Fri.Nov 05, 2021

article thumbnail

BrakTooth Bluetooth Bugs Bite: Exploit Code, PoC Released

Threatpost

CISA is urging vendors to patch, given the release of public exploit code & a proof of concept tool for bugs that open billions of devices – phones, PCs, toys, etc. – to DoS & code execution.

Security 141
article thumbnail

1.8TB of Police Helicopter Surveillance Footage Leaks Online

WIRED Threat Level

DDoSecrets published the trove Friday afternoon. Privacy advocates say it shows how pervasive law enforcement's eye has become, and how lax its data protection can be.

Privacy 145
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Threat actor exploits MS ProxyShell flaws to deploy Babuk ransomware

Security Affairs

A new threat actor is exploiting ProxyShell flaws in attacks aimed at Microsoft Exchange servers to deploy the Babuk Ransomware in corporate networks. Talos researchers warn of a new threat actor that is hacking Microsoft Exchange servers by exploiting ProxyShell flaws to gain access to corporate and deploy the Babuk Ransomware. Over the past months, other ransomware gangs, including Conti and Lockfile , exploited ProxyShell flaws to deliver their malware.

article thumbnail

Feds Offer $10 Million Bounty for DarkSide Info

Threatpost

The U.S. State Department ups the ante in its hunt for the ransomware perpetrators by offering a sizeable cash sum for locating and arresting leaders of the cybercriminal group.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group

Security Affairs

Ukraine’s premier law enforcement and counterintelligence revealed the real identities of five FSB members behind the Gamaredon cyberespionage group. Ukraine’s premier law enforcement and counterintelligence disclosed the real identities of five alleged members of the Russia-linked APT group Gamaredon (aka Primitive Bear, Armageddon, Winterflounder, or Iron Tilden) that are suspected to be components of the Russian Federal Security Service (FSB).

Military 120

More Trending

article thumbnail

Australia: Increased privacy penalties and binding social media code tabled

DLA Piper Privacy Matters

On 25 September 2021, the Australian Commonwealth Government published a consultation draft of the Privacy Legislation Amendment (Enhancing Online Privacy and Other Measures) Bill 2021 ( Online Privacy Bill ) which, if passed, will introduce the following significant changes into the Privacy Act 1988 (Cth) ( Privacy Act ): an increase in the maximum penalties payable for serious or repeated privacy breaches; and. a framework for a binding online privacy code for social media and certain other on

Privacy 118
article thumbnail

Who's Minding Your Company's Crypto Decisions?

Dark Reading

Security teams must first evaluate security protocols and the reputation of the cryptocurrency payment platform before their companies can proceed to accept the alternative currency as payment.

Security 102
article thumbnail

npm libraries coa and rc. have been hijacked to deliver password-stealing malware

Security Affairs

Two popular npm libraries, coa and rc. , have been hijacked, threat actors replaced them with versions laced with password-stealing malware. The security team of the npm JavaScript package warns that two popular npm libraries, coa and rc. , have been hijacked, threat actors replaced them versions laced with password-stealing malware. Coa is a command-line argument parser with approximately 9 million weekly downloads, while Rc is a configuration loader with 4 million weekly downloads.

article thumbnail

Beyond the Basics: Tips for Building Advanced Ransomware Resiliency

Threatpost

Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify, offers advice on least privilege, automation, application control and more.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Ignore China’s New Data Privacy Law at Your Peril

WIRED Threat Level

The Personal Information Protection Law gives authorities the power to impose huge fines and blacklist companies. But the biggest impact may be felt outside the country.

article thumbnail

To Secure DevOps, Security Teams Must be Agile

Dark Reading

The evolution of agile development and infrastructure-as-code has given security teams the tools they need to gain visibility, find vulnerabilities early, and continuously evaluate infrastructure.

Security 126
article thumbnail

US defense contractor Electronic Warfare Associates discloses data breach

Security Affairs

US defense contractor Electronic Warfare Associates (EWA) was hit by a cyber attack, threat actors stole personal information from its email system. US defense contractor Electronic Warfare Associates (EWA) has disclosed a data breach after threat actors hacked their email system. The company confirmed that attackers exfiltrated files containing sensitive information.

article thumbnail

How InfoSec Should Use the Minimum Viable Secure Product Checklist

Dark Reading

Google and Salesforce executives discuss the need for the newly released MVSP, how tech companies came together to work on it, and how organizations should use it.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

A tale of two securities

Jamf

How using Apple Private Relay and Jamf Private Access technologies in tandem, complements security and privacy by protecting network communications and managing access to apps and services through a powerful, Zero Trust framework to ensure devices remain compliant, and data is secured end to end.

article thumbnail

Proofpoint Phish Harvests Microsoft O365, Google Logins

Threatpost

A savvy campaign impersonating the cybersecurity company skated past Microsoft email security.

Phishing 113
article thumbnail

A Drone Tried to Disrupt the Power Grid. It Won't Be the Last

WIRED Threat Level

An attack attempt in 2020 proves the UAS threat is real—and not enough is being done to stop it.

IT 115
article thumbnail

US Defense Contractor Discloses Data Breach

Dark Reading

Electronic Warfare Associates says an attackers infiltrated EWA email in August, which led to the exfiltration of files with personal data.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Native Tribal Casinos Taking Millions in Ransomware Losses

Threatpost

An FBI notification is warning of an uptick in attacks against tribal casinos.

article thumbnail

Signal (app) unveils how far US law enforcement will go to get information about people via ZDNet

IG Guru

The encrypted messaging developer said Santa Clara County police wanted very specific personal information of certain users, including IP addresses along with dates and times for each login. The post Signal (app) unveils how far US law enforcement will go to get information about people via ZDNet appeared first on IG GURU.

article thumbnail

Google Ads for Faux Cryptowallets Net Scammers At Least $500K

Threatpost

Malicious Phantom, MetaMask cryptowallets are on the prowl to drain victim funds. .

article thumbnail

Facebook to shut down face-recognition system, delete data via Yahoo! News

IG Guru

Check out the article here. The post Facebook to shut down face-recognition system, delete data via Yahoo! News appeared first on IG GURU.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

4 Tips on How Small to Midsize Businesses Can Combat Cyberattacks

Dark Reading

The first step in improving your cybersecurity is understanding your risk of attack.

article thumbnail

Planning Your 2022 Budget – Prioritizing Long-Term Investments over Short-Term Fixes

Adapture

Planning Your 2022 Budget – Prioritizing Long-Term Investments over Short-Term Fixes In an ever-changing world, it can be nearly impossible to properly allocate resources for the IT department. Rapidly growing companies can struggle to properly set their IT budgets. As these organizations scale, their IT costs can rapidly climb. Businesses may be tempted to focus on short-term fixes, but that can put their business at a competitive disadvantage.

article thumbnail

SecureAuth Buys Acceptto to Deliver Low-Friction Authentication to Enterprises

Dark Reading

Acceptto’s contextual behavior threat intelligence technology will help SecureAuth deliver AI-driven MFA and continuous password-less authentication, SecureAuth says.

article thumbnail

We’re here for you: OS Upgrade Release

Jamf

All of Apple's latest OSs are out and OS 15 and Monterey are ready for you to deploy to your teams. Here's a handful of resources to help guide you through your process and streamline it all with best practices.

IT 52
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

A drone was modified to disrupt U.S. Power Grid, says intelligence bulletin

Security Affairs

US officials believe that a drone was employed in an attempted attack on a power substation in Pennsylvania last year. . US officials believe threat actors used a drone in an attempted attack on a power substation in Pennsylvania last year. The attackers used a DJI Mavic 2 quadcopter-type drone, with a thick copper wire attached underneath it via nylon cords.

Security 143
article thumbnail

Best Risk Management Software for 2021

eSecurity Planet

Every organization needs visibility into the potential threats they face daily. Enterprise risk management software can provide risk monitoring, identification, analysis, assessment, and mitigation, all in one solution. . While a number of solutions focus on the operational and financial risks posed to enterprises, this article focuses on software vendors specializing in cybersecurity risk management.

Risk 86
article thumbnail

Weekly Update 268

Troy Hunt

Where does the time go? Feels like not a lot happening then three quarters of an hour later. But there are so many cool, interesting angles to this industry that there's always something or other happening. This week, it's new (still broken) tech courtesy of RØDE, the old Coinhive site still not dying, a super nasty data breach in Israel and Pwned Passwords absolutely powering along in both volume and the open source initiative with the FBI.