Fri.Sep 02, 2022

article thumbnail

Report: Organ Transplant Data Security Needs Strengthening

Data Breach Today

United Network of Organ Sharing Security and IT Management Under Scrutiny The national network for connecting medical centers with donated human organs faces doubts about its ability to secure data amid concerns about its IT infrastructure. A federal watchdog has reviewed the Health Resources and Services Administration and United Network of Organ Sharing.

Security 246
article thumbnail

Another Ransomware For Linux Likely In Development

Security Affairs

Uptycs researchers recently spotted a new Linux ransomware that appears to be under active development. The Uptycs Threat Research team recently observed an Executable and Linkable Format ( ELF ) ransomware which encrypts the files inside Linux systems based on the given folder path. We observed that the dropped README note matches exactly with the DarkAngels ransomware README note (see Figure 1).

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

For Hire: Ex-Ubiquiti Developer Charged With Extortion

Data Breach Today

Dismissed: Ubiquiti's Related Defamation Lawsuit Against Journalist Brian Krebs Would you trust an accused hacker? Specifically, one Nickolas Sharp, a software developer charged with extorting former employer Ubiquiti, after allegedly engineering a data breach and posing as an anonymous whistleblower in media interviews.

article thumbnail

The Makings of a Successful Threat-Hunting Program

Dark Reading

Threat hunters can help build defenses as they work with offensive security teams to identify potential threats and build stronger threat barriers.

Security 145
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Overcoming Zero Trust Obstacles in Healthcare

Data Breach Today

The sheer number of connected devices in healthcare environments is one of the top challenges healthcare entities face in adopting a zero trust approach to cybersecurity, says Zachary Martin, senior adviser at law firm Venable. He discusses the obstacles to achieving zero trust in healthcare.

More Trending

article thumbnail

Courts May Decide If Lloyd's Must Cover Nation-State Attacks

Data Breach Today

Expect Legal Wrangling and Attribution Questions, Says Cordery's Jonathan Armstrong Insurance market giant Lloyd's of London says that starting next year, its cyber insurance policies will no longer cover state-sponsored cyberattacks. But with attribution being inherently tricky, expect this move to be tested in court, says Jonathan Armstrong, a partner at Cordery law firm.

Insurance 244
article thumbnail

Experts link Raspberry Robin Malware to Evil Corp cybercrime gang

Security Affairs

Researchers attribute the Raspberry Robin malware to the Russian cybercrime group known as Evil Corp group. IBM Security X-Force researchers discovered similarities between a component used in the Raspberry Robin malware and a Dridex malware loader, which was part of the malicious operations of the cybercrime gang Evil Corp. Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices.

article thumbnail

Chile Consumer Protection Agency Hit by Ransomware Attack

Data Breach Today

SERNAC Struggling to Recover From Ongoing Attack; No Other Agencies Affected Chile's national consumer protection agency was hit by a ransomware attack affecting online services and containing indicators connecting the malware with the Conti ransomware-as-a-service group. A government official says national policy is not to pay ransoms.

article thumbnail

Researchers analyzed a new JavaScript skimmer used by Magecart threat actors

Security Affairs

Researchers from Cyble analyzed a new, highly evasive JavaScript skimmer used by Magecart threat actors. Cyble Research & Intelligence Labs started its investigation after seeing a post on Twitter a new JavaScript skimmer developed by the Magecart threat group used to target Magento e-commerce websites. #JavaScript #skimmer overlayed onto payment page of an infected #Magento ecommerce store to steal payment card data from visitors exfils to united81[.]com #magecart #infosec #cybersecurity #

CMS 99
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Bill Bans Silicon Valley From Sharing Abortion Data

Data Breach Today

Legislation Awaits Governor's Signature California legislators passed a bill banning companies headquartered in the state that provide "electronic communications services" from providing records, information or other assistance to law enforcement in other states related to investigations of reproductive services, such as abortion.

article thumbnail

Attack infrastructure used in Cisco hack linked to Evil Corp affiliate

Security Affairs

Researchers discovered that the infrastructure used in Cisco hack was the same used to target a Workforce Management Solution firm. Researchers from cybersecurity firm eSentire discovered that the attack infrastructure used in recent Cisco hack was also used to attack a top Workforce Management corporation in in April 2022. The experts also speculate that the attack was orchestrated by a threat actor known as mx1r, who is an alleged member of the Evil Corp affiliate cluster dubbed UNC2165.

article thumbnail

Why Hacktivists Got Bored With the Russia-Ukraine Cyberwar

Data Breach Today

Also: BEC Scam Trends and a Cuban Ransomware Group's Strike in Montenegro In the latest weekly update, four Information Security Media Group editors discuss key cybersecurity issues, including the high cost of BEC scams, a Cuba ransomware gang's attack on Montenegro, and why so many hacktivists couldn't overcome the technical ennui of the Russia-Ukraine cyberwar.

article thumbnail

Ragnar Locker Brags About TAP Air Portugal Breach

Dark Reading

TAP assures its customers that it stopped data theft in a recent cyberattack, but the Ragnar Locker ransomware group says it made off with user info.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

A Windows 11 Automation Tool Can Easily Be Hijacked

WIRED Threat Level

Hackers can use Microsoft’s Power Automate to push out ransomware and key loggers—if they get machine access first.

article thumbnail

Montenegro is the Victim of a Cyberattack

Schneier on Security

Details are few, but Montenegro has suffered a cyberattack : A combination of ransomware and distributed denial-of-service attacks, the onslaught disrupted government services and prompted the country’s electrical utility to switch to manual control. […]. But the attack against Montenegro’s infrastructure seemed more sustained and extensive, with targets including water supply systems, transportation services and online government services, among many others.

Retail 97
article thumbnail

Neopets Hackers Had Network Access for 18 Months

Dark Reading

Neopets has confirmed that its IT systems were compromised from January 2021 through July 2022, exposing 69 million user accounts and source code.

Access 98
article thumbnail

Google Chrome issue allows overwriting the clipboard content

Security Affairs

A security issue in the Google Chrome browser could allow malicious web pages to automatically overwrite clipboard content. A vulnerability in the Google Chrome browser, as well as Chromium-based browsers, could allow malicious web pages to automatically overwrite the clipboard content without any user interaction and consent simply visiting them. According to a blog post published by the developed Jeff Johnson is issue was introduced in version 104. “This blog post isn’t just about

IT 90
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Skyrocketing IoT Bug Disclosures Put Pressure on Security Teams

Dark Reading

The expanding Internet of Things ecosystem is seeing a startling rate of vulnerability disclosures, leaving companies with a greater need for visibility into and patching of IoT devices.

IoT 111
article thumbnail

Fraud Warning from DHS OIG

KnowBe4

The Department of Homeland Security’s Office of the Inspector General (DHS OIG) has issued an alert to warn that scammers are posing as DHS employees.

article thumbnail

Ghost Data Increases Enterprise Business Risk

Dark Reading

IT has to get its hands around cloud data sprawl. Another area of focus should be on ghost data, as it expands the organization's cloud attack surface.

Risk 78
article thumbnail

Your KnowBe4 Fresh Content Updates from August 2022

KnowBe4

Check out the 50 new pieces of training content added in August, alongside the always fresh content update highlights and new features.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Voting is Now Open For the ICRM 2022 Board of Regents Elections

IG Guru

Voting for the ICRM Board of Regents is now open (to ICRM members only)! Please log in to the ICRM website and visit this link to cast your ballot: [link] Elections will be open August 29 – September 16. If you have any trouble voting, please reach out to admin@icrm.org. Thank you,Sharon LaPlantChair, ICRM Board of Regents.

71
article thumbnail

What is total experience?

OpenText Information Management

“Always treat your employees exactly as you want them to treat your best customers.” Stephen Covey was onto something when he coined this quote at the center of total experience. What is total experience? Gartner defines it as a business strategy that integrates employee experience, customer experience, user experience and multiexperience across multiple touchpoints to … The post What is total experience?

article thumbnail

New Guidelines Spell Out How to Test IoT Security Products

Dark Reading

The proposed AMTSO guidelines offer a roadmap for comprehensive testing of IoT security products.

IoT 86
article thumbnail

Leveling up: Tableau and Collibra making data intelligence ubiquitous

Collibra

Tableau is one of Collibra’s longest standing technical partners, working with Collibra for the last six years.The ongoing integration efforts have consistently delivered value to customers and prospects with data governance, catalog and lineage solutions. Next-generation products and integrations have accelerated with both companies, driving deeper value for shared customers and prospects alike by shrinking the gap between question and answer in the catalog space.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Raspberry Robin Malware Connected to Russian Evil Corp Gang

Dark Reading

Infections attributed to the USB-based worm have taken off, and now evidence links the malware to Dridex and the sanctioned Russian cybercriminal group Evil Corp.

86
article thumbnail

TikTok Users Were Vulnerable to a Single-Click Attack

WIRED Threat Level

Microsoft disclosed the flaw in the Android app’s deep link verification process, which has since been fixed.