Wed.Oct 05, 2022

article thumbnail

7 Practical Considerations for Effective Threat Intelligence

Dark Reading

If your security team is considering, planning, building, or operating a threat intelligence capability, this advice can help.

article thumbnail

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Krebs on Security

A recent proliferation of phony executive profiles on LinkedIn is creating something of an identity crisis for the business networking site, and for companies that rely on it to hire and screen prospective employees. The fabricated LinkedIn identities — which pair AI-generated profile photos with text lifted from legitimate accounts — are creating major headaches for corporate HR departments and for those managing invite-only LinkedIn groups.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Lacework Co-CEO David Hatfield Out 4 Months After Layoffs

Data Breach Today

Hatfield's Exit Comes Amid a Go-To-Market Exodus, With CRO Andy Byron Also Leaving David "Hat" Hatfield has exited the co-CEO role at Lacework just four months after the cloud security vendor laid off 20% of its employees. The move will bring Lacework's co-CEO experiment to an end after just 14 months, with Facebook engineering head Jay Parikh moving forward as sole CEO.

Cloud 144
article thumbnail

Jamf Threat Labs identifies macOS Archive Utility vulnerability allowing for Gatekeeper bypass (CVE-2022-32910)

Jamf

Jamf Threat Labs recently discovered a new macOS vulnerability in Archive Utility that could lead to the execution of an unsigned and unnotarized application without displaying security prompts to the user, by using a specially crafted archive. We reported our findings to Apple on May 31, 2022, and in macOS Monterey 12.5 and macOS Ventura Beta 2, Apple patched the vulnerability on July 20, 2022, assigning it CVE-2022-32910.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

How to Deal With Endemic Software Vulnerabilities

Data Breach Today

In this episode of "Cybersecurity Unplugged," Amit Shah, director of product marketing at Dynatrace, discusses the implications of the Log4Shell software vulnerability and the need for organizations to take an observability-led approach to software development and security going forward.

Marketing 130

More Trending

article thumbnail

Pen Test Firm NetSPI Gets $410M Boost From KKR to Fuel M&A

Data Breach Today

KKR Now Majority Owner of NetSPI as Offensive Cyber Vendor Pursues More Automation Rising offensive cyber star NetSPI has received a massive follow-up investment from KKR to pursue acquisitions and expand its technological and geographic footprint. KKR's $410 million bet comes on the heels of 50% organic sales growth for NetSPI in 2021 and 61% sales growth thus far in 2022.

Sales 130
article thumbnail

SINGAPORE: Increased financial penalties under the PDPA now in effect

DLA Piper Privacy Matters

The provision setting out significantly higher financial penalties for Singapore’s Personal Data Protection Act 2012 (“ PDPA ”) is now in force. There is now an increased risk for organisations contravening the PDPA in Singapore. This means that in relation to any intentional or negligent contravention of: the data protection provisions, organisations may now have to pay a financial penalty of up to SGD 1 million or 10% of the organisation’s annual turnover in Singapore (where the organisation’s

article thumbnail

Patients Affected By Cybersecurity Event at Hospital Chain

Data Breach Today

EHRs Taken Offline at Multiple Hospitals as CommonSpirit Health Responds A cybersecurity incident at Chicago-based CommonSpirit Health, a system of 1,500 healthcare sites across 21 states and one of the nation’s largest nonprofit healthcare systems, is disrupting medical care after the healthcare system took offline some of its electronic health records systems.

article thumbnail

Global October Cybersecurity Events: Where You Can Find Thales

Thales Cloud Protection & Licensing

Global October Cybersecurity Events: Where You Can Find Thales. divya. Thu, 10/06/2022 - 06:55. The summer is now over, and October is a month full of cybersecurity events for Thales around the world. Along with celebrating Cyber Security Awareness Month, several exciting events are taking place across the world, aiming to educate people on the latest trends in cybersecurity and privacy.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Ring Login Issues Wednesday Stem From System Error, Not Hack

Data Breach Today

A System Error Fueled Ring's Login Issues Wednesday Despite Tweets to the Contrary A claim Wednesday by high-profile security researcher Kevin Beaumont that video doorbell manufacturer Ring was experiencing a security issue sent Twitter atwitter. Amazon says some users experienced logon issues due to a backend system error made during a routine system update.

article thumbnail

Giving Away the Keys to Your Backups? Here’s How to Keep Out Hackers

Dark Reading

As threat actors' sophistication has grown dramatically in the last few years, organizations haven't kept up with implementing the necessary countermeasure controls.

95
article thumbnail

NetWalker Ransomware Affiliate Faces 20 Years in US Prison

Data Breach Today

Canadian Man Sebastien Vachon-Desjardins Grossed $21.5 Million From Cyber Extortion Canadian Sebastien Vachon-Desjardins received a 20 year prison sentence from a U.S. judge based in Florida after coping to four felonies stemming from a stint as an affiliate of the NetWalker ransomware-as-a-service gang. “This is Jesse James meets the 21st century," said Judge William F.

article thumbnail

Avast releases a free decryptor for some Hades ransomware variants

Security Affairs

Avast released a free decryptor for variants of the Hades ransomware tracked as ‘MafiaWare666’, ‘Jcrypt’, ‘RIP Lmao’, and ‘BrutusptCrypt,’ Avast has released a decryptor for variants of the Hades ransomware known as ‘MafiaWare666’, ‘Jcrypt’, ‘RIP Lmao’, and ‘BrutusptCrypt,’ which can allow the victims of these ransomware strains to recover their files without paying the ransom.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Why Aren't More Women in Security Leadership Positions?

Data Breach Today

Accenture Report Covers Strategies for Greater Inclusion in Hiring Practices A man in the cybersecurity field is seven times more likely than a woman to have applied for or been offered the job of CISO, according to a new report from Accenture on the need for more inclusion in the workplace. Experts discuss strategies to close the gap and make hiring more inclusive.

Security 130
article thumbnail

Telstra Telecom discloses data breach impacting former and current employees

Security Affairs

Bad news for the Australian telecommunications industry, the largest company in the country Telstra suffered a data breach. Australia’s largest telecommunications company Telstra disclosed a data breach through a third-party supplier. The company pointed out that its systems have not been breached, the security breach impacted a third-party supplier that previously provided a now-obsolete Telstra employee rewards program.

article thumbnail

More Action Needed on Telehealth Privacy, Security Risks

Data Breach Today

GAO Report Recommends Additional Guidance for Healthcare Providers, Patients At the onset of the novel coronavirus public health emergency, regulators said they would not enforce certain potential HIPAA violations involving telehealth. But with that 2020 policy still in play, patients need to be better informed of telehealth's privacy and security risks.

Risk 130
article thumbnail

Why Don't CISOs Trust Their Employees?

Dark Reading

Executives fear "malicious insiders" as top cyber threat to companies, research shows. Reasonable steps to secure and monitor systems may prevent reputational damage but are not enough.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Qualys Buys Blue Hexagon to Aid Secure Public Cloud Adoption

Data Breach Today

Blue Hexagon Platform to Identify, Mitigate Zero-Day Vulnerabilities, Unknown Risk Qualys has purchased a startup founded by longtime Qualcomm leaders to help detect supply chain infections, crypto miners and unauthorized activity in the cloud. The deal will allow customers to detect active exploitation, identify advanced threats and create an adaptive risk mitigation program.

Cloud 130
article thumbnail

OnionPoison: malicious Tor Browser installer served through a popular Chinese YouTube channel

Security Affairs

OnionPoison: researchers reported that an infected Tor Browser installer has been distributed through a popular YouTube channel. Kaspersky researchers discovered that a trojanized version of a Windows installer for the Tor Browser has been distributed through a popular Chinese-language YouTube channel. The campaign, named OnionPoison, targeted users located in China, where the Tor Browser website is blocked.

article thumbnail

Scammers Get Scammed, Crypto Worth Thousands Stolen

Data Breach Today

Water Labbu Drained At Least $316K from Nine Scamers A cryptocurrency thief is hacking into other scammers' fraudulent liquidity mining websites to reach directly into the digital wallets of victims. The threat actor, dubbed Water Labbu by Trend Micro, has so far filched 316,728 USDT and infected 45 fraudulent decentralized applications.

Mining 130
article thumbnail

IRS Warns of A Spike in Smishing Attacks

KnowBe4

The US Internal Revenue Service (IRS) has issued an alert warning of a significant rise in text message phishing scams (smishing) impersonating the IRS since the beginning of the year.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Another Telco Breach Rocks Australia

Data Breach Today

Telecommunication Giant Telstra Says It Was a Small Data Breach Australia's largest telecom provider acknowledged Tuesday a data breach, but said the data came from a now-defunct employee rewards program from 2017. A company executive accused the hacker behind the breach of seeking to profit from a tense climate created by a much larger breach at rival Optus.

article thumbnail

RatMilad Spyware Scurries onto Enterprise Android Phones

Dark Reading

A novel mobile malware found lurking behind a phone-spoofing app is being distributed via Telegram and a dedicated website, in a broad operation to monitor corporate victims.

79
article thumbnail

October Is Cybersecurity Awareness Month

Schneier on Security

For the past nineteen years, October has been Cybersecurity Awareness Month here in the US, and that event that has always been part advice and part ridicule. I tend to fall on the apathy end of the spectrum; I don’t think I’ve ever mentioned it before. But the memes can be funny. Here’s a decent rundown of some of the chatter.

article thumbnail

ICRM Board of Regents Election Results Announced

IG Guru

We are pleased to announce this year’s Board of Regent election winners are as follows: President-Elect/Treasurer (2023-2025) Blake Richardson, CRM Regent, Exam Development (2023-2024) Sheri Nystedt, CRM/CIGO Regent, Applicant and Member Relations (2023-2024) Susan Marin, CRM/CIGO Regent, Marketing and Communications (2023-2024) Kiersten McAvoy, CRM All members will begin their term starting January 1, 2023.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Ikea Smart Light System Flaw Lets Attackers Turn Bulbs on Full Blast

Dark Reading

With just one malformed Zigbee frame, attackers could take over certain Ikea smart lightbulbs, leaving users unable to turn the lights down.

88
article thumbnail

Autonomous Vehicles – Canada’s Current Legal Framework: A Primer (Part 1)

Data Protection Report

In recent years, autonomous vehicle (AV) technology has undergone rapid development and it is predicted that AVs may soon be in a state to displace human driving altogether. In Ontario, the Automated Vehicle Pilot Program is currently in place to permit the testing of certain AVs by vehicle manufacturers. As AV technology continues to develop, however, Canada will likely need to legislate the commercial use of AVs by its residents.

article thumbnail

NullMixer Dropper Delivers a Multimalware Code Bomb

Dark Reading

In one shot, Trojan dropper NullMixer installs a suite of downloaders, banking Trojans, stealers, and spyware on victims' systems.

89