Fri.Mar 29, 2019

article thumbnail

A Month After 2 Million Customer Cards Sold Online, Buca di Beppo Parent Admits Breach

Krebs on Security

On Feb. 21, 2019, KrebsOnSecurity contacted Italian restaurant chain Buca di Beppo after discovering strong evidence that two million credit and debit card numbers belonging to the company’s customers were being sold in the cybercrime underground. Today, Buca’s parent firm announced it had remediated a 10-month breach of its payment systems at dozens of restaurants, including some locations of its other brands such as Earl of Sandwich and Planet Hollywood.

Sales 237
article thumbnail

Microsoft Takes Control of 99 Websites From APT Group

Data Breach Today

Phosphorus Group Waged Spear-Phishing Campaign, Company Reports Microsoft is using its legal muscle to push back against an advanced persistent threat group that is says is "widely associated with Iranian hackers." Following court approval, it is taking control of 99 website domains allegedly used by the attackers as part of an ongoing spear-phishing campaign.

Phishing 244
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Man Behind Fatal ‘Swatting’ Gets 20 Years

Krebs on Security

Tyler Barriss , a 26-year-old California man who admitted making a phony emergency call to police in late 2017 that led to the shooting death of an innocent Kansas resident, has been sentenced to 20 years in federal prison. Tyler Barriss, in an undated selfie. Barriss has admitted to his role in the Kansas man’s death, as well as to dozens of other non-fatal “swatting” attacks.

article thumbnail

Can Cyber Policy Protect the 2020 Elections?

Data Breach Today

The ISMG Security Report features Chris Painter, commissioner of the Global Commission on the Stability of Cyberspace, discussing cybersecurity policy for the 2020 U.S. elections. Plus, an update on the cost of the Norsk Hydro ransomware attack and the challenges of controlling real-time payments fraud.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Q&A: How cybersecurity has become a primal battleground for AI one-upsmanship

The Last Watchdog

A discussion of how – and why – adversaries are using artificial intelligence to juice up malicious activities. When antivirus (AV) software first arrived in the late 1980s, the science of combating computer viruses was very straightforward. AV kept close track of known malicious files, and then quarantined or deleted any known malware that had managed to embed itself on the protected computing device.

More Trending

article thumbnail

NSA-Inspired Vulnerability Found in Huawei Laptops

Schneier on Security

This is an interesting story of a serious vulnerability in a Huawei driver that Microsoft found. The vulnerability is similar in style to the NSA's DOUBLEPULSAR that was leaked by the Shadow Brokers -- believed to be the Russian government -- and it's obvious that this attack copied that technique. What is less clear is whether the vulnerability -- which has been fixed -- was put into the Huwei driver accidentally or on purpose.

article thumbnail

Magento's Latest Patches Should Be Applied Immediately

Data Breach Today

SQL Injection Flaw Can Be Exploited Without Authentication, Privileges If you run a Magento-powered e-commerce site, it's time to patch again. E-commerce sites continued to be targeted by cybercriminals seeking to steal payment card data, and experts recommend moving quickly to plug the most critical flaw, a SQL injection vulnerability.

article thumbnail

Five use cases for digital twins in manufacturing

OpenText Information Management

The digital twin is one of the fastest growing applications of Industrial IoT technology. It creates a complete digital replica of a physical object and uses the twin as the main point of digital communication. Today, almost a half of organizations using IoT say they already have or are planning to adopt digital twins. Without … The post Five use cases for digital twins in manufacturing appeared first on OpenText Blogs.

article thumbnail

Nation-State and Crime Groups Keep Blending, Europol Warns

Data Breach Today

More Advanced Attack Tools Easier to Access, Europol's Steven Wilson Warns Distinguishing nation-state attacks from organized crime continues to grow more difficult because some attackers wear both hats, a Europol official reports. Further complicating the picture: Young attackers enjoy access to ever-more sophisticated and inexpensive tools and services.

Access 200
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Commando VM – Using Windows for pen testing and red teaming

Security Affairs

Commando VM — Turn Your Windows Computer Into A Hacking Machine. FireEye released Commando VM , a Windows-based security distribution designed for penetration testers that intend to use the Microsoft OS. FireEye released Commando VM , the Windows-based security distribution designed for penetration testing and red teaming. FireEye today released an automated installer called Commando VM (Complete Mandiant Offensive VM) , it is an automated installation script that turns a Windows operating sy

Passwords 101
article thumbnail

The Need to Focus on Detection, Remediation

Data Breach Today

Nick Hayes of IntSights on Changing Priorities Because of the wealth of personal information available on the dark web, breach detection and remediation are more urgent than prevention and protection, says Nick Hayes of IntSights.

171
171
article thumbnail

Nearly One Billion Emails Exposed in Data Breach

Adam Levin

The email addresses and personal information of 982 million people were compromised in a leak from an unsecured database. The database belonged to Verifications.io, an “email validation service” that aggregates and sells information about the validity and associated personal data associated with email lists. Security researcher Bob Diachenko found the information in an unsecured 150GB-sized MongoDB database.

article thumbnail

Automate Threat Hunting with Security Analytics & Machine Learning

Data Breach Today

Multi-stage attacks use diverse and distributed methods to circumvent existing defenses and evade detection - spanning endpoints, networks, email and other vectors in an attempt to land and expand. Meanwhile, individual tools including DLP, EDR, CASBs, email security and advanced threat protection are only designed to identify individual elements of a campaign, putting the onus on human analysts to piece together the bigger picture - when time and resources allow.

Analytics 171
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Do your employees care about cyber security?

IT Governance

A recent report has found that just 15% of IT decision makers in small organisations “completely agree” that their employees have a good understanding of cyber security, and 20% believe their employees don’t care about cyber security at all. What’s more worrying is that despite these concerns, just 26% have introduced cyber security training for their employees. 15% stated that they “haven’t got around to it yet” while 5% think additional training should be offered but confessed that “they didn’

article thumbnail

Actionable Threat Intel in the IoT Era

Data Breach Today

Vishak Raman of Cisco on Coping With the Expanding Attack Surface The advent of IoT devices and IT/operational technology integration have dramatically expanded the attack surface. And as a result, the definition of threat intelligence is changing, says Vishak Raman of Cisco.

IoT 171
article thumbnail

20 Years of STRIDE: Looking Back, Looking Forward

Dark Reading

The invention of STRIDE was the key inflection point in the development of threat modeling from art to engineering practice.

98
article thumbnail

Analyzing the $7.5 Million UCLA Health Data Breach Settlement

Data Breach Today

A proposed settlement in a class action lawsuit filed against ULCA Health in the wake of a 2015 cyberattack affecting 4.5 million individuals stands apart from other settlements because it requires the organization to spend a substantial sum on improving its security, says attorney Steven Teppler.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Magento fixed a critical Magento SQL Injection flaw

Security Affairs

There is an important news for administrators of e-commerce websites running over the Magento platform, Magento fixed a critical SQL injection flaw. Administrators of Magento e-commerce websites have to update their installations due to the presence of a critical SQL injection vulnerability in the popular CMS. The flaw could have a significant impact considering that roughly 28% of websites on the Internet are based on the popular open source e-commerce platform.

CMS 79
article thumbnail

Audits: Systems Used to Track US Debt Vulnerable

Data Breach Today

GAO Audits Find Systems Treasury Department Uses Have Security Flaws The computer systems the U.S. Department of the Treasury uses to track the nation's debt have serious security flaws that could allow unauthorized access to a wealth of federal data, according to a pair of audits released this week by the Government Accountability Office.

article thumbnail

Chatbots | Technologically Redefining Customer experience

Everteam

Whenever we face any obstacle with a service or a product purchased, our first instinct is directly getting in touch with the customer service department. It’s not hard to imagine the specific repetitive scenario used by this department and the long “on Hold” moments. To cut this traditional scenario, and to keep up with the Digital Transformation that’s taking all the spot light today, many industries are evolving their customer experience and implementing the new developed customer service sol

article thumbnail

What Information is Best for Virtual Data Rooms?

OneHub

If your firm is focused on managing mergers, leading contract negotiations, or facilitating a bidding process, many data management tools associated with these processes are outdated, hard to use, and expensive to implement. Thankfully, virtual data rooms (or VDRs) provide a modern, easy-to-use solution. Virtual data rooms grant access for authorized users from all parties to secure documents that can be viewed, printed and downloaded depending on the permissions assigned by the data room Admini

Cloud 75
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Google developer disclosed Zero-Day flaw in TP-Link SR20 Routers

Security Affairs

Google security developer Matthew Garrett disclosed a zero-day arbitrary code execution (ACE) vulnerability affecting the TP-Link SR20 routers. Google security developer Matthew Garrett discovered a zero-day arbitrary code execution (ACE) vulnerability in TP-Link SR20 routers. The vulnerability in TP-Link SR20 routers could be exploited by potential attackers on the same network to execute arbitrary commands.

article thumbnail

Six things you need to address for a successful digital transformation (Part 2)

TAB OnRecord

In part one of this two-part post, we discussed the important roles that planning, people, and digitization play in the success of your digital transformation. In part two, we will take this a step further and explore how information management, process optimization, and systems and technology impact the success of your digital transformation. Lessons from [.

article thumbnail

UK Watchdog Criticizes Huawei for Lax Software Security, Development

Dark Reading

Calling the company's software development practices chaotic and unsustainable, a UK government oversight group calls on the company to make measurable progress toward more secure and sustainable code.

article thumbnail

Bringing automation and intelligence to data catalogs

IBM Big Data Hub

Announcing IBM Watson Knowledge Catalog, where users can re-imagine the processes required to support an intelligent data catalog infused by AI.

77
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Security Affairs - Untitled Article

Security Affairs

Toyota Motor Corporation (TMC) sales subsidiary and its affiliates suffered a data breach that exposed personal information of millions of customers in Japan. The week closes with the news of a data breach suffered by Toyota Motor Corporation (TMC) sales subsidiary and its affiliates that exposed personal information belonging to millions of customers in Japan.

article thumbnail

Cloud Spotting on the Road to HANA | Gimmal

Gimmal

On the Hawaiian island of Maui lies the world’s largest dormant volcano: Haleakala. You can look out above the clouds from the viewing platform atop, getting a unique perspective at the skyborne condensation that bring soft rains to the lush island below.

Cloud 64
article thumbnail

7 Malware Families Ready to Ruin Your IoT's Day

Dark Reading

This latest list of Internet of Things miscreants doesn't limit itself to botnets, like Mirai.

IoT 89