Fri.Apr 23, 2021

article thumbnail

Analysts Uncover More Servers Used in SolarWinds Attack

Data Breach Today

RiskIQ: Discovery Sheds Light on Size of Cyberespionage Operation Researchers at RiskIQ say they've discovered more than a dozen previously undocumented command-and-control servers used in the SolarWinds supply chain attack, showing that the cyberespionage operation was much larger than previously identified.

318
318
article thumbnail

Belgian Constitutional Court Annuls Data Retention Framework for Electronic Communications Data

Hunton Privacy

On April 22, 2021, the Belgian Constitutional Court annulled (in French) the framework set forth by the Law of 29 May 2016 (the “Law”) requiring telecommunications providers to retain electronic communications data in bulk. The Constitutional Court’s decision follows an October 6, 2020 Court of Justice of the European Union (“CJEU”) ruling (in French) on preliminary questions related to the compatibility of the data retention framework with EU law.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Turkish Police Probe Thodex Cryptocurrency Exchange

Data Breach Today

CEO Accused of Fleeing to Albania With $2 Billion in Funds, Vows to Clear His Name Has the CEO of inaccessible Turkish cryptocurrency exchange Thodex exit-scammed, fleeing the country with $2 billion worth of his customers' assets? So say critics, and police have launched an investigation. But the CEO, Faruk Fatih Ozer, who's in Albania, has vowed to clear his name and restore users' funds.

284
284
article thumbnail

FTC Reiterates AI Best Practices

Hunton Privacy

Building upon its April 2020 business guidance on Artificial Intelligence and algorithms , on April 19, 2021, the FTC published new guidance focused on how businesses can promote truth, fairness and equity in their use of AI. In the guidance, the FTC recognizes the potential benefits of AI, but stresses the need to harness these benefits without inadvertently introducing bias or other unfair outcomes.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Analysis: REvil’s $50 Million Extortion Effort

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of ransomware gang REvil’s threat to release stolen Apple device blueprints unless it receives a massive payoff. Also featured: Discussions of the importance of a “shift left” strategy and efforts to secure cryptocurrencies.

More Trending

article thumbnail

Smaller Can Be Better: Where SMBs Excel at Security

Data Breach Today

Cisco Study Reveals Areas Where SMBs Outrank Large Organizations Cisco recently released the 2021 Security Outcomes Study - Small and Midsize Business (SMB) Edition, which revealed a number of somewhat surprising findings about SMBs and how they compare to their larger counterparts.

Security 299
article thumbnail

New Qlocker ransomware infected hundreds of QNAP NAS devices in a few days

Security Affairs

A new ransomware strain dubbed Qlocker is infecting hundreds of QNAP NAS devices every day and demanding a $550 ransom payment. Experts are warning of a new strain of ransomware named Qlocker that is infecting hundreds of QNAP NAS devices on daily bases. The malware moves all files stored on the device to password-protected 7zip archives and demand the payment of a $550 ransom.

article thumbnail

Supernova Attack Leveraged SolarWinds, Pulse Secure

Data Breach Today

CISA Describes APT Group's Methods An advanced persistent threat group gained long-term access to an unnamed entity's network through its Ivanti Pulse Secure VPN and SolarWinds' Orion server and then installed Supernova malware, according to the U.S. Cybersecurity and Infrastructure Security Agency.

Security 238
article thumbnail

Darkside Ransomware gang aims at influencing the stock price of their victims

Security Affairs

The Darkside ransomware gang is enhancing its extortion tactics to interfere with the valuation of stocks of companies that are listed on NASDAQ or other stock markets. The Darkside ransomware operators are stepping up their extortion tactics targeting companies that are listed on NASDAQ or other stock markets with a new technique. The group announced with a message on their leak side that they will provide information stolen from these companies before the publication, so that it would be possi

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

QNAP Systems' Appliance Users Hit by Ransomware

Data Breach Today

Users Advised to Install Malware Remover, Conduct Scan Following news reports of ransomware attackers targeting QNAP Systems' network-attached storage appliances, encrypting users' data and then demanding a ransom, the company is urging users to immediately install a malware remover and run a malware scan.

article thumbnail

Oscar-Bait, Literally: Hackers Abuse Nominated Films for Phishing, Malware

Threatpost

Judas and the Black Messiah may be a favorite for Best Picture at the 93rd Academy Awards on Sunday, but it's a fave for cybercriminals too.

Phishing 120
article thumbnail

ISMG Editors’ Panel: Securing Cryptocurrencies and More

Data Breach Today

Discussion Also Tackles Market Trends, Nation-State Threats Four editors at Information Security Media Group review important cybersecurity developments, including improving security for cryptocurrencies.

Security 199
article thumbnail

5 Fundamental But Effective IoT Device Security Controls

Threatpost

Matt Dunn, the associate managing director for cyber-risk at Kroll, discusses how to keep networks safe from insecure IoT devices.

IoT 121
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

How Does Records Management Benefit Us, Anyway?

The Texas Record

By now, you’re probably aware your government is legally required to comply with records management laws. Though it is often difficult to motivate yourself, colleagues, or supervisors to implement something just because it’s required. It’s human nature to resist things we perceive as difficult, time-consuming, or obligatory. The records management assistance (RMA) team at TSLAC wants records management to be as fun as possible!

article thumbnail

REvil’s Big Apple Ransomware Gambit Looks to Pay Off

Threatpost

The notorious cybercrime gang could make out whether or not Apple pays the $50 million ransom by May 1 as demanded.

article thumbnail

Tell Us the Truth: Why Do You LOVE Passwords?

Dark Reading

There must be something you appreciate about the humble password, right? Tell us what you think.

Passwords 130
article thumbnail

A new Linux Botnet abuses IaC Tools to spread and other emerging techniques

Security Affairs

A new Linux botnet uses Tor through a network of proxies using the Socks5 protocol, abuses legitimate DevOps tools, and other emerging techniques. Researchers from Trend Micro have spotted a new Linux botnet employing multiple emerging techniques among cyber-criminals, including the use of Tor proxies, the abuse of legitimate DevOps tools, and the removal or deactivation of competing malware.

Mining 94
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Prometei Botnet Could Fire Up APT-Style Attacks

Threatpost

The malware is for now using exploits for the Microsoft Exchange "ProxyLogon" security bugs to install Monero-mining malware on targets.

Mining 107
article thumbnail

EU Commission Issues Draft AI Regulation

Data Matters

On April 21, 2021, the European Commission ( EC ) issued its eagerly awaited draft proposal on the EU Artificial Intelligence Regulation ( Draft AI Regulation ) – the first formal legislative proposal regulating Artificial Intelligence ( AI ) on a standalone basis. The Draft AI Regulation is accompanied by a revision of the EU’s rules on machinery products, which lay down safety requirements for machinery products before being placed on the EU market.

article thumbnail

Apple’s Ransomware Mess Is the Future of Online Extortion

WIRED Threat Level

This week, hackers stole confidential schematics from a third-party supplier and demanded $50 million not to release them.

article thumbnail

Window Snyder Launches Startup to Fill IoT Security Gaps

Dark Reading

Thistle Technologies aims to help connected device manufacturers securely deliver updates to their products.

IoT 102
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Information Governance: Take Small Bites to Avoid Choking

IG Guru

K’ung Fu-Tse (551–479 BC), or Confucius as he came to be known in the western world, is reputed to have said, “a man can eat an elephant if need be – one bite at a time.” This of course is as true today as it was some 2,500 years ago. And Information Governance is a rather robust […]. The post Information Governance: Take Small Bites to Avoid Choking appeared first on IG GURU.

article thumbnail

Password Manager Suffers 'Supply Chain' Attack

Dark Reading

A software update to Click Studios' Passwordstate password manager contained malware.

Passwords 144
article thumbnail

Sandboxing: Advanced Malware Analysis in 2021

eSecurity Planet

Antivirus protection isn’t enough to protect against today’s advanced threats. To fill this gap and aid in the analysis, detection, and testing of malware, sandboxing is widely used to give organizations the setting, isolation, and security tools needed to preserve the integrity of the host network. In 2021, sandboxes are now a fundamental part of an organization’s cybersecurity architecture.

article thumbnail

Insider Data Leaks: A Growing Enterprise Threat

Dark Reading

Report finds 85% of employees are more likely to leak sensitive files now than before the COVID-19 pandemic.

100
100
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

SentinelOne Product Review

eSecurity Planet

Endpoint detection and response (EDR) is a vital tool for creating an effective security infrastructure for your organization. Endpoints are the most common entry point for malware and other malicious attackers, and protecting them is more important than ever with the boom in remote work due to the COVID-19 pandemic. About SentinelOne. SentinelOne is an advanced EDR tool that uses AI-powered threat detection and response.

article thumbnail

SOC 2 Attestation Tips for SaaS Companies

Dark Reading

Attestation helps SaaS vendors demonstrate that digital security is a primary focus.

Security 144
article thumbnail

This time for sure, Pinky!

Adam Shostack

If everyone agrees on what we should do, why do we seem incapable of doing it? Alternately, if we are doing what we have been told to do, and have not reduced the risks we face, are we asking people to do the wrong things? Read Mike Tanji’s full article, From Solar Sunrise to Solar Winds: The Questionable Value of Two Decades of Cybersecurity Advice.

Risk 40