Wed.Jan 12, 2022

article thumbnail

Phishers Rip Off High-Profile EA Gamers

Threatpost

Electronic Arts blamed “human error” after attackers compromised customer support and took over and drained some of the top FIFA Ultimate Team player accounts.

Security 110
article thumbnail

New RedLine malware version distributed as fake Omicron stat counter

Security Affairs

Experts warn of a new variant of the RedLine malware that is distributed via emails as fake COVID-19 Omicron stat counter app as a lure. Fortinet researchers have spotted a new version of the RedLine info-stealer that is spreading via emails using a fake COVID-19 Omicron stat counter app as a lure. The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials st

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Faking an iPhone Reboot

Schneier on Security

Researchers have figured how how to intercept and fake an iPhone reboot: We’ll dissect the iOS system and show how it’s possible to alter a shutdown event, tricking a user that got infected into thinking that the phone has been powered off, but in fact, it’s still running. The “NoReboot” approach simulates a real shutdown.

IT 124
article thumbnail

FTC Settles with Loan Application Company Over Alleged Misuse of Sensitive Personal Information

Hunton Privacy

On January 6, 2022, the Federal Trade Commission reached a $1.5 million settlement with loan application company ITMedia Solutions LLC (“ITMedia”) over alleged violations of the FTC Act and Fair Credit Reporting Act (“FCRA”). The FTC alleged that ITMedia deceptively acquired and indiscriminately shared consumers’ sensitive personal information under the guise of connecting them with lenders.

Marketing 118
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

U.S. Security Agencies Warn About Russian Threat Gangs Amid Ukraine Tensions

eSecurity Planet

U.S. federal security agencies are putting companies on alert to potential threats from Russian state-sponsored cybercriminal groups, warning in particular about dangers to critical infrastructure and urging organizations to learn how to detect and protect against attacks. The joint cybersecurity advisory issued Jan. 11 by the FBI, National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) comes as tensions rise between Russia, the United States and European count

Security 117

More Trending

article thumbnail

Compliance and Legal industry predictions for 2022

OpenText Information Management

“Power to the People” — a popular slogan for political activism and protests (and a great John Lennon song to boot) – has been a rallying cry for individuals to take control back from the powerful and corrupt. While not revolutionary in nature, we are undergoing a new digital age call to action by a … The post Compliance and Legal industry predictions for 2022 appeared first on OpenText Blogs.

article thumbnail

SysJoker, a previously undetected cross-platform backdoor made the headlines

Security Affairs

Security researchers found a new cross-platform backdoor, dubbed SysJoker , the is suspected to be the work of an APT group. Security experts from Intezer discovered a new backdoor, dubbed SysJoker , that is able to infect Windows, macOS, and Linux systems. The experts spotted a Linux variant of the backdoor in December while investigating an attack against an educational institution.

Education 104
article thumbnail

SEC Encourages Self-Reporting of Recordkeeping Violations Resulting From Employees’ Use of Personal Devices for Business Communications

Data Matters

On December 17, 2021, the U.S. Securities and Exchange Commission (SEC) announced settled charges against a broker-dealer firm for recordkeeping violations arising from its employees’ use of personal devices for business communications. The firm agreed to pay a $125 million penalty and to retain a compliance consultant to conduct a comprehensive review of its policies and procedures relating to the retention of electronic communications found on personal devices.

article thumbnail

New Cyberattack Campaign Uses Public Cloud Infrastructure to Spread RATs

Dark Reading

An attack campaign detected in October delivers variants of Nanocore, Netwire, and AsyncRATs to target user data.

Cloud 128
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Iran-linked APT35 group exploits Log4Shell flaw to deploy a new PowerShell backdoor

Security Affairs

Iran-linked APT35 group has been observed leveraging the Log4Shell flaw to drop a new PowerShell backdoor. Iran-linked APT35 cyberespionege group (aka ‘ Charming Kitten ‘ or ‘ Phosphorus ‘) has been observed leveraging the Log4Shell flaw to drop a new PowerShell backdoor, Check Point researchers states. The experts also details the use of a modular PowerShell-based framework dubbed CharmPower, that allows attackers to establish persistence, gather information, and execute

Cleanup 102
article thumbnail

Widespread, Easily Exploitable Windows RDP Bug Opens Users to Data Theft

Threatpost

Most Windows versions are at risk of remote, unprivileged attackers abusing RDP from the inside to hijack smart cards and get unauthorized file system access.

Risk 106
article thumbnail

Adobe fixes 4 critical Reader bugs that were demonstrated at Tianfu Cup

Security Affairs

Adobe released security updates to address multiple vulnerabilities affecting several products, including Acrobat and Reader. Adobe patches for January address 41 vulnerabilities in Windows and macOS versions of Acrobat and Reader products, Illustrator, Adobe Bridge, InCopy, and InDesign. 22 of these vulnerabilities were reported through the ZDI program.

Security 101
article thumbnail

Patch Management Today: A Risk-Based Strategy to Defeat Cybercriminals

Dark Reading

By combining risk-based vulnerability prioritization and automated patch intelligence, organizations can apply patches based on threat level. Part 2 of 3.

Risk 104
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

KCodes NetUSB flaw impacts millions of SOHO routers

Security Affairs

Cybersecurity experts discovered a flaw in the KCodes NetUSB component that impacts millions of end-user routers from different vendors. Cybersecurity researchers from SentinelOne have discovered a critical vulnerability ( CVE-2021-45608 ) in KCodes NetUSB component that is present in millions of end-user routers from different vendors, including Netgear, TP-Link, Tenda, EDiMAX, D-Link, and Western Digital.

article thumbnail

Check If You Have to Worry About the Latest HTTP Protocol Stack Flaw

Dark Reading

In this Tech Tip, SANS Institute’s Johannes Ullrich suggests using PowerShell to identify Windows systems affected by the newly disclosed vulnerability in http.sys.

89
article thumbnail

What is eDiscovery software?

OpenText Information Management

The discovery process in litigation requires that parties must exchange documents deemed relevant to the case. As most documentation is now created, stored and exchanged in digital form, this element of discovery has become known as electronic discovery – or eDiscovery – and has become an accepted part of legal systems worldwide. Today, the process … The post What is eDiscovery software?

70
article thumbnail

Why Is Cyber Assessment So Important in Security?

Dark Reading

All the pen testing and tabletop exercises in the world won't help unless an organization has a complete and accurate understanding of its assets.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

NSO Group Spyware Targeted Dozens of Reporters in El Salvador

WIRED Threat Level

The newly disclosed campaign shows how little the company has done to curb abuses of its powerful surveillance tools.

IT 87
article thumbnail

Flashpoint Acquires Risk Based Security

Dark Reading

Flashpoint plans to integrate Risk Based Security data and technology into its platform to boost threat intelligence and vulnerability management.

Risk 86
article thumbnail

The Tape Storage market in 2022

IG Guru

Check out the link here. The post The Tape Storage market in 2022 appeared first on IG GURU.

article thumbnail

Critical Infrastructure Security and a Case for Optimism in 2022

Dark Reading

The new US infrastructure law will fund new action to improve cybersecurity across rail, public transportation, the electric grid, and manufacturing.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Stolen TikTok Videos, Bent on Fraud, Invade YouTube Shorts

Threatpost

Scammers easily game YouTube Shorts with viral TikTok content, bilking both creators and users.

article thumbnail

Oxeye Introduce Open Source Payload Deobfuscation Tool

Dark Reading

Ox4Shell exposes hidden payloads thatare actively being used to confuse security protection tools and security teams.

article thumbnail

4 Steps in Streamlining Open Records Requests

Gimmal

Many public organizations are faced with the challenge of responding to records requests that they are legally required to produce within a tight timeline. For these types of requests, which go by a variety of names like FOIA, Public Records Requests, and Sunshine Laws, being proactive is not only an essential step in an excellent open records process; it becomes critical when you are working with tight deadlines and limited resources.

FOIA 52
article thumbnail

How Financial Institutions Use Machine Learning to Prevent Fraud

Rippleshot

Originally Posted Jan 2022 by GN Feature Story. Banking and financial institutions lose billions of dollars because of fraud. Machine learning can help detect and prevent fraud. Machine learning algorithms can reveal fraud patterns much faster and more accurately than humans or traditional rule-based systems. Read this article to understand how exactly banks can benefit from ML-powered solutions in fraud detection.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

The Roles of SAST and DAST and Fuzzing in Application Security

ForAllSecure

Applications have become a major part of our lives. From banking to shopping, nearly all daily tasks these days can be completed on a computer or smartphone. With more applications being built every day, the need for robust Application Security Testing (AST) has never been greater. In this blog post, we'll cover the roles DAST and SAST play in Application Security Testing and discuss how fuzzing fits into it all.

article thumbnail

What Did We Learn in 2021, and What’s Next for Ediscovery in 2022?

Hanzo Learning Center

As we’ve been wrapping up 2021 and looking forward to 2022—again hopeful that at some point this year we’ll see more of a return to “normal” life, whatever that means—I wanted to pause to reflect on our evolving data landscape. We’ve had two years of constant, chaotic change, with no clear end yet in sight. The legal industry has primarily risen to the challenge of managing increased caseloads and maintaining regulatory compliance amidst tremendous disruption.

article thumbnail

Amazon, Azure Clouds Host RAT-ty Trio in Infostealing Campaign

Threatpost

A cloudy campaign delivers commodity remote-access trojans to steal information and execute code.

Cloud 73