Fri.May 21, 2021

article thumbnail

How to Tell a Job Offer from an ID Theft Trap

Krebs on Security

One of the oldest scams around — the fake job interview that seeks only to harvest your personal and financial data — is on the rise, the FBI warns. Here’s the story of a recent LinkedIn impersonation scam that led to more than 100 people getting duped, and one almost-victim who decided the job offer was too-good-to-be-true. Last week, someone began began posting classified notices on LinkedIn for different design consulting jobs at Geosyntec Consultants , an environmental engi

IT 362
article thumbnail

Solving the Data Vulnerability Problem

Data Breach Today

Janine Darling of Stash Secure Data on Filling Gaps in Current Solutions 5G technology is only one of the current manifestations that reminds us: Globally, are sensitive data is beyond vulnerable. Janine Darling, founder and CEO of Stash Secure Data, is committed to resolving that vulnerability challenge.

Security 301
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Double-Encrypting Ransomware

Schneier on Security

This seems to be a new tactic : Emsisoft has identified two distinct tactics. In the first, hackers encrypt data with ransomware A and then re-encrypt that data with ransomware B. The other path involves what Emsisoft calls a “side-by-side encryption” attack, in which attacks encrypt some of an organization’s systems with ransomware A and others with ransomware B.

article thumbnail

Colonial Pipeline CEO to Testify at Congressional Hearing

Data Breach Today

House Committee to Probe Ransomware Attack That Led to Pipeline Shutdown After revealing Colonial Pipeline Co. paid attackers $4.4 million after a ransomware attack, CEO Joseph Blount has been scheduled to testify at a House Homeland Security Committee hearing June 9.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Hacker's guide to deep-learning side-channel attacks: the theory

Elie

Learn the concepts behind deep-learning side-channels attack, a powerful cryptanalysis technique, by using it to recover AES cryptographic keys from a hardware device.

IT 118

More Trending

article thumbnail

Cloud Security Blind Spots: Where They Are and How to Protect Them

Dark Reading

Security experts discuss oft-neglected areas of cloud security and offer guidance to businesses working to strengthen their security posture.

Cloud 133
article thumbnail

ISMG’s Editors’ Panel: Improving Hiring Practices and More

Data Breach Today

Highlights From RSA Conference and Middle East Summit Four editors at Information Security Media Group discuss tactics for improving hiring practices and increasing workforce diversity as well as achieving sustainable resiliency.

article thumbnail

WP Statistics Bug Allows Attackers to Lift Data from WordPress Sites

Threatpost

The plugin, installed on hundreds of thousands of sites, allows anyone to filch database info without having to be logged in.

Privacy 131
article thumbnail

RSA Conference 2021 Emphasizes 'Resilience' Theme

Data Breach Today

The latest edition of the ISMG Security Report features highlights from RSA Conference 2021 conference, including the emphasis on "resilience.

Security 343
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Building SIEM for Today’s Threat Landscape

Threatpost

Sivan Tehila, cybersecurity strategist at Perimeter 81, discusses the elements involved in creating a modern SIEM strategy for remote work and cloud-everything.

Cloud 108
article thumbnail

Ransomware Gang Provides Irish Health System With Decryptor

Data Breach Today

Conti Group Still Threatens Data Release Unless Ransom Paid A week after Ireland's health services provider was hit by a ransomware attack, the Conti gang has provided a decryptor, which officials are now testing to determine whether to use it, Reuters reports. But the gang is still threatening to release stolen data unless a $19 million ransom is paid.

article thumbnail

Tax Document Retention Requirements and Storage

Record Nations

With tax season just behind us, many people aren’t aware that the IRS has a set of guidelines regarding tax document retention. It’s recommended that individuals and businesses retain at least three years worth of tax documents. The IRS has three years to initiate an audit in most cases, but there are exceptions. We spoke […]. The post Tax Document Retention Requirements and Storage appeared first on Record Nations.

98
article thumbnail

Insights on Mitigating Ransomware Risks

Data Breach Today

Janine Darling, the founder and CEO of STASH Global, discusses the pervasive and persistent problem of ransomware and how to mitigate the risks.

Risk 281
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Insurance giant CNA Financial paid a $40 million ransom

Security Affairs

The US insurance giant CNA Financial reportedly paid a $40 million ransom to restore access to its files following a ransomware attack. CNA Financial, one of the largest insurance companies in the US, reportedly paid a $40 ransom to restore access to its files following a ransomware attack that took place in March. According to Bloomberg , CNA Financial opted to pay the ransom two weeks after the security breach because it was not able to restore its operations.

article thumbnail

Data Risk Governance: The BISO's Perspective

Data Breach Today

Patrick Benoit of CBRE on Necessary Ingredients for a Mature Program It's not just traditional data governance – it's about business risk. And in the age of GDPR and CCPA, you’d best have a handle on data discovery and classification. Patrick Benoit of CBRE gives the BISO's perspective on data risk governance.

Risk 219
article thumbnail

Bitcoins of DarkSide ransomware gang still locked in hacker forum’s escrow

Security Affairs

After DarkSide ransomware gang shut down operations, multiple affiliates have complained about not receiving the payments for successful breaches. The decision of the DarkSide ransomware gang to shut down operations is causing chaos among its network of affiliates, who have complained about not receiving the payments for their successful breaches. The affiliated are asking the administrators of a Russian-language hacker forum to unlock the funds in bitcoins they are maintaining as part of the es

article thumbnail

Ransomware Gangs 'Playing Games' With Victims and Public

Data Breach Today

'Free' Decryptors and Promises of Retirement Plans are Empty Criminal Marketing Spin "They’re playing games," is how one security expert describes Conti ransomware-wielding attackers' "gift" of a decryptor to Ireland's crypto-locked health service, while still demanding a ransom to not leak stolen health data. The same could be said of the DarkSide gang's promised retirement.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Email Campaign Spreads StrRAT Fake-Ransomware RAT

Threatpost

Microsoft Security discovered malicious PDFs that download Java-based StrRAT, which can steal credentials and change file names but doesn't actually encrypt.

article thumbnail

Defending Entry Points: A New Approach

Data Breach Today

BlastWave CEO Tom Sego on Re-Envisioning How We Secure Networks You can see it in the latest high-profile attacks: Security requirements are ever more complex, exceeding the capacity of current protection capabilities. Enterprises need a new strategy for defending entry points, and Tom Sego of BlastWave believes he has it.

Security 210
article thumbnail

DarkSide Getting Taken to ‘Hackers’ Court’ For Not Paying Affiliates

Threatpost

A shadow court system for hackers shows how professional ransomware gangs have become.

article thumbnail

Final Revised SCCs expected as early as next week with Final Revised EDPB Recommendations to follow after 15 June

Data Protection Report

It was reported yesterday that publication of revised final EU Standard Contractual Clauses may be as soon as next week and that revised final EDPB Recommendations possibly following the EDPB’s next plenary meeting on 15 June. This follows comments made by Ralf Sauer, EU Commission Deputy Head for International Data Flows, and Alexander Filip, Head of International Transfers at the Bavarian DPA at the DACH regional KnowldegeNet.

IT 81
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

A Russian Doll review – a data-disinformation troll keeps us hooked

The Guardian Data Protection

Barn theatre, Cirencester Rachel Redford shines as a student recruited to mess with British heads, in a joint production with the Arcola theatre ‘Who owns your data?” asks Masha, the tortured voice at the centre of this monologue. Issues of data privacy and misuse are being increasingly raised but rarely show the inner workings of a Russian web brigade that orchestrates disinformation campaigns through anonymous online commentary.

article thumbnail

Remarkable Records: A New Blog Series!

The Texas Record

In January of 2020, before the year that would become remarkable, we published an article intending to kick off a new series of blog posts about different types of records found on state and local retention schedules that we find particularly interesting or curious. In his discussion about the succinctness of the retention period for software programs , Andrew describes the mid-90s debut of the Office Suite, a “new paradigm in office computing.” So it’s kind of funny that in th

article thumbnail

Hacker's guide to deep-learning side-channel attacks: the theory

Elie

Learn the concepts behind deep-learning side-channels attack, a powerful cryptanalysis technique, by using it to recover AES cryptographic keys from a hardware device.

IT 62
article thumbnail

Indonesia ‘s government confirms social security data breach for some citizens

Security Affairs

Indonesia has launched an investigation into a possible security incident that caused the leak of social security data for more than 270 million citizens. Indonesia’s Communication and Information Ministry has confirmed a leak of social security data, it attempted to downplay the incident explaining that it only impacted a small portion of the population.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Data in Danger Amid New IT Challenges

Dark Reading

Survey finds new threats due to the pandemic make managing enterprise cyber-risk even more challenging.

IT 93
article thumbnail

Insurer AXA to Stop Paying for Ransomware Crime Payments in France via Insurance Journal

IG Guru

“The word to get out today is that, regarding ransomware, we don’t pay and we won’t pay,” cybercrime prosecutor Johanna Brousse said at the hearing. Only the U.S. surpassed France last year in damage from ransomware to businesses, hospitals, schools and local governments, according to the cybersecurity firm Emsisoft, estimating France’s related overall losses at more than $5.5 billion.

article thumbnail

The Changing Face of Cybersecurity Awareness

Dark Reading

In the two decades since cybersecurity awareness programs emerged, they've been transformed from a good idea to a business imperative.