Wed.Jul 13, 2022

article thumbnail

Microsoft: 10,000 Orgs Targeted in Phishing Attack That Bypasses Multifactor Authentication

Dark Reading

The massive phishing campaign does not exploit a vulnerability in MFA. Instead, it spoofs an Office 365 authentication page to steal credentials.

article thumbnail

Search Here: Ransomware Groups Refine High-Pressure Tactics

Data Breach Today

Free Searching on Stolen Data and Higher Ransom Demands Among Latest Innovations Seeking maximum profits, ransomware groups continually refine the tactics they use to bypass defenses, infect victims and pressure them into paying. Unfortunately, a reported increase in ransomware attacks and ransom amounts getting paid to criminals suggests these efforts largely remain successful.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Celebrating Emoji Day in CyberSecurity!

Thales Cloud Protection & Licensing

Celebrating Emoji Day in CyberSecurity! divya. Thu, 07/14/2022 - 06:57. It's that day of the year again - the time? when we celebrate ?? Emoji Day on ?? 17 July. You might be wondering ??, what is Emoji Day, and what does it have to do with cybersecurity??? And you might think ?? why should security ?? professionals even care? Well, emojis are everywhere and used in all types of digital communication ???

article thumbnail

$8M of Crypto Stolen by Phishing From Uniswap Liquidity Pool

Data Breach Today

No Exploit Found on Protocol or Smart Contract, Crypto Exchange Says Thieves behind a phishing campaign targeting investors into a cryptocurrency exchange got away with at least $8 million. The attack took advantage of human credibility, not a cybersecurity exploit in the Uniswap protocol, experts say. The stolen funds are being laundered in a cryptocurrency mixer.

Phishing 269
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Three UEFI Firmware flaws found in tens of Lenovo Notebook models

Security Affairs

IT giant Lenovo released security fixes to address three vulnerabilities that impact the UEFI firmware shipped with over 70 product models. The multinational technology company Lenovo released security fixes to address three vulnerabilities that reside in the UEFI firmware shipped with over 70 product models, including several ThinkBook models. A remote attacker can trigger these flaws to execute arbitrary code on the vulnerable systems in the early stages of the boot avoiding the detection of s

Security 129

More Trending

article thumbnail

FTC Issues Business Alert on Illegal Use and Sharing of Location, Health and other Sensitive Data

Hunton Privacy

On July 11, 2022, the Federal Trade Commission’s Bureau of Consumer Protection issued a business alert on businesses’ handling of sensitive data, with a particular focus on location and health data. The alert describes the “opaque” marketplace in which consumers’ location and health data is collected and exchanged amongst businesses and the concerns and risks associated with the processing of such information.

Marketing 124
article thumbnail

July Patch Tuesday Fixes 1 Zero-Day, 84 Flaws

Data Breach Today

Microsoft Also Officially Launches Windows Autopatch Microsoft's July Patch Tuesday addresses 84 new security flaws. At the top of this month's "patch me first" list is CVE-2022-22047, a zero-day vulnerability that has been actively exploited in the wild. Also, Windows Autopatch rolls out this month.

Security 244
article thumbnail

Qakbot operations continue to evolve to avoid detection

Security Affairs

Experts warn that operators behind the Qakbot malware operation are improving their attack chain in an attempt to avoid detection. Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. The malware spreads via malspam campaigns, it inserts replies in active email threads. The threat continues to evolve implementing new attack vectors to evade detection, Zscaler Threatlabz researchers warn.

article thumbnail

Big Health Data: Top Privacy, Security Considerations

Data Breach Today

Many healthcare sector entities are undertaking projects involving the collection, analysis and sharing of large volumes of health data. But along with those efforts come critical privacy and security concerns, says attorney Iliana Peters of Polsinelli.

Privacy 241
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

President Biden Issues Executive Order Protecting Privacy of Reproductive Health Data

Hunton Privacy

On July 8, 2022, President Biden issued an Executive Order titled, “Protecting Access to Reproductive Health Care Services ,” in response to the Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization that overturned Roe v. Wade. The Executive Order aims, in part, to “ [p]rotect[] the privacy of patients and their access to accurate information” regarding reproductive health care services.

Privacy 112
article thumbnail

Post-Roe Privacy

Schneier on Security

This is an excellent essay outlining the post-Roe privacy threat model. (Summary: period tracking apps are largely a red herring.). Taken together, this means the primary digital threat for people who take abortion pills is the actual evidence of intention stored on your phone, in the form of texts, emails, and search/web history. Cynthia Conti-Cook’s incredible article “ Surveilling the Digital Abortion Diary details what we know now about how digital evidence has been used to prose

Privacy 113
article thumbnail

Google Ediscovery Best Practices: Drive API vs. Vault

Hanzo Learning Center

Connecting to an organization's various enterprise data sources is a primary goal for any ediscovery solution. After all, how can you identify, preserve, and analyze Electronically Stored Information (ESI) if you can’t connect to it? When evaluating an ediscovery solution, one of the first things you might look at is how it might connect with your organization's data.

article thumbnail

UK: New National Strategy for Health Data

DLA Piper Privacy Matters

Author: James Clark. The UK’s Department for Health and Social Care (“ DHSC ”) has published a major strategy document (‘ Data saves lives: reshaping health and social care with data ’) outlining the government’s plans for the regulation and use of data in healthcare. In this post, we look at some of the most interesting proposals outlined in the strategy and consider what they might mean for the future regulation of data and technology in UK healthcare.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Uber facing questions over how it knew Transport for London boss used app

The Guardian Data Protection

Leaked files show cab-hailing firm noted Sir Peter Hendy ‘used an Uber car twice’ during one week in 2014 The former London transport commissioner Sir Peter Hendy has questioned whether Uber unlawfully accessed his journey records after the Guardian revealed leaked company files contained a reference to trips he had taken on the app. Hendy’s name was included on an “outreach grid” of Uber’s key lobbying targets, including Boris Johnson, the then mayor of London, contained in the Uber files, a le

IT 97
article thumbnail

Large-Scale Phishing Campaign Bypasses MFA

Threatpost

Attackers used adversary-in-the-middle attacks to steal passwords, hijack sign-in sessions and skip authentication and then use victim mailboxes to launch BEC attacks against other targets.

article thumbnail

QuickBooks Vishing Scam Targets Small Businesses

Dark Reading

Businesses receive an invoice via email with a credit card charge and are asked to call a fake number and hand over personal information to receive a refund.

98
article thumbnail

Phishing Attack Steals $8 Million Worth of Cryptocurrency

KnowBe4

Scammers stole $8 million worth of Ethereum from users of the Uniswap cryptocurrency exchange, according to Sujith Somraaj at Decrypt. Notably, the attackers relied purely on social engineering to pull off the theft, despite some early claims that they exploited a vulnerability in Uniswap’s underlying protocol.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

MacOS Bug Could Let Malicious Code Break Out of Application Sandbox

Dark Reading

Microsoft reveals now-fixed flaw in Apple's App Sandbox controls could allow attackers to escalate device privileges and deploy malware.

100
100
article thumbnail

UK data watchdog investigates whether AI systems show racial bias

The Guardian Data Protection

ICO says AI-driven discrimination can lead to job rejections or being wrongfully denied bank loans or benefit The UK data watchdog is to investigate whether artificial intelligence systems are showing racial bias when dealing with job applications. The Information Commissioner’s Office said AI-driven discrimination could have “damaging consequences for people’s lives” and lead to someone being rejected for a job or being wrongfully denied a bank loan or a welfare benefit.

article thumbnail

Hacks That Bypass Multi-Factor Authentication and How to Make Your MFA Solution Phishing Resistant

KnowBe4

The average person believes using Multi-Factor Authentication (MFA) makes them significantly less likely to be hacked. That is simply not true! Hackers can bypass 90-95% of MFA solutions much easier than you would think. Using a regular looking phishing email, they can bypass MFA just as easily as if it were a simple password.

article thumbnail

Survey: Small Cybersecurity Teams Face Greater Risk from Attacks than Larger Enterprises

Dark Reading

Cynet CISO survey reveals lack of staff, skills, and resources driving smaller teams to outsource security with advanced tools, technologies, and services.

Risk 76
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

KnowBe4’s 2022 Phishing By Industry Benchmarking Report Reveals that 32.4% of Untrained End Users Will Fail a Phishing Test

KnowBe4

Once again, the human layer continues to be the most desirable attack vector for cybercriminals. 2022 marks the 5 th year KnowBe4 has analyzed hundreds of millions of elements of data in order to provide the 2022 Phishing by Industry Benchmark Report.

article thumbnail

IT’s Fixed View Needs Fixing

Micro Focus

A singular, fixed position about ever-evolving technology is a flawed position. Don’t let bias cloud your vision. Listen to what the business needs, and act accordingly.

Cloud 69
article thumbnail

Do you know your data’s complete story?

IBM Big Data Hub

Data is everywhere in a hybrid and multi-cloud world. Enterprises now have more data, more data tools, and more people involved in data consumption. This data proliferation has made it harder than ever before to trust your data: knowing where it came from, how it has changed, and who is using it. Data provenance is a complexity facing many clients engaged in data governance-related use cases.

Cloud 67
article thumbnail

3 Golden Rules of Modern Third-Party Risk Management

Dark Reading

It's time to expand the approach of TPRM solutions so risk management is more effective in the digital world.

Risk 83
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Portable Models in eDiscovery: Help or Hype? 

OpenText Information Management

In civil litigation or regulatory inquiries, parties often must engage in electronic discovery, also known as eDiscovery, which is the process of identifying, preserving, collecting, reviewing, and producing electronically stored information that is potentially relevant in the matter to the requesting party. The goal is to discover (i.e., find) potentially relevant documents to produce, while … The post Portable Models in eDiscovery: Help or Hype?

article thumbnail

Researchers Devise New Speculative Execution Attacks Against Some Intel, AMD CPUs

Dark Reading

"Retbleed" bypasses a commonly used mechanism for protecting against a certain kind of side-channel attack.

84
article thumbnail

New ‘Retbleed’ Attack Can Swipe Key Data From Intel and AMD CPUs

WIRED Threat Level

The exploit can leak password information and other sensitive material, but the chipmakers are rolling out mitigations.