Fri.Dec 09, 2022

article thumbnail

US Law Enforcement Arrests 4 for Business Email Compromise

Data Breach Today

Defendants Allegedly Obtained More Than $5.4 Million From Businesses They Duped U.S. federal prosecutors indicted four men charged with engaging in business email compromise and credit card fraud schemes that netted them $9.2 million. The FBI has warned that business email compromises - whether through account compromise or impersonation - is a growing threat.

261
261
article thumbnail

Experts devised a technique to bypass web application firewalls (WAF) of several vendors

Security Affairs

Claroty researchers devised a technique for bypassing the web application firewalls (WAF) of several vendors. Researchers at industrial and IoT cybersecurity firm Claroty devised an attack technique for bypassing the web application firewalls (WAF) of several industry-leading vendors. The technique was discovered while conducting unrelated research on Cambium Networks’ wireless device management platform.

IoT 133
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Australian Aims to Be World's 'Most Cyber-Secure' Country

Data Breach Today

New Cybersecurity Strategy Will Aspire to World-Topping Performance by 2030 Australian Home Affairs and Cyber Security Minister Clare O'Neil vowed during a speech to transform the country into the world's most cyber-secure, saying experts will start work on a strategy intended to outdo the rest of the world by 2030. The country has recently experienced a data breach wave.

Security 260
article thumbnail

Iranian APT Targets US With Drokbk Spyware via GitHub

Dark Reading

The custom malware used by the state-backed Iranian threat group Drokbk has so far flown under the radar by using GitHub as a "dead-drop resolver" to more easily evade detection.

120
120
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Ransomware-Wielding Criminals Increasingly Hit Healthcare

Data Breach Today

Sector Especially Vulnerable Due to Dispersed IT Footprint, Massive Records Storage Ransomware gangs rely on shotgun-style attacks using phishing or stolen remote access credentials to target individuals. This strategy snares less poorly prepared organizations, and that often means healthcare entities. Experts share insights on this plague on healthcare and what to do about it.

More Trending

article thumbnail

ISMG Editors: How Will the Role of CISO Evolve in 2023?

Data Breach Today

Also: Community Impact of Hospital Ransomware Attacks; Cybersecurity Market Trends In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity and privacy issues, including the evolution of the CISO role, the community impact of ransomware attacks targeting hospitals, and trends in cybersecurity customers' buying behavior.

article thumbnail

CommonSpirit confirms data breach impacts 623K patients

Security Affairs

CommonSpirit Health confirmed that the October security breach resulted in the exposure of the personal data of 623,774 patients. In early October, Common Spirit , one of the largest hospital chains in the US, suffered a ransomware cyberattack that caused severe inconvenience to the facilities and to patients. The security breach led to delayed surgeries, hold-ups in patient care and forced the chain to reschedule doctor appointments across the country.

article thumbnail

A Plan to Address Future Healthcare Cyber Challenges

Data Breach Today

The Health Sector Coordinating Council is embarking on a five-year strategic plan to help the healthcare and public health sector address future cybersecurity threats, risks and associated difficulties, says Greg Garcia, executive director for cybersecurity at HSCC.

article thumbnail

How to generate a custom shortlist of eDiscovery vendors

OpenText Information Management

If you’re like some companies, you may be using outdated, mishmashed software or a myriad of point solutions to manage your eDiscovery processes. While this antiquated approach may work for some companies or use cases, many law firms and corporations are identifying and evaluating newer legaltech technology that better align to maturity and needs. eDiscovery … The post How to generate a custom shortlist of eDiscovery vendors appeared first on OpenText Blogs.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Cisco discloses high-severity flaw impacting IP Phone 7800 and 8800 Series

Security Affairs

Cisco disclosed a high-severity flaw in its IP phones that can be exploited to gain remote code execution and conduct DoS attacks. Cisco disclosed a high-severity vulnerability, tracked as CVE-2022-20968, impacting its IP Phone 7800 and 8800 Series (except Cisco Wireless IP Phone 8821). An unauthenticated, adjacent attacker can trigger the flaw to cause a stack overflow on an affected device leading to remote code execution and denial of service (DoS) attacks.

IT 103
article thumbnail

Security Vulnerabilities in Eufy Cameras

Schneier on Security

Eufy cameras claim to be local only, but upload data to the cloud. The company is basically lying to reporters, despite being shown evidence to the contrary. The company’s behavior is so egregious that ReviewGeek is no longer recommending them. This will be interesting to watch. If Eufy can ignore security researchers and the press without there being any repercussions in the market, others will follow suit.

Security 101
article thumbnail

Lensa AI and ‘Magic Avatars’: What to Know Before Using the App

WIRED Threat Level

Are you thinking about uploading some selfies and buying a pack of ‘Magic Avatars’? Consider these expert tips first.

Privacy 99
article thumbnail

Hacking Trespass Law

Schneier on Security

This article talks about public land in the US that is completely surrounded by private land, which in some cases makes it inaccessible to the public. But there’s a hack: Some hunters have long believed, however, that the publicly owned parcels on Elk Mountain can be legally reached using a practice called corner-crossing. Corner-crossing can be visualized in terms of a checkerboard.

IT 91
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

TikTok Banned on Govt. Devices; Will Private Sector Follow Suit?

Dark Reading

Texas and Maryland this week joined three other states in prohibiting accessing the popular social media app from state-owned devices.

Access 88
article thumbnail

End of Meta’s targeted ads model?

DLA Piper Privacy Matters

uthors: Ewa Kurowska-Tober , Andrew Serwin , John Magee and Madison Swoy. A trio of forthcoming decisions against tech giant Meta may signal the end for Meta’s targeted ads model, though the issue is likely to rumble on for some time. For many years, Meta has relied on contractual necessity (Article 6(1)(b) of the GDPR) as a legal basis for the processing of its users’ personal data in order to present personalised ads to them on the company’s platforms, such as Facebook or Instagram.

GDPR 59
article thumbnail

43 Trillion Security Data Points Illuminate Our Most Pressing Threats

Dark Reading

A new report helps companies understand an ever-changing threat landscape and how to strengthen their defenses against emerging cybersecurity trends.

article thumbnail

Children’s Online Privacy Protection Act (COPPA) of 1998: Protection for the US’s Youngest Data Subjects

eDiscovery Law

A number of recent state regulations address privacy rights for consumers of all ages, but there is no equivalent federal law protecting all consumer’s privacy rights. That being said, the Children’s Online Privacy Protection Act of 1998 (“COPPA,” at 15 U.S. Code §6501 et seq.

Privacy 45
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Google: Use SLSA Framework for Better Software Security

Dark Reading

Security leaders also need to take a more holistic approach to addressing supply chain risks, company says in new research report.

article thumbnail

Security Professional Tweets About How Cars Get Hacked Remotely via Twitter

IG Guru

Check out the thread here.

article thumbnail

Iran-Backed MuddyWater's Latest Campaign Abuses Syncro Admin Tool

Dark Reading

MuddyWater joins threat groups BatLoader and Luna Moth, which have also been using Syncro to take over devices.

88
article thumbnail

Claroty CEO Yaniv Vardi on the Need to Guard Medical Devices

Data Breach Today

Why Claroty Is Offering IoT, OT, IoMT and Connected Device Security in One Platform The purchase of healthcare security startup Medigate means Claroty can address the IoT, OT, IoMT and connected device needs of hospitals from a single platform. Claroty says its single-platform approach facilitates everything from network mapping and segmentation to continuous threat detection.

IoT 144
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

How Naming Can Change the Game in Software Supply Chain Security

Dark Reading

A reliance on CPE names currently makes accurate searching for high-risk security vulnerabilities difficult.

article thumbnail

Friday Squid Blogging: China Bans Taiwanese Squid Imports

Schneier on Security

Today I have some squid geopolitical news. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.

article thumbnail

7 Ways Gaming Companies Can Battle Cybercrime on Their Platforms

Dark Reading

Balancing gameplay and security can drive down risks and improve gamers' trust and loyalty.

Risk 85