October, 2019

article thumbnail

Malware Most Foul: Emotet, Trickbot, Cryptocurrency Miners

Data Breach Today

Researchers: Targeted Crime Attacks Surge, Continue to Blend With Nation-State Campaigns Banking Trojans and cryptocurrency mining malware continue to be among the most-seen types of malicious code used for nontargeted attacks. But cybercrime attackers are increasingly running targeted campaigns, security researchers warn.

Mining 226
article thumbnail

7 Cybersecurity Threats That Can Sneak Up on You

WIRED Threat Level

From rogue USB sticks to Chrome extensions gone wild, here is a quick guide to some basic risks you should look out for.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Zynga's Breach Notification: How to Not Inform Victims

Data Breach Today

Don't Blame Us, Blame Hackers, Mobile Gaming Giant Says "Cyberattacks are one of the unfortunate realities of doing business today," reads gaming company Zynga's data breach notification, thus breaking the first rule of crisis management: Own your mistakes. Not least because hacker Gnosticplayers claims the company was still storing passwords using outdated SHA1.

article thumbnail

“BriansClub” Hack Rescues 26M Stolen Cards

Krebs on Security

“ BriansClub ,” one of the largest underground stores for buying stolen credit card data, has itself been hacked. The data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 alone.

Sales 199
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

MY TAKE: CASBs help companies meet ‘shared responsibility’ for complex, rising cloud risks

The Last Watchdog

Cloud Access Security Brokers – aka “caz-bees” — have come a long way in a short time. CASBs, a term coined by tech industry consultancy Gartner, first cropped about seven years ago to help organizations enforce security and governance policies as they commenced, in earnest, their march into the cloud. Related: Implications of huge Capital One breach CASBs supplied a comprehensive set of tools to monitor and manage the multitude of fresh cyber risks spinning out of the rise in in corporate

Cloud 161

More Trending

article thumbnail

Does your use of CCTV comply with the GDPR?

IT Governance

You might be surprised to learn that CCTV footage is subject to the GDPR (General Data Protection Regulation). The Regulation isn’t just about written details, like names and addresses; it applies to any information that can identify someone. That includes pictures and videos, which is why you should be careful about the way you use CCTV. Let’s take a look at the steps you should follow to ensure your video surveillance methods are GDPR-compliant. 1.

GDPR 110
article thumbnail

Top Use Cases for Enterprise Architecture: Architect Everything

erwin

Architect Everything: New use cases for enterprise architecture are increasing enterprise architect’s stock in data-driven business. As enterprise architecture has evolved, so to have the use cases for enterprise architecture. Analyst firm Ovum recently released a new report titled Ovum Market Radar: Enterprise Architecture. In it, they make the case that enterprise architecture (EA) is becoming AE – or “architect everything” The transition highlights enterprise architect

article thumbnail

Unpatched VPN Servers Targeted by Nation-State Attackers

Data Breach Today

Pulse Secure, Palo Alto and Fortinet Devices Being Hit by APT Groups, NCSC Warns Nation-state attackers have been targeting known flaws that customers have yet to patch in their Pulse Secure, Palo Alto and Fortinet VPN servers, Britain's National Cyber Security Center warns, adding that any organization that didn't immediately apply patches should review logs for signs of hacking.

Security 245
article thumbnail

Tik Tok, Tick Tock…Boom.

John Battelle's Searchblog

Something’s been bugging me about Tik Tok. I’ve almost downloaded it about a dozen times over the past few months. But I always stop short. I don’t have a ton of time ( here’s why ) so forgive me as I resort to some short form tricks here. To wit: China employs a breathtaking model of state-driven surveillance. The US employs a breathtaking model of capitalist surveillance.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Top cybersecurity certifications to consider for your IT career

Security Affairs

With the right cybersecurity certifications, you can attain your goals seamlessly and in a fast way and speed up your career. Cyber attacks are making headlines almost every day in today’s era. The attacks have increased both in number and complexity. Because of this natural demand, it is now crucial for companies and specialized firms to reinforce and invest in professionals to face a problem that technology can’t solve.

article thumbnail

Own Your Cloud Security

Thales Cloud Protection & Licensing

It’s hard to believe it’s mid-October. Along with autumn, comes National Cybersecurity Awareness Month (NCSAM). The NCSAM 2019 focuses on personal accountability. Driven through mass public engagement, the ‘Own IT. Secure. IT. Protect IT.’ theme will help to encourage personal accountability and proactive behavior in digital privacy, security best practices, common cyber threats and cybersecurity careers.

Cloud 115
article thumbnail

Security Tool Sprawl Reaches Tipping Point

Dark Reading

How a new open source initiative for interoperable security tools and a wave of consolidation could finally provide some relief for overwhelmed security analysts and SOCs.

article thumbnail

Data Governance Makes Data Security Less Scary

erwin

Happy Halloween! Do you know where your data is? What data you have? Who has had access to it? These can be frightening questions for an organization to answer. Add to the mix the potential for a data breach followed by non-compliance, reputational damage and financial penalties and a real horror story could unfold. In fact, we’ve seen some frightening ones play out already: Google’s record GDPR fine – France’s data privacy enforcement agency hit the tech giant with a $57 million penalty in earl

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Phishing Schemes Continue to Plague the Healthcare Sector

Data Breach Today

Experts Offer Insights on Mitigating the Threat Recent health data breaches involving phishing schemes are reminders of the persistent threat email-related scams pose to healthcare organizations - and the urgent need to mitigate that threat.

Phishing 190
article thumbnail

Speakers Censored at AISA Conference in Melbourne

Schneier on Security

Two speakers were censored at the Australian Information Security Association's annual conference this week in Melbourne. Thomas Drake , former NSA employee and whistleblower, was scheduled to give a talk on the golden age of surveillance, both government and corporate. Suelette Dreyfus , lecturer at the University of Melbourne, was scheduled to give a talk on her work -- funded by the EU government -- on anonymous whistleblowing technologies like Dropbox and how they reduce corruption in countr

article thumbnail

sudo flaw allows any users to run commands as Root on Linux

Security Affairs

Experts discovered a security policy bypass issue in the Sudo utility that is installed as a command on almost every Linux and Unix system. The Sudo utility that is installed as a command on almost every Linux and Unix system is affected by a security policy bypass issue tracked as CVE-2019-14287. The vulnerability could be exploited by an ill-intentioned user or a malicious program to execute arbitrary commands as root on a targeted Linux system, even if the “ sudoers configuration”

article thumbnail

Can smart cities be secured and trusted?

Thales Cloud Protection & Licensing

It is the year 2030, and you have had another busy day. As you finish what you thought would be your last espresso and grab your laptop to leave work, your colleague tells you that you need to stay late for an urgent meeting. Panic sets in, but you push past it and put a plan into motion. To pick your daughter up from school, you call a driverless car.

Security 113
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Attackers Hide Behind Trusted Domains, HTTPS

Dark Reading

One in four malicious URLs employed a legitimate domain, making it more difficult for potential victims to spot possible dangers, a mid-year report finds.

IT 95
article thumbnail

Decades-Old Code Is Putting Millions of Critical Devices at Risk

WIRED Threat Level

Nearly two decades ago, a company called Interpeak created a network protocol that became an industry standard. It also had severe bugs that are only now coming to light.

Risk 91
article thumbnail

How Cybercriminals Continue to Innovate

Data Breach Today

Europol Report: Ransomware, DDoS, Business Email Compromises Are Persistent Threats Online attack threats continue to intensify, with criminals preferring ransomware, DDoS attacks and business email compromises, warns Europol, the EU's law enforcement intelligence agency. After numerous successful disruptions by police, criminals have responded by launching increasingly complex attacks.

article thumbnail

Factoring 2048-bit Numbers Using 20 Million Qubits

Schneier on Security

This theoretical paper shows how to factor 2048-bit RSA moduli with a 20-million qubit quantum computer in eight hours. It's interesting work, but I don't want overstate the risk. We know from Shor's Algorithm that both factoring and discrete logs are easy to solve on a large, working quantum computer. Both of those are currently beyond our technological abilities.

Paper 90
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Teheran: U.S. has started ‘Cyber War’ against Iran

Security Affairs

Iran ’s Passive Defense Organization chief Gholamreza Jalali declared that the US government has started its cyber war against the country. Gholamreza Jalali , Iran’s Passive Defense Organization chief, announced that that “America has started its cyber war against Iran, without providing more details. The news was reported by the ISNA news website on October 1, Jalali also added that Iran “ decisively will resort to cyber defense.”.

article thumbnail

The Future of Data Protection Begins at GITEX 2019

Thales Cloud Protection & Licensing

Digital criminals won’t stop targeting the Middle East. I’ve seen numerous attack campaigns targeting this region come to the surface in 2019 alone. Back in April, I remember FireEye discovered that bad actors behind the TRITON custom attack framework had infiltrated a second critical infrastructure organization. That’s less than two years after the company spotted the first TRITON attack where malefactors used TRITON to disrupt a critical infrastructure organization in the Middle East.

Cloud 92
article thumbnail

Glitching: The Hardware Attack that can Disrupt Secure Software

Dark Reading

Glitching (or fault-injection) attacks aren't easy (yet). But get ready, because as the IoT grows, these attacks will be a big reason that hardware security should be part of your cybersecurity planning.

IoT 87
article thumbnail

7 mistakes that ISO 27001 auditors make

IT Governance

When organisations are seeking ISO 27001 compliance, they rely on auditors to give them good advice. Most of the time they’ll do just that – it’s what they’re paid to do. But as with any profession, some auditors are better than others. How can you tell if your auditor isn’t to be trusted? Keep an eye out for these seven mistakes: 1. They impose their opinions without facts.

article thumbnail

The Big Payoff of Application Analytics

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

article thumbnail

Compliance: Mississippi State Agencies Have a Long Way to Go

Data Breach Today

Audit Finds Agencies Not Following State's Cybersecurity Law The personal data of Mississippi citizens is susceptible to breaches because many state agencies, universities and other organizations are failing to comply with all the mandates of the state's cybersecurity law, according to a report issued by the Office of the State Auditor.

article thumbnail

October is Archives Month

The Texas Record

Each October, Texas joins archival repositories across the nation to celebrate Archives Month and promote the preservation of our country’s documentary heritage. Archives Month in Texas aims to celebrate the value of Texas’ historical records, to publicize the many ways these records enrich our lives, to recognize those who maintain our communities’ historical records, and to increase public awareness of the importance of preserving historical treasures and making them availabl

article thumbnail

D-Link router models affected by remote code execution issue that will not be fixed

Security Affairs

Researchers at Fortinet’s FortiGuard Labs have publicly disclosed a critical remote code execution vulnerability affecting some models of D-Link routers. Security experts at Fortinet’s FortiGuard Labs disclosed a remote code execution vulnerability tracked as CVE-2019-16920. The vulnerability is an unauthenticated command injection issue that was discovered on September 2019.