Thu.Sep 26, 2019

article thumbnail

Cisco: Hacking Group Targets US Veterans

Data Breach Today

Attackers Used Phony Job Website to Install Malware, Researchers Say A threat group has been targeting U.S. veterans through a spoofed website promising help for those looking for jobs, according to research from Cisco Talos. Instead of providing job links, however, the phony website installs malware and spyware on a victim's device.

184
184
article thumbnail

NEW TECH: The march begins to make mobile app security more robust than legacy PC security

The Last Watchdog

Is mobile technology on a course to become more secure than traditional computing? Seven or eight years ago, that was a far-fetched notion. Today, the answer to that question is, “Yes, it must, and soon.” Related: Securing the Internet of Things I’ve been writing about organizations struggling to solve the productivity vs. security dilemma that’s part and parcel of the BYOD craze for some time now.

Security 120
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Bill Would Kill Prospect of National Patient Identifier

Data Breach Today

Sen. Rand Paul Seeking to Throw Out HIPAA Identifier Requirement Proponents of the potential adoption of a national unique patient identifier had been hopeful that the Senate would follow the House's lead in lifting a 20-year ban on funding for federal regulators to work on development. But now they face two substantial hurdles.

142
142
article thumbnail

Benefits of Data Vault Automation

erwin

The benefits of Data Vault automation from the more abstract – like improving data integrity – to the tangible – such as clearly identifiable savings in cost and time. So Seriously … You Should Automate Your Data Vault. By Danny Sandwell. Data Vault is a methodology for architecting and managing data warehouses in complex data environments where new data types and structures are constantly introduced.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

xHunt Campaign Leverages New Tools Against Shipping Firms

Data Breach Today

Researchers: Malware Used in Attacks Against Kuwaiti Transportation, Shipping Companies A hacking group is using new backdoor tools in a campaign targeting shipping and transportation companies in Kuwait, according to researchers at Palo Alto Networks' Unit 42.

142
142

More Trending

article thumbnail

'Fancy Bear' Hacking Group Adds New Capabilities, Targets

Data Breach Today

Russian Group Uses Revamped Backdoor to Target Embassies, Researchers Say The Russia-based cyberespionage group Fancy Bear, which has led high-profile cyberattacks against governments and embassies over the last several years, has launched a phishing campaign that includes a redesigned backdoor, according to research from security firm ESET.

Phishing 142
article thumbnail

How to find remaining 32-bit applications on macOS

Jamf

With macOS Catalina, Apple no longer supports 32-bit applications. See how you can locate all 32-bit macOS applications and take action.

97
article thumbnail

On Chinese "Spy Trains"

Schneier on Security

The trade war with China has reached a new industry: subway cars. Congress is considering legislation that would prevent the world's largest train maker, the Chinese-owned CRRC Corporation, from competing on new contracts in the United States. Part of the reasoning behind this legislation is economic, and stems from worries about Chinese industries undercutting the competition and dominating key global industries.

article thumbnail

How to find remaining 32-bit applications on macOS

Jamf

With macOS Catalina, Apple no longer supports 32-bit applications. See how you can locate all 32-bit macOS applications and take action.

97
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

5G and IoT: How to Approach the Security Implications

Threatpost

Experts from Nokia, iboss and Sectigo talk 5G mobile security for internet of things (IoT) devices in this webinar YouTube video (transcript included).

IoT 78
article thumbnail

CJEU Rules “Right to be Forgotten” on Google Limited to the EU in Landmark Case

Hunton Privacy

On September 24, 2019, the Court of Justice of the European Union (the “CJEU”) released its judgments in cases C-507/17, Google v. CNIL and C-136/17, G.C. and Others v. CNIL regarding (1) the territorial scope of the right to be forgotten, referred to in the judgement as the “right to de-referencing,” and (2) the conditions in which individuals may exercise the right to be forgotten in relation to links to web pages containing sensitive data.

article thumbnail

Airbus suppliers were hit by four major attack in the last 12 months

Security Affairs

Airbus Hit by Series of Cyber Attacks on Suppliers: Security Sources. The European multinational aerospace corporation Airbus has been hit by a series of attacks, hackers targeted its suppliers to steal Intellectual property. The European aerospace giant Airbus has been hit by a series of supply chain attacks, threat actors hit its suppliers in the attempt to steal secret technical documents.

article thumbnail

Vimeo Slapped With Lawsuit Over Biometrics Privacy Policy

Threatpost

Vimeo is under fire for allegedly collecting and storing users' facial biometrics in videos and photos without their consent or knowledge.

Privacy 79
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Airbus Cyberattack Landed on Suppliers' Networks

Dark Reading

Four separate incidents over the past year have targeted Airbus suppliers for the manufacturer's sensitive commercial data.

article thumbnail

iOS 13 Bug Gives Third-Party Keyboards “Full Access” Permissions

Security Affairs

This week, Apple released iOS 13 and iPadOS, now a few days later, the company is warning users of an unpatched security flaw in third-party keyboard apps. Apple has released a security advisory to warn users of an unpatched security bug in iOS 13 that affects third-party keyboard apps. The bug can result in granting keyboard extensions full access, even when users deny it.

Access 66
article thumbnail

Some Voting Machines Still Have Decade-Old Vulnerabilities

WIRED Threat Level

The results of the 2019 Defcon Voting Village are in—and they paint an ugly picture for voting machine security.

article thumbnail

Emsisoft releases a free decryptor for the WannaCryFake ransomware

Security Affairs

Researchers at Emsisoft security firm have released a new free decryption tool for the WannaCryFake ransomware. Good news for the vicitms of the WannaCryFake ransomware, researchers at Emsisoft have released a FREE decryption tool that will allow decrypting their data. WannaCryFake is a piece of ransomware that uses AES-256 to encrypt a victim’s files.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Ring Camera Surveillance Is Transforming Suburban Life

WIRED Threat Level

Consumer surveillance cameras are everywhere now, and they’re capturing moments we otherwise would never have known happened.

Privacy 75
article thumbnail

Botnet exploits recent vBulletin flaw to protect its bots

Security Affairs

Security expert Troy Mursch of Bad Packets reported that a botnet is exploiting the recently disclosed vBulletin exploit to block other attackers from also using it. The security expert Troy Mursch observed a botnet that it utilizing the recently disclosed vBulletin exploit to secure vulnerable servers to avoid that can be compromised by other threat actors.

IT 62
article thumbnail

Ransomware Hits Multiple, Older Vulnerabilities

Dark Reading

Ransomware attacks are taking advantage of vulnerabilities that are older and less severe, a new report finds.

article thumbnail

USBsamurai for Dummies: How To Make a Malicious USB Implant & Bypass Air-Gapped Environments for 10$. The Dumb-Proof Guide.

Security Affairs

The popular researcher Luca Bongiorni described how to make a malicious USB Implant (USBsamurai) that allows bypassing Air-Gapped environments with 10$. In the previous post , I have talked a bit about USBsamurai based on C-U0007. With this article I wanna bring more light regarding: Which are the differences between C-U0007 & C-U0012 How to Build USBsamurai with a C-U0012 How to flash the C-U0012 with the LIGHTSPEED Firmware How to Flash the C-U0007 with the G700 firmware to achieve better

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Voting Machine Systems New & Old Contain 'Design' Flaws

Dark Reading

DEF CON Voting Village organizers presented a final report on their findings at the Capitol.

83
article thumbnail

Creating a Framework for Classification

Gimmal

This is Part 2 in a series about creating and executing an effective file plan for your organization. Click here to read the previous post: Creating a Retention Schedule that Works.

article thumbnail

Bridging the Gap Between Security & DevOps

Dark Reading

An inside look into the engineering mindset of DevOps from the vantage of a career security professional.

article thumbnail

DoorDash Data Breach Impacts Personal Data of Almost 5M Users

Threatpost

Accessed information includes delivery addresses, license numbers, names, phone numbers and more.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Cloud-Native Applications: Shift to Serverless is Underway

Dark Reading

A new report explores changes in cloud-native applications and complexities involved with securing them.

Cloud 75
article thumbnail

2019 could be a record-breaking year for data breaches

DXC Technology

According to Risk Based Security’s 2019 Midyear Quickview Data Breach Report, there have been 3,813 separate data breaches reported through June — exposing about 4.1 billion records. That’s a 54% increase in data breaches and 52% increase in exposed records over the same period in 2018. Of the organizations that suffered a breach and could […].

article thumbnail

Chrome Bug, Not Avid Software, Causes Damage to MacOS File Systems

Threatpost

Users scrambled to find a fix for the problem and eventually Google took responsibility for the issue.

73