Tue.Jan 04, 2022

article thumbnail

Hospitality Chain McMenamins discloses data breach after ransomware attack

Security Affairs

Hospitality chain McMenamins disclosed a data breach after a recent ransomware attack. Hospitality chain McMenamins discloses a data breach after a ransomware attack that took place on December 12. McMenamins is a family-owned chain of brewpubs, breweries, music venues, historic hotels, and theater pubs in Oregon and Washington. . According to the company, threat actors have stolen data of individuals employed between July 1, 2010, and December 12, 2021.

article thumbnail

MY TAKE: Why companies had better start taking the security pitfalls of API proliferation seriously

The Last Watchdog

APIs are putting business networks at an acute, unprecedented level of risk – a dynamic that has yet to be fully acknowledged by businesses. Related: ‘SASE’ framework extends security to the network edge. That said, APIs are certain to get a lot more attention by security teams — and board members concerned about cyber risk mitigation — in 2022.

Security 257
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Attackers Exploit Log4j Flaws in Hands-on-Keyboard Attacks to Drop Reverse Shells

Dark Reading

Microsoft says vulnerabilities present a "real and present" danger, citing high volume of scanning and attack activity targeting the widely used Apache logging framework.

140
140
article thumbnail

List of data breaches and cyber attacks in December 2021 – 219 million records breached

IT Governance

2021 was a difficult year many of us, and with the hope that COVID-19 will dissipate in the spring, this is a new year more than any other where we want to look forwards, not backwards. But before we turn our attention to 2022, we must first round out 2021 with our final monthly review of data breaches and cyber attacks. December saw 74 publicly disclosed security incidents, which accounted for 219,310,808 breached records.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Vinnie Liu Has a Mission: Keeping People Safe Online and Offline

Dark Reading

Security Pro File: The years at the National Security Agency shaped Vinnie Liu's views on security. "We're missionaries, not mercenaries," he says.

Security 135

More Trending

article thumbnail

Why CIOs Should Report to CISOs

Dark Reading

If the CISO is responsible for the security of the organization, then that same person also should be responsible for both security and IT infrastructure.

Security 122
article thumbnail

UK ICO Consults on Regulatory Action Policy

Hunton Privacy

On December 20, 2021, the UK Information Commissioner’s Office (“ICO”) launched a public consultation on its regulatory approach. The consultation involves three separate documents – the ICO’s Regulatory Action Policy (“RAP”), Statutory Guidance on the ICO’s Regulatory Action , and Statutory Guidance on the ICO’s PECR Powers. The RAP sets forth the ICO’s risk-based approach to regulatory action and explains the factors the ICO considers before taking regulatory action, how the ICO works with oth

Risk 106
article thumbnail

Mobile Application Security: 2021's Breaches

Dark Reading

Many of last year's largest app breaches could have been prevented with testing, training, and the will to take app security seriously.

Security 118
article thumbnail

Microsoft Sees Rampant Log4j Exploit Attempts, Testing

Threatpost

Microsoft says it's only going to get worse: It's seen state-sponsored and cyber-criminal attackers probing systems for the Log4Shell flaw through the end of December.

IT 101
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Attackers abused cloud video platform to inject an e-skimmer into 100 Real Estate sites

Security Affairs

Threat actors compromised more than 100 real estate websites belonging to the same parent company by implanting an e-skimmer. Threat actors used an unnamed cloud video platform to install an e-skimmer on more than 100 real estate websites belonging to the same parent company. In e-skimming attacks, attackers inject malicious JavaScript code into e-stores to financial data while visitors are purchasing products.

Cloud 97
article thumbnail

Portugal Media Giant Impresa Crippled by Ransomware Attack

Threatpost

The websites of the company and the Expresso newspaper, as well as all of its SIC TV channels remained offline Tuesday after the New Year’s weekend attack.

article thumbnail

Purple Fox backdoor spreads through fake Telegram App installer

Security Affairs

Threat actors are spreading the Purple Fox backdoor using tainted installers of the Telegram messaging application. Threat actors are using weaponized installers of the Telegram messaging application to deliver the Purple Fox backdoor on Windows systems. Researchers from Minerva Labs pointed out that this campaign, unlike similar ones leveraging legitimate software to deliver malware, has a very low detection rate.

article thumbnail

Purple Fox Rootkit Dropped by Malicious Telegram Installers

Threatpost

Multiple malicious installers were delivering the same Purple Fox rootkit version using the same attack chain, possibly distributed via email or phishing sites.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

CrowdStrike Incorporates Intel CPU Telemetry into Falcon Sensor

Dark Reading

The Falcon sensor uses Intel PT telemetry to identify suspicious operations associated with hard-to-detect exploit techniques.

104
104
article thumbnail

Broward Health suffered a data breach that impacted +1.3 million people

Security Affairs

The Broward Health public health system disclosed a massive data breach that has impacted more than 1.3 million individuals. The Broward Health public health system has suffered a data breach that impacted 1,357,879 individuals. Broward Health , formally the North Broward Hospital District, is one of the 10 largest public health systems in the U.S. Located in Broward County, Florida, Broward Health currently operates more than 30 healthcare facilities.

article thumbnail

Log4j Remediation Rules Now Available for WhiteSource Renovate and Enterprise

Dark Reading

The Software Composition Analysis leader now offers a remediation preset for WhiteSource Renovate and Enterprise, enabling users to identify and fix the Log4j vulnerability from hundreds of downstream dependent packages of Log4j.

84
article thumbnail

Data Skimmer Hits 100+ Sotheby’s Real-Estate Websites

Threatpost

The campaign was an opportunistic supply-chain attack abusing a weaponized cloud video player.

Cloud 111
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Morgan Stanley to Pay $60 Million to Settle Data-Breach Suit via Bloomberg

IG Guru

Check out the article here. The post Morgan Stanley to Pay $60 Million to Settle Data-Breach Suit via Bloomberg appeared first on IG GURU.

article thumbnail

Google Buys Siemplify to Get Ahead in Cloud Security

Dark Reading

Google says the deal will bring security orchestration, automation, and response to its Google Cloud security portfolio and expand its Chronicle platform.

Cloud 110
article thumbnail

SEGA’s Sloppy Security Confession: Exposed AWS S3 Bucket Offers Up Steam API Access & More

Threatpost

SEGA's disclosure underscores a common, potentially catastrophic, flub — misconfigured Amazon Web Services (AWS) S3 buckets.

Access 78
article thumbnail

2022 predictions for the Life Sciences industry

OpenText Information Management

If 2020 was about accelerating digital transformation in the Life Sciences industry, 2021 embedded those changes while revealing the weaknesses and opportunities in the new environment. So, what’s going to happen in 2022? In a previous blog, I wrote that the focus on operational excellence and innovation during the COVID-19 pandemic endures. And that means we need to get much better at … The post 2022 predictions for the Life Sciences industry appeared first on OpenText Blogs.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

McMenamins Breach Affected 23 Years of Employee Data

Dark Reading

The Oregon-based hospitality and dining business reports the data was compromised in a Dec. 12 ransomware attack.

article thumbnail

The Hacker Mind Podcast: A Hacker From Hollywood

ForAllSecure

This is the story of a film star who connected the simple concept behind a player piano to complex communication technology in use in our devices today. Hedy Lamarr is perhaps best known for the dozen or so motion pictures she made -- and as the most beautiful woman in the world -- but did you know that she also co-patented the frequency hopping spread spectrum technology that is the foundation for cellular, Wi-Fi, and even Bluetooth communications?

article thumbnail

2021 Retrospective

Everteam

Analyzing , Governing. 2021 Retrospective. Anne-Claire Girard. 4 January 2022. How about a retrospective of 2021 to start 2022? This year was rich in meetings and events for Everteam and allowed us to work on new offers and contents. Everteam for you is the image of our repositioning on the SMB market. At the same time, we have continued to provide our expertise in order to meet the needs of companies, around information governance, and digital bulk management. .

article thumbnail

McMenamins Data Breach Affects 12 Years of Employee Info

Threatpost

The Pacific Northwest hospitality stalwart is also still operationally crippled by a Dec. 12 ransomware attack.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Case Study: Automated Contact Tracing in HID Malaysia Manufacturing

HID Global

Case Study: Automated Contact Tracing in HID Malaysia Manufacturing. raufreiter. Tue, 01/04/2022 - 12:28.

article thumbnail

Palo Alto Networks Appoints Helmut Reisinger to Leadership Team

Dark Reading

Reisinger joins as CEO, EMEA and Latin America, to accelerate global growth strategy.

60
article thumbnail

Different Years, Always New: The New Year in Photos

Unwritten Record

As we move into 2022, celebrations of the New Year take shape in many different forms. Due to the current circumstances, the celebrations for 2022 most likely looked very different than those in 2021, and even 2020. However, consider how different the New Year celebrations looked in 2004, 1952, 1943, and even 1869. Pictured in this post are select images located within the holdings of the Still Picture Branch at the National Archives, all related to New Year celebrations.