Tue.Jun 14, 2022

article thumbnail

API Security Best Practices

Security Affairs

Organizations face the constant need to protect these APIs from attacks so they can protect organizational data. Organizations are rapidly opening their ecosystem through Application Programming Interfaces (API) by ensuring seamless access to data and interaction with external software components and services. APIs are the gateway to providing the high security of data in an organization.

article thumbnail

How to Ditch the Silo and Safeguard Medical Devices

Data Breach Today

CEO Wael Mohamed on Why Forescout Bought IoMT Firm CyberMDX, Analytics Firm Cysiv Since joining Forescout 15 months ago as CEO, Wael Mohamed has aggressively pursued acquisitions, scooping up CyberMDX in February to safeguard internet of medical things devices and Cysiv in June to help OT and IoT customers analyze, detect and respond to threats using cloud-native data analytics.

Analytics 246
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Ransomware Group Debuts Searchable Victim Data

Krebs on Security

Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying. The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware group, which has traditionally published any stolen victim data on the Dark Web. Today, however, the group began publishing individual victim websites on the public Internet, with the leaked data made available in an easily searchable form

article thumbnail

BlackCat Attacks University of Pisa, Demands $4.5M Ransom

Data Breach Today

Threat Actor Has Been Targeting the Education Sector in Europe and Elsewhere An operator deploying BlackCat ransomware, also known as ALPHV, appears to have claimed the University of Pisa as its latest victim. University officials reportedly face a ransom demand of $4.5 million, a "discount price" that will jump to $5 million after Thursday.

Education 244
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

“Downthem” DDoS-for-Hire Boss Gets 2 Years in Prison

Krebs on Security

A 33-year-old Illinois man was sentenced to two years in prison today following his conviction last year for operating services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against hundreds of thousands of Internet users and websites. The user interface for Downthem[.]org. Matthew Gatrel of St. Charles, Ill. was found guilty for violations of the Computer Fraud and Abuse Act (CFAA) related to his operation of downthem[.]org and ampnode[.]com , two

More Trending

article thumbnail

Understanding China’s Data Regulatory Regime: China Solicits Public Comments on Certification Rules for Cross-Border Data Processing Activities

Data Matters

Certification by a professional institution is one of the mechanisms permitted under China’s Personal Information Protection Law ( PIPL ) to legitimizing cross-border transfers of personal information. Other permitted mechanisms include governmental security review and standard contractual clauses to be issued by Chinese government. However, to date, there have been no clear rules on the criteria and procedures for obtaining the PIPL certification.

Privacy 103
article thumbnail

Monkeypox Scams Continue to Increase

KnowBe4

Attackers are taking advantage of the current news about monkeypox to trick people into clicking on malicious links, Pickr reports. Researchers at Mimecast have spotted a phishing campaign that impersonates companies in an attempt to trick employees into visiting phony health safety sites that steal their information.

Phishing 117
article thumbnail

China Issues Draft Guidelines on Certification of Personal Information Cross-Border Transfer Activities

Hunton Privacy

On April 29, 2022, the National Information Security Standardization Technical Committee of China issued a draft version of the Cybersecurity Standard Practice Guidelines – Technical Specification on Certification of Personal Information Cross-border Transfer Activities (the “Guidelines”). The public comment period for the Guidelines closed May 13, 2022.

article thumbnail

Some Cybersecurity Startups Still Attract Funding Despite Headwinds

eSecurity Planet

With the plunge in tech stocks and the freeze in the IPO market, the funding environment for cybersecurity startups has come under pressure. According to Pitchbook, the amount of venture capital investment in the first quarter was off by 35.8% to $5.1 billion on a quarter-over-quarter basis. The median late-stage valuation fell by 26.1%. VCs are certainly getting pickier with their investments.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Identity Fraud: The New Corporate Battleground

The Security Ledger

The pandemic accelerated the migration to digital services, with millions of U.S. consumers turning to the internet for everything from medical care to shopping and banking. But as consumers increasingly move their transactions online, criminals enjoy a landscape ripe for identity fraud, John Buzzard of Javelin Strategy writes in this Expert. Read the whole entry. » Related Stories Understanding the Economic Impact of Credential Stuffing Attacks How to Bring the Power of No-Code Security Au

article thumbnail

Hacking Tesla’s Remote Key Cards

Schneier on Security

Interesting vulnerability in Tesla’s NFC key cards: Martin Herfurt, a security researcher in Austria, quickly noticed something odd about the new feature: Not only did it allow the car to automatically start within 130 seconds of being unlocked with the NFC card, but it also put the car in a state to accept entirely new keys­with no authentication required and zero indication given by the in-car display. “The authorization given in the 130-second interval is too general… [it

article thumbnail

Getting Started With the Metasploit Framework: A Pentesting Tutorial

eSecurity Planet

The Metasploit project contains some of the best security tools available, including the open source Metasploit Framework. Both pen testers and hackers use it to find and exploit vulnerabilities as well as to set up reverse shells, develop malicious payloads , or generate reports. The tool, maintained by Rapid7 , even offers comprehensive documentation , where you can learn the basics to start using it.

Access 91
article thumbnail

Beware the 'Secret Agent' Cloud Middleware

Dark Reading

New open source database details the software that cloud service providers typically silently install on enterprises' virtual machines — often unbeknownst to customers.

Cloud 90
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Linux Malware Deemed ‘Nearly Impossible’ to Detect

Threatpost

Symbiote, discovered in November, parasitically infects running processes so it can steal credentials, gain rootlkit functionality and install a backdoor for remote access.

Access 83
article thumbnail

Chinese Threat Actor Employs Fake Removable Devices as Lures in Cyber-Espionage Campaign

Dark Reading

"Aoqin Dragon" has been operating since at least 2013, with targets including government and telecommunications companies in multiple countries.

article thumbnail

Experts spotted Syslogk, a Linux rootkit under development

Security Affairs

Experts spotted a new Linux rootkit, dubbed ‘Syslogk,’ that uses specially crafted “magic packets” to activate a dormant backdoor on the device. Researchers from antivirus firm Avast spotted a new Linux rootkit, dubbed ‘Syslogk,’ that uses specially crafted “magic packets” to activate a dormant backdoor on the device. The experts reported that the Syslogk rootkit is heavily based on an open-source, well-known kernel rootkit for Linux, dubbed Adore-Ng.

article thumbnail

Google: SBOMs Effective Only if They Map to Known Vulns

Dark Reading

SBOMs should be connected with vulnerability databases to fulfill their promise of reducing risk, Google security team says.

Risk 98
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Ransomware – To Pay, or Not to Pay?

Thales Cloud Protection & Licensing

Ransomware – To Pay, or Not to Pay? madhav. Tue, 06/14/2022 - 06:17. When we speak of “disruptive technologies”, we often think of it in the positive sense, relating to the development of a technology that changes our lives for the better. Of course, one must recognize that the word “disruptive” can also have a negative connotation, as any student who has disrupted a class has painfully understood.

article thumbnail

In Case You Missed RSA Conference 2022: A News Digest

Dark Reading

Here's a rundown of Dark Reading's reporting and commentary from and surrounding the first in-person RSA Conference since the pandemic began in 2020.

88
article thumbnail

SeaFlower campaign distributes backdoored versions of Web3 wallets to steal seed phrases

Security Affairs

Chinese cybercriminals are using SeaFlower backdoored versions of iOS and Android Web3 wallets to steal users’ seed phrase. Researchers from Confiant have uncovered a sophisticated malware campaign, tracked as SeaFlower, targeting Web3 wallet users. Chinese crooks are spreading backdoored versions of iOS and Android Web3 wallets to steal users’ seed phrase.

article thumbnail

How Can Security Partnerships Help to Mitigate the Increasing Cyber Threat?

Dark Reading

Martyn Ryder from Morphean explains why forging trusted partnerships is integral to the future of physical security in a world of networks, systems, and the cloud.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking at the Dublin Tech Summit in Dublin, Ireland, June 15-16, 2022. The list is maintained on this page.

70
article thumbnail

Quantifying the SaaS Supply Chain and Its Risks

Dark Reading

Organizations do not have good visibility into all the software-as-a-service applications that connect to and access data stored in core business.

Risk 79
article thumbnail

Building a successful SaaS HR document solution with SAP SuccessFactors

OpenText Information Management

When digitizing HR business processes, organizations expect solutions that lead to an improvement in efficiency through comprehensive features, but also fast project implementation. OpenText™ Core for SAP® SuccessFactors® is a SaaS solution on an extensible Cloud platform, which makes it possible to deliver on these challenges and to achieve customers’ HR business goals.

Cloud 67
article thumbnail

DDoS Subscription Service Operator Gets 2 Years in Prison

Dark Reading

The distributed denial-as-a-service websites were behind more than 200K attacks on targets including schools and hospitals.

82
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Kaiser Permanente Exposes Nearly 70K Medical Records in Data Breach

Threatpost

Attackers gained access to private account details through an email compromise incident that occurred in April.

article thumbnail

Microsoft Patches 'Follina' Zero-Day Flaw in Monthly Security Update

Dark Reading

Here are which Microsoft patches to prioritize among the June Patch Tuesday batch.

article thumbnail

June 15: It’s the end of the Internet Explorer era via ZDNet.com

IG Guru

Check the article here. The post June 15: It’s the end of the Internet Explorer era via ZDNet.com appeared first on IG GURU.

IT 74