Krebs on Security

MAY 12, 2022

The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets.

Authentication 263

Authentication Passwords Government Access 263

Data Breach Today

MAY 12, 2022

Russia Continues Its Cyber Offensive, Launches New DDoS Attacks on Ukraine Viasat's satellite communications suffered an outage an hour before the Russian invasion of Ukraine began on Feb. 24. The company said it was a cyberattack, but did not identify the attacker. The U.S., U.K., EU and Ukraine have now attributed this attack to Russia.

Communications 310

Communications IT 310

AIIM

MAY 12, 2022

Late last year, the Securities and Exchange Commission announced that J.P. Morgan Securities LLC had agreed to pay $125 million to help settle charges of “widespread and longstanding failures by the firm and its employees to maintain and preserve written communications” over the course of several years. On the same day, the Commodity Futures Trading Commission (“CFTC”) levied a $75 million fine against J.P.

Communications 115

Communications Information governance Compliance Government 115

Data Breach Today

MAY 12, 2022

CyberArk Ventures Will Give Visibility Into Adjacent Markets and Offer Integrations CyberArk has unveiled a $30 million fund to back early-stage startups with unique approaches to solving large problems in the cybersecurity industry. CyberArk Ventures will offer the company broader visibility into adjacent markets and provide high-value integrations that can evolve over time.

Marketing 292

Marketing Cybersecurity 292

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Data Matters

MAY 12, 2022

Antitrust and consumer protection law—long separate provinces, even within a dual-mission government enforcement agency like the FTC that covers both fields—at last seem to be converging, as reflected in recent government enforcement activity, statements by the FTC’s leadership, and novel private litigation theories. Sean Royall, who co-leads Sidley’s Antitrust and Consumer Protection practice and is a former Deputy Director of the FTC’s Bureau of Competition, recently called attention to this t

Privacy 109

Privacy Government 109

IT Governance

MAY 12, 2022

Vulnerability management is the practice of identifying and addressing the weaknesses in an organisation’s systems. The process is an essential part of information security and is discussed in ISO 27001 , the international standard that describes best practice for implementing an ISMS (information security management system). In this blog, we explain what vulnerability management is, how it fits into ISO 27001 and the steps you can take to address organisational weaknesses. 5 steps to effective

Risk 111

Risk Information Security GDPR Data breaches 111

Data Breach Today

MAY 12, 2022

The latest edition of the ISMG Security Report analyzes what lessons cybersecurity leaders can learn from the Russia-Ukraine war. It also examines the Okta data breach and Lapsus$ attack and describes how tech companies are supporting new developments in the FIDO protocol.

Cybersecurity 244

Cybersecurity Data breaches Security IT 244

KnowBe4

MAY 12, 2022

Researchers at Varonis warn that attackers are using customizable URLs (also known as vanity URLS) on SaaS services to craft more convincing phishing links. The attackers have used this technique for links created through Box, Zoom, and Google Docs and Forms.

Phishing 108

Phishing 108

Data Breach Today

MAY 12, 2022

Database Deletion Incident Affects About 100,000 Individuals, So Far Several eye care practices have reported health data breaches involving vendor Eye Care Leaders and its cloud-based myCare Integrity electronic medical records offering. The incident, involving the deletion of databases and systems configuration data, has affected about 100,000 or more patients.

Cloud 238

Cloud Data breaches IT 238

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

KnowBe4

MAY 12, 2022

While Russia consistently denies any launching of cyberattacks, attack details point to reasonable intent by and cybercriminal ties to the Russian government.

Government 114

Government Phishing Ransomware 114

Data Breach Today

MAY 12, 2022

Security Director Ian Keller on How - and How Not - to Secure Your Supply Chain In the latest "Troublemaker CISO" post, security director Ian Keller discusses the issue of supply chain security and whether you should disclose information about your supply chain to companies as part of the effort to secure it. His conclusion: Build your defenses and trust no one.

Security 237

Security IT 237

Threatpost

MAY 12, 2022

The stealthy, feature-rich malware has multistage evasion tactics to fly under the radar of security analysis, researchers at Proofpoint have found.

Security 115

Security 115

Data Breach Today

MAY 12, 2022

Also: First Anniversary of Colonial Pipeline Attack; CISA's Vulnerability Alert In the latest "Proof of Concept," Ari Redbord, head of legal and government affairs at TRM Labs, and former CISO David Pollino of PNC Bank join editors at ISMG to discuss the U.S Treasury's decision to sanction cryptocurrency mixer Blender.io. They also assess software supply chain security.

Security 228

Security Government 228

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Dark Reading

MAY 12, 2022

The supply chain for firmware development is vast, convoluted, and growing out of control: patching security vulnerabilities can take up to two years. For cybercriminals, it's a veritable playground.

Security 98

Security IT 98

Data Breach Today

MAY 12, 2022

74 Security Vulnerabilities - Including 3 Critical Bugs, 3 Zero-Days - Fixed Three of 74 vulnerabilities identified by Microsoft are "critical" as they exploit remote code execution with escalation of privileges. There are also updates for a new NTLM relay attack using an LSARPC flaw, tracked as CVE-2022-26925, which is a Windows LSA spoofing vulnerability.

Security 182

Security 182

Schneier on Security

MAY 12, 2022

San Francisco police are using autonomous vehicles as mobile surveillance cameras. Privacy advocates say the revelation that police are actively using AV footage is cause for alarm. “This is very concerning,” Electronic Frontier Foundation (EFF) senior staff attorney Adam Schwartz told Motherboard. He said cars in general are troves of personal consumer data, but autonomous vehicles will have even more of that data from capturing the details of the world around them.

Privacy 97

Privacy 97

KnowBe4

MAY 12, 2022

Taking advantage of heightened levels of customer trust and satisfaction, along with lowered levels of properly implemented security, credit unions are seeing a rise in email-based scams.

Security 94

Security Phishing 94

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

WIRED Threat Level

MAY 12, 2022

A group of human rights lawyers and investigators has called on the Hague to bring the first-ever “cyber war crimes” charges against Russia’s most dangerous hackers.

Security 98

Security 98

eSecurity Planet

MAY 12, 2022

User’s of F5’s BIG-IP application services could be vulnerable to a critical flaw that allows an unauthenticated attacker on the BIG-IP system to run arbitrary system commands, create or delete files, or disable services. The vulnerability is recorded as CVE-2022-1388 with a 9.8 severity rating, just below the highest possible rating of 10.

Insurance 93

Insurance Risk Access Passwords 93

Dark Reading

MAY 12, 2022

In an effort to combat phishing, Google will allow Android phones and iPhones to be used as security keys.

Phishing 122

Phishing Security 122

Security Affairs

MAY 12, 2022

Researchers uncovered a massive hacking campaign that compromised thousands of WordPress websites to redirect visitors to scam sites. Cybersecurity researchers from Sucuri uncovered a massive campaign that compromised thousands of WordPress websites by injecting malicious JavaScript code that redirects visitors to scam content. The infections automatically redirect site visitors to third-party websites containing malicious content (i.e. phishing pages, malware downloads), scam pages, or commerci

Cybersecurity 86

Cybersecurity Phishing Security IT 86

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Dark Reading

MAY 12, 2022

Researcher shares how he unearthed newer bugs in Apple's operating system by closer scrutiny of previous research, including vulnerabilities that came out of the Pwn2Own competition.

92

92

KnowBe4

MAY 12, 2022

Months after the MailChimp data breach targeting 102 companies in the crypto sector, a new lawsuit has been filed seeking millions of dollars in damages.

Data breaches 90

Data breaches Phishing 90

Dark Reading

MAY 12, 2022

Before investing, venture capitalists should consider a trio of business characteristics that seem to correlate with commercial success, based on meetings with over 2,000 cybersecurity startups.

Cybersecurity 85

Cybersecurity 85

Security Affairs

MAY 12, 2022

Researchers spotted a new remote access trojan, named Nerbian RAT, which implements sophisticated evasion and anti-analysis techniques. Researchers from Proofpoint discovered a new remote access trojan called Nerbian RAT that implements sophisticated anti-analysis and anti-reversing capabilities. The malware spreads via malspam campaigns using COVID-19 and World Health Organization (WHO) themes.

Communications 83

Communications Access Cybersecurity Government 83

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

WIRED Threat Level

MAY 12, 2022

A biotech threat intelligence group is gaining supporters as urgency mounts around an overlooked vulnerable sector.

Security 98

Security 98

Security Affairs

MAY 12, 2022

Cybersecurity authorities from Five Eye warn of threats targeting managed service providers (MSPs) and potential supply chain attacks through them. Multiple cybersecurity authorities from Australia, Canada, New Zealand, the U.K., and the U.S. this week released a joint advisory warning of threats targeting managed service providers (MSPs) and their customers. “The cybersecurity authorities of the United Kingdom, Australia, Canada, New Zealand, and the United States have released joint Cybe

Authentication 77

Authentication Cybersecurity Phishing Risk 77

Dark Reading

MAY 12, 2022

WannaCry continues to be a reminder of the challenges that organizations face dealing with the ransomware threat.

Ransomware 95

Ransomware 95