Wed.Jun 30, 2021

article thumbnail

White House Will Release Details on Exchange Attacks

Data Breach Today

Anne Neuberger Says Attacks Will Be Attributed Deputy national security adviser Anne Neuberger says the White House is preparing to release additional details, including attribution, about the attacks that targeted vulnerable on-premises Microsoft Exchange email servers at government agencies and other organizations earlier this year.

article thumbnail

We Infiltrated a Counterfeit Check Ring! Now What?

Krebs on Security

Imagine waking up each morning knowing the identities of thousands of people who are about to be mugged for thousands of dollars each. You know exactly when and where each of those muggings will take place, and you’ve shared this information in advance with the authorities each day for a year with no outward indication that they are doing anything about it.

Insurance 226
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Capital One Breach Suspect Faces New Criminal Charges

Data Breach Today

Paige Thompson Now Faces Up to 20 Years in Federal Prison, Documents Show The Justice Department has filed seven new criminal charges against Paige Thompson, who is suspected of hacking Capital One in 2019, which compromised the personal data of 100 million Americans, including exposing hundreds of thousands of Social Security numbers. She now faces a possible 20-year prison sentence.

article thumbnail

GUEST ESSAY: Why online supply chains remain at risk — and what companies can do about it

The Last Watchdog

The Solarwinds hack has brought vendor supply chain attacks — and the lack of readiness from enterprises to tackle such attacks — to the forefront. Related: Equipping Security Operations Centers (SOCs) for the long haul. Enterprises have long operated in an implicit trust model with their partners. This simply means that they trust, but don’t often verify, that their partners are reputable and stay compliant over time.

IT 129
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Zyxel Warns of Attacks on Its Firewall, VPN Products

Data Breach Today

Company Advises Users to Maintain Proper Security Policies as It Prepares Hotfix Taiwanese networking device manufacturer Zyxel is notifying customers about an ongoing series of attacks on some of its enterprise firewall and VPN products and is advising users to maintain proper remote access security policies as it prepares a hotfix.

IT 328

More Trending

article thumbnail

Senate Bill Addresses Federal Cyber Workforce Shortage

Data Breach Today

Workforce Expansion Act Would Create CISA, VA Training Programs Sens. Maggie Hassan and John Cornyn have introduced legislation that would create a pilot apprenticeship program within CISA. The Federal Cybersecurity Workforce Expansion Act would also create a cyber-training program within the Department of Veterans Affairs, equipping veterans to hold careers in cyber defense.

article thumbnail

Ransomware Groups are Targeting VMs

eSecurity Planet

Virtual machines are becoming an increasingly popular avenue cybercriminals are taking to distribute their ransomware payloads onto compromised corporate networks. Bad actors have been exploiting VMs in recent years as a way of running under the radar, making it more difficult to detect their malware while it encrypts the data they intend to hold for ransom.

article thumbnail

Attackers Increasingly Using Cobalt Strike

Data Breach Today

Report: Pen Testing Tool a Favorite Among Lower-Level Threat Groups The legitimate security penetration testing tool Cobalt Strike is increasingly being used by threat groups, especially those that are less technically proficient, according to a Proofpoint report. The security firm says the number of attacks using the tool rose by 161% from 2019 to 2020.

Security 281
article thumbnail

PoC Exploit Circulating for Critical Windows Print Spooler Bug

Threatpost

The "PrintNightmare" bug may not be fully patched, some experts are warning, leaving the door open for widespread remote code-execution attacks.

113
113
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Malware Opens the Door to XMRig Cryptominer

Data Breach Today

'Crackonosh' Disables Antivirus Programs Cyberattackers are using malware dubbed "Crackonosh" to disable many antivirus programs, paving the way for installation of the XMRig cryptominer, according to Avast. So far, this approach has generated more than $2 million in Monero for the attackers over the last seven months, the security firm reports.

Security 238
article thumbnail

Colombian authorities arrested hacker behind the Gozi Virus

Security Affairs

Colombian authorities arrested a Romanian hacker who is wanted in the U.S. for distributing the Gozi virus that already infected more than a million computers. Colombian officials announced the arrest of the Romanian hacker Mihai Ionut Paunescu who is wanted in the U.S. for his key role in the distribution of the Gozi virus that infected more than a million computers from 2007 to 2012.

Security 102
article thumbnail

HHS OIG: Medicare Should Require Hospital Device Security

Data Breach Today

CMS Says It's Considering New Cybersecurity Requirements The Centers for Medicare and Medicaid Services is considering new cybersecurity requirements for hospitals participating in Medicare after a watchdog agency recommended CMS should require the facilities to address the cybersecurity of their networked medical devices.

CMS 233
article thumbnail

EDRM.net releases the new Information Governance Model v4.0

IG Guru

A new Information Governance Reference Model Diagram (IGRM) has been released for public comment. Comments will be received and considered until July 9, 2021 and be the only official IGRM diagram on December 1, 2021. Please send your comments to info@edrm.net. EDRM thanks the current project trustees, Eric Mandel and Lynn Molffetta as well as […].

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Should Western Digital Emergency-Patch Old NAS Devices?

Data Breach Today

As Attackers Wipe Outdated Devices, Company Promises Trade-In on Newer, Supported Devices The saga around how scores of aging Western Digital NAS devices were remotely erased has deepened with the discovery of a new, unknown software vulnerability. The situation underscores the problems of still-used devices that have been abandoned by manufacturers.

article thumbnail

Indexsinas SMB Worm Campaign Infests Whole Enterprises

Threatpost

The self-propagating malware's attack chain is complex, using former NSA cyberweapons, and ultimately drops cryptominers on targeted machines.

Security 107
article thumbnail

3 Things Every CISO Wishes You Understood

Dark Reading

Ensuring the CISO's voice is heard by the board will make security top of mind for the business, its employees, and their customers.

Security 137
article thumbnail

Zero-Day Used to Wipe My Book Live Devices

Threatpost

Threat actors may have been duking it out for control of the compromised devices, first using a 2018 RCE, then password-protecting a new vulnerability.

Passwords 101
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Attackers Already Unleashing Malware for Apple macOS M1 Chip

Dark Reading

Apple security expert Patrick Wardle found that some macOS malware written for the new M1 processor can bypass anti-malware tools.

Security 103
article thumbnail

LinkedIn Hack is Scraped Data, Company Claims

eSecurity Planet

A hacker who recently offered 700 million LinkedIn records for sale alarmed LinkedIn users and security specialists, but the company insists the data is linked to previously reported scraped data and wasn’t hacked. The RaidForums post offering the data included a sample users’ full names, genders, birthdates, LinkedIn user names, Facebook user names, Twitter user names, GitHub user names, email addresses, phone numbers, job titles, and full company information.

article thumbnail

Feds Told to Better Manage Facial Recognition, Amid Privacy Concerns

Threatpost

A GAO report finds government agencies are using the technology regularly in criminal investigations and to identify travelers, but need stricter management to protect people’s privacy and avoid inaccurate identification.

Privacy 76
article thumbnail

9 Hot Trends in Cybersecurity Mergers & Acquisitions

Dark Reading

Security experts share their observations of the past year in cybersecurity M&A, highlighting key trends and notable deals.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Why MTTR is Bad for SecOps

Threatpost

Kerry Matre, senior director at Mandiant, discusses the appropriate metrics to use to measure SOC and analyst performance, and how MTTR leads to bad behavior.

Cloud 80
article thumbnail

European Commission Adopts UK Adequacy Decisions Allowing Personal Data to Freely Flow from the EU to the UK

Data Matters

On 28 June 2021, the European Commission announced that it has adopted two adequacy decisions for the UK, one under the General Data Protection Regulation ( GDPR ) and one under the Data Protection Directive with Respect to Law Enforcement ( Law Enforcement Directive ) ( Adequacy Decisions ). The announcement comes just two days before the bridging period for data transfers between the EU and the UK was set to expire.

article thumbnail

Ireland: Ireland legislates for third party rights – removing SCCs governing law concerns

DLA Piper Privacy Matters

The new Standard Contractual Clauses ( SCCs ) issued by the European Commission came into force on 27 June 2021. The SCCs allow parties to choose the governing law of one of the EU Member States, provided that such law allows for third party beneficiary rights. As privity of contract rules apply in Ireland, there had been short-lived concerns about whether Irish law adequately recognised third-party beneficiary rights.

article thumbnail

HID Global Joins Forbes Technology Council

HID Global

HID Global Joins Forbes Technology Council. kbjork. Wed, 06/30/2021 - 14:59.

94
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Impersonation Becomes Top Phishing Technique

Dark Reading

A new report finds IT, healthcare, and manufacturing are the industries most targeted by phishing emails.

article thumbnail

Employee Spotlight:  Lynn Eichlin – Everything else is Peanut Butter on a Rice Cake!

Synergis Software

We are pleased to honor Lynn Eichlin this month in our Employee Spotlight! Lynn joined Synergis 14 years ago and started in our Autodesk reseller business (Synergis’ Engineering Design Solutions division) as a Customer Service Representative. Lynn transitioned to Synergis Software to work with our proprietary software sales team in a similar role, and then was promoted to Account Manager a few years later.

Sales 52
article thumbnail

5 Questions to Expect at Your Next Remote Job Interview

Adapture

5 Questions to Expect at Your Next Remote Job Interview. If you’re interviewing for a remote position, not only can you expect to field a variety of questions about yourself and your experience, but you should also come prepared with a battery of your own inquiries about your potential future role. While your interviewer may be curious about your previous responsibilities, your work ethic, or how you manage your time, you might want to know things like how the company maintains its culture in a