Fri.Feb 08, 2019

article thumbnail

Phishers Target Anti-Money Laundering Officers at U.S. Credit Unions

Krebs on Security

A highly targeted, malware-laced phishing campaign landed in the inboxes of multiple credit unions last week. The missives are raising eyebrows because they were sent only to specific anti-money laundering contacts at credit unions, and many credit union sources say they suspect the non-public data may have been somehow obtained from the National Credit Union Administration (NCUA), an independent federal agency that insures deposits at federally insured credit unions.

Phishing 242
article thumbnail

Cottage Health Hit With $3 Million HIPAA Settlement

Data Breach Today

Latest in a Series of Substantial HHS Penalties for Violations Federal regulators have hit a California-based healthcare provider with a $3 million HIPAA settlement related to two breaches involving misconfigured IT. It's the latest in a recent series of hefty penalties issued in HIPAA cases.

IT 255
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Hackers broke into Australia’s Parliament Computer Network

Security Affairs

Australia’s parliament confirmed that is investigating a suspicious security incident that affected its computer network. Australia announced an ongoing investigation on unspecified ‘security incident’ in the federal parliament’s computer network. “Following a security incident on the parliamentary computing network, a number of measures have been implemented to protect the network and its users,” parliamentary authorities said in a statement.

article thumbnail

Hack Attack Breaches Australian Parliament Network

Data Breach Today

No Signs of Data Theft; Password Resets Ordered Hackers have breached the Australian Parliament's network, although investigators say they have found no evidence that attackers stole any data. But Parliament's presiding officers said all users have been ordered to reset their passwords as a precaution.

Passwords 226
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Phishing campaign leverages Google Translate as camouflage

Security Affairs

Crooks leverage Google Translate service as camouflage on mobile browsers in a phishing campaign aimed at stealing Google account and Facebook credentials. The security expert Larry Cashdollar, a member of Akamai’s Security Intelligence Response Team (SIRT), discovered that cybercriminals are carrying out a new Phishing attack that leverages Google Translate as camouflage.

More Trending

article thumbnail

Vulnerabilities in Kunbus Industrial Gateway allows to control the devices

Security Affairs

Security of Industrial system is a top priority, experts found multiple serious flaws in a gateway made by Kunbus that could allow to completely control a device. Nicolas Merle from industrial cybersecurity firm Applied Risk discovered several flaws in a gateway produced by the Germany-based firm Kunbus, some of them could allow an attacker to gain full control of the vulnerable devices.

article thumbnail

Assessing US Vulnerability to a Nation-State Cyberattack

Data Breach Today

The latest edition of the ISMG Security Report features a summary of alarming new findings about the ability of the U.S. to counter a nation-state malware attack. Plus, a discussion of "fusion centers" at banks and an update on the targeting of Webstresser subscribers.

Security 194
article thumbnail

Up to 4,000 affected by Mumsnet data breach

IT Governance

Mumsnet has disclosed a data breach that occurred during a software update between 5-7 February. A technical error meant that users who logged on simultaneously were directed to someone else’s account. . The site’s founder, Justine Roberts, said that up to 4,000 users logged in while the vulnerability (which sounds like a caching glitch) was effective, but only 14 users have confirmed that they were affected. .

article thumbnail

Three out of the four flaws fixed with iOS 12.1.4 were exploited in the wild

Security Affairs

Security experts at Google discovered that two of the zero-day vulnerabilities patched by Apple with the release of iOS 12.1.4 were exploited in the wild. Security researchers at Google revealed that two of the zero-day flaws addressed by Apple with the release of iOS 12.1.4 were exploited in the wild. Apple iOS 12.1.4 version addresses four vulnerabilities , two issues associated with the FaceTime bug and two memory corruption flaws that could be exploited by attackers to elevate privileges and

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

New Zombie 'POODLE' Attack Bred From TLS Flaw

Dark Reading

Citrix issues update for encryption weakness dogging the popular security protocol.

article thumbnail

NITEC19 – NATO Opens Defense Innovation Challenge calls for C4ISR solutions

Security Affairs

The NATO Communications and Information Agency (NCI) announced the opening of the fourth annual Defense Innovation Challenge (NITEC19) to start-ups, SMEs and academia. The Agency calls for proposals on solutions that could support NATO’s command, control, communications, computers, intelligence, surveillance and reconnaissance (C4ISR) and of course to improve cyber capabilities.

article thumbnail

We Need More Transparency in Cybersecurity

Dark Reading

Security has become a stand-alone part of the corporate IT organization. That must stop, and transparency is the way forward.

article thumbnail

How Apple and Jamf are changing retail

Jamf

Read how GOAT, the world's largest digital platform for rare and classic sneakers, streamlines the shopping experience and eliminates 10-15 IT help tickets a day in the process.

Retail 66
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

A Dog's Life: Dark Reading Caption Contest Winners

Dark Reading

What do a telephony protocol, butt-sniffing, and multifactor authentication have in common? A John Klossner cartoon! And the winners are.

article thumbnail

Draft CCPA Regulations Expected Fall 2019

Hunton Privacy

As we previously reported , the California Consumer Privacy Act of 2018 (“CCPA”) delays the California Attorney General’s enforcement of the CCPA until six months after publication of the Attorney General’s implementing regulations, or July 1, 2020, whichever comes first. The California Department of Justice anticipates publishing a Notice of Proposed Regulatory Action concerning the CCPA in Fall 2019.

Sales 65
article thumbnail

Cyberattack Hits Australian Parliament

Dark Reading

Officials believe a nation-state is to blame for the incident, which took place Thursday night into Friday morning.

84
article thumbnail

Twitter Still Can't Keep Up With Its Flood of Junk Accounts, Study Finds

WIRED Threat Level

Meanwhile, two Iowa researchers built an AI engine they say can spot abusive apps on Twitter months before the service itself.

IT 80
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Malware Campaign Hides Ransomware in Super Mario Wrapper

Dark Reading

A newly discovered malware campaign uses steganography to hide GandCrab in a seemingly innocent Mario image.

article thumbnail

Data security is everyone’s responsibility

Thales Cloud Protection & Licensing

This year, we’ve written about what the future holds in terms digital transformations and new and exciting technologies. We’ve also addressed what key executives, especially CISOs, should be thinking about as data moves and is accessed across their organizations. Now, we turn our attention to best practices for data security. It’s no secret how pervasive cyberattacks have become.

article thumbnail

6 Reasons to Be Wary of Encryption in Your Enterprise

Dark Reading

Encryption can be critical to data security, but it's not a universal panacea.

article thumbnail

EU Recalls Children’s Smartwatch Over Security Concerns

Hunton Privacy

The European Commission has issued an EU-wide recall of the Safe-KID-One children’s smartwatch marketed by ENOX Group over concerns that the device leaves data such as location history, phone and serial numbers vulnerable to hacking and alteration. The watch is equipped with GPS, a microphone and speaker, and has a companion app that grants parents oversight of the child wearer.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Everything you need to know about DPOs under the GDPR

IT Governance

We recently claimed that DPOs (data protection officers) are “ the key to data breach response ”, but you could argue that they are the key to GDPR (General Data Protection Regulation) compliance in general. DPOs occupy a unique position in the data protection landscape, acting as a point of contact between staff and management, as well as between an organisation and its supervisory authority.

GDPR 54
article thumbnail

Weekly Update 125

Troy Hunt

I'm back home! It was an amazing trip in many ways, not least of which was the time it gave both Scott and myself to reflect on workload and managing lives which can be a bit of a never-ending series of commitments. To that effect, I've been backing off Twitter a bit and as I say in this update, I very quickly remembered why after a couple of short engagements yesterday.

article thumbnail

Google Boosts Encryption For Low-End Android Devices

Threatpost

Google's Adiantum boosts encryption for low-end devices with processors that do not have hardware support for AES.

article thumbnail

Cybersecurity Simulation Tools Don't Inspire Confidence: eSecurity Planet Survey

eSecurity Planet

Organizations are most confident in network-level security tools, while newer technologies have been met with mixed acceptance.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

FireOS Flaw Allowed Limited Content Injection in Amazon Tablets

Threatpost

A vulnerability in FireOS, the Amazon Fire Tablet's operating system, has been patched.

article thumbnail

AI can boost employee productivity, while souring workplace behavior

Information Management Resources

For all of its hyped benefits, could artificial intelligence bring a toxic atmosphere into the workplace? To some degree, the answer is ‘yes,’ says research firm Gartner.

article thumbnail

Theory: ‘Simple Hack’ Behind Bezos’ Alleged Compromising Images

Threatpost

Researchers theorize how Bezos’ very personal pictures may have been allegedly hacked.