fraud, fraud-fighting efforts likely will improve because it will be easier to identify red flags, some security experts say.
Dark Reading
APRIL 14, 2021
Lora Vaughn was at a crossroads -- and that was before mandated pandemic lockdowns came into play. Here's her story of how life got sweeter after she stepped away from the CISO job.
Data Breach Today
APRIL 14, 2021
4 Dutch and Nigerian Suspects Accused of Scamming German Health Authority Interpol says Dutch and Nigerian suspects created a cloned version of a legitimate personal protective equipment provider's website to trick a German health authority seeking face masks. The case is a reminder that a "sophisticated" scheme need not require extreme technical sophistication to succeed.
Security Affairs
APRIL 14, 2021
WhatsApp addressed two security vulnerabilities in its app for Android that could have been exploited to remotely hack the victim’s device. WhatsApp recently addressed two security vulnerabilities in its app for Android that could have been exploited by remote attackers to execute malicious code on a target device and potentially eavesdrop on communications.
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
Data Breach Today
APRIL 14, 2021
Updated Report From IBM Provides New Details Cybercriminals, likely backed by nation-states, are expanding global spear-phishing campaigns targeting the COVID-19 vaccine "cold chain" in an attempt to steal credentials so they can gain "privileged insight" into sensitive information, the IBM Security X-Force says in an updated report.
Thales Cloud Protection & Licensing
APRIL 14, 2021
Schrems II moves the goalposts – better data discovery can help. sparsh. Thu, 04/15/2021 - 05:17. Just when you thought that you had a working solution compliant with General Data Protection Regulation (GDPR), for sharing data between EU and non-EU countries as part of your regular business communications, the Schrems II ruling appears out of nowhere and moves the goalposts!
WIRED Threat Level
APRIL 14, 2021
The agency's approach to protecting vulnerable victims of the recent Hafnium attack manages to be at once controversial and refreshingly restrained.
Threatpost
APRIL 14, 2021
The vulnerability is triggered when a cloud container pulls a malicious image from a registry.
Advertisement
“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.
IG Guru
APRIL 14, 2021
Check out the article here. The post The world generated 64.2 zettabytes of data last year – but where did it all go? via Data Center News appeared first on IG GURU.
Threatpost
APRIL 14, 2021
Search-engine optimization (SEO) tactics direct users searching for common business forms such as invoices, receipts or other templates to hacker-controlled Google-hosted domains.
WIRED Threat Level
APRIL 14, 2021
In a Senate briefing, the heads of the major intelligence agencies warned the public about dangers that offer no easy solutions.
Schneier on Security
APRIL 14, 2021
This is a current list of where and when I am scheduled to speak: I’m keynoting the (all-virtual) RSA Conference 2021 , May 17-20, 2021. I’m keynoting the 5th International Symposium on Cyber Security Cryptology and Machine Learning (via Zoom), July 8-9, 2021. I’ll be speaking at an Informa event on September 14, 2021. Details to come. The list is maintained on this page.
Advertisement
If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.
Dark Reading
APRIL 14, 2021
A court order authorized the FBI to remove malicious Web shells from hundreds of vulnerable machines running on-premise Exchange Server.
Threatpost
APRIL 14, 2021
Joseph Carson, chief security scientist at Thycotic, discusses the death of data privacy and what comes next.
Collibra
APRIL 14, 2021
Collibra and Google Cloud provide solutions that naturally complement each other. Together, the two companies help customers maximize value from their enterprise data, promoting agile data operations, helping to derive innovative business insights, while ensuring those insights can be trusted and relevant policies are complied with. . This established partnership is being further strengthened by a new set of integrations that bring their cloud data platforms closer together and drive greater val
Threatpost
APRIL 14, 2021
Microsoft fixes 110 vulnerabilities, with 19 classified as critical and another flaw under active attack.
Advertisement
Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.
Dark Reading
APRIL 14, 2021
The number of components in the average application rose 77% over two years. No wonder, then, that 84% of codebases have at least one vulnerability.
Threatpost
APRIL 14, 2021
In a veritable cyber-SWAT action, the Feds remotely removed the infections without warning businesses beforehand.
Adam Shostack
APRIL 14, 2021
On Monday, the Department of Justice announced that it had cleaned malware (“webshells”) off of hundreds of infected mail systems running Microsoft Exchange. Microsoft has been trying to get folks to apply critical security patches to address a problem that’s being actively exploited. A few minutes ago, I posted a screencapture of Microsoft’s autoupdater going haywire on my Mac.
Expert insights. Personalized for you.
334 
Let's personalize your content