Wed.Jul 03, 2019

article thumbnail

US Cyber Command Warns of Outlook Vulnerability Exploits

Data Breach Today

Researchers Say Attackers Could Have Ties to Iranian-Backed APT Group The U.S. Cyber Command has issued a warning that attackers are attempting to exploit an older vulnerability in Microsoft Outlook to plant remote access Trojans or other types of malware within government networks. Some researchers say the exploits could be tied to an Iranian-backed threat group.

article thumbnail

The Changing Face of Data Security in Federal Government

Thales Cloud Protection & Licensing

I recently had the pleasure of sharing some industry insights from our 2019 Data Threat Report-Federal Edition on Cyberwire’s Daily Podcast –specifically addressing the gap in security responsibility many federal agencies face today as they move tremendous amounts of sensitive data into multicloud environments. We also discussed a new digital landscape where perimeter defense is no longer effective.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

'Silence' Gang Tied to Bank Heist in Bangladesh: Report

Data Breach Today

Group-IB Says Analysis of Malware Leads to Russian-Speaking Gang A recent $3 million bank heist in Bangladesh is likely the handiwork of "Silence," a Russian-speaking gang known for its slow and methodical attacks against banks and ATMs, according to an analysis by security firm Group-IB.

Security 176
article thumbnail

Amazon Admits Alexa Voice Recordings Saved Indefinitely

Threatpost

Amazon's acknowledgment that it saves Alexa voice recordings - even sometimes after consumers manually delete their interaction history - has thrust voice assistant privacy policies into the spotlight once again.

Privacy 106
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

D-Link Settles With FTC Over Alleged IoT Security Failures

Data Breach Today

Proposed Settlement Requires D-Link to Bolster Security Program D-Link has reached a proposed settlement with the U.S. Federal Trade Commission, which alleged the IoT device developer left consumers vulnerable to hackers through inadequate security practices. The terms of the settlement may serve as a warning to IoT makers to get their security checks in order.

IoT 187

More Trending

article thumbnail

Report: Broadcom in Discussions to Buy Symantec

Data Breach Today

Analysts Say 'Rudderless' Endpoint Security Firm Is Ripe for Acquisition Semiconductor manufacturing giant Broadcom is looking to purchase endpoint security firm Symantec, Bloomberg reports, noting that while discussions are at an advanced stage, no terms have been disclosed and no deal is guaranteed.

article thumbnail

Google addressed three critical code execution flaws in Android Media Framework

Security Affairs

Google released the July 2019 security patches for the Android OS that address a total of 33 vulnerabilities, including 9 issues rated as Critical. The most severe flaw addressed by Google is a critical security issue (CVE-2019-2106) affecting the Media framework that could be exploited by a remote attacker to execute arbitrary code within the context of a privileged process. “The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to exe

article thumbnail

Adoption of Security Best Practices: A Status Report

Data Breach Today

New Study Sizes Up Healthcare Organizations' Efforts to Battle Cyberthreats A new study sizes up whether healthcare organizations are well prepared to battle evolving cyberthreats. Learn about the state of progress in adopting best security practices.

Security 150
article thumbnail

Digital License Plates

Schneier on Security

They're a thing : Developers say digital plates utilize "advanced telematics" -- to collect tolls, pay for parking and send out Amber Alerts when a child is abducted. They also help recover stolen vehicles by changing the display to read "Stolen," thereby alerting everyone within eyeshot. This makes no sense to me. The numbers are static. License plates being low-tech are a feature, not a bug.

Privacy 89
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Medical Device Security: The Manufacturer's View

Data Breach Today

Michael McNeil of Philips on the Manufacturer's Role in Improving Device Cybersecurity Awareness of medical device security issues has grown dramatically over the past few years. But Michael McNeil of device manufacturer Philips argues that cybersecurity is still years behind where it should be, so stakeholders are playing catch-up.

article thumbnail

US Military Warns Companies to Look Out for Iranian Outlook Exploits

Dark Reading

Microsoft patched a serious vulnerability in the Microsoft Outlook client in 2017, but an Iranian group continues to exploit the flaw.

article thumbnail

Healthcare Security: Tactics for Reducing Risk

Data Breach Today

IBM's Christopher Bontempo on Where to Focus for Quick Results Reducing risk is a tall order, but IBM's Christopher Bontempo says healthcare security leaders can get immediate and measurable results by concentrating on two aspects: data security and incident response.

Risk 141
article thumbnail

20 Questions to Ask During a Real (or Manufactured) Security Crisis

Dark Reading

There are important lessons to be learned from a crisis, even the ones that are more fiction than fact.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

'Zero Trust' Adds Up to Better Security

Data Breach Today

Interfaith Medical Center CISO Chris Frenz on the Benefits of a Zero Trust Approach New York's Interfaith Medical Center is one of the first hospitals to fully implement a zero trust network security strategy. Chris Frenz, the hospital's CISO, explains why he adopted that approach and offers lessons learned from the transition.

Security 130
article thumbnail

What is the impact of data science automation?

IBM Big Data Hub

On June 12th, IBM debuted AutoAI, a new set of capabilities for Watson Studio designed to automate critical yet time-consuming tasks associated with designing, optimizing and governing AI in the enterprise. As a result, data scientists can be liberated to commit more time to designing, testing and deploying machine learning models. To learn more about what these developments mean for the data science community, I sat down with IBM’s Vice President of AI, IBM Research, to get his perspective.

article thumbnail

Disarming Employee Weaponization

Dark Reading

Human vulnerability presents a real threat for organizations. But it's also a remarkable opportunity to turn employees into our strongest cyber warriors.

IT 87
article thumbnail

U.S. Supreme Court Poses New Questions About the Scope of Hobbs Act Review

Data Matters

On June 20, in PDR Network, LLC v. Carlton & Harris Chiropractic, Inc., the U.S. Supreme Court vacated a decision of the U.S. Court of Appeals for the Fourth Circuit that had been adverse to the interests of our client, PDR Network. Both the majority and concurring opinions in PDR Network raise interesting issues for lower courts to ponder as they consider how much to defer to agency decision making.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

More Than Half of SMB Devices Run Outdated Operating Systems

Dark Reading

66% of devices in small-to midsized businesses are based on expired or about-to-expire Microsoft OS versions, Alert Logic study found.

92
article thumbnail

Bangladesh Cyber Heist 2.0: Silence APT goes global

Security Affairs

Group-IB believes Silence APT, the Russian-speaking cybercriminal gang, is likely to be behind the attack on Dutch Bangla Bank’s ATMs resulting in the theft of $3M, Group-IB, an international company that specializes in preventing cyber attacks, has established that Silence APT, a Russian-speaking cybercriminal group is likely to be behind the brazen attack on Dutch Bangla Bank’s ATMs resulting in the theft of $3 million, the amount reported by the local media.

article thumbnail

Hunt says he received 'Back Boris' campaign email without signing up

The Guardian Data Protection

Johnson’s campaign team faces fresh scrutiny over possible breach of data protection laws Boris Johnson, whose campaign to become the Conservative leader is facing the threat of an inquiry into its use of data , has sent an unsolicited email to his rival Jeremy Hunt seeking his support. In another possible breach of data protection rules, the frontrunner to succeed Theresa May asked the foreign secretary to join his push to become prime minister.

IT 74
article thumbnail

Old known issue in Firefox allows HTML files to steal other files from victim’s system

Security Affairs

Opening an HTML file on Firefox could allow attackers to steal files stored on a victim’s computer due to a weakness in the popular web browser. The security expert Barak Tawily demonstrated that opening an HTML file on Firefox could allow attackers to steal files stored on a victim’s computer due to a 17-year-old known bug in the browser.

Access 68
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Sodin Ransomware Exploits Windows Privilege Escalation Bug

Dark Reading

Exploitation of CVE-2018-8453 grants attackers the highest level of privileges on a target system.

article thumbnail

Ninth Circuit Rejects Facial Recognition Claim Against Facebook

Hunton Privacy

On June 14, 2019, the United States Court of Appeals for the Ninth Circuit affirmed summary judgment in favor of Facebook, holding that the company did not violate the Illinois Biometric Information Privacy Act (“BIPA”) (740 ICLS ¶¶ 15, 20). The appeal concerned a photograph that had been uploaded to a Facebook organizational page of a local news service, not an individual Facebook user’s page.

Privacy 66
article thumbnail

New 'WannaHydra' Malware a Triple Threat to Android

Dark Reading

The latest variant of WannaLocker is a banking Trojan, spyware tool, and ransomware.

article thumbnail

75% of organisations have been hit by spear phishing

IT Governance

Phishing scams aren’t as compelling as some of the more sophisticated attacks that you read about. But their prosaic nature is part of what makes them so concerning. After all, every unusual email you receive could be a phishing scam, whether it’s an account reset message from Amazon or a work request from your boss. And evidence shows that attacks like this will happen regularly and in incredibly convincing ways.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Black Hat Q&A: Understanding NSA's Quest to Open Source Ghidra

Dark Reading

National Security Agency researcher Brian Knighton previews his October Black Hat USA talk on the evolution of Ghidra.

article thumbnail

2019 Quest NetVault Backup Users Conference was a Success!

Quest Software

On June 27, 2019, the Quest Data Protection business unit launched its first NetVault® Backup Users Conference for North America. This exciting online conference was delivered via webinar and included 8 informative and educational demonstration s.( read more ).

article thumbnail

China installs a surveillance app on tourists’ phones while crossing in the Xinjiang

Security Affairs

Chinese border guards are secretly installing a surveillance app on smartphones of tourists and people crossings in the Xinjiang region who are entering from Kyrgyzstan. Are you entering in the Xinjiang (China) from Kyrgyzstan? There is something that you need to know, Chinese border guards are secretly installing surveillance software on the mobile devices of tourists and people crossings in the Xinjiang region who are entering from Kyrgyzstan.