Krebs on Security

SEPTEMBER 16, 2020

U.S. authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges. The Justice Department unsealed indictments against Russian nationals Danil Potekhin and Dmitirii Karasavidi , alleging the duo was responsible for a sophisticated phishing and money laundering campaig

Phishing 334

Phishing Blockchain Marketing Government 334

Data Breach Today

SEPTEMBER 16, 2020

CISA Alert Says 'Pioneer Kitten' Group Targeting U.S. Businesses, Agencies The hacking group "Pioneer Kitten," which has suspected ties to the Iranian government, is taking advantage of several unpatched vulnerabilities and using open source tools to target U.S. businesses as well as federal government agencies, according to the Cybersecurity and Infrastructure Security Agency.

Government 329

Government Cybersecurity Security 329

AIIM

SEPTEMBER 16, 2020

Growing up, my parents taught me that there are some questions that aren’t appropriate to ask. Generally, it’s safe to avoid asking people their age, their salary, their weight, their politics, etc. Some questions can make the people being asked feel uncomfortable and so should be avoided. Are bots one of these hot-button topics that we avoid asking about at work?

Digital transformation 262

Digital transformation Customer Experience Paper IT 262

Data Breach Today

SEPTEMBER 16, 2020

DOJ: Campaign Was Retaliation Following Death of Iranian General The Justice Department has unsealed an indictment of two alleged hackers for defacing over 50 U.S. websites in what federal prosecutors call a campaign of retaliation following the death of Iranian Major General Qasem Soleimani earlier this year.

264

264

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

Security Affairs

SEPTEMBER 16, 2020

A threat actor is launching brute-force attacks on MSSQL servers in the attempt to access them to install a new crypto-mining malware dubbed MrbMiner. A group of hackers is launching brute-force attacks on MSSQL servers with the intent to compromise them and install crypto-mining malware dubbed MrbMiner. According to security firm Tencent, the team of hackers has been active over the past few months by hacking into Microsoft SQL Servers (MSSQL) to install a crypto-miner. “Tencent Security

Mining 136

Mining Passwords Access Security 136

Security Affairs

SEPTEMBER 16, 2020

The source code of the infamous Cerberus banking Trojan has been released for free on underground hacking forums following a failed auction. . The author of the Cerberus banking Trojan has released the source code of the malware on underground hacking forums following a failed auction. . In July, the authors of the notorious Cerberus Android banking trojan auctioned their project for a price starting at $50,000, but buyers could have had closed the deal for $100,000.

IT 134

IT Security Access Information Security 134

DXC Technology

SEPTEMBER 16, 2020

The insurance industry is in the midst of a brutal stress test, due to the current environment. The loss of customers who become unemployed, already an issue, is likely to worsen. Some insurance products may become uneconomical. And many insurers will come under pressure to reduce their spending. Given this fast-changing business environment, insurers need […].

Insurance 125

Insurance 125

Security Affairs

SEPTEMBER 16, 2020

The US National Security Agency (NSA) published guidance on the Unified Extensible Firmware Interface (UEFI) Secure Boot customization. The United States National Security Agency (NSA) has published guidance on how the Unified Extensible Firmware Interface (UEFI) Secure Boot feature that can be customized organizations. The Unified Extensible Firmware Interface (UEFI) is a specification that defines a software interface between an operating system and platform firmware.

Security 126

Security Manufacturing IT Data breaches 126

Threatpost

SEPTEMBER 16, 2020

The 'BLESA' flaw affects the reconnection process that occurs when a device moves back into range after losing or dropping its pairing, Purdue researchers said.

IoT 127

IoT IT Security 127

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Dark Reading

SEPTEMBER 16, 2020

The newly discovered form of HTTP request smuggling could have widespread impact because any proxy can be affected, say researchers. Here's what infosec pros should know.

122

122

Threatpost

SEPTEMBER 16, 2020

The China-linked threat group RedDelta has continued to launch cyberattacks against Catholic institutions since May 2020 until as recently as last week.

Access 125

Access Phishing Security 125

Schneier on Security

SEPTEMBER 16, 2020

The Grugq has written an excellent essay on how the Russian cybercriminal gang FIN7 operates. An excerpt: The secret of FIN7’s success is their operational art of cyber crime. They managed their resources and operations effectively, allowing them to successfully attack and exploit hundreds of victim organizations. FIN7 was not the most elite hacker group, but they developed a number of fascinating innovations.

100

100

Threatpost

SEPTEMBER 16, 2020

Cynet's report shares several interesting data points and findings, such as the cyberattack volume change observed in various industry sectors, the increased use of spearphishing as an initial attack vector, and the approaches being used to distribute malware in spearphishing attacks.

Cybersecurity 104

Cybersecurity Security 104

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Adam Levin

SEPTEMBER 16, 2020

A phishing campaign is targeting employees with phony email reminders for cybersecurity and phishing awareness training. . In a clever spin on more widely known phishing methods, hackers are sending emails pretending to be from KnowBe4, a company specializing in training employees to recognize phishing scams. . Source: Cofense.com. The emails prompt their targets to click links to complete “required” training sessions, which redirect them to spoofed Outlook.com login pages hosted at a Russian t

Phishing 95

Phishing Cybersecurity Security 95

Dark Reading

SEPTEMBER 16, 2020

Researchers examine security incidents over the past several years that seemingly connect North Korea's Lazarus Group with Russian-speaking attackers.

Security 110

Security 110

TAB OnRecord

SEPTEMBER 16, 2020

In last week’s blog post we started to outline the key technical questions to ask before purchasing records management software. Understanding the technical aspects of the solution up front helps avoid frustration and disappointment later on. We will complete our list with five more technical factors to explore. Read More. The post Shopping around for RM software?

Records Management 78

Records Management 78

Dark Reading

SEPTEMBER 16, 2020

After the pandemic, companies will continue to invest in improving IT infrastructure and security as well as automate tasks to reduce errors and improve network resiliency.

Security 128

Security IT 128

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Threatpost

SEPTEMBER 16, 2020

More people being online during lockdowns and work-from-home shifts has proven to be lucrative for DDoS-ers.

Security 118

Security 118

Dark Reading

SEPTEMBER 16, 2020

While the demand for cybersecurity talent rebounds, organizations will need to focus on cyber-enabled roles to fill immediate skills gaps.

Cybersecurity 111

Cybersecurity 111

Security Affairs

SEPTEMBER 16, 2020

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a malware analysis report (MAR) that includes technical details about web shells employed by Iranian hackers. A web shell is a code, often written in typical web development programming languages (e.g., ASP, PHP, JSP), that attackers implant on web servers to gain remote access and code execution.

Passwords 100

Passwords Insurance Access Encryption 100

Dark Reading

SEPTEMBER 16, 2020

Security Pro File: Award-winning computer scientist and electronic voting expert Barbara Simons chats up her pioneering days in computer programming, paper-ballot backups, Internet voting, math, and sushi.

Paper 95

Paper Computer and Electronics Security 95

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Jamf

SEPTEMBER 16, 2020

With the announcement of Apple's new operating systems, Jamf is proud to bring you same-day support and much more.

111

111

Dark Reading

SEPTEMBER 16, 2020

The Cybersecurity and Infrastructure Security Agency will become a peer of MITRE in the CVE program, likely leading to continued increases in disclosed vulnerabilities.

Cybersecurity 119

Cybersecurity Security 119

OpenText Information Management

SEPTEMBER 16, 2020

The first versions of content management were all about control and risk minimization. They primarily revolved around the needs of records management and legal departments. Little thought was put into the experience of the knowledge workers who created and filed the actual content. These platforms didn’t aid in productivity or efficiency. They required extra labor, … The post What is cloud content management?

Cloud 82

Cloud Records Management Risk Content services 82

The Texas Record

SEPTEMBER 16, 2020

Contributing Author: Normel Chatmon Records Analyst Fort Bend ISD Police Department. September is National Preparedness Month. However, for some local governments, being prepared may be challenging—especially in the records world and specifically, in ISD police department records. So the question to all of Texas independent school district police departments: is your records management department prepared for the unexpected?

Records Management 78

Records Management Archiving Government Compliance 78

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Dark Reading

SEPTEMBER 16, 2020

The five Chinese nationals are among seven defendants arrested for intrusion campaigns into more than 100 organizations, the DoJ reports.

96

96

WIRED Threat Level

SEPTEMBER 16, 2020

A group known as Barium allegedly attacked hundreds of targets around the globe—and manipulated in-game goods and currency.

Security 94

Security 94

Dark Reading

SEPTEMBER 16, 2020

The newly discovered form of HTTP request smuggling could have widespread impact because any proxy can be affected, researchers say. Here's what infosec pros should know.

74

74