Tue.Jul 06, 2021

article thumbnail

Kaseya: Up to 1,500 Organizations Hit in Ransomware Attack

Data Breach Today

Software Vendor Quiet on Whether It Might Pay for REvil's Full Decryption Tool Software vendor Kaseya suspects that 800-1,500 organizations - mostly small businesses - were compromised via a ransomware attack that exploited its VSA remote management software. The company won't say if it is negotiating with the attackers for a universal decryption tool that would unlock all victims' files.

article thumbnail

Empower and Secure your Hybrid Workplace

AIIM

The COVID-19 pandemic crisis has changed most everything. Technology, social, and cultural disruptions have forced organizations to shift rapidly, expanding remote work capabilities. As we approach the post-pandemic era, a new normal has emerged in workstyles. Businesses now look to foster and enable a hybrid workplace. With this massive transition underway, many organizations struggle to maximize productivity and resilience while building a seamless and secure digital workplace.

Security 179
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Kroger, British Airways Agree to Settle Data Breach Lawsuits

Data Breach Today

Class Actions Filed Against Each Company After Hacking Incidents U.S.-based pharmacy and supermarket chain Kroger and U.K.-based British Airways have each agreed to settle class action lawsuits filed in the wake of two massive data breaches.

article thumbnail

CIPL Responds to Irish DPC Consultation on Draft Regulatory Strategy

Hunton Privacy

On June 30, 2021, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted its comments on the Irish Data Protection Commissioner’s (“DPC”) consultation on its Draft Regulatory Strategy for 2021-2026, in which the DPC sets out its vision for the next five years. CIPL’s contribution calls for: Further elaboration on how the DPC considers effective regulation and behavioral economics in its strategic thinking; More explicit acknowledgment of the GDPR’s risk-based a

Risk 132
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Kaseya Update: Security Measures Implemented

Data Breach Today

Company Outlines Steps After REvil Ransomware Attack In a Tuesday update, software vendor Kaseya said additional security measures are being put in place to protect its clients in the aftermath of the July 4 holiday weekend ransomware attack that affected about 60 of its MSP customers who supply IT management services and up to 1,500 of their clients.

Security 329

More Trending

article thumbnail

Did Kaseya Wait Too Long to Patch Remote Software Flaw?

Data Breach Today

90 Days After Vulnerability ID Reserved, REvil Exploited Bug to Hit Kaseya Customers Ransomware-wielding criminals continue to hone their illicit business models, as demonstrated by the strike against customers of Kaseya. A full postmortem of the attack has yet to be issued, but one question sure to be leveled at the software vendor is this: Should it have fixed the flaw more quickly?

article thumbnail

ENISA publishes Cybersecurity guide for SMEs

Security Affairs

ENISA publishes Cybersecurity guide for SMEs, a document that aims at providing suggestions to secure their business. During the COVID-19 pandemic, most of organizations increased their presence online, enlarging their surface of attacks. The surface of attack for SMEs was enlarged, many of them took business continuity measures, such as adopting cloud services, improving their internet services, upgrading their websites and enabling staff to work remotely.

article thumbnail

Kaseya Attack: REvil Offers $70 Million 'Universal Decryptor'

Data Breach Today

Yet Another Ransomware Attack Targets Managed Service Providers to Maximize Profits The REvil ransomware operation behind the massive attack centering on Kaseya, which develops software used by managed service providers, has offered to decrypt all victims - MSPs as well as their customers - for $70 million in bitcoins. Experts note this isn't the first time REvil has hit MSPs, or even Kaseya.

article thumbnail

Kaseya Patches Imminent After Zero-Day Exploits, 1,500 Impacted

Threatpost

REvil ransomware gang lowers price for universal decryptor after massive worldwide ransomware push against Kaseya security vulnerability CVE-2021-30116.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Microsoft Issues New Mitigation Advice on 'PrintNightmare'

Data Breach Today

Company Outlines Key Steps to Take Until Patch Is Issued Microsoft has updated its mitigation advice for the "PrintNightmare" remote code execution vulnerability affecting Windows Print Spooler. This is an interim measure ahead of issuing a patch, and Microsoft warns that it's already aware of active exploits in the wild.

IT 293
article thumbnail

Reinventing Professional Services: Tomorrow’s Jobs Today

Information Governance Perspectives

ector of Privacy Compliance for CAPP, a privacy consultancy, and the co-author of Tomorrow’s Jobs Today: Wisdom And Career Advice From Thought Leaders In Ai, Big Data, Blockchain, The Internet Of Things, Privacy, And More. They discussed the impact of technology on a variety of careers and how individuals can prepare for that change. The post Reinventing Professional Services: Tomorrow’s Jobs Today appeared first on Rafael Moscatel.

article thumbnail

Mongolian Certification Authority MonPass Breached

Data Breach Today

Avast: This Supply Chain Attack Used Cobalt Strike Researchers at Avast discovered a compromised server belonging to MonPass, a certification authority in Mongolia, that may have been breached eight times.

261
261
article thumbnail

MVP 11

Troy Hunt

A little over a decade ago now, I awoke from a long haul flight to find an email I never expected to see: my first Microsoft MVP award. I earned the award by doing something many people couldn't understand, namely devoting a bunch of my time to creating things for the community. Not for money, not for glory, but for the love of technology and for the joy of seeing it make a difference to people.

IT 113
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

QNAP addressed a critical flaw that allows compromising NAS devices

Security Affairs

Taiwanese vendor QNAP addressed a critical flaw, tracked as CVE-2021-28809, that could be exploited to compromise vulnerable NAS devices. Taiwanese vendor QNAP fixed a critical vulnerability, tracked as CVE-2021-28809 , that could be exploited by attackers to compromise vulnerable NAS devices. The vulnerability affects certain legacy versions of HBS 3 Hybrid Backup Sync , it was reported to the vendor by Ta-Lun Yen of TXOne IoT/ICS Security Research Labs. “An improper access control vulner

article thumbnail

British Airways Settles UK Breach Class Action

Hunton Privacy

On July 6, 2021, it was reported that British Airways (“BA”), which is owned by International Consolidated Airlines Group, S.A, had settled a UK class action lawsuit relating to its 2018 data breach , in which approximately 430,000 data subjects were affected. The UK Information Commissioner’s Office (“ICO”) previously fined BA £20 million for the same breach, after finding that BA had failed to process the personal data of its customers in a manner that ensured appropriate security, as required

article thumbnail

SonicWall addresses critical CVE-2021-20026 flaw in NSM devices

Security Affairs

Positive Technologies experts provide details about potential impact of a recently fixes command injection flaw in SonicWall NSM devices. Positive Technologies researcher Nikita Abramov has provided details about the CVE-2021-20026 command injection vulnerability that affects SonicWall’s Network Security Manager (NSM) product. At the end of May, SonicWall urged its customers to ‘immediately’ address a post-authentication vulnerability, tracked as CVE-2021-20026 , impacting on-premises version

article thumbnail

Book Recommendation: Records and Information Management – Fundamentals of Professional Practice 4th Edition (William Saffady)

IG Guru

by Andrew Ysasi – July 6, 2021 For those in the Information Governance and Records and Information Management industry, you know or have heard of William Saffady, PhD. The books he has provided have helped thousands worldwide wrap their arms around records management, and his latest release does not disappoint. Version 4 of his book […]. The post Book Recommendation: Records and Information Management – Fundamentals of Professional Practice 4th Edition (William Saffady) appeared firs

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

Security Affairs

Group-IB supported INTERPOL in its Operation Lyrebird that allowed to identify a threat actor presumably responsible for multiple attacks. Group-IB, one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigation of high-tech crimes and intellectual property protection, has supported INTERPOL in its Operation Lyrebird that resulted in the identification and apprehension of a threat actor presumably responsible for multiple a

article thumbnail

Researchers Learn From Nation-State Attackers' OpSec Mistakes

Dark Reading

Security researchers discuss how a series of simple and consistent mistakes helped them learn more about ITG18, better known as Charming Kitten.

Security 124
article thumbnail

Android Apps in Google Play Harvest Facebook Credentials

Threatpost

The apps all used an unusual tactic of loading a legitimate Facebook page as part of the data theft.

Security 107
article thumbnail

How Hardware Security Modules Secure Cross-Border Payments Between Singapore and Thailand

Thales Cloud Protection & Licensing

How Hardware Security Modules Secure Cross-Border Payments Between Singapore and Thailand. madhav. Tue, 07/06/2021 - 08:17. Starting from April 29, 2021, users of Singapore's PayNow and Thailand's PromptPay will be able to send up to S$1,000 or THB25,000 daily across the two countries using just a mobile number. According to a joint media release , the Monetary Authority of Singapore (MAS) and the Bank of Thailand (BOT) said the real-time payment systems link would allow customers of participati

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Western Digital Users Face Another RCE

Threatpost

Say hello to one more zero-day and yet more potential remote data death for those who can’t/won’t upgrade their My Cloud storage devices.

Cloud 85
article thumbnail

Reskilling IT workers for the cloud

DXC Technology

The global job market has seen dramatic changes. Competition for highly skilled IT workers is fierce, especially those experienced in public cloud and complex multicloud and hybrid cloud environments. A Gartner study published in late 2020 estimates that through 2022, more than 50% of infrastructure and operations organizations will fail to meet company cloud adoption […].

Cloud 72
article thumbnail

Why the Password Isn't Dead Quite Yet

WIRED Threat Level

Everyone hates the old ways of authentication. But while change is closer than ever, it comes with its own drawbacks.

article thumbnail

How to select the best endpoint security solutions in 2021

OpenText Information Management

The thought that a chain is only as strong as its weakest link is something that can keep IT security professionals awake at night. Today, many large organizations are managing more than 50,000 individual endpoints, with some responsible for in excess of 500,000. That’s a whole lot of entry points – a fact that hackers … The post How to select the best endpoint security solutions in 2021 appeared first on OpenText Blogs.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Cyberattack on Kaseya Nets More Than 1,000 Victims, $70M Ransom Demand

Dark Reading

The provider of remote monitoring and management services warns customers to not run its software until a patch is available and manually installed.

IT 79
article thumbnail

Driving cars of the future

OpenText Information Management

How does a global leader in automotive technology maintain its laser focus on Sustainable Mobility and personalized transportation? With an operation that spans more than 300 sites in 35 countries, Faurecia faced a challenge just to maintain consistency in procuring materials for manufacturing and design. In answer, the enterprise implemented OpenText information management systems including … The post Driving cars of the future appeared first on OpenText Blogs.

article thumbnail

Workers Careless in Sharing & Reusing Corporate Secrets

Dark Reading

A new survey shows leaked enterprise secrets costs companies millions of dollars each year.

98