Krebs on Security

JANUARY 17, 2023

Most people who operate DDoS-for-hire businesses attempt to hide their true identities and location. Proprietors of these so-called “booter” or “stresser” services — designed to knock websites and users offline — have long operated in a legally murky area of cybercrime law. But until recently, their biggest concern wasn’t avoiding capture or shutdown by the feds: It was minimizing harassment from unhappy customers or victims, and insulating themselves ag

Government 209

Government IT Education Cybersecurity 209

Data Breach Today

JANUARY 17, 2023

Ethical Hacking Session Will Focus on DOD Facility Related Controls System The U.S. Department of Defense is looking for a few good hackers to penetrate a facilities network underpinning the Pentagon's basement, mezzanine, and the command and communications center used by the president and the secretary of defense. Defense has hosted white hat hacking sessions since 2016.

Communications 157

Communications 157

The Last Watchdog

JANUARY 17, 2023

To get network protection where it needs to be, legacy cybersecurity vendors have begun reconstituting traditional security toolsets. The overarching goal is to try to derive a superset of very dynamic, much more tightly integrated security platforms that we’ll very much need, going forward. Related: The rise of security platforms. This development has gained quite a bit of steam over the past couple of years with established vendors of vulnerability management (VM,) endpoint detection and respo

Authentication 163

Authentication Cloud Encryption Manufacturing 163

Data Breach Today

JANUARY 17, 2023

In this episode of "Cybersecurity Unplugged," Steve Stone of Rubrik Zero Labs discusses the State of Data Security Report, which focuses on the impact of cybersecurity attacks on IT leaders, especially CISOs. Stone outlines areas of concern after an attack and changes needed to improve security.

Cybersecurity 130

Cybersecurity Security IT 130

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Schneier on Security

JANUARY 17, 2023

No details , though: According to the complaint against him, Al-Azhari allegedly visited a dark web site that hosts “unofficial propaganda and photographs related to ISIS” multiple times on May 14, 2019. In virtue of being a dark web site—­that is, one hosted on the Tor anonymity network—­it should have been difficult for the site owner’s or a third party to determine the real IP address of any of the site’s visitors.

Military 135

Military IT Privacy 135

Dark Reading

JANUARY 17, 2023

Security professionals must update their skill sets and be proactive to stay ahead of cybercriminals. It's time to learn to think and act like an attacker to cope with the cyber "new normal.

Security 118

Security IT 118

Data Breach Today

JANUARY 17, 2023

Push Technology and One-Time Passcodes for MFA Just Aren't Secure Enough Attackers have caught up with legacy multifactor authentication tools that use push technology or one-time passcodes, boosting the need for phishing-resistant MFA, says Jeremy Grant. In response, government officials such as CISA Director Jen Easterly have championed FIDO since it's mature and open.

Government 130

Government Phishing Authentication Security 130

Hanzo Learning Center

JANUARY 17, 2023

It’s that time of year again when people are pulling out their crystal balls and doing their best to predict the future of what we’ll see in the ediscovery industry in 2023. I mean who doesn’t want to know what to look out for down the road? So in that spirit, here are some things Hanzo has been paying attention to as we move into a new year.

113

113

Data Breach Today

JANUARY 17, 2023

Both Ransomware Groups Pose Serious Concerns to Sector, Warns HHS HC3 The U.S. federal government put the healthcare sector on alert for indicators of BlackCat and Royal ransomware, characterizing them as "highly capable" threats. The good news, says a cybersecurity expert, is that a solid defense-in-depth strategy can foil the ransomware-as-a-service groups.

Ransomware 130

Ransomware Cybersecurity Government 130

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Dark Reading

JANUARY 17, 2023

The latest critical bug is exploitable in dozens of ManageEngine products and exposes systems to catastrophic risks, researchers warn.

Risk 128

Risk 128

Security Affairs

JANUARY 17, 2023

Researchers demonstrated how to abuse a feature in GitHub Codespaces to deliver malware to victim systems. Trend Micro researchers reported that it is possible to abuse a legitimate feature in the development environment GitHub Codespaces to deliver malware to victim systems. Users can customize their project for GitHub Codespaces by committing configuration files to their repository, which creates a repeatable codespace configuration for all users of your project.

Cloud 98

Cloud Authentication Access IT 98

Dark Reading

JANUARY 17, 2023

Two of the vulnerabilities — in Azure Functions and Azure Digital Twins — required no account authentication for an attacker to exploit them.

Cloud 121

Cloud Authentication 121

Security Affairs

JANUARY 17, 2023

Researchers discovered three malicious packages that have been uploaded to the Python Package Index (PyPI) repository by Lolip0p group. FortiGuard Labs researchers discovered three malicious PyPI packages (called ‘colorslib’, ‘httpslib’, and “libhttps”) on the PyPI repository that were uploaded by the same actor, Lolip0p. The packages were discovered on January 10, 2023, the packages “colorslib” and “httpslib” were published on January 7, 2023, while “libhttps” was published on January 12, 2023.

Security 93

Security Information Security IT 93

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

KnowBe4

JANUARY 17, 2023

Researchers at Group-IB are tracking a previously unknown threat actor dubbed “Dark Pink” that’s using spear phishing attacks to target government, military, and religious organizations. Most of the attacks were focused on countries in Southeast Asia, though one of them targeted an entity in Bosnia and Herzegovina.

Phishing 84

Phishing Military Government 84

Security Affairs

JANUARY 17, 2023

A ransomware attack against the maritime software supplier DNV impacted approximately 1,000 vessels. About 1,000 vessels have been impacted by a ransomware attack against DNV , one of the major maritime software suppliers. . DNV GL provides solutions and services throughout the life cycle of any vessel, from design and engineering to risk assessment and ship management.

Ransomware 92

Ransomware Communications Marketing Risk 92

KnowBe4

JANUARY 17, 2023

An analysis of the publicly-accessible data on ransomware attacks shows that these sectors that were a primary target of ransomware in 2021 continued as targets in 2022 to the same degree.

Ransomware 84

Ransomware Government Access 84

Security Affairs

JANUARY 17, 2023

How healthcare delivery organizations (HDOs) can manage the IT asset risks during a healthcare M&A process. Mergers and Acquisitions (M&A), you’ve probably heard the term before. An M&A is often associated with the “business world”; with industries such as finance, retail, technology, and more. But M&As are also common in the healthcare industry, and the question is how healthcare delivery organizations (HDOs) can manage the risks associated with the process – specifically, IT as

Risk 88

Risk Compliance Cybersecurity Retail 88

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Dark Reading

JANUARY 17, 2023

Companies are being urged to update 0Auth, runner, and project API tokens, along with other secrets stashed with CircleCI.

Security 98

Security 98

Security Affairs

JANUARY 17, 2023

A PoC exploit code for the unauthenticated remote code execution vulnerability CVE-2022-47966 in Zoho ManageEngine will be released soon. The CVE-2022-47966 flaw is an unauthenticated remote code execution vulnerability that impacts multiple Zoho products with SAML SSO enabled in the ManageEngine setup. The issue also impacts products that had the feature enabled in the past.

Security 86

Security Information Security IT 86

KnowBe4

JANUARY 17, 2023

Exciting news! We just released our full conference agenda for KB4-CON 2023, happening April 24-26 in Orlando, Florida. We’ve brought back some of your favorite sessions and have some new and exciting topics and speakers.

78

78

Dark Reading

JANUARY 17, 2023

A rapid increase in the number of operators in the space — the "locksmiths" of the cyber underground — has made it substantially cheaper for cybercriminals to buy access to target networks.

Access 73

Access Marketing IT 73

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

KnowBe4

JANUARY 17, 2023

In a new twist, threat actors use a typo squatted domain name to increase the chances that stolen data will be seen by the general public after not being paid the ransom.

Ransomware 80

Ransomware 80

Data Matters

JANUARY 17, 2023

This Sidley Update highlights certain key disclosure considerations for preparing your annual report on Form 10-K for fiscal year 2022, including recent amendments to U.S. Securities and Exchange Commission (SEC) disclosure rules and other developments that impact 2022 Form 10-K filings, as well as certain significant disclosure trends and current areas of SEC focus for disclosures.

Compliance 88

Compliance Privacy Security Cybersecurity 88

KnowBe4

JANUARY 17, 2023

In a move designed to protect the insurer and allow for more cyber policies to be issued, this bond is new to cyberinsurance, but not to insurers as a whole.

Insurance 80

Insurance Risk Cybersecurity 80

Dark Reading

JANUARY 17, 2023

Open source AI is lowering the barrier of entry for cybercriminals. Security teams must consider the right way to apply defensive AI to counter this threat.

Cybersecurity 76

Cybersecurity Security 76

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

OpenText Information Management

JANUARY 17, 2023

Best brands are built from within. It is not a campaign, it is not a logo – it is the external expression of internal ways of working. You can call this culture, but at OpenText, we call it our distinct DNA, which for us means having character. We are a growth company, and here to make and move … The post OPEN your path at OpenText appeared first on OpenText Blogs.

IT 63

IT 63

Dark Reading

JANUARY 17, 2023

In 2022, multiple high-profile vulnerabilities like Log4j and OpenSSL provided important takeaways for future public reporting.

80

80

KnowBe4

JANUARY 17, 2023

Is your organization’s password complexity strong enough?

Passwords 95

Passwords Security 95