Tue.Feb 07, 2023

article thumbnail

LockBit Group Goes From Denial to Bargaining Over Royal Mail

Data Breach Today

Ransomware Remains a Royal Pain, as Criminals' Latest Extortion Attempt Highlights The LockBit group has gone from denying it had any involvement in the ransomware attack on Britain's Royal Mail, to trying to bargain for a ransom. The ransomware group's site now lists Royal Mail as a victim, and demands it pay a ransom or see stolen data get dumped.

article thumbnail

KrebsOnSecurity in Upcoming Hulu Series on Ashley Madison Breach

Krebs on Security

KrebsOnSecurity will likely have a decent amount of screen time in an upcoming Hulu documentary series about the 2015 megabreach at marital infidelity site Ashley Madison. While I can’t predict what the producers will do with the video interviews we shot, it’s fair to say the series will explore compelling new clues as to who may have been responsible for the attack.

IT 201
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST ESSAY: Advanced tools are ready to help SMBs defend Microsoft 365, Google Workspace

The Last Watchdog

Throughout 2022, we saw hackers become far more sophisticated with their email-based cyber attacks. Using legitimate services and compromised corporate email addresses became a norm and is likely to continue in 2023 and beyond. Related: Deploying human sensors Additionally, with tools like ChatGPT, almost anyone can create new malware and become a threat actor.

article thumbnail

Microsoft Experiences Second Major Cloud Outage in 2 Weeks

Data Breach Today

'Recent Changes' Blamed as Outlook.com Webmail and Calendar APIs Left Inaccessible Microsoft suffered its second major outage in less than two weeks, as users in North American and beyond were left unable to send, receive or search emails via Outlook.com, as well as to access some additional functionality, including calendar APIs. Microsoft blamed unspecified "recent changes.

Cloud 157
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Catches of the Month: Phishing Scams for February 2023

IT Governance

Welcome to our February 2023 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over personal data. This month, we look at a UK government warning about a resurgence in Russian cyber attacks and concerns that the much-discussed AI programme ChatGPT could be used for fraud.

Phishing 112

More Trending

article thumbnail

Lovin’ The Prufrock: Celebrating 108 Years of T.S. Eliot’s Modernist Masterpiece

Information Governance Perspectives

In literature like Prufrock, modernists often recycled myths and other masterworks to support their impressions of daily life and present-day experiences. They juxtaposed different voices, traditions, and arguments and emphasized form itself as the "carrier of meaning." The post Lovin’ The Prufrock: Celebrating 108 Years of T.S. Eliot’s Modernist Masterpiece appeared first on Rafael Moscatel.

111
111
article thumbnail

Ryuk-Linked Russian Pleads Guilty in US Court

Data Breach Today

Russian National Charged With Laundering More Than $400,000 for Ryuk RaaS Group Denis Mihaqlovic Dubnikov, 30, pleaded guilty in U.S. federal court to conspiracy to commit money laundering. Federal prosecutors say the Russian national laundered more than $400,000 for the Ryuk ransomware-as-a-service gang. He faces up to 20 years in prison and a potential fine of $500,000.

article thumbnail

'Money Lover' Finance App Exposes User Data

Dark Reading

A broken access control vulnerability could have led to dangerous follow-on attacks for users of the money-management app.

Access 132
article thumbnail

Claudia Plattner Picked as New Head of Germany's BSI

Data Breach Today

The European Central Bank Director General of Info Systems Will Join BSI in July The German government selected a new president for the Federal Office for Information Security, better known as BSI. Claudia Plattner, currently serving as the European Central Bank's director general of information systems, is set to lead the agency starting on July 1.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Ongoing VMware ESXi Ransomware Attack Highlights Inherent Virtualization Risks

Dark Reading

The global assault on vulnerable VMware hypervisors may have been mitigated by updating to the latest version of the product, but patch management is only part of the story.

Risk 99
article thumbnail

Fortinet Weathers Economic Storm By Helping Users Cut Costs

Data Breach Today

Fortinet CEO Says Performance Advantage Over Rivals Has Blunted Impact of Downturn Fortinet has blunted the impact of the economic downturn by helping customers consolidate their security footprint and add protection in areas like OT, WiFi and SD-WAN. CEO Ken Xie says Fortinet's ASIC chip allows the company to take market share from rivals while delivering superior performance.

Marketing 144
article thumbnail

OpenSSH addressed a new pre-auth double free vulnerability

Security Affairs

The maintainers of OpenSSH address multiple security issues, including a memory safety bug in the OpenSSH server (sshd). The maintainers of OpenSSH have addressed a number of security vulnerabilities with the release of version 9.2. One of the issues addressed by the maintainers is a memory safety bug in the OpenSSH server (sshd) tracked as CVE-2023-25136.

article thumbnail

Secureworks Lays Off 9% of Staff; CFO, Threat Intel Head Out

Data Breach Today

Roughly 210 Employees Exit in Security Industry's 4th-Largest Workforce Reduction Secureworks has axed roughly 210 employees, and CFO Paul Parrish and Chief Threat Intelligence Officer Barry Hensley are leaving their posts. Secureworks revealed plan to reduce its 2,351-person staff by approximately 9% to help balance continued growth with improved operating margins.

Security 144
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Thinking Critically About Your Online Behavior

KnowBe4

Employees need to adjust their mindsets in order to defend themselves against social engineering attacks, according to Jonathon Watson at Clio. In an article for Dark Reading, Watson explains that security training should emphasize that employees should build habits to follow security practices in their personal and professional lives.

article thumbnail

European Police Shut Down Encrypted App Used by Criminals

Data Breach Today

Police Seize Drugs, Firearms and 4M Euros in Raids on Exclu Users and Operators Police in multiple European countries carried out raids against the operators and users of the Exclu encrypted chat app, arresting four dozen individuals. German authorities began investigating the app following a 2019 raid on the Cyberbunker web hosting facility.

article thumbnail

[Scam Of The Week] The Turkey-Syria Earthquake

KnowBe4

Just when you think they cannot sink any lower, criminal internet scum is now exploiting the recent earthquake in Turkey and Syria.

Phishing 103
article thumbnail

7 Reasons to Choose an MDR Provider

Data Breach Today

MDR Services Offer Deep Domain Expertise, Robust Research Tools and Skills Detecting and responding to cyberthreats is challenging for any organization, but even more so for small security teams. MDR services make threat monitoring and response attainable for any team. Adding a third-party MDR service might be the right choice for your organization.

Security 144
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

How Artificial Intelligence Can Make or Break Cybersecurity

KnowBe4

With the introduction of OpenAI's Chat GPT, artificial intelligence is no longer considered part of science fiction. It has presented a new problem for cybersecurity professionals, as AI-generated malware and hacks can be challenging to detect. AI is undoubtedly having an impact on society, whether it is benefiting or threatening our organizations.

article thumbnail

Malware Delivered through Google Search

Schneier on Security

Criminals using Google search ads to deliver malware isn’t new, but Ars Technica declared that the problem has become much worse recently. The surge is coming from numerous malware families, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer, Vidar, Formbook, and XLoader. In the past, these families typically relied on phishing and malicious spam that attached Microsoft Word documents with booby-trapped macros.

article thumbnail

The ROI of modernization

OpenText Information Management

“We’ve always done it this way.” The most dangerous phrase in the language is attributed to Dr. Grace Hopper. Relying on legacy products to attract, engage and retain customers may seem comfortable, but maintaining the status quo is risky. What is modernization? It’s often very glaring, but older technologies can introduce security risks and impose … The post The ROI of modernization appeared first on OpenText Blogs.

Risk 85
article thumbnail

Biden’s SOTU: Data Privacy Is Now a Must-Hit US State of the Union Topic

WIRED Threat Level

Biden’s speech proves that protecting personal info is no longer a fringe issue. Now, Congress just needs to do something about it.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

New Linux variant of Clop Ransomware uses a flawed encryption algorithm

Security Affairs

A new Linux variant of the Clop ransomware has been observed in the wild, the good news is that its encryption algorithm is flawed. SentinelLabs researchers have observed the first Linux variant of the Clop ransomware. The researchers noticed that the encryption algorithm implemented in the ELF executable is flawed and can allow victims to decrypt locked files without paying a ransom.

article thumbnail

DPRK Using Unpatched Zimbra Devices to Spy on Researchers

Dark Reading

Lazarus Group used a known Zimbra bug to steal data from medical and energy researchers.

115
115
article thumbnail

[New Feature] Immediately Add User-Reported Email Threats to Your Microsoft 365 Blocklist from Your PhishER Console

KnowBe4

Now there’s a super easy way to keep malicious emails away from your users through the power of the KnowBe4 PhishER platform!

article thumbnail

Fresh, Buggy Clop Ransomware Variant Targets Linux Systems

Dark Reading

For the moment, victims can decrypt data without paying a ransom. But Clop is a ransomware variant that has caused havoc on Windows systems, so that's bound to change.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Meet Patricia Arguello Rojo: Senior Frontend Developer

Micro Focus

Patricia Arguello Rojo shares her experience working in our dev teams, how she grew her professional career, and how Micro Focus has supported her on her journey. The post Meet Patricia Arguello Rojo : Senior Frontend Developer first appeared on Micro Focus Blog.

article thumbnail

New FTC Guidance for Mobile Health Apps

Data Matters

Healthcare providers, health plans, and technology companies that use mobile health apps to access, collect, share, use, or maintain information related to an individual’s health should take note of the recently issued Federal Trade Commission (FTC) Mobile Health App Interactive Tool. The purpose of the tool is to help mobile health developers determine the federal regulatory, privacy, and security laws and regulations that may apply to the use of a consumer’s health information, such as informa

Privacy 88
article thumbnail

Top 5 considerations for a successful HR digital transformation

OpenText Information Management

HR digital transformation is the process of changing operational HR processes to become automated and data-driven. It is about moving away from traditional, paper-based ways of working and instead using digital tools to automate, reduce costs, improve operations, and elevate employee experiences. Traditional HR processes rely on face-to-face communications, filing cabinets, and paperwork – lots … The post Top 5 considerations for a successful HR digital transformation appeared first