Wed.Aug 17, 2022

article thumbnail

Vendor Ransomware Breach Affects 942,000 Patients

Data Breach Today

Incident Is Among Latest Fallout From Attacks on Healthcare Sector Entities A New York-based practice management vendor has notified 28 healthcare entity clients and more than 942,000 of their patients that sensitive information was compromised in a ransomware attack in April. The incident is the latest fallout from ransomware assaults on the healthcare sector.

article thumbnail

Black Hat Fireside Chat: MSSPs are well-positioned to help companies achieve cyber resiliency

The Last Watchdog

Network security is in dire straits. Security teams must defend an expanding attack surface, skilled IT professionals are scarce and threat actors are having a field day. Related: The role of attack surface management. That said, Managed Security Services Providers – MSSPs — are in a position to gallop to the rescue. MSSPs arrived on the scene 15 years ago to supply device security as a contracted service: antivirus, firewalls, email security and the like.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

CrowdStrike's Michael Sentonas on Identity, Cloud and XDR

Data Breach Today

Identity, observability, log management and cloud security have been CrowdStrike's biggest areas of investment during 2022, says CTO Michael Sentonas. The company protects against the abuse of identities through a stand-alone capability embedded on the Falcon sensor.

Cloud 270
article thumbnail

New Linux Exploit ‘Dirty Cred’ Revealed at Black Hat

eSecurity Planet

A new Linux kernel exploitation called Dirty Cred was revealed at last week’s Black Hat security conference. Zhenpeng Lin, a PhD student, and a team of researchers worked on an alternative approach to the infamous Dirty Pipe vulnerability that affected Linux kernel versions 8 and later. Dity Pipe is a major flaw that allows attackers to elevate least-privileged accounts to the maximum level (root) by exploiting the way the kernel uses pipes to pass data.

Access 135
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Infoblox's Jesper Andersen on How to Identify Threats Sooner

Data Breach Today

Infoblox has invested in shifting left in the cybersecurity kill chain with on-premises, cloud and hybrid versions of its BloxOne Threat Defense tools, which help security practitioners find and identify threats earlier and mitigate risks, says President and CEO Jesper Andersen.

Cloud 259

More Trending

article thumbnail

DigitalOcean Suspects Mailchimp Hack in Account Takeover

Data Breach Today

Victim Emails Exposed in Third-Party Data Breach Involving Mailchimp Attackers are attempting to reset the passwords of some DigitalOcean customers, the cloud infrastructure provider says. The email addresses of these customers were likely exposed in a data breach involving Mailchimp, which provided transactional email services for DigitalOcean.

article thumbnail

Google fixed a new Chrome Zero-Day actively exploited in the wild

Security Affairs

Google addressed a dozen vulnerabilities in the Chrome browser, including the fifth Chrome zero-day flaw exploited this year. Google this week released security updates to address a dozen vulnerabilities in its Chrome browser for desktops including an actively exploited high-severity zero-day flaw in the wild. The actively exploited flaw, tracked as CVE-2022-2856, is an Insufficient validation of untrusted input in Intents.

article thumbnail

Are You Spending Too Much or Too Little on Security?

Data Breach Today

Canon Information Security Director Quentyn Taylor on Measuring How Much Is 'Enough' How do you know whether your organization has invested enough money and time in security? As director of information security for Canon EMEA, Quentyn Taylor is often asked this question. "I'll be honest with you - just to set some expectations here, I don't have the correct answer," he admits.

Security 237
article thumbnail

China-linked RedAlpha behind multi-year credential theft campaign

Security Affairs

A China-linked APT group named RedAlpha is behind a long-running mass credential theft campaign aimed at organizations worldwide. Recorded Future researchers attributed a long-running mass credential theft campaign to a Chinese nation-state actor tracked RedAlpha. The campaign targeted global humanitarian, think tank, and government organizations. Experts believe RedAlpha is a group of contractors conducting cyber-espionage activity on behalf of China.

Phishing 108
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

7 Smart Ways to Secure Your E-Commerce Site

Dark Reading

Especially if your e-commerce and CMS platforms are integrated, you risk multiple potential sources of intrusion, and the integration points themselves may be vulnerable to attack.

CMS 104
article thumbnail

CHINA: mobile apps remain a high privacy risk, and face stringent requirements

DLA Piper Privacy Matters

Mobile apps pervade all aspects of life in Mainland China, and in turn remain a high enforcement priority for data privacy regulators in China. For the past couple of years, operators of mobile apps in China have had to comply with over thirty additional, specific privacy compliance obligations (i.e. over and above those applicable to general websites).

Privacy 105
article thumbnail

APT Lazarus Targets Engineers with macOS Malware

Threatpost

The North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems.

article thumbnail

China-Backed RedAlpha APT Builds Sprawling Cyber-Espionage Infrastructure

Dark Reading

The state-sponsored group particularly targets organizations working on behalf of the Uyghurs, Tibet, and Taiwan, looking to gather intel that could lead to human-rights abuses, researchers say.

102
102
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

EU: Who’s who under the DMA, DSA, DGA and Data Act?

DLA Piper Privacy Matters

As part of its data strategy, the European Commission has presented a number of legislative instruments, including the Digital Markets Act (DMA), the Digital Services Act (DSA), the Data Governance Act (DGA) and the Data Act. Our article analysing these four new instruments in more detail – in particular, who these legal instruments apply to and who may benefit from them – is available to read here.

article thumbnail

Google Chrome Zero-Day Found Exploited in the Wild

Dark Reading

The high-severity security vulnerability (CVE-2022-2856) is due to improper user-input validation.

Security 136
article thumbnail

The value of Key Rotation and Re-encryption.

Thales Cloud Protection & Licensing

The value of Key Rotation and Re-encryption. divya. Thu, 08/18/2022 - 06:07. To meet various compliance requirements and reduce the risk of your most sensitive data getting compromised you may want to consider changing the encryption key used to protect this data. Thales refers to this changing of encryption keys as “Key rotation” or “Rekey”. Although encryption provides a high level of data security, it is possible that given enough time and resources, a skilled attacker could compromise an enc

article thumbnail

Google Cloud Adds Curated Detection to Chronicle

Dark Reading

The curated detection feature for Chronicle SecOps Suite provides security teams with actionable insights on cloud threats and Windows-based attacks from Google Cloud Threat Intelligence Team.

Cloud 98
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Bugdrop dropper includes features to circumvent Google’s security Controls

Security Affairs

Researchers have discovered a previously undocumented Android dropper, dubbed BugDrop, that’s still under development. Recently, researchers from ThreatFabric discovered a previously undetected Android dropper, dubbed BugDrop, which is under active development and was designed to bypass security features that will be implemented in the next release of the Google OS.

article thumbnail

CNIL Proposes 60 Million Euros Fine Against French AdTech Company For Non-Compliance with GDPR

Hunton Privacy

On August 5, 2022, French AdTech company Criteo announced that it had received a report from the French Data Protection Authority (“CNIL”) on August 3, 2022, claiming various infringements of the EU General Data Protection Regulation (“GDPR”) and proposing to impose a €60,000,000 fine against Criteo. The proposed fine follows complaints filed by privacy NGO ‘Privacy International’ against Criteo.

GDPR 85
article thumbnail

North Korea-linked APT targets Job Seekers with macOS malware

Security Affairs

The North Korea-linked Lazarus Group has been observed targeting job seekers with macOS malware working also on Intel and M1 chipsets. ESET researchers continue to monitor a cyberespionage campaign, tracked as “Operation In(ter)ception,” that has been active at least since June 2020. The campaign targets employees working in the aerospace and military sectors and leverages decoy job offer documents.

article thumbnail

Thoma Bravo Closes $6.9B Acquisition of Identity-Security Vendor SailPoint

Dark Reading

All-cash transaction deal that was first announced in April means SailPoint is no longer a publicly traded company.

Security 101
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Social Engineering for Espionage and Influence

KnowBe4

Microsoft has disrupted operations carried out by a Russian government-aligned threat actor tracked as “SEABORGIUM.” The threat actor uses phishing and credential harvesting to conduct espionage and information operations. SEABORGIUM typically focuses on organizations in Western countries, although it began targeting some Ukrainian organizations shortly before Russia invaded Ukraine.

article thumbnail

'DarkTortilla' Malware Wraps in Sophistication for High-Volume RAT Infections

Dark Reading

The stealthy crypter, active since 2015, has been used to deliver a wide range of information stealers and RATs at a rapid, widespread clip.

89
article thumbnail

Reflecting on space, time and the future of fax

OpenText Information Management

Reports on the death of fax are greatly exaggerated. Like clockwork, fresh headlines abound about its decline every year or yet another mandate to “axe the fax.” The reality? Fax volumes continue to grow every year. As companies with aging, entrenched fax networks shift to modernize, we’re working to help customers chart their own path … The post Reflecting on space, time and the future of fax appeared first on OpenText Blogs.

article thumbnail

'Operation Sugarush' Mounts Concerning Spy Effort on Shipping, Healthcare Industries

Dark Reading

A suspected Iranian threat actor known as UNC3890 is gathering intel that could be used for kinetic strikes against global shipping targets.

87
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

The Android 13 Privacy Settings You Should Update Now

WIRED Threat Level

Google’s new mobile operating system has arrived. Take back some control with these privacy and security tips.

Privacy 85
article thumbnail

ThreatX Raises $30 Million in Series B Funding to Accelerate Growth in Global API Protection Market

Dark Reading

Funds will support product development and market expansion for ThreatX, which delivers real-time protection for APIs and Web apps against complex botnets, DDoS, and multimode attacks.

article thumbnail

How private is your period-tracking app? Not very, study reveals

The Guardian Data Protection

Research on more than 20 apps found that the majority collected large amounts of personal data and shared it with third parties After the fall of federal abortion protections in the US, pressure has mounted on apps that collect pregnancy-related data to preserve people’s privacy. A new study has found many of them do not hold up to scrutiny. Experts at internet research non-profit Mozilla studied more than 20 pregnancy and period tracking apps for privacy and security features and said the resul