Mon.Sep 14, 2020

article thumbnail

Due Diligence That Money Can’t Buy

Krebs on Security

Most of us automatically put our guard up when someone we don’t know promises something too good to be true. But when the too-good-to-be-true thing starts as our idea, sometimes that instinct fails to kick in. Here’s the story of how companies searching for investors to believe in their ideas can run into trouble. Nick is an investment banker who runs a firm that helps raise capital for its clients (Nick is not his real name, and like other investment brokers interviewed in this stor

article thumbnail

Russia-Backed Hackers Try to Harvest Office 365 Credentials

Data Breach Today

Microsoft Offers More Details on Group's Efforts to Target US Election Campaigns Microsoft is providing additional details about how a hacking group affiliated with Russian military intelligence is attempting to harvest Office 365 credentials associated with election campaigns in the U.S. and U.K.

Military 301
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

4 Key Tools for Your Remote Work Tech Stack

OneHub

The sudden transition to remote working has meant that virtual tools and technologies are now uppermost in most business leaders minds. From chat and video to file sharing and more, there’s lots to consider when it comes to empowering teams to work efficiently from home. Businesses need to adapt existing elements of the business tech stack to make them more remote work friendly – as well as tackle new security and licensing issues.

Sales 139
article thumbnail

CISA: Chinese Hackers Targeting US Agencies

Data Breach Today

Groups Exploiting Unpatched Vulnerabilities The U.S. Cybersecurity and Infrastructure Security Agency warns that hacking groups backed by the Chinese Ministry of State Security are exploiting several unpatched vulnerabilities to target federal agencies.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Staples discloses data breach exposing customer order data

Security Affairs

Giant office retail company Staples disclosed a data breach, threat actors accessed some of its customers’ order data. Staples, the office retail giant, disclosed a data breach, it notified its customers that their order data have been accessed by threat actors without authorization. The office retail giant sent out a data breach notification letter to the impacted customers, the incident took place around September 2.

More Trending

article thumbnail

ICO Publishes Its Accountability Framework

Hunton Privacy

On September 9, 2020, the UK Information Commissioner’s Office (“ICO”) published an Accountability Framework , designed to assist organizations in complying with their accountability obligations under the EU General Data Protection Regulation (“GDPR”). The GDPR’s accountability principle requires that organizations both comply with their legal requirements under the GDPR, and also demonstrate their compliance.

IT 114
article thumbnail

Patient Monitoring Software Vulnerabilities Identified

Data Breach Today

Philips and DHS Issue Advisories; Mitigation Tips Offered Federal authorities and medical device maker Philips have issued security alerts about security vulnerabilities in some of the company's patient monitoring software. Until patches are available, the company is recommending risk mitigation steps.

Risk 261
article thumbnail

Interesting Attack on the EMV Smartcard Payment Standard

Schneier on Security

It’s complicated , but it’s basically a man-in-the-middle attack that involves two smartphones. The first phone reads the actual smartcard, and then forwards the required information to a second phone. That second phone actually conducts the transaction on the POS terminal. That second phone is able to convince the POS terminal to conduct the transaction without requiring the normally required PIN.

Paper 113
article thumbnail

TikTok Reportedly Picks Oracle as US 'Technology Partner'

Data Breach Today

Chinese State Media Says TikTok Operations and Source Code Off Limits to US Buyers Potentially capping a fraught political showdown, China's TikTok, which is owned by Beijing-based ByteDance, has reportedly chosen Oracle to be its U.S. "technology partner," rejecting a bid by Microsoft. But Chinese state media suggests reports of a deal might be premature.

IT 237
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

CIRWA Project tracks ransomware attacks on critical infrastructure

Security Affairs

Researchers from Temple University have been tracking ransomware attacks on critical infrastructure all over the world. A team of researchers at Temple University in Philadelphia has presented a project named CIRWA (repository of critical infrastructure ransomware attacks) that aims at tracking ransomware attacks on critical infrastructure worldwide.

article thumbnail

TikTok Picks Oracle as US 'Technology Partner'

Data Breach Today

Chinese State Media Says TikTok Operations and Source Code Off Limits to US Buyers Potentially capping a fraught political showdown, China's TikTok, which is owned by Beijing-based ByteDance, has chosen Oracle to be its U.S. "technology partner," rejecting a bid by Microsoft. But Chinese state media suggests reports of a deal might be premature.

IT 175
article thumbnail

Cloud Leak Exposes 320M Dating-Site Records

Threatpost

A misconfigured, Mailfire-owned Elasticsearch server impacted 70 dating and e-commerce sites, exposing PII and details such as romantic preferences.

Cloud 108
article thumbnail

IRS Seeks Fresh Ways to Trace Cryptocurrency Transactions

Data Breach Today

Tech Firms to Receive Grants to Support Research Efforts in Cybercrime Fight The IRS is offering grants of up to $625,000 to tech companies that devise ways to help the tax agency trace cryptocurrency transactions as part of its investigations into money laundering and other types of cybercrimes.

IT 176
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Magecart Attack Impacts More Than 10K Online Shoppers

Threatpost

Close to 2,000 e-commerce sites were infected over the weekend with a payment-card skimmer, maybe the result of a zero-day exploit.

Security 112
article thumbnail

More Printers Could Mean Security Problems for Home-Bound Workers

Dark Reading

Tricked-out home offices have led to an influx in printers, many of which have not been set up securely, leaving workers and their companies vulnerable.

Security 105
article thumbnail

Zerologon attack lets hackers to completely compromise a Windows domain

Security Affairs

Zerologon attack allows threat actors to take over enterprise networks by exploiting the CVE-2020-1472 patched in the August 2020 Patch Tuesday. Administrators of enterprise Windows Servers have to install the August 2020 Patch Tuesday as soon as possible to protect their systems from Zerologon attack that exploits the CVE-2020-1472. The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon.

article thumbnail

Researchers, Companies Slam Mobile Voting Firm Voatz for 'Bad Faith' Attacks

Dark Reading

In a letter, almost 70 different security firms and individual researchers criticize Voatz for misrepresenting to the US Supreme Court widely accepted security research practices.

Security 120
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Popular Marketing Tool exposes data of users of dating sites

Security Affairs

Personal details of hundreds of users of dating sites were exposed online earlier this month. An Elasticsearch server containing personal details of hundreds of thousands of dating site users were exposed online without authentication. The unsecured database was discovered by security researchers from vpnMentor at the end of August. “ vpnMentor’s research team recently received a report from an anonymous ethical hacker about a massive data leak exposing users of over 70 adult dating and

article thumbnail

What does same-day support mean to you?

Jamf

With Jamf ready to offer same-day support for a ninth year in a row, we asked our Jamf Heroes what same-day support means to them.

98
article thumbnail

TikTok Fixes Flaws That Opened Android App to Compromise

Threatpost

The flaws are disclosed as Oracle reportedly partners with TikTok as concerns in the U.S. over spying continue.

Privacy 104
article thumbnail

Virginia's Largest School System Hit With Ransomware

Dark Reading

Fairfax County Public Schools has launched an investigation following a ransomware attack on some of its technology systems.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs

Threatpost

Monday's CISA advisory is a staunch reminder for federal government and private sector entities to apply patches for flaws in F5 BIG-IP devices, Citrix VPNs, Pulse Secure VPNs and Microsoft Exchange servers.

article thumbnail

E-Commerce Sites Hit With New Attack on Magento

Dark Reading

The campaign targeted sites running Magento Version 1, a version of the e-commerce software that is past end-of-life.

131
131
article thumbnail

MaskOn for Security giveaway

OpenText Information Management

As many of us are still working from home today, security is top of mind. We want to hear from you about your experiences with security and remote work over the last few months. Every 2 weeks, we’ll be sharing a new question on our LinkedIn and Twitter pages. If you take the time to … The post MaskOn for Security giveaway appeared first on OpenText Blogs.

article thumbnail

Open Source Security's Top Threat and What To Do About It

Dark Reading

With open source developers regularly churning out new tools, the risk landscape has become too fragmented to properly monitor.

IT 125
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

New PIN Verification Bypass Flaw Affects Visa Contactless Payments via the Hacker News

IG Guru

Check out this story here. The post New PIN Verification Bypass Flaw Affects Visa Contactless Payments via the Hacker News appeared first on IG GURU.

article thumbnail

Large Cloud Providers Much Less Likely Than Enterprises to Get Breached

Dark Reading

Pen-test results also show a majority of organizations have few protections against attackers already on the network.

Cloud 98
article thumbnail

The post pandemic legal landscape

OpenText Information Management

The legal industry is not known for embracing change. Faced with the COVID-19 pandemic, legal professionals have been forced to re-evaluate their business models and reassess the best way to work. For law firms, to survive the downturn, many different approaches were taken (e.g., layoffs, furloughs, pay cuts). Now, downsizing office space, hoteling and remote … The post The post pandemic legal landscape appeared first on OpenText Blogs.

57