Krebs on Security

JULY 28, 2022

Microleaves , a ten-year-old proxy service that lets customers route their web traffic through millions of Microsoft Windows computers, recently fixed a vulnerability in their website that exposed their entire user database. Microleaves claims its proxy software is installed with user consent, but data exposed in the breach shows the service has a lengthy history of being supplied with new proxies by affiliates incentivized to distribute the software any which way they can — such as by sec

Computer and Electronics 203

Computer and Electronics Sales Marketing Blockchain 203

Data Breach Today

JULY 28, 2022

Dominant Ransomware Group Remains Highly Active, Has Enjoyed Unusual Longevity Since the decline and fall of the Conti ransomware brand earlier this year, LockBit appears to have seized the mantle, listing more victims on its data leak site than any other. Experts say the group's focus on technical sophistication and keeping affiliates happy remain key to its success.

Ransomware 325

Ransomware IT 325

Jamf

JULY 28, 2022

Integrating Butterfly Network's’ s innovative hand-held Ultrasound-on-Chip™ technology with Jamf supports HIPAA-compliant patient care while making medical imaging accessible everywhere.

Access 119

Access 119

Data Breach Today

JULY 28, 2022

The ISMG Security Report analyzes a settlement with the U.S. Justice Department, in which Uber accepts responsibility for a data breach cover-up to avoid criminal charges. It also discusses why early-stage startups are conserving cash and recent initiatives from the U.S. Federal Trade Commission.

Data breaches 262

Data breaches Security IT 262

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Schneier on Security

JULY 28, 2022

Kaspersky is reporting on a new UFEI rootkit that survives reinstalling the operating system and replacing the hard drive. From an article : The firmware compromises the UEFI, the low-level and highly opaque chain of firmware required to boot up nearly every modern computer. As the software that bridges a PC’s device firmware with its operating system, the UEFI—short for Unified Extensible Firmware Interface—is an OS in its own right.

IT 115

IT Security 115

KnowBe4

JULY 28, 2022

Malicious USB keys have always been a problem. There is almost no professional penetration testing team that does not drop a handful of USB keys outside of any targeted organization and see success from employees plugging them in and opening boobytrapped documents or running malicious executables.

111

111

Data Breach Today

JULY 28, 2022

Threat Actor Uses Zero-Days to Deliver 'Subzero' Malware Microsoft is revealing details of an advanced spyware campaign in a bid to neutralize its effectiveness. It fingers Austrian firm DSIRF as responsible for coding malware known as "Subzero," which Microsoft researchers dub "Knotweed." Pressure is mounting on companies that supply spyware apps.

IT 243

IT 243

IT Governance

JULY 28, 2022

It’s been more than a month since the Clarion Housing Group was hit by a cyber attack, yet IT services remain down and residents say they are being bombarded with phishing scams. Clarion, which manages 350,000 people in 125,000 homes across the UK, was compromised in June in a suspected malware attack. The housing association said that the incident affected phone lines and other IT systems, and advised residents not to contact Clarion by phone unless they needed an emergency repair.

Government 105

Government Phishing Personal data IT 105

Data Breach Today

JULY 28, 2022

DeVry CISO on Managing Security, Change in the Transformed Education Industry In March of 2020, DeVry University had 40 active campuses across the United States. Then the pandemic hit, and they all closed their doors and sent students home to study virtually. The cybersecurity challenges were immediate and huge, and CISO Fred Kwong shares how he tackled them.

Education 230

Education Cybersecurity Security 230

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Security Affairs

JULY 28, 2022

This month Akamai blocked the largest distributed denial-of-service (DDoS) attack that hit an organization in Europe. On July 21, 2022, Akamai mitigated the largest DDoS attack that ever hit one of its European customers. The attack hit an Akamai customer in Eastern Europe that was targeted 75 times in the past 30 days with multiple types of DDoS attacks, including UDP, UDP fragmentation, ICMP flood, RESET flood, SYN flood, TCP anomaly, TCP fragment, PSH ACK flood, FIN push flood, and PUSH flood

IT 105

IT Security Information Security 105

DLA Piper Privacy Matters

JULY 28, 2022

On 27 July 2022, the highest administrative court in the Netherlands, published its highly anticipated judgment involving the Dutch Data Protection Authority’s assessment of “legitimate interest” under Article 6(1)(f) GDPR. It was expected that the court would provide some clarification on whether “ purely commercial interests ” can qualify as legitimate interests within the meaning of Article 6(1)(f) GDPR with a potential to refer preliminary questions to the ECHR for clarification.

GDPR 105

GDPR Personal data Privacy IT 105

Hunton Privacy

JULY 28, 2022

On July 24, 2022, the Financial Express published an article on Rajeev Chandrasekhar, the Indian Minister of State for Electronics and Information Technology, noting that the introduction of the Indian Data Protection Bill (the “Bill”) before Parliament will be delayed by a few months. The Bill was expected to be tabled during the Monsoon Session of Parliament, which commenced on July 18, 2022.

Government 102

Government IT 102

Dark Reading

JULY 28, 2022

Attackers almost immediately leapt on a just-disclosed bug, CVE-2022-26138, affecting Atlassian Confluence, which allows remote, unauthenticated actors unfettered access to Confluence data.

Access 99

Access 99

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

KnowBe4

JULY 28, 2022

A new attack uses one brand email domain to increase the chances of reaching an Inbox, while spoofing another brand to trick users into transitioning to a vishing attack.

Phishing 99

Phishing 99

Dark Reading

JULY 28, 2022

With Microsoft disabling Office macros by default, threat actors are increasingly using ISO, RAR, LNK, and similar files to deliver malware because they can get around Windows protections.

99

99

KnowBe4

JULY 28, 2022

Researchers at WithSecure have discovered a spear phishing campaign targeting employees who have access to Facebook Business accounts. The attackers are targeting specific employees, and then sending malware through LinkedIn messages.

Phishing 95

Phishing Access 95

Security Affairs

JULY 28, 2022

Threat actors are devising new attack tactics in response to Microsoft’s decision to block Macros by default. In response to Microsoft’s decision steps to block Excel 4.0 (XLM or XL4) and Visual Basic for Applications (VBA) macros by default in Microsoft Office applications, threat actors are adopting new attack techniques. Researchers from Proofpoint reported that threat actors are increasingly using container files such as ISO and RAR, and Windows Shortcut (LNK) files in their malw

Phishing 94

Phishing Ransomware Access IT 94

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

KnowBe4

JULY 28, 2022

Using a simple email containing a voice mail attachment, an ingenious phishing attack captures credentials while keeping track of the domains being attacked.

Phishing 99

Phishing 99

Security Affairs

JULY 28, 2022

ENISA published a report that includes anonymised and aggregated information about major telecom security incidents in 2021. ENISA published a report that provides anonymized and aggregated information about major telecom security incidents in 2021. Every European telecom operator that suffers a security incident, notifies its national authorities which share a summary of these reports to ENISA at the start of every calendar year.

Security 92

Security Authentication Communications IT 92

KnowBe4

JULY 28, 2022

Fresh data on data breach costs from IBM show phishing , business email compromise, and stolen credentials take the longest to identify and contain.

Data breaches 101

Data breaches Phishing 101

Security Affairs

JULY 28, 2022

The Spanish police arrested two individuals accused to have hacked the country’s radioactivity alert network (RAR) in 2021. The Spanish police have arrested two men suspected to be the hackers behind cyberattacks that hit the country’s radioactivity alert network (RAR) between March and June 2021. The RAR system is a mesh of gamma radiation detection sensors, deployed across the country in order to detect anomalous radiation levels and take protective measures to prevent damage to th

Communications 88

Communications Access Security IT 88

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Dark Reading

JULY 28, 2022

By dynamically mirroring an organization’s login page, threat actors are propagating legitimate-looking phishing attacks that encourage victims to offer up access to the corporate crown jewels.

Phishing 87

Phishing Access 87

KnowBe4

JULY 28, 2022

New research from IBM shows four reasons why phishing attacks are still effective and remains the primary attack vector in 41% of cyberattacks.

Phishing 94

Phishing Access 94

Dark Reading

JULY 28, 2022

By embracing cybersecurity as a critical part of our national security and education strategy, and working together to invest in opportunities for all, we can create a safer, more secure world.

Cybersecurity 86

Cybersecurity Education Security 86

Thales Cloud Protection & Licensing

JULY 28, 2022

Defending your enterprise against a sea of increasingly stringent data privacy laws. divya. Thu, 07/28/2022 - 05:08. While international privacy regulations are front and center in much of the press I’d like to turn your attention to a developing patchwork of US Federal and State privacy regulations in this post. The profusion of current and impending US state digital privacy laws and their requirements, including digital minimization, are frequent topics in recent online law journals.

Data Privacy 71

Data Privacy Privacy GDPR Personal data 71

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Dark Reading

JULY 28, 2022

Three observations about our industry that might help demystify security for women entrants.

Cybersecurity 115

Cybersecurity Security 115

WIRED Threat Level

JULY 28, 2022

Russia has been trying to block the anonymous browser since December—with mixed results.

Security 106

Security 106

Dark Reading

JULY 28, 2022

The peer-to-peer network IPFS offers an ingenious base for cyberattacks and is seeing a stratospheric increase in malicious hosting.

Phishing 86

Phishing 86