Wed.Aug 12, 2020

article thumbnail

Avaddon Ransomware Joins Data-Leaking Club

Data Breach Today

Operators Create a Dedicated Leak Site, Continue Recruiting Affiliates Yet another ransomware-wielding gang has threatened to steal and leak the data of any victims who refuse to pay a ransom: The operators of Avaddon ransomware have created a dedicated data-leak site that already lists a construction firm victim, and the gang continues to recruit new affiliates.

article thumbnail

Why & Where You Should You Plant Your Flag

Krebs on Security

Several stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. This post examines some of the key places where everyone should plant their virtual flags. As KrebsOnSecurity observed back in 2018 , many people — particularly older folks — proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including ev

Passwords 330
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Maze Reportedly Posts Exfiltrated Canon USA Data

Data Breach Today

Imaging Firm's Websites Are Still Down After Ransomware Attack The Maze ransomware group has posted on its darknet website some data it claims it stole during a recent attack against Canon USA, according to the security firm Emsisoft.

article thumbnail

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

Security Affairs

Experts found new variants of Agent Tesla Trojan that include modules to steal credentials from popular web browsers, VPN software, as well as FTP and email clients. Researchers from SentinelOne discovered new variants of the popular Agent Tesla Trojan that includes new modules to steal credentials from applications including popular web browsers, VPN software, as well as FTP and email clients.

Passwords 135
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Jeanette Manfra on 'Compliance Without Compromise'

Data Breach Today

Google Cloud Director, Formerly of CISA, Discusses Securing Government's Cloud Transformation Jeanette Manfra served under three presidents as one of the top U.S. government cybersecurity leaders. Now in her new role with Google Cloud, she draws upon her public sector experience to help agencies in their cloud adoption.

More Trending

article thumbnail

The Risks Posed by Wireless Automotive Dongles

Data Breach Today

Researchers Find Widespread Vulnerabilities in These Diagnostic Devices New research has uncovered widespread vulnerabilities in wireless dongles that plug into a vehicle's OBD-II port. The inexpensive IoT devices have put new power into the hands of consumers to monitor their vehicles or check fault codes, but they could also open up new vectors for attacks.

Risk 299
article thumbnail

Ransomware victim Travelex forced into administration

IT Governance

Travelex has collapsed into administration seven months after it was crippled by ransomware. The foreign exchange firm suffered more than a month of disruption after it discovered that it had been hacked on New Year’s Eve. It was later reported that the REvil ransomware gang encrypted more than 5GB of sensitive data and demanded $6 million (about £4.6 million) for its return.

article thumbnail

More Microsoft Zero-Day Flaws Being Exploited

Data Breach Today

Microsoft and CISA Recommend Immediate Patching of Critical Bugs Two critical, zero-day vulnerabilities affecting Internet Explorer and multiple versions of the Windows operating system are being exploited in the wild, Microsoft and the U.S. Cybersecurity and Infrastructure Security Agency warn, urging prompt patching.

article thumbnail

Citrix Warns of Critical Flaws in XenMobile Server

Threatpost

Citrix said that it anticipates malicious actors "will move quickly to exploit" two critical flaws in its mobile device management software.

IT 118
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Beware: AgentTesla Infostealer Now More Powerful

Data Breach Today

Low-Cost Malware Used in BEC Scams, Other Attacks The operators behind the AgentTesla remote access Trojan have upgraded the infostealer with additional capabilities, including the ability to steal credentials from VPNs, web browsers, FTP files and email clients, Sentinel Labs reports. The low-cost malware is used in BEC scams and other campaigns.

Access 236
article thumbnail

Citrix fixed flaws in XenMobile that will be likely exploited soon

Security Affairs

Citrix addressed multiple vulnerabilities in Citrix Endpoint Management (XenMobile) that can be exploited by an attacker to gain administrative privileges on affected systems. The Citrix Endpoint Management (CEM), formerly XenMobile, is software that provides mobile device management (MDM) and mobile application management (MAM). The vulnerabilities that impacted the Citrix XenMobile were tracked as CVE-2020-8208, CVE-2020-8209, CVE-2020-8210, CVE-2020-8211, and CVE-2020-8212.

MDM 106
article thumbnail

Unsecured Database Exposed on Web - Then Deleted

Data Breach Today

Researcher Says Data on 3.1 Million Patients Exposed. Did 'Meow Bot' Fix the Problem? While the exposure of insecure databases on the internet is relatively common, a recent incident featured an unusual twist - the data was mysteriously deleted.

187
187
article thumbnail

Hackers Are Using Legitimate Email Services for BEC Attacks

Adam Levin

Cybercriminals are increasingly registering email addresses with legitimate services and using them in the commission of business email compromise (BEC) attacks. A recent study of hacking methods published by Barracuda found that more than 6,000 email accounts using legitimate services had been linked to more than 100,000 BEC attacks on roughly 6,600 organizations this year. .

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

How Facebook and Other Sites Manipulate Your Privacy Choices

WIRED Threat Level

Social media platforms repeatedly use so-called dark patterns to nudge you toward giving away more of your data.

Privacy 129
article thumbnail

FIRST SANCTION OF AN ONLINE SHOES COMPANY BY CNIL ACTING AS A LEAD AUTHORITY FOR SEVERAL INFRINGEMENTS TO GDPR REQUIREMENTS

DLA Piper Privacy Matters

By Denise Lebeau-Marianna and Yaël Hirsch. On 28 July 2020, the French Supervisory Authority (the “CNIL”) sanctioned the online shoes retail company, SPARTOO SAS, by a €250,000 fine and an injunction to comply with GDPR within 3 months under penalty for various non-compliances with the GDPR of the personal data processing related to clients, prospects and employees [1].

GDPR 93
article thumbnail

TikTok Surreptitiously Collected Android User Data Using Google-Prohibited Tactic

Threatpost

App concealed the practice of gathering device unique identifiers using an added layer of encryption.

article thumbnail

How to Choose the Right Metrics for Your Records Management Program

TAB OnRecord

In a three-part post we are looking at the role of metrics in demonstrating the value of RM, specifically in organizations that have implemented an electronic records management system. In this post we outline a four-step process to arriving at the right metrics. Read More.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

SANS Security Training Firm Hit with Data Breach

Dark Reading

A phishing email allowed an attacker to compromise a SANS employee's email environment, the organization reports.

article thumbnail

Microsoft August 2020 Patch Tuesday fixed actively exploited zero-days

Security Affairs

Microsoft August 2020 Patch Tuesday updates addressed 120 vulnerabilities, including two zero-days that have been exploited in attacks. Microsoft August 2020 Patch Tuesday updates have addressed 120 flaws, including two zero-day vulnerabilities that have been exploited in attacks in the wild. The two issues are a Windows spoofing bug and a remote code execution flaw in Internet Explorer.

article thumbnail

Threats vs. Thrift: Running Effective AppSec During a Global Crisis

Dark Reading

By looking at security testing capacity, staff expertise, and risks throughout the software supply chain, application security teams can improve their overall effectiveness.

Risk 85
article thumbnail

TSLAC Zoom Backgrounds

The Texas Record

The Texas State Library and Archives Commission has released a group of custom Zoom backgrounds featuring scenes from the State Library and Archives. They are free to download and may be used by the public. These 26 new background options include both indoor and outdoor scenes from the Lorenzo de Zavala State Archives and Library Building in downtown Austin, the State Records Center in Austin, and the Sam Houston Regional Library and Research Center in Liberty, Texas.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

FireEye Announces New Bug-Bounty Program

Dark Reading

The program, administered by Bugcrowd, will pay bounties of up to $2,500 per vulnerability.

109
109
article thumbnail

How to Approach an Office Records Management Overhaul from The Texas Record

IG Guru

Check out the article here. The post How to Approach an Office Records Management Overhaul from The Texas Record appeared first on IG GURU.

article thumbnail

Name That Toon: 'Rise' and Shine

Dark Reading

Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.

85
article thumbnail

Cryptanalysis of an Old Zip Encryption Algorithm

Schneier on Security

Mike Stay broke an old zipfile encryption algorithm to recover $300,000 in bitcoin. DefCon talk here.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Using 'Data for Good' to Control the Pandemic

Dark Reading

The tech community should unite to develop and distribute a universal COVID-19 contact-tracing application. Here's why and how.

89
article thumbnail

Import.io featured on the Inc. 5000 list of fastest-growing companies with three-year revenue growth of 640%

Import.IO

San Francisco, CA., August 12, 2020 – Inc. magazine today ranked Import.io No. 739 on its 39th annual Inc. 5000 list of the nation’s fastest-growing private companies. Import.io earned this prestigious recognition for its impressive three-year revenue growth of 640%, placing it among the top 100 fastest-growing software companies in. The post Import.io featured on the Inc. 5000 list of fastest-growing companies with three-year revenue growth of 640% appeared first on Import.io.

IT 52
article thumbnail

Kr00k, KRACK, and the Seams in Wi-Fi, IoT Encryption

Dark Reading

Black Hat talk expands on research that uncovered more weaknesses in Wi-Fi chips allowing for the unauthorized decryption of traffic.