Krebs on Security

NOVEMBER 3, 2022

A 25-year-old Finnish man has been charged with extorting a once popular and now-bankrupt online psychotherapy company and its patients. Finnish authorities rarely name suspects in an investigation, but they were willing to make an exception for Julius “Zeekill” Kivimaki , a notorious hacker who — at the tender age of 17 — had been convicted of more than 50,000 cybercrimes , including data breaches, payment fraud, operating botnets, and calling in bomb threats.

Data breaches 187

Data breaches Records Management Insurance Archiving 187

Data Breach Today

NOVEMBER 3, 2022

Cloud Company Says User Accounts Were Not Breached, Just GitHub Code Repositories DropBox is the latest company to have employees fall for phishing emails tricking them into supplying login credentials and a one time password to threat actors. Hackers got away with copies of 130 code repositories. The company says it's speeding up an internal transition to Web Authentication.

Data breaches 261

Data breaches Phishing Authentication Passwords 261

Security Affairs

NOVEMBER 3, 2022

Cisco addressed multiple flaws impacting its products, including high-severity issues in identity, email, and web security solutions. Cisco addressed multiple vulnerabilities impacting some of its products, including high-severity flaws in identity, email, and web security products. The most severe vulnerability addressed by the IT giant is a cross-site request forgery (CSRF) flaw, tracked as CVE-2022-20961 (CVSS score of 8.8), that impacts the Identity Services Engine (ISE).

IT 129

IT Access Security Information Security 129

Data Breach Today

NOVEMBER 3, 2022

Kremez Excelled at Unraveling Cybercrime Tactics, Including Ransomware Groups Tributes are being paid to Vitali Kremez, who has died at the age of 36 in a suspected scuba-diving accident. The renowned threat intelligence expert, born in Belarus, had long tracked Russian cybercrime syndicates and was part of an ad hoc group established to counter ransomware and help victims.

Ransomware 209

Ransomware 209

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Troy Hunt

NOVEMBER 3, 2022

I've been investing a heap of time into Have I Been Pwned (HIBP) lately, ranging from all the usual stuff (namely trawling through masses of data breaches) to all new stuff, in particular expanding and enhancing the public API. The API is actually pretty simple: plug in an email address, get a result, and that's a very clearly documented process.

Data breaches 119

Data breaches IT 119

IT Governance

NOVEMBER 3, 2022

You might remember that several months and a handful of prime ministers ago, the government proposed an overhaul of data protection law. The efforts stemmed from complaints over the GDPR (General Data Protection Regulation) , which was adopted by the UK on the precipice of Brexit. Its critics, led by Boris Johnson, said that the requirements were too strict and forced organisations to create excessive amounts of documentation.

Government 105

Government GDPR Personal data Compliance 105

Data Breach Today

NOVEMBER 3, 2022

Security & ease of use: It is one thing for non-healthcare entities to debate these merits of new authentication in solutions. But in healthcare, where the decisions directly impact patient safety, the stakes are critical. Tom Scontras of Yubico talks about how healthcare approaches authentication.

Authentication 130

Authentication Security IT 130

Security Affairs

NOVEMBER 3, 2022

Fortinet addressed 16 vulnerabilities in some of the company’s products, six flaws received a ‘high’ severity rate. One of the high-severity issues is a persistent XSS, tracked as CVE-2022-38374 , in Log pages of FortiADC. The root cause of the issue is an improper neutralization of input during web page generation vulnerability [CWE-79] in FortiADC.

Authentication 100

Authentication Passwords Access Security 100

Data Breach Today

NOVEMBER 3, 2022

The latest edition of the ISMG Security Report discusses how Australian health insurer Medibank is deliberating on whether to pay a ransom to extortionists, analyzes the growing number of layoffs in the security vendor space, and shares a tribute to threat intelligence researcher Vitali Kremez.

Insurance 130

Insurance Ransomware Security 130

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

National Archives Records Express

NOVEMBER 3, 2022

This post was written by Elizabeth England and Leslie Johnston, Digital Preservation, Office of the Deputy Archivist of the United States. On World Digital Preservation Day , it seems appropriate to share how NARA has developed its digital preservation program in recent years to ensure that the electronic records of the United States government truly are available, as declared in this year’s theme: “For All, For Good, Forever.”.

Digital preservation 98

Digital preservation Archiving Access Libraries 98

Data Breach Today

NOVEMBER 3, 2022

Sen. Mark Warner Suggests Imposing Cybersecurity Requirements Through Medicare A U.S. senator is suggesting adding cybersecurity standards to the list of federal prerequisites for medical practice participation in Medicare. Cybersecurity is a patient safety issue, says Mark Warner (D-Va.). He today released a slew of proposals for augmenting healthcare cybersecurity.

Cybersecurity 130

Cybersecurity 130

Jamf

NOVEMBER 3, 2022

Jamf is uniquely positioned by offering solutions for device management, identity integration workflows and endpoint security. Because these are all from the same vendor, powered by the same platform, and designed to work together, we can achieve an amazing outcome: Trusted Access.

Access 98

Access Security 98

Data Breach Today

NOVEMBER 3, 2022

AppSec Startup Forgoes Reported Palo Alto Deal In Favor of $100M Series B Funding A startup that was reportedly almost acquired by Palo Alto Networks for $600 million has instead raised $100 million to forge ahead on its own. App security vendor Apiiro plans to use the proceeds to strengthen its ability to analyze code and developer activities across the software supply chain.

Security 130

Security IT 130

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

DLA Piper Privacy Matters

NOVEMBER 3, 2022

Author: Sarah Birkett. Anyone with a passing interest in Australian privacy laws will no doubt have heard about the Optus data breach. The incident, which was made public in late September 2022, is thought to have affected around 9 million individuals (almost 40% of the Australian population), with identity documents relating to approximately 2.22 million Australians being made available on the dark web.

Privacy 97

Privacy Data breaches Insurance Government 97

Data Breach Today

NOVEMBER 3, 2022

Geopolitics Drives Major Changes in Threat Landscape Operational technology will gain more malicious attention from state-backed hackers, warns the European Union Agency for Cybersecurity. Geopolitics is driving changes in the threat landscape and the agency predicts retaliatory attacks for Western support of Kyiv.

Cybersecurity 130

Cybersecurity 130

KnowBe4

NOVEMBER 3, 2022

A study by researchers at Lookout has found that credential-harvesting phishing attacks against US government employees rose by 30% last year. The researchers also found that nearly 50% of US government employees are running older, unpatched versions of iOS and Android operating systems.

Phishing 95

Phishing Government 95

Data Breach Today

NOVEMBER 3, 2022

Banks in Africa are Primary Targets, With Funds Getting Dispersed Using Money Mules A French-speaking gang codenamed "Opera1er" has been tied to the theft of at least $11 million from dozens of victims - mainly banks in Africa - and remains "active and dangerous," cybersecurity researchers warn, as they release indicators of compromise to help potential victims protect themselves.

Cybersecurity 130

Cybersecurity 130

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Security Affairs

NOVEMBER 3, 2022

Sentinel Labs found evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7. Security researchers at Sentinel Labs shared details about Black Basta ‘s TTPs and assess it is highly likely the ransomware operation has ties with FIN7. The experts analyzed tools used by the ransomware gang in attacks, some of them are custom tools, including EDR evasion tools.

Ransomware 93

Ransomware Phishing Security Access 93

Troy Hunt

NOVEMBER 3, 2022

I feel like life is finally complete: I have beaches, sunshine and fast internet! (Yes, and of course an amazing wife, but that goes without saying 😊) For the folks asking via various channels, the speed is not exactly symmetrical at 1000/400 and I'm honestly not sure why that's the case here in Australia. I also had to shell out quite a bit extra to go from 50 up to a "business" plan of 400 up, but with the volumes of data I ship around it'll make a pretty big dif

Security 93

Security IT 93

Security Affairs

NOVEMBER 3, 2022

Threat actors compromised a media company to deliver FakeUpdates malware through the websites of hundreds of newspapers in the US. Researchers at Proofpoint Threat Research observed threat actor TA569 intermittently injecting malicious code on a media company that serves many major news outlets. The media company serves The media company provides video content and advertising via Javascript to its partners.

Archiving 93

Archiving Ransomware Security IT 93

Hanzo Learning Center

NOVEMBER 3, 2022

Our client was a global biopharmaceutical company with over US$ 10 billion in annual revenues. They have over 30,000 employees and operate in 30 countries around the world. From being able to review the company’s history for internal reasons or to demonstrate regulatory compliance, good record-keeping across all the facets of this global business is vital.

Compliance 92

Compliance Archiving 92

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Security Affairs

NOVEMBER 3, 2022

The LockBit ransomware group claimed to have hacked the multinational automotive group Continental and threatens to leak stolen data. LockBit ransomware gang announced to have hacked the German multinational automotive parts manufacturing company Continental. The group added the name of the company to its Tor leak site and is threatening to publish alleged stolen data if the victim will not pay the ransom.

Ransomware 90

Ransomware Manufacturing IT Security 90

KnowBe4

NOVEMBER 3, 2022

This latest “new kid on the block” is gaining momentum and – according to CheckPoint – seeing successes with their attacks globally, calling their organizational structure “impressive.”.

Ransomware 87

Ransomware 87

IG Guru

NOVEMBER 3, 2022

From Amazon This book will provide the readers with the mental tools to enable them to think their way through challenges concerning digital preservation.It will show the readers how to think about and understand digital preservation in a way that will enable them to cope with whatever preservation challenges are presented, now and in the […].

Digital preservation 78

Digital preservation Archiving 78

KnowBe4

NOVEMBER 3, 2022

Scammers are taking advantage of the victims desire to take advantage of debt cancellation up to $20,000 – with the only one cashing in being the scammer!

Phishing 93

Phishing 93

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Dark Reading

NOVEMBER 3, 2022

TA569 has modified the JavaScript of a legitimate content and advertising engine used by news affiliates, in order to spread the FakeUpdates initial access framework.

Access 78

Access 78

KnowBe4

NOVEMBER 3, 2022

KnowBe4 is proud to be recognized by TrustRadius in the f irst-ever “Best Software” Awards for overall, mid-size, and enterprise in the Security Awareness Training software category.

Security awareness 80

Security awareness Security 80

Dark Reading

NOVEMBER 3, 2022

The cybersecurity agency announced it intends to scan all Internet-connected devices hosted in the UK for known vulnerabilities.

Cybersecurity 87

Cybersecurity IT 87