Threatpost

MAY 10, 2022

The threat group has leaked data that it claims was stolen in the breach and is promising more government-targeted attacks.

Ransomware 67

Ransomware Government IT 67

Data Breach Today

MAY 10, 2022

Healthcare sector organizations should prepare to deal with potential hacktivist attacks tied to controversy surrounding the U.S. Supreme Court's leaked draft ruling and eventual final decision involving Roe vs. Wade, says attorney Erik Weinick of the law firm Otterbourg PC.

292

292

Krebs on Security

MAY 10, 2022

Microsoft today released updates to fix at least 74 separate security problems in its Windows operating systems and related software. This month’s patch batch includes fixes for seven “critical” flaws, as well as a zero-day vulnerability that affects all supported versions of Windows. By all accounts, the most urgent bug Microsoft addressed this month is CVE-2022-26925 , a weakness in a central component of Windows security (the “ Local Security Authority ” process

Authentication 269

Authentication Ransomware Security IT 269

Data Breach Today

MAY 10, 2022

Flaw Is in iControl REST Authentication Platform; Researchers Urge Patching An exploit has been created using critical remote code execution vulnerability CVE-2022-1388 in BIG-IP network traffic security management appliances. F5 BIG-IP admins are advised to immediately implement the patches for this vulnerability, which were released last week.

Authentication 272

Authentication Security 272

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Hunton Privacy

MAY 10, 2022

On May 10, 2022, Connecticut Governor Ned Lamont signed An Act Concerning Personal Data Privacy and Online Monitoring , after the law was previously passed by the Connecticut General Assembly in April. Connecticut is now the fifth state to enact a consumer privacy law. Upon taking effect on July 1, 2023, the law, also known as the Connecticut Data Privacy Act (“CTDPA”), will apply to individuals and entities that (1) conduct business in Connecticut, or produce products or services that are targe

Privacy 118

Privacy Personal data Sales B2B 118

Security Affairs

MAY 10, 2022

Microsoft Patch Tuesday security updates for May 2022 address three zero-day vulnerabilities, one of them actively exploited. Microsoft Patch Tuesday security updates for May 2022 addressed three zero-day vulnerabilities, one of which is under active attack. The IT giant fixed a total of 74 flaws in Microsoft Windows and Windows Components,NET and Visual Studio, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Office and Office Components, Windows Hyper-V, Windows Authentication Metho

Authentication 115

Authentication Security Cybersecurity IT 115

Data Breach Today

MAY 10, 2022

'Financial Burden' of Cyberattack Amid COVID-19 Too Much for 157-Year-Old College The "financial burden" of a December 2021 cyberattack and the aftereffects of the COVID-19 pandemic forced 157-year-old Lincoln College in Illinois to cease operations on Friday, its president, David Gerlach, says. The school underwent a three-month-long recovery period during enrollment season.

Ransomware 246

Ransomware IT 246

OpenText Information Management

MAY 10, 2022

OpenText has decided to protect employee benefits and rights, regardless of which US State they live in. The post In the Pursuit of Liberty appeared first on OpenText Blogs.

110

110

Data Breach Today

MAY 10, 2022

Abnormal Wants to Apply Its Account Takeover Prevention Technology to New Areas Abnormal Security has closed a $210 million funding round on a $4 billion valuation to apply its account takeover prevention technology to areas other than email. The company wants to use its AI to protect accounts across systems and SaaS platforms and in environments such as Workday and Salesforce.

Security 244

Security IT 244

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

KnowBe4

MAY 10, 2022

The China-based threat actor Mustang Panda is conducting spear phishing campaigns against organizations in NATO countries and Russia, as well as entities in the US and Asia, according to researchers at Cisco Talos. The goal of this activity is cyberespionage.

Phishing 106

Phishing 106

Data Breach Today

MAY 10, 2022

Noname Security's Karl Mattson on Growth of API Usage - and Exploits Noname Security is out with its new API Security Trends Report, and - no surprise - API usage has grown exponentially. The bad news: So have API attacks by opportunistic adversaries. Karl Mattson of Noname discusses the report and some new ways of approaching API security.

Security 242

Security IT 242

eSecurity Planet

MAY 10, 2022

Hackers have found a way to infect Windows Event Logs with fileless malware , security researchers have found. Kaspersky researchers on May 4 revealed “a new stash for fileless malware.” During a “very targeted” campaign, hackers used Windows Event Logs to inject shellcode payloads and operate stealthily. This new approach is highly sophisticated yet could still become popular, as it seems quite efficient for injecting malicious DLL and evading detection.

Encryption 100

Encryption Libraries Communications Security 100

Data Breach Today

MAY 10, 2022

GCHQ's Jeremy Fleming Also Traces Impact of Russia-Ukraine War on Cybersecurity Britain's law enforcement and intelligence agencies continue to work with partners to directly disrupt criminal infrastructure and deny criminals access to cybercrime tools, says Jeremy Fleming, the head of the U.K.'s security, intelligence and cyber agency, GCHQ.

Cybersecurity 242

Cybersecurity Access Security 242

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

DLA Piper Privacy Matters

MAY 10, 2022

Today, through the Queen’s Speech, the UK Government has set out its legislative program for the next Parliamentary term. The speech outlined 38 proposed laws, including the Data Reform Bill. The introduction of the Data Reform Bill will reform the UK’s current data protection framework, bringing in potentially significant changes to the UK GDPR and Data Protection Act.

Paper 97

Paper GDPR Compliance Privacy 97

Data Breach Today

MAY 10, 2022

US Regulators Say Firm Violated Series of Federal Pipeline Safety Rules U.S. regulators have proposed that Colonial Pipeline, which was hit by a cyberattack in May 2021, be fined $986,400 over a series of federal pipeline safety regulation violations. The ransomware attack caused fuel shortages along the U.S. East Coast, where the firm operates a 5,500-mile pipeline.

Ransomware 235

Ransomware 235

Security Affairs

MAY 10, 2022

The European Union condemns the cyberattacks conducted by Russia against Ukraine, which targeted the satellite KA-SAT network. The European Union accused Russia of the cyberattack that hit the satellite KA-SAT network in Ukraine, operated by Viasat, on February 24. This cyberattack caused communication outages and disruptions in Ukraine, it also impacted several EU Member States. 5,800 Enercon wind turbines in Germany were unreachable due to the spillover from this attack.

Communications 94

Communications Cybersecurity Risk Security 94

Thales Cloud Protection & Licensing

MAY 10, 2022

Checklist for Getting Cyber Insurance Coverage. madhav. Tue, 05/10/2022 - 05:43. As cyber criminals mature and advance their tactics, small and medium businesses become the most vulnerable because they lack the capacity – staff, technology, budget - to build strong cyber defenses. SMEs can quickly become easy targets for criminals wishing to target larger enterprises through complex supply chains.

Insurance 77

Insurance Authentication Risk Ransomware 77

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Security Affairs

MAY 10, 2022

Hacktivists yesterday defaced the Russian TV with pro-Ukraine messages and took down the RuTube video streaming site. Hacktivists and white hat hackers continue to support Ukraine against the Russian invasion, in a recent attack, they defaced Russian TV with anti-war messages and took down the RuTube video streaming site. The attack took place during Russia’s Victory Day, Russians attempting to view the parade were displayed Pro-Ukraine messages due to a cyber attack that impacted the Russ

Archiving 90

Archiving Access Cybersecurity Security 90

KnowBe4

MAY 10, 2022

Tricky SMTP Relay Email Spoofing. Man Convicted For 23M Phishing Scam. Email not displaying? | View Knowbe4 Blog. CyberheistNews Vol 12 #19 | May 10th, 2022. [Heads Up] There is a New Type of Phishing Campaign Using Simple Email Templates A phishing campaign is using short, terse emails to trick people into visiting a credential-harvesting site, according to Paul Ducklin at Naked Security.

Phishing 79

Phishing Passwords Security awareness Risk 79

Dark Reading

MAY 10, 2022

COVID-19 and a December 2021 cyberattack combined to put the future of Abraham Lincoln's namesake college in peril.

100

100

Security Affairs

MAY 10, 2022

The Resecurity HUNTER unit identified a new underground service called ‘Frappo’, which is available on the Dark Web. “Frappo” acts as a Phishing-as-a-Service and enables cybercriminals the ability to host and generate high-quality phishing pages which impersonate major online banking, e-commerce, popular retailers, and online-services to steal customer data.

Phishing 76

Phishing Retail Financial Services Data breaches 76

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Dark Reading

MAY 10, 2022

Microsoft's May 2022 Patch Tuesday contains several bugs in ubiquitous software that could affect millions of machines, researchers warn.

85

85

Security Affairs

MAY 10, 2022

Threat actors are exploiting critical F5 BIG-IP flaw CVE-2022-1388 to deliver malicious code, cybersecurity researchers warn. Threat actors started massively exploiting the critical remote code execution vulnerability, tracked as CVE-2022-1388 , affecting F5 BIG-IP. Last week security and application delivery solutions provider F5 released its security notification to inform customers that it has released security updates from tens of vulnerabilities in its products. ?.

Cybersecurity 75

Cybersecurity Access Security IT 75

WIRED Threat Level

MAY 10, 2022

By working together, the companies say they’re better able to find security flaws in Google Cloud’s Confidential Computing infrastructure.

Access 79

Access Cloud IT Security 79

Dark Reading

MAY 10, 2022

Kaspersky researchers discovered that cybercriminals made approximately 65,000 attacks between July 2021 and April 2022.

85

85

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Jamf

MAY 10, 2022

Jamf protects against the most recent findings on Lazerous Group malware targeting macOS. CISA recently posted findings on a handful of malicious applications they refer to as TraderTraitor and many vendors detect as NukeSped malware.

59

59

Dark Reading

MAY 10, 2022

The Dark Crystal remote access Trojan (aka DCRat) breaks a few stereotypes, with coding done by a solo developer, using an obscure Web language and offering it at a frighteningly low price.

Access 95

Access IT 95

Jamf

MAY 10, 2022

Trend Micro researchers recently documented a new piece of malware by an APT threat actor named Earth Berberokawhich targets gambling websites.

59

59