Dark Reading

OCTOBER 18, 2022

With the IT universe expanding, collaboration, thoughtfulness, and discipline can ensure a more secure future.

IT 97

IT Security 97

Data Breach Today

OCTOBER 18, 2022

Keyless Auto Theft Mounting Threat for Car Owners A European ring of auto thieves used software branded as a diagnostic tool to make fobless thefts of cars made by two French manufacturers. It looks like the thieves found a vulnerability in the electronic control unit governing the authorization of new key fobs.

Manufacturing 327

Manufacturing Government IT 327

Krebs on Security

OCTOBER 18, 2022

When people banking in the United States lose money because their payment card got skimmed at an ATM , gas pump or grocery store checkout terminal , they may face hassles or delays in recovering any lost funds, but they are almost always made whole by their financial institution. Yet, one class of Americans — those receiving food assistance benefits via state-issued prepaid debit cards — are particularly exposed to losses from skimming scams, and usually have little recourse to do an

Retail 228

Retail Libraries IT Risk 228

Data Breach Today

OCTOBER 18, 2022

Guilty Verdict for Breach Cover-Up a Reminder to Maintain Playbooks, Legal Cover In the wake of former Uber CSO Joe Sullivan being found guilty of a criminal data breach cover-up, legal experts say CISOs shouldn't be running scare, but should ensure they have well-defined incident response playbooks and remember to always clearly document what they're doing and why.

Data breaches 314

Data breaches 314

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Security Affairs

OCTOBER 18, 2022

Fortinet confirmed that many systems are still vulnerable to attacks exploiting the CVE-2022-40684 zero-day vulnerability. Fortinet is urging customers to address the recently discovered CVE-2022-40684 zero-day vulnerability. Unfortunately, the number of devices that have yet to be patched is still high. “After multiple notifications from Fortinet over the past week, there are still a significant number of devices that require mitigation, and following the publication by an outside party o

Authentication 132

Authentication Cybersecurity Security Risk 132

eSecurity Planet

OCTOBER 18, 2022

For any organization struck by ransomware , business leaders always ask “how do we decrypt the data ASAP, so we can get back in business?”. The good news is that ransomware files can be decrypted. The bad news is it doesn’t work most of the time: Paid ransom decryption tools and keys don’t always work. Free decryption tools don’t always work. Paid decryption tools don’t always work.

Ransomware 131

Ransomware Encryption Insurance Access 131

Data Breach Today

OCTOBER 18, 2022

MFA Is the Internet Equivalent of Seat Belts in Cars, Jen Easterly Tells Conference Multifactor authentication should be the default, not an option, says U.S. Cybersecurity and Infrastructure Security Agency Director Jen Easterly. She told an industry conference that vendors should "forcefully nudge" users into MFA and offer a more complete feature set for users who want it.

Authentication 228

Authentication Cybersecurity Security IT 228

Schneier on Security

OCTOBER 18, 2022

Everyone visiting Qatar for the World Cup needs to install spyware on their phone. Everyone travelling to Qatar during the football World Cup will be asked to download two apps called Ehteraz and Hayya. Briefly, Ehteraz is an covid-19 tracking app, while Hayya is an official World Cup app used to keep track of match tickets and to access the free Metro in Qatar.

Access 124

Access IT 124

Data Breach Today

OCTOBER 18, 2022

A study by data privacy firm Lokker found thousands of healthcare providers deploying Facebook Pixel and other similar tracking tools. Those trackers reveal "medical and other data that consumers don't know is being tracked and haven't authorized," says Ian Cohen, Lokker's chief executive officer.

Privacy 166

Privacy Data Privacy 166

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Security Affairs

OCTOBER 18, 2022

A bug in the message encryption mechanism used by Microsoft in Office 365 can allow to access the contents of the messages. Researchers at the cybersecurity firm WithSecure discovered a bug in the message encryption mechanism used by Microsoft in Office 365 that can allow to access message contents due. The experts pointed out that Microsoft Office 365 Message Encryption (OME) relies on Electronic Codebook (ECB) mode of operation.

Encryption 115

Encryption Access Cybersecurity Security 115

Data Breach Today

OCTOBER 18, 2022

Arne Schönbohm Ousted After 6 Years as President of the German BSI Days of accusations that the longtime head of the German government agency responsible for securing the government from cyberthreats has ties to Russia ended with his dismissal. Arne Schönbohm "damaged. public confidence," said a spokesperson for the Ministry of the Interior.

Cybersecurity 130

Cybersecurity Government Security 130

eSecurity Planet

OCTOBER 18, 2022

The vast majority of cybersecurity decision makers – 91 percent, in fact – find it difficult to select security products due to unclear marketing, according to the results of a survey of 800 cybersecurity and IT decision makers released today by email security company Egress. “IT Security buyers don’t have as much time as they’d like to research and choose security solutions – a situation exacerbated by vendors that exaggerate their capabilities and sell products that don’

IT 115

IT Security Cybersecurity Marketing 115

Data Breach Today

OCTOBER 18, 2022

Keynotes for FIDO, Google and Yubico Discuss Remaking MFA, Next Steps for Passkeys Multifactor authentication was supposed to be the standard, but the sharp rise in highly successful MFA bypass attacks shows the industry needs to go further in verifying identities. Keynote speakers at Authenticate 2022 said the future of passwordless technology could answer this latest threat.

Authentication 130

Authentication 130

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

eSecurity Planet

OCTOBER 18, 2022

SafeBreach Labs researchers recently uncovered a new fully undetectable (FUD) PowerShell backdoor that uses a novel approach to disguise itself as part of the Windows update process. “The covert self-developed tool and the associated C2 commands seem to be the work of a sophisticated, unknown threat actor who has targeted approximately 100 victims,” SafeBreach director of security research Tomer Bar wrote in a blog post today detailing the findings.

Security 110

Security Phishing Metadata Encryption 110

Security Affairs

OCTOBER 18, 2022

China-linked threat actors APT41 (a.k.a. Winnti ) targeted organizations in Hong Kong, in some cases remaining undetected for a year. Symantec researchers reported that cyberespionage group APT41 targeted organizations in Hong Kong in a campaign that is a likely continuation of the Operation CuckooBees activity detailed by Cybereason in May. Winnti (aka APT41 , Axiom, Barium , Blackfly) is a cyberespionage group that has been active since at least 2007.

File names 108

File names Encryption Manufacturing Libraries 108

KnowBe4

OCTOBER 18, 2022

Scammers are sending Discord messages with phony accusations to trick users into clicking on phishing links, according to Shan Abdul at MakeUseOf. The messages are sent from compromised accounts to the accounts’ friends lists, so they appear to be coming from a trusted friend. The messages tell the user that their account has been posting shady things, and asks them to click on a link for proof.

Phishing 99

Phishing 99

Security Affairs

OCTOBER 18, 2022

Video messaging company Zoom fixed a high-severity vulnerability, tracked as CVE-2022-28762, in Zoom Client for Meetings for macOS. Zoom Client for Meetings for macOS (Standard and for IT Admin) is affected by a debugging port misconfiguration. The issue, tracked as CVE-2022-28762, received a CVSS severity score of 7.3. When the camera mode rendering context is enabled as part of the Zoom App Layers API by running specific Zoom Apps, a local debugging port is opened by the client.

Access 106

Access Security IT Information Security 106

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

KnowBe4

OCTOBER 18, 2022

With ransomware attacks becoming more frequent, evasion getting more sophisticated, and ransoms increasing, new data shows organizations aren’t fighting for staff and budget.

Ransomware 98

Ransomware 98

Security Affairs

OCTOBER 18, 2022

HelpSystems, the company that developed the Cobalt Strike platform, addressed a critical remote code execution vulnerability in its software. HelpSystems, the company that developed the commercial post-exploitation toolkit Cobalt Strike, addressed a critical remote code execution vulnerability, tracked as CVE-2022-42948, in its platform. The company released an out-of-band security update to address the remote code execution issue that can be exploited by an attacker to take control of targeted

IT 103

IT Security Information Security 103

Hanzo Learning Center

OCTOBER 18, 2022

According to a recent press release from the Securities Exchange Commission (SEC) , sixteen Wall Street firms were fined for widespread and longstanding failures by the organizations and their employees to maintain and preserve electronic communications.

Compliance 98

Compliance Communications Security 98

Dark Reading

OCTOBER 18, 2022

Younger workers surveyed are less likely to follow established business cybersecurity protocols than their Gen X and baby boomer counterparts, a new survey finds.

Cybersecurity 100

Cybersecurity Risk 100

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Security Affairs

OCTOBER 18, 2022

An international law enforcement operation led by Europol disrupted a cybercrime ring focused on hacking wireless key fobs to steal cars. The French authorities in cooperation with their Spanish and Latvian peers, and with the support of Europol and Eurojust, have dismantled a cybercrime organization specializing in the theft of cars by hacking key fobs. .

Manufacturing 89

Manufacturing Marketing Security Information Security 89

Dark Reading

OCTOBER 18, 2022

Identity verification and identity authentication are neither synonymous nor interchangeable, and implementing both is essential to fighting fraud.

Authentication 101

Authentication 101

KnowBe4

OCTOBER 18, 2022

Steven Rosenbush at the WSJ reported: " Chief information officers say cybersecurity once again will be their top investment priority in 2023, a sign of how companies are racing to manage the business risk posed by escalating threats.".

Cybersecurity 88

Cybersecurity Risk 88

Dark Reading

OCTOBER 18, 2022

One of the oldest tactics in cybercrime is still one of the most widely feared — and with good reason, as campaigns are expected to increase and become more sophisticated over the next 12 months.

Phishing 89

Phishing 89

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

WIRED Threat Level

OCTOBER 18, 2022

While tensions over a possible nuclear attack on Ukraine remain high, experts say surveillance will likely catch Russia if it plans to do the unthinkable.

IT 91

IT Security 91

KnowBe4

OCTOBER 18, 2022

This new credential harvesting scam impersonates a real U.S. Government COVID-related grant program to harvest credentials and personal details using a blatantly obvious google form.

Phishing 77

Phishing Government 77

Dark Reading

OCTOBER 18, 2022

Head of German national cybersecurity agency was fired over ties to a member of Russian intelligence once honored by Vladimir Putin.

Cybersecurity 84

Cybersecurity 84