Fri.Apr 01, 2022

article thumbnail

Viasat Confirms 'AcidRain' Malware Could Have Wiped Modems

Data Breach Today

No Smoking Gun, But Code Overlaps With Russian VPNFilter Malware, SentinelOne Finds The disruption of tens of thousands of Viasat consumer broadband modems across central Europe on Feb. 24 when Russia invaded Ukraine may have involved "AcidRain" wiper malware, security researchers at SentinelOne report. Viasat says those findings are "consistent" with the known facts of the attack.

Security 273
article thumbnail

Bypassing Two-Factor Authentication

Schneier on Security

These techniques are not new, but they’re increasingly popular : …some forms of MFA are stronger than others, and recent events show that these weaker forms aren’t much of a hurdle for some hackers to clear. In the past few months, suspected script kiddies like the Lapsus$ data extortion gang and elite Russian-state threat actors (like Cozy Bear, the group behind the SolarWinds hack) have both successfully defeated the protection. […].

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

PCI SSC Releases Data Security Standard Version 4.0

Data Breach Today

DSS v3.2.1 Active Until March 31, 2024, Then Retired Over 1-Year Period The PCI Security Standards Council on Thursday released the Payment Card Industry Data Security Standard version 4.0. The latest version's improvements are intended to counter evolving threats and technologies, and the new version will enable innovative methods to combat new threats.

Security 261
article thumbnail

Third Time’s a Charm? Privacy Shield Agreement Reached In Principle

Data Matters

The U.S. President and European Commission President announced in a joint press statement on March 25th, 2022 that an agreement “in principle” has been reached on a new Trans-Atlantic Data Privacy Framework (Privacy Shield Agreement 2.0). Once approved and implemented, the agreement would facilitate the transatlantic flow of personal data and provide an alternative data transfer mechanism (in addition to EU Standard Contractual Clauses and Binding Corporate Rules) for companies transferring pers

Privacy 97
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Tapping Public Health Research Tools to Fight Cybercrime

Data Breach Today

Tools and methodologies that have been helpful for global public health research might also provide better understanding of the root causes of cybercrime and the motivation of cybercriminals, especially as such crime has surged during the COVID-19 pandemic, says Stanley Mierzwa of Kean University.

260
260

More Trending

article thumbnail

Lazarus Using Trojanized DeFi App to Deliver Malware

Data Breach Today

Legitimate DeFi Wallet Also Implants a Malicious File When Executed North Korean advanced persistent threat group Lazarus has emerged with a fresh spear-phishing campaign that uses a Trojanized DeFi application containing a legitimate program called DeFi Wallet that saves and manages a cryptocurrency wallet, but also implants a malicious file when executed.

Phishing 255
article thumbnail

Weekly Update 289

Troy Hunt

Everyone just came for the Ubiquiti discussion, right? This is such a tricky one; if their products sucked we could all just forget about them and go on with our day. But they don't suck - they're awesome - and that makes it hard to fathom how a company that makes such great gear is responding this way to such a well-respected journo. I spend most of this week's video talking about this and perhaps what surprised me most, is even after that discussion there's a bunch of peopl

Passwords 106
article thumbnail

ISMG Editors: Lessons to Learn From Okta's Breach Response

Data Breach Today

Also: How Hackers Are Playing on NFT FOMO In the latest weekly update, four editors at ISMG discuss important cybersecurity issues, including the lessons we can learn from Okta's breach fallout and subsequent response, how the first NFT rug pull of 2022 has amounted to over $1 million, and the much-anticipated return to in-person events.

article thumbnail

G2 rates Jamf number one in Spring 2022 Report

Jamf

Jamf tops G2 ratings yet again with first place rankings in 26 categories, plus other high rankings for Jamf Pro, Jamf Now and Jamf Connect in G2’s Spring 2022 Report.

98
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

What is PHI?

Record Nations

Here at Record Nations, our goal is to help streamline your office efficiency, no matter what industry you’re in. As the world moves in a more digital direction, record management tends to move with it. HIPAA, FACTA, and GLBA have been around for a long time, but as technology changes, so do the regulations surrounding […]. The post What is PHI?

article thumbnail

What You Need to Know About PCI DSS 4.0's New Requirements

Dark Reading

The updated security payment standard's goal is to “address emerging threats and technologies and enable innovative methods to combat new threats” to customer payment information, the PCI Security Standards Council says.

article thumbnail

Russia Inches Toward Its Splinternet Dream

WIRED Threat Level

For years, the country has been trying to create its own sovereign internet—a goal given new impetus by the backlash to its invasion of Ukraine.

IT 102
article thumbnail

Zyxel fixes a critical bug in its business firewall and VPN devices

Security Affairs

Zyxel issued security updates for a critical vulnerability that affects some of its business firewall and VPN devices. Networking equipment vendor Zyxel has pushed security updates for a critical flaw, tracked as CVE-2022-0342 (CVSS 9.8), that affects some of its business firewall and VPN products. The vulnerability can be exploited to take control of the devices. “Zyxel has released patches for products affected by the authentication bypass vulnerability.

IT 89
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

NSA Employee Indicted for Sending Classified Data Outside the Agency

Dark Reading

Even the NSA has a malicious insider problem. The employee used his personal emails to send classified data to unauthorized outsiders on 13 different occasions.

90
article thumbnail

Apple Rushes Out Patches for 0-Days in MacOS, iOS

Threatpost

The vulnerabilities could allow threat actors to disrupt or access kernel activity and may be under active exploit.

Access 106
article thumbnail

CISA adds Sophos firewall bug to Known Exploited Vulnerabilities Catalog

Security Affairs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Sophos firewall flaw and seven other issues to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the recently disclosed CVE-2022-1040 flaw in the Sophos firewall, along with seven other issues, to its Known Exploited Vulnerabilities Catalog.

article thumbnail

Your KnowBe4 Fresh Content Updates from March 2022

KnowBe4

Check out the 74 new pieces of training content added in March, alongside the always fresh content update highlights and new features.

94
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Bugs in Wyze Cams Could Let Attackers Takeover Devices and Access Video Feeds via The Hacker News

IG Guru

Check out the article here. The post Bugs in Wyze Cams Could Let Attackers Takeover Devices and Access Video Feeds via The Hacker News appeared first on IG GURU.

Access 78
article thumbnail

More Than Ever, Security Matters

Dark Reading

Public policy proposals must consider technical, practical, and real-world security effects, and make sure we avoid unintended consequences.

article thumbnail

More Companies Are Digitizing Records Than Ever Before

Armstrong Archives

In the last several years, more companies are digitizing their records than ever before. Beyond the pandemic, there are many reasons for this shift toward more paper-independent workplaces, such as mitigating costs and better serving customers in a digital marketplace. Why Companies Are Making the Switch to Digitized Records. Projections indicate that 45% of the world’s top companies will increase their implementation of zero-paper workflows.

article thumbnail

Apple's Zero-Day Woes Continue

Dark Reading

Two new bugs in macOS and iOS disclosed this week add to the growing list of zero-days the company has rushed to patch over the past year.

78
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Nascent EU/ US Trans-Atlantic Data Privacy Framework: some points to note

Data Protection Report

On 25 March the EU Commission ( Commission ) and United States ( US ) announced that they had agreed in principle on a new “Trans-Atlantic Data Privacy Framework” ( TADPF ) to foster trans-Atlantic data flows and address the concerns raised by Schrems II. We briefly discuss the implications below. The announcement was very high level and short on detail.

article thumbnail

A Comprehensive Backup Strategy Includes SaaS Data, Source Code

Dark Reading

Backups aren't just limited to hard drives, databases and servers. This Tech Tip describes how organizations should expand their backup strategies.

65
article thumbnail

Trend Micro fixed high severity flaw in Apex Central product management console

Security Affairs

Trend Micro has fixed a high severity arbitrary file upload flaw, tracked as CVE-2022-26871 , in the Apex Central product management console. Cybersecurity firm Trend Micro has addressed a high severity security flaw, tracked as CVE-2022-26871 , in the Apex Central product management console. The CVE-2022-26871 vulnerability is an arbitrary file upload issue, its exploitation could lead to remote code execution.

article thumbnail

Document Management in a Hybrid/Remote Workforce

Armstrong Archives

Hybrid workforces are more common than ever, and that can create challenges when it comes to your document management. Fortunately, experienced third party services and effective tactics can help you minimize the risks. What Is Document Management? First, what is document management? At it’s core, it’s any process or system used to store, track, access, or otherwise handle records.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Anonymous targets oligarchs’ Russian businesses: Marathon Group hacked

Security Affairs

Anonymous continues its operations against Russia, the group announced the hack of the Russian investment firm Marathon Group. Anonymous continues to target Russian firms owned by oligarchs, yesterday the collective announced the hack of the Thozis Corp , while today the group claimed the hack of Marathon Group. The Marathon Group is a Russian investment firm owned by oligarch Alexander Vinokuro, who was sanctioned by the EU.

Archiving 125
article thumbnail

Friday Squid Blogging: Squid Migration and Climate Change

Schneier on Security

New research on the changing migration of the Doryteuthis opalescens as a result of climate change. News article : Stanford researchers have solved a mystery about why a species of squid native to California has been found thriving in the Gulf of Alaska about 1,800 miles north of its expected range: climate change. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.