Data Breach Today
APRIL 30, 2021
Suspicious Activity Detected; Investigation Continues CISA is investigating whether five U.S. government agencies may have been breached when attackers exploited vulnerabilities in Pulse Connect Secure VPN products, according to a senior official. Security researchers believe that at least two nation-state groups have been attempting to exploit these flaws.
Dark Reading
APRIL 30, 2021
Security pros may be working with a false sense of security. We explore seven places where old methods and techniques have to change to keep their organizations safe.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Data Breach Today
APRIL 30, 2021
Experts Offer Advice on Avoiding Patient Data Exposure Recent incidents involving inadvertent exposure of patient data on GitHub, a software development platform, point to the need to ensure that data loss prevention tools are implemented, all available security controls are leveraged and employees are made aware of the risks involved.
DLA Piper Privacy Matters
APRIL 30, 2021
Authors: Emily Maus and Anna Spencer. HIPAA covered entities and business associates should finalize their comments soon, before the comment period for the 2020 Health Insurance Portability and Accountability Act (HIPAA) Notice of Proposed Rulemaking ( NPRM ) closes on May 6. The Office for Civil Rights (OCR), which is the federal agency within the US Department of Health and Human Services (HHS) that enforces HIPAA, released the NPRM on December 10, 2020 and later extended the deadline for sub
Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage
Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.
Data Breach Today
APRIL 30, 2021
FireEye: Attacks Happened Before Patch Issued for VPN Vulnerability A cyberthreat gang that's been active since 2020 exploited a now-patched zero-day vulnerability in the SonicWall SMA 100 Series appliance to plant ransomware in attacks launched earlier this year, FireEye Mandiant researchers say.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Data Breach Today
APRIL 30, 2021
The latest edition of the ISMG Security Report features an analysis of British spy chief Jeremy Flemming’s "cybersecurity call to arms." Also featured: Insights on COVID-19 business continuity planning; the wisdom of the late Dan Kaminsky.
Security Affairs
APRIL 30, 2021
China-linked APT group targets Russian nuclear sub designer with an undocumented backdoor. A China-linked cyberespionage group targets a Russian defense contractor involved in designing nuclear submarines for the Russian Navy. Cybereason researchers reported that a China-linked APT group targets a Russian defense contractor involved in designing nuclear submarines for the Russian Navy.
Data Breach Today
APRIL 30, 2021
Users Urged to Take Immediate Mitigation Action The developer of Berkeley Internet Name Domain, or BIND 9, an open-source implementation of domain name systems, is advising users to mitigate three vulnerabilities that attackers could remotely exploit to cause systems to crash or become inaccessible.
Threatpost
APRIL 30, 2021
Azure Defender security team discovers that memory allocation is a systemic problem that can allow threat actors to execute malicious code remotely or cause entire systems to crash.
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
Data Breach Today
APRIL 30, 2021
Gang Will Provide Malware Code to Other Attackers Rather Than Release Decryptor The Babuk ransomware gang says it will no longer launch attacks but instead will make its malware source code available for other attackers to use. The gang took credit for recent attacks against the Washington, D.C. Metropolitan Police Department and the Houston Rockets basketball team.
DLA Piper Privacy Matters
APRIL 30, 2021
On yet another application of the principles contained in the Schrems II case , on the 27th of April 2021, the Portuguese Data Protection Authority (“ CNPD ”) issued a decision ordering the suspension, within 12 hours, of any transfer of personal data resulting from the Census 2021 to the US, or to other third countries outside the EU not ensuring an adequate level of protection for the data.
Data Breach Today
APRIL 30, 2021
Discussion Tackles Ransomware and Fraud Issues Four editors at Information Security Media Group discuss timely issues, including how the zero-day attacks against Accellion File Transfer Appliance users have rewritten the rules of the cyber extortion game and former federal CIO Gregory Touhill taking on an important new role.
Schneier on Security
APRIL 30, 2021
Apple just patched a MacOS vulnerability that bypassed malware checks. The flaw is akin to a front entrance that’s barred and bolted effectively, but with a cat door at the bottom that you can easily toss a bomb through. Apple mistakenly assumed that applications will always have certain specific attributes. Owens discovered that if he made an application that was really just a script—code that tells another program what do rather than doing it itself—and didn’t include a standard ap
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
Security Affairs
APRIL 30, 2021
Microsoft researchers are warning of major security vulnerabilities affecting OT and IoT devices and high-risks for businesses using them. Researchers from Microsoft’s Section 52 team recently uncovered several critical memory allocation flaws, collectively tracked as BadAlloc , affecting IoT and OT devices. The vulnerabilities could be exploited by attackers to bypass security controls to execute malicious code or trigger DoS conditions.
Data Protection Report
APRIL 30, 2021
German Federal Labour Court dismissed employee’s claim. On 27 April 2021, the German Federal Labour Court ( Bundesarbeitsgericht , the Federal Court ) held that employees cannot request their employer to provide them with copies of all (i) the employee’s entire email correspondence; and (ii) any emails mentioning the employee by name. The Federal Court said that under applicable civil procedural rules the request was not specific enough – it was not possible precisely identify the emails such th
Security Affairs
APRIL 30, 2021
UNC2447 cybercrime gang exploited a zero-day in the Secure Mobile Access (SMA), addressed by SonicWall earlier this year, before the vendor released a fix. Researchers from FireEye’s Mandiant revealed that a sophisticated cybercrime gang tracked as UNC2447 has exploited a zero-day issue ( CVE-2021-20016 ) in SonicWall Secure Mobile Access (SMA) devices, fixed earlier this year, before the vendor addressed it.
Dark Reading
APRIL 30, 2021
An 81-page report details how ransomware has evolved, along with recommendations on how to deter attacks and disrupt its business model.
Advertisement
“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.
IG Guru
APRIL 30, 2021
Check out the article here. The post The US is readying sanctions against Russia over the SolarWinds cyber attack. Here’s a simple explanation of how the massive hack happened and why it’s such a big deal via Business Insider appeared first on IG GURU.
Dark Reading
APRIL 30, 2021
Millions of office buildings and campuses were rapidly abandoned during the pandemic. Now it's a year later. What happened in those office parks and downtown ghost towns? What security dangers lurk there now, waiting to ambush returning businesses?
Information Governance Perspectives
APRIL 30, 2021
Employers need to be able to ask specific questions, drill-down, and recover the root causes of problems and fill those gaps. We do not minimize skill sets by any stretch, but we have also learned that the ‘intangible’ side of the equation gives both sides a better shot at a long-term fit. #recruitment #hr #planning. The post Recruitment: Finding Genuine Talent in an Artificial World appeared first on Rafael Moscatel.
Threatpost
APRIL 30, 2021
The developer of the WeSteal cryptocurrency stealer can’t be bothered with fancy talk: they say flat-out that it’s “the leading way to make money in 2021”.
Advertisement
If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.
Dark Reading
APRIL 30, 2021
Most IT and cybersecurity professionals think security is important enough to delay deployment of applications, survey data shows.
Threatpost
APRIL 30, 2021
Oliver Tavakoli, CTO of Vectra AI, discusses the massive supply-chain hack's legacy and ramifications for security professionals.
IG Guru
APRIL 30, 2021
Check out the article here. The post RIM Month with Meru Data: Celebrating Women in the Information Profession via Meru Data appeared first on IG GURU.
Dark Reading
APRIL 30, 2021
Version 9 of the popular threat matrix will improve support for a variety of platforms, including cloud infrastructure.
Advertisement
Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.
Threatpost
APRIL 30, 2021
The stealthy backdoor is likely being used by Chinese APTs, researchers said.
DLA Piper Privacy Matters
APRIL 30, 2021
Authors: Keara M. Gordon , Isabelle Ord , Jeff DeGroot , and Haley Torrey. This week, the Second Circuit in McMorris v. Carlos Lopez & Assocs., LLC , No. 19-4310, weighed in on whether data-breach plaintiffs can establish Article III standing based on the theory that the theft or disclosure of their data subjects the plaintiffs to an increased risk of future identity theft or fraud.
Dark Reading
APRIL 30, 2021
UNC2447 observed targeting now-patched vulnerability in SonicWall VPN.
Expert insights. Personalized for you.
328 
Let's personalize your content