Thu.Sep 22, 2022

article thumbnail

Morgan Stanley's Hard Drive Destruction Investment Failure

Data Breach Today

$35 Million Fine From Securities and Exchange Commission Covers 5 Years of Mishaps Financial services giant Morgan Stanley will pay a $35 million fine to settle U.S. Securities and Exchange Commission charges that it failed to comply with rules requiring it to safeguard customer data as well as ensure it is disposed of properly.

article thumbnail

A New Linux Tool Aims to Guard Against Supply Chain Attacks

WIRED Threat Level

Security firm Chainguard has created a simple, open-source way for organizations to defend the cloud against some of the most insidious attacks.

Cloud 90
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Australian Telco Optus Warns of 'Significant' Data Breach

Data Breach Today

Current and Former Customers' Contact Details Exposed, But No Financial Information Australian telecommunications giant Optus is warning that current and former customers' personal details were exposed, including some driver's license and passport details, but no passwords or financial details, after it suffered a major data breach.

article thumbnail

Passkeys

Imperial Violet

This is an opinionated, “quick-start” guide to using passkeys as a web developer. It’s hopefully broadly applicable, but one size will never fit all authentication needs and this guide ignores everything that’s optional. So take it as a worked example, but not as gospel. It doesn't use any WebAuthn libraries, it just assumes that you have access to functions for verifying signatures.

Passwords 116
article thumbnail

LLMs in Production: Tooling, Process, and Team Structure

Speaker: Dr. Greg Loughnane and Chris Alexiuk

Technology professionals developing generative AI applications are finding that there are big leaps from POCs and MVPs to production-ready applications. They're often developing using prompting, Retrieval Augmented Generation (RAG), and fine-tuning (up to and including Reinforcement Learning with Human Feedback (RLHF)), typically in that order. However, during development – and even more so once deployed to production – best practices for operating and improving generative AI applications are le

article thumbnail

Cyberattack Disrupts Michigan School District for 2nd Day

Data Breach Today

K-12 Educational Sector Is a Target for Ransomware Gangs School is out for more than 3,000 students of a suburban Detroit district undergoing its second day of forensics analysis following a cyberattack. Students have been told not to use district-issued Chromebooks. Federal authorities have warned that school districts are targets of ransomware gangs.

More Trending

article thumbnail

Iranian Hackers Accessed Albania's Network for 14 Months

Data Breach Today

FBI, CISA Detail How Iran Launched Destructive Cyberattack Iranian hackers rambled across the Albanian government's network for 14 months before launching a ransomware and disk wiper attack in July, says the U.S. government. Iran exploited a Microsoft SharePoint vulnerability to gain access and then harvested credentials and exfiltrated data.

Access 204
article thumbnail

Ransomware Groups Turn to Intermittent Encryption to Speed Attack Times

eSecurity Planet

During a cyberattack, time is of the essence for both attackers and defenders. To accelerate the ransomware encryption process and make it harder to detect, cybercriminal groups have begun using a new technique: intermittent encryption. Intermittent encryption allows the ransomware encryption malware to encrypt files partially or only encrypt parts of the files.

article thumbnail

Universities Urged to Defend Sensitive Research from Hackers

Data Breach Today

Adversaries Want to Interfere With Research at US Schools. How Can They be Stopped? Cyberattacks against universities have forced academia to implement new rules and processes to safeguard sensitive research from adversaries like China, Russia and Iran. Texas A&M set up an office in 2016 to oversee security around scholarship, and the office has worked to prevent foreign influence.

Security 130
article thumbnail

Atlassian Confluence bug CVE-2022-26134 exploited in cryptocurrency mining campaign

Security Affairs

Threat actors are targeting unpatched Atlassian Confluence servers as part of an ongoing crypto mining campaign. Trend Micro researchers warn of an ongoing crypto mining campaign targeting Atlassian Confluence servers affected by the CVE-2022-26134 vulnerability. The now-patched critical security flaw was disclosed by Atlassian in early June, at the time the company warned of a critical unpatched remote code execution vulnerability affecting all Confluence Server and Data Center supported versio

Mining 109
article thumbnail

Your Expert Guide to CX Orchestration & Enhancing Customer Journeys

Speaker: Keith Kmett, Principal CX Advisor at Medallia

Join Keith Kmett, Principal CX Advisor, in this new webinar that will focus on: Understanding CX Orchestration Fundamentals: Gain a solid understanding of what CX orchestration is, its significance in the customer experience landscape, and how it plays a crucial role in shaping customer journeys. This includes the key concepts, strategies, and best practices involved in CX orchestration. 🔑 Connection to Customer Journey Maps: How to effectively integrate customer journey mapping into the

article thumbnail

SentinelOne's $100M Venture Capital Fund Seeks Data Startups

Data Breach Today

New S Ventures Fund Takes on CrowdStrike Fund, Backs Armorblox and Noetic Cyber SentinelOne is taking on top rival CrowdStrike in the venture arena, unveiling a $100 million fund to support security and data startups of all sizes. S Ventures will give the company broader reach in adjacent markets and enable high-value integrations that can grow over time.

Security 130
article thumbnail

Security Practices Are Improving, But Cybercriminals Are Keeping Up

KnowBe4

A survey by GetApp has found that the number of organizations using phishing simulations has risen from 30% in 2019 to 70% in 2022. Despite this positive trend, however, attackers continue to increase both the sophistication and volume of their phishing emails, which has led to a significant rise in employees clicking on phishing links.

Phishing 103
article thumbnail

Medtronic Recalls Certain Insulin Pumps Due to Cyber Flaw

Data Breach Today

Feds Also Warn the Issue Could Affect the Dose of Insulin Delivered to a Patient Federal authorities have issued urgent advisories - and Medtronic a voluntary product recall - about a cybersecurity flaw in some of the company's insulin pumps. If exploited, the flaw could result in patients receiving too little or too much insulin, which in extreme cases could result in death.

article thumbnail

A disgruntled developer is the alleged source of the leak of the Lockbit 3.0 builder

Security Affairs

A disgruntled developer seems to be responsible for the leak of the builder for the latest encryptor of the LockBit ransomware gang. The leak of the builder for the latest encryptor of the LockBit ransomware gang made the headlines, it seems that the person who published it is a disgruntled developer. The latest version of the encryptor, version 3.0 , was released by the gang in June.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Wintermute CEO Renews Plea for Hacker to Return Stolen Funds

Data Breach Today

Hack Traced to Bug in Wallet Addressing Tool Whoever stole $160 million from Wintermute, the cryptocurrency trading firm's CEO, Evgeny Gaevoy, would like the money back, minus 10% that's on the house. A hack of the London-based crypto market maker rocked the company, which supplies liquidity to cryptocurrency trading.

Marketing 130
article thumbnail

15-Year-Old Python Flaw Slithers into Software Worldwide

Dark Reading

An unpatched flaw in more than 350,000 unique open source repositories leaves software applications vulnerable to exploit. The path traversal-related vulnerability is tracked as CVE-2007-4559.

102
102
article thumbnail

Public Water Systems at Cybersecurity Risk, Lawmakers Hear

Data Breach Today

Municipal Water Systems Installing Networked Control Systems Public water systems in the United States will continue connecting control systems to the internet despite the risks, members of the House Homeland Security Committee heard today. Water systems need network connectivity for remote repairs, said an official with the National Rural Water Association.

Risk 130
article thumbnail

Compliance Archiving Features for Advanced CMS

Hanzo Learning Center

Often, a compliance team may have an archiving solution in place, only to discover their archives aren’t capturing their full dynamic site experience. Sometimes, they find that their archives haven’t captured anything at all beyond a login screen. Or they discover they’re only archiving a single customer experience when there are dozens of possible experiences that are being missed.

article thumbnail

Use Cases for Apache Cassandra®

There’s a good reason why Apache Cassandra® is quickly becoming the NoSQL database of choice for organizations of all stripes. In this white paper, discover the key use cases that make Cassandra® such a compelling open source software – and learn the important pitfalls to avoid. From understanding its distributed architecture to unlocking its incredible power for industries like healthcare, finance, retail and more, experience how Cassandra® can transform your entire data operations.

article thumbnail

Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign

Security Affairs

Threat actors targeted tens thousands of unauthenticated Redis servers exposed on the internet as part of a cryptocurrency campaign. Redis, is a popular open source data structure tool that can be used as an in-memory distributed database, message broker or cache. The tool is not designed to be exposed on the Internet, however, researchers spotted tens thousands Redis instance publicly accessible without authentication.

Mining 94
article thumbnail

Security Data Lakes Emerge to Address SIEM Limitations

eSecurity Planet

Every security team craves clear visibility into the endpoints, networks, containers, applications, and other resources of the organization. Tools such as endpoint detection and response (EDR) and extended detection and response (XDR) send an increasing number of alerts to provide that visibility. Unfortunately, the high storage and processing fees for traditional security information and event management (SIEM) tools often cause security teams to limit the alerts and logs that they feed into th

article thumbnail

A 15-Year-Old Unpatched Python bug potentially impacts over 350,000 projects

Security Affairs

More than 350,000 open source projects can be potentially affected by a 15-Year-Old unpatched Python vulnerability. More than 350,000 open source projects can be potentially affected by an unpatched Python vulnerability, tracked as CVE-2007-4559 (CVSS score: 6.8), that was discovered 15 years ago. The issue is a Directory traversal vulnerability that resides in the ‘extract’ and ‘extractall’ functions in the tarfile module in Python.

article thumbnail

SOC 2 Audits are a Crucial Weapon in Your Organisation’s Arsenal

IT Governance

Over the past year, the popularity of SOC 2 has surged. This has been led in part by UK several government departments deciding to use the framework as a requirement for vendors. SOC 2 is already widely adopted in the US by service organisations looking to partner with or provide services to other companies. That the framework is now also being implemented in the UK and across Europe will have downstream effects for all organisations.

article thumbnail

Reimagining CX: How to Implement Effective AI-Driven Transformations

Speaker: Steve Pappas

As businesses strive for success in an increasingly digitized world, delivering an exceptional customer experience has become paramount. To meet this demand, enterprises are embracing innovative approaches that captivate customers and fuel their loyalty. 💥 Enter conversational AI - an absolute game-changer (if done right) in redefining CX norms.

article thumbnail

Threat Actor Abuses LinkedIn's Smart Links Feature to Harvest Credit Cards

Dark Reading

The tactic is just one in a constantly expanding bag of tricks that attackers are using to get users to click on links and open malicious documents.

102
102
article thumbnail

Healthier data and trusted insights with Collibra Data Quality & Observability

Collibra

In a world getting flooded with all kinds of data, the obvious concern is – how to turn data into an asset. Data engineers, data stewards, DataOps engineers, rule writers, and other overlapping roles strive to make data ready for work. But is this data of high quality? Is it reliable? What about its integrity? Can it be trusted to power analytics and operations?

Cloud 87
article thumbnail

Congratulations to the 2022 Jammies Award winners

Jamf

Our annual Jammies Awards presentation celebrates customers and partners across our geographies and product lines for their outstanding accomplishments over the past year.

87
article thumbnail

How Data & Analytics Are Advancing IoT and RFID

HID Global

How IoT and RFID use of data science to extract insights and open new opportunities that are transforming nearly every sector and industry.

IoT 98
article thumbnail

Lessons Learned in PostgreSQL®

In today's digital landscape, the threat of ransomware demands proactive defense. This paper, inspired by a real PostgreSQL® database incident, offers vital strategies for effective mitigation. Instaclustr expert Perry Clark outlines immediate actions to minimize risks, ensuring a swift response to ransomware threats and protecting critical data assets.

article thumbnail

Unpatched Python Library Affects More Than 300,000 Open Source Projects

eSecurity Planet

Trellix security researchers have revealed a major vulnerability in the Python tarfile library that could be exploited in software supply chain attacks. The researchers believe it could be used against organizations at scale, which could lead to attacks as serious as the one that hit SolarWinds two years ago. Perhaps more troubling is that the vulnerability was first disclosed 15 years ago but remains unpatched.

article thumbnail

Hackers stole $160 Million from Crypto market maker Wintermute

Security Affairs

Threat actors have stolen around $160 million worth of digital assets worth from crypto trading firm Wintermute. Malicious actors continue to target organizations in the cryptocurrency industry, the last victim in order of time is crypto trading firm Wintermute. The company made the headlines after that threat actors have stolen around $160 million worth of digital assets.

article thumbnail

Prompt Injection/Extraction Attacks against AI Systems

Schneier on Security

This is an interesting attack I had not previously considered. The variants are interesting , and I think we’re just starting to understand their implications.