Mon.Jun 20, 2022

article thumbnail

The Cybersecurity Diversity Gap: Advice for Organizations Looking to Thrive

Dark Reading

Companies need to fill some of the 3.5 million empty cybersecurity seats with workers who bring different experiences, perspectives, and cultures to the table. Cut a few doors and windows into the security hiring box.

article thumbnail

Why Paper Receipts are Money at the Drive-Thru

Krebs on Security

Check out this handmade sign posted to the front door of a shuttered Jimmy John’s sandwich chain shop in Missouri last week. See if you can tell from the store owner’s message what happened. If you guessed that someone in the Jimmy John’s store might have fallen victim to a Business Email Compromise (BEC) or “CEO fraud” scheme — wherein the scammers impersonate company executives to steal money — you’d be in good company.

Paper 316
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST ESSAY: Threat hunters adapt personas, leverage AI to gather intel in the Dark Web

The Last Watchdog

The Deep & Dark Web is a mystery to most in the mainstream today: many have heard about it, but few understand just a fraction of what’s going on there. Related: ‘IABs’ spread ransomware. Planning your roadmap, executing your projects, and keeping an eye on the barrage of ransomware headlines, it’s understandable if you and your team are feeling some anxiety.

article thumbnail

Cloudflare One Brings Email Security, DLP, CASB Together

Data Breach Today

Cloudflare's Zero Trust Platform Offers More Robust Threat Intel, Network Discovery Cloudflare sees opportunity in the growth of zero trust and is integrating recent email and cloud security acquisitions with native data security and network discovery capabilities. "I like the fact that we can grow in both directions," says company CEO Matthew Prince.

Security 261
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

RSAC insights: How IABs — initial access brokers — help sustain, accelerate the ransomware plague

The Last Watchdog

Specialization continues to advance apace in the cybercriminal ecosystem. Related: How cybercriminals leverage digital transformation. Initial access brokers, or IABs , are the latest specialists on the scene. IABs flashed to prominence on the heels of gaping vulnerabilities getting discovered and widely exploited in Windows servers deployed globally in enterprise networks.

Access 235

More Trending

article thumbnail

Russian APT28 hacker accused of the NATO think tank hack in Germany

Security Affairs

The Attorney General has issued an arrest warrant for a hacker who targeted a NATO think tank in Germany for the Russia-linked APT28. The Attorney General has issued an arrest warrant for the Russian hacker Nikolaj Kozachek (aka “blabla1234565” and “kazak”) who is accused to have carried out a cyber espionage attack against the NATO think tank Joint Air Power Competence Center in Germany.

Military 131
article thumbnail

The Ransomware Files, Episode 8: Travelex

Data Breach Today

Ransomware struck global currency exchange and remittance company Travelex on New Year's Eve 2019. Don Gibson was a security architect at Travelex. His name became publicly linked with the Travelex incident, and the attention was completely undesired. It contributed to a health situation that nearly led to a tragic outcome.

article thumbnail

Google expert detailed a 5-Year-Old flaw in Apple Safari exploited in the wild

Security Affairs

Google Project Zero experts disclosed details of a 5-Year-Old Apple Safari flaw actively exploited in the wild. Researchers from the Google Project Zero team have disclosed details of a vulnerability in Apple Safari that was actively exploited in the wild. The vulnerability, tracked as CVE-2022-22620 , was fixed for the first time in 2013, but in 2016 experts discovered a way to bypass the fix. “Whenever there’s a new in-the-wild 0-day disclosed, I’m very interested in understanding the ro

Security 114
article thumbnail

Episode 239: Power shifts from Russia to China in the Cyber Underground

The Security Ledger

Naomi Yusupov, a Chinese Intelligence Analyst at the threat intelligence firm CyberSixGill talks to host Paul Roberts about that company’s new report: The Bear and the Dragon: Analyzing the Russian and Chinese Cybercriminal Communities. The post Episode 239: Power shifts from Russia to China in the Cyber Underground appeared first on The. Read the whole entry. » Click the icon below to listen.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Enterprise-class integration to power Oracle Netsuite order-to-cash processes

OpenText Information Management

Businesses of all sizes struggle with integration – as organizations grow so does the sprawl of internal systems and external partners and cloud applications that must all be seamlessly integrated in order to achieve business efficiency. Legacy toolkits for managing integration simply aren’t keeping up. According to an IDG study, 1 out of 5 organizations … The post Enterprise-class integration to power Oracle Netsuite order-to-cash processes appeared first on OpenText Blogs.

Cloud 96
article thumbnail

BRATA Android Malware evolves and targets the UK, Spain, and Italy

Security Affairs

The developers behind the BRATA Android malware have implemented additional features to avoid detection. The operators behind the BRATA Android malware have implemented more features to make their attacks stealthy. The malware was first spotted in 2019 by security experts at Kaspersky, the name BRAT comes from ‘Brazilian RAT Android,’ because at the time it was used to spy on Brazilian users.

article thumbnail

DDoS Attacks Delay Putin Speech at Russian Economic Forum

Dark Reading

A Kremlin spokesman said that the St. Petersburg International Economic Forum accreditation and admissions systems were shut down by a DDoS attack.

104
104
article thumbnail

What’s new in OpenText Developer Cloud

OpenText Information Management

The latest announcement by OpenText of Cloud Editions includes exciting updates to the OpenText™ Developer Cloud. Check out the latest updates below. June 2022: What’s new in the OpenText Developer Cloud 22.2 Developer Services now available in the EU European-based data centers now allow production developer services to be available and commercialized throughout the European … The post What’s new in OpenText Developer Cloud appeared first on OpenText Blogs.

Cloud 92
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Capital One Attacker Exploited Misconfigured AWS Databases

Dark Reading

After bragging in underground forums, the woman who stole 100 million credit applications from Capital One has been found guilty.

110
110
article thumbnail

142 Million Customer Records From MGM Resorts Leaked for Free Download

KnowBe4

The availability of such a massive number of records at no cost to any cybercriminal interested is a recipe for countless phishing campaigns using the data itself as a means of establishing scam credibility.

article thumbnail

Feds Take Down Russian 'RSOCKS' Botnet

Dark Reading

RSOCKS commandeered millions of devices in order to offer proxy services used to mask malicious traffic.

121
121
article thumbnail

Vishing Attacks Increase 550% Over Last Year as the Financial Sector Continues to be a Primary Target

KnowBe4

Cybercriminals are continuing to bypass the use of malware in favor of response-based and credential-centric social engineering attacks, according to new data from Agari and PhishLabs.

90
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Credential Sharing as a Service: The Hidden Risk of Low-Code/No-Code

Dark Reading

Low-code/no-code platforms allow users to embed their existing user identities within an application, increasing the risk of credentials leakage.

Risk 102
article thumbnail

Hartzbleed: A New Side-Channel Attack

Schneier on Security

Hartzbleed is a new side-channel attack that works against a variety of microprocressors. Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring power consumption is often hard. This new attack measures power consumption by measuring time, making it easier to exploit.

article thumbnail

Security Lessons From Protecting Live Events

Dark Reading

Security defenders working for large venues and international events need to be able to move at machine speed because they have a limited time to detect and recover from attacks. The show must go on, always.

article thumbnail

Over 2000 Social Engineering Scammers Arrested in Multi-Country Crackdown on Fraud, BEC, and Money Laundering

KnowBe4

Thousands of members of cybercriminal groups were arrested in a sting that lasted 2 months and involved coordinated efforts of the law enforcement departments of 76 countries.

89
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Cisco will not address critical RCE in end-of-life Small Business RV routers

Security Affairs

Cisco announced that it will not release updates to fix the CVE-2022-20825 flaw in end-of-life Small Business RV routers. Cisco will not release updates to address the CVE-2022-20825 RCE flaw in end-of-life Small Business RV routers and encourage upgrading to newer models. The vulnerability, which received a CVSS severity rating of 9.8 out of 10.0, resides in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers.

article thumbnail

New PDF-Based Phishing Attack Demonstrates that Office Docs Aren’t Passé – They are Just Obfuscated!

KnowBe4

Security researchers have discovered a cunning PDF-based phishing attack that leverages social engineering and PDF prompt specifics to trick users into opening malicious Office docs.

article thumbnail

The Ghost of Internet Explorer Will Haunt the Web for Years

WIRED Threat Level

Microsoft's legacy browser may be dead—but its remnants are not going anywhere, and neither are its lingering security risks.

Risk 94
article thumbnail

Less Than 40% of Asia-Pacific Organizations Are Confident to Stop Cyber Threats as 83% Experience At Least One Ransomware Attack a Year

KnowBe4

With exactly half of cybersecurity incidents caused by organizations having an outdated security posture, the ability to stop breaches involves some re-investment in measures that really work.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Cloud First, Security Second?

Thales Cloud Protection & Licensing

Cloud First, Security Second? divya. Tue, 06/21/2022 - 05:17. Cloud solutions were a lifesaver for organizations during the height of the COVID-19 pandemic as employees worked remotely or went hybrid and businesses pivoted their technology strategies to keep operations going. The acceleration of cloud transformation within organizations has continued since and shows no signs of abating.

Cloud 70
article thumbnail

New Phishing Campaign Uses ChatBot Functionality to Build Trust and Steal Credit Card Details

KnowBe4

Rather than go for the phishing jugular and point the victim immediately to a webpage to steal credentials or personal details, a new phishing campaign uses a chatbot to lower victim defenses.

article thumbnail

Hertzbleed: A New Side-Channel Attack

Schneier on Security

Hertzbleed is a new side-channel attack that works against a variety of microprocressors. Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring power consumption is often hard. This new attack measures power consumption by measuring time, making it easier to exploit.