Wed.Jan 25, 2023

article thumbnail

Experian Glitch Exposing Credit Files Lasted 47 Days

Krebs on Security

On Dec. 23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how to bypass its security and access any consumer’s full credit report — armed with nothing more than a person’s name, address, date of birth, and Social Security number. Experian fixed the glitch, but remained silent about the incident for a month.

Mining 274
article thumbnail

Reported Data Breaches in US Reach Near-Record Highs

Data Breach Today

1,802 Breach Notifications Issued in 2022; Over 440 Million Individuals Affected Data breaches in 2022 hit near-record levels as U.S. organizations issued 1,802 data breach notifications and more than 400 million individuals were affected. But only 34% of breach notifications included actionable information for consumers whose information was exposed.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

What Are You Doing for Data Protection Day?

IT Governance

Data protection is something that affects almost everything that we do. From checking our phones first thing in the morning to logging in at work, from high-street shopping to monitoring our biometric data at the gym, we are constantly handing over our personal information. Although many of us are broadly aware of the risks involved when sharing this data, we don’t fully grasp the ramifications – nor do we realise there are ways we can better protect our personal information.

article thumbnail

North Korean Crypto Hackers Keep Nose to the Grindstone

Data Breach Today

TA444 Is Adaptable and Hard-Working, Say Proofpoint Researchers A North Korean hacking group tracked by cybersecurity firm Proofpoint as TA444 in December unleashed a torrent of spam in a bid to harvest credentials - evidence of a hacking group that mirrors "startup culture in its devotion to the dollar and to the grind.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Beware: Images, Video Shared on Signal Hang Around

The Security Ledger

A researcher is warning that photos and video files shared in Signal chats may be hanging around on devices, even when they deleted the messages in which the images were shared. The post Beware: Images, Video Shared on Signal Hang Around appeared first on The Security Ledger with Paul F. Roberts. Related Stories IoCs vs. EoCs: What’s the difference and why should you care?

More Trending

article thumbnail

Frictionless Ediscovery: Reducing Context Switching in Your Workflow

Hanzo Learning Center

Let’s face it, if litigation is imminent and you’re preparing for the discovery process, friction has already taken place between opposing parties. But that’s not what I mean when I’m talking about “frictionless ediscovery.

IT 98
article thumbnail

VA: Contractors Have 1 Hour to Report a Security Incident

Data Breach Today

Final Rule Also Addresses 'Liquidated Damages' Contractors Must Pay in Breaches An update to acquisition regulations within the Department of Veterans Affairs says that contractors have one hour to report a security and privacy incident. The clock starts ticking after the incident has been discovered. The department says the rule change only codifies an existing requirement.

Security 144
article thumbnail

Log4j Vulnerabilities Are Here to Stay — Are You Prepared?

Dark Reading

Don't make perfect the enemy of good in vulnerability management. Context is key — prioritize vulnerabilities that are actually exploitable. Act quickly if the vulnerability is on a potential attack path to a critical asset.

96
article thumbnail

Why Healthcare Orgs Must Prioritize 3rd-Party Risk Management

Data Breach Today

Venminder CEO James Hyde on Reducing Risk Exposure From Vendor Relationships With breaches on the rise and the average cost of a healthcare breach reaching a staggering $10.1 million in 2022, third-party risk management is a growing concern in the healthcare industry. Venminder CEO James Hyde offers tips on reducing risk exposure from vendor relationships.

Risk 130
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

French rugby club Stade Français leaks source code

Security Affairs

Prestigious club Stade Français potentially endangered its fans for over a year after leaking its website’s source code. Stade Français is a professional rugby union club based in Paris. Founded in 1883 and competing in France’s premier rugby league, Top 14, it has established itself as one of the most successful teams in the country, with a dedicated fan base of hundreds of thousands of followers on social media.

article thumbnail

Clinic Reports Tracking Pixel Breach Involving 3rd Party

Data Breach Today

Latest Health Provider to Treat Use of Online Trackers as Reportable HIPAA Breach A Midwest specialty medical care clinic has reported to regulators a health data breach affecting 134,000 patients involving one of its critical partners' previous use of Meta Pixel and Google tracking codes embedded in its websites and patient portals.

article thumbnail

Microsoft Azure-Based Kerberos Attacks Crack Open Cloud Accounts

Dark Reading

Two common attacks against on-premises Kerberos authentication servers — known as Pass the Ticket and Silver Ticket — can be used against Microsoft's Azure AD Kerberos, a security firms says.

Cloud 125
article thumbnail

Delinea Snags David Castignola as CRO to Push Beyond Banking

Data Breach Today

Former Bugcrowd, Cylance, Optiv, RSA Leader Focused on Expanding in Europe and Asia Privileged access management vendor Delinea has hired longtime RSA sales leader David Castignola to expand beyond North America as well as in nonregulated industries. Delinea hopes to increase sales beyond verticals such as financial services, banking, healthcare, insurance and the public sector.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Do Not Get Fooled Twice: Mailchimp's Latest Breach Raises Alarm Bells – Protect Yourself Now!

KnowBe4

For the second time in less than a year, Mailchimp has found itself in a precarious situation, having to admit that it has been breached. It appears that a social engineering attack tricked Mailchimp employees and contractors into giving up their login credentials, which were then used to access 133 Mailchimp accounts.

Access 92
article thumbnail

Microsoft 365 Cloud Service Outage Disrupts Users Worldwide

Data Breach Today

'Network Change' Tied to Service Disruption Now Rolled Back, Tech Giant Reports Microsoft blamed an internal network configuration change for outages that disrupted access to Microsoft 365 services, including Microsoft Teams and Outlook, for users around the world. The change has been rolled back and additional infrastructure added to speed restoration, it says.

Cloud 130
article thumbnail

DragonSpark threat actor avoids detection using Golang source code Interpretation

Security Affairs

Chinese threat actor tracked as DragonSpark targets organizations in East Asia with a Golang malware to evade detection. SentinelOne researchers spotted a Chinese-speaking actor, tracked as DragonSpark, that is targeting organizations in East Asia. The attackers employed an open source tool SparkRAT along with Golang malware that implements an uncommon technique to evade detection. “The threat actors use Golang malware that implements an uncommon technique for hindering static analysis and

Access 91
article thumbnail

Researchers Pioneer PoC Exploit for NSA-Reported Bug in Windows CryptoAPI

Dark Reading

The security vulnerability allows attackers to spoof a target certificate and masquerade as any website, among other things.

Security 106
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

US Cyber Command Operations During the 2022 Midterm Elections

Schneier on Security

The head of both US Cyber Command and the NSA, Gen. Paul Nakasone, broadly discussed that first organization’s offensive cyber operations during the runup to the 2022 midterm elections. He didn’t name names, of course: We did conduct operations persistently to make sure that our foreign adversaries couldn’t utilize infrastructure to impact us,” said Nakasone. “We understood how foreign adversaries utilize infrastructure throughout the world.

IT 90
article thumbnail

Zacks Investment Research data breach impacted hundreds of thousands of customers

Security Affairs

Zacks Investment Research (Zacks) disclosed a data breach, the security may have exposed the data of 820K customers. Zacks Investment Research (Zacks) disclosed a data breach, the security incident may have affected the personal information of its 820,000 customers. “On December 28, 2022, Zacks learned that an unknown third-party had gained unauthorized access to certain customer records described below.

article thumbnail

GoTo Encrypted Backups Stolen in LastPass Breach

Dark Reading

Encrypted backups for several GoTo remote work tools were exfiltrated from LastPass, along with encryption keys.

article thumbnail

Google Chrome 109 update addresses six security vulnerabilities

Security Affairs

Google addressed six security vulnerabilities in its web browser Chrome, none of them actively exploited in the wild. Google released Chrome version 109.0.5414.119 for Mac and Linux and 109.0.5414.119/.120 for Windows to address a total of six vulnerabilities. Four of the addressed flaws were reported by external researchers that were awarded for more than $26,500 for their findings.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Zacks Investment Research Hack Exposes Data for 820K Customers

Dark Reading

Zacks Elite sign-ups for the period 1999–2005 were accessed, including name, address, email address, phone number, and the password associated with Zacks.com.

article thumbnail

COMING SOON! Updated Essentials of RIM Course via ARMA

IG Guru

An updated Essentials of RIM Course is almost here! RIM experts have been collaborating to update and release a new version of the course this February 1st, 2023. Pre-enrollment for the new course is open. For updates, look for announcements on our homepage!

article thumbnail

Multicloud Security Challenges Will Persist in 2023

Dark Reading

Some predictions about impending security challenges, with a few tips for proactively addressing them.

article thumbnail

[Security Masterminds] Breaking It Down to Bits & Bytes: Analyzing Malware To Understand the Cybercriminal

KnowBe4

In our latest episode of Security Masterminds, we have the pleasure of interviewing Roger Grimes, Data-Driven Defense Evangelist for KnowBe4, who has held various roles throughout his career. In the episode, Roger discusses his early days of malware disassembly, the trials and tribulations of public speaking, and his magnum opus, his book about data-driven defense.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Google Pushes Privacy to the Limit in Updated Terms of Service

Dark Reading

In the Play Store's ToS, a paragraph says Google may remove "harmful" applications from users' devices. Is that a step too far?

Privacy 85
article thumbnail

Phishing Campaign Impersonates Japanese Rail Company

KnowBe4

Researchers at Safeguard Cyber describe a phishing campaign that’s posing as a Japanese rail ticket reservation company.

article thumbnail

Snyk Gets Nod of Approval With ServiceNow Strategic Investment

Dark Reading

One of the most closely watched security startups continues to build bank because its platform appeals to both developers and security pros.