Krebs on Security

NOVEMBER 13, 2021

The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities.

Access 362

Access Security Communications IT 362

Data Breach Today

NOVEMBER 1, 2021

This Flaw Could Lead to an Attack Like SolarWinds Two researchers from the University of Cambridge have discovered a vulnerability that affects most computer code compilers and many software development environments, according to a new research paper. The bug could cause a SolarWinds-like open-source supply chain attack scenario, they say.

Paper 279

Paper 279

The Last Watchdog

NOVEMBER 3, 2021

Last Watchdog’s mission is to foster useful understanding about emerging cybersecurity and privacy exposures. Related article: The road to a Pulitzer. While I no longer concern myself with seeking professional recognition for doing this, it’s, of course, always terrific to receive peer validation that we’re steering a good course. That’s why I’m thrilled to point out that Last Watchdog has been recognized, once again, as a trusted source of information on cybersecurity and privacy topics.

Cybersecurity 277

Cybersecurity Privacy Data breaches Ransomware 277

Thales Cloud Protection & Licensing

NOVEMBER 2, 2021

Quantum Resistant Encryption – Are You Ready? madhav. Tue, 11/02/2021 - 09:10. . Some good news and a couple of tips for being prepared. Over the past few months, a handful of Thales CPL clients have mentioned their concern regarding the future threat of quantum computing to their data security frameworks. If you take a good hard look at the risks arising from Quantum, there is bad news and good news.

Encryption 156

Encryption Risk Cybersecurity Compliance 156

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Preservica

NOVEMBER 9, 2021

Welcome to the "How we do it" Video Series. If you are a Clerk, Records Manager or Archivist for City or County Government, our practical “How we do it” videos are for you! We have compiled a series of videos, from users in City and County Government to share how they quickly and easily perform common electronic records preservation and access tasks with Preservica’ s solutions.

Digital preservation 144

Digital preservation Records Management Archiving Education 144

Krebs on Security

NOVEMBER 10, 2021

Most of us have probably heard the term “smishing” — which is a portmanteau for traditional ph ishing scams sent through SMS text messages. Smishing messages usually include a link to a site that spoofs a popular bank and tries to siphon personal information. But increasingly, phishers are turning to a hybrid form of smishing — blasting out linkless text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text

Phishing 353

Phishing Security IT 353

Data Breach Today

NOVEMBER 1, 2021

Operators Left Exposed After Overreaching, Says McAfee Enterprise’s John Fokker How is the ransomware ecosystem set to evolve? Since some operations overreached - notably with DarkSide's hit on Colonial Pipeline - "what we're seeing … is that there is going to be a power balance shift," says McAfee's John Fokker, with more affiliates, not gang leaders, calling the shots.

Ransomware 327

Ransomware 327

Threatpost

NOVEMBER 5, 2021

CISA is urging vendors to patch, given the release of public exploit code & a proof of concept tool for bugs that open billions of devices – phones, PCs, toys, etc. – to DoS & code execution.

Security 141

Security 141

Thales Cloud Protection & Licensing

NOVEMBER 15, 2021

How encryption can help address Cloud misconfiguration. divya. Tue, 11/16/2021 - 06:15. Cloud service providers (CSPs) try to make it simple and easy for their users to comply with data privacy regulations and mandates. Still, as all of us who work in technology know, you reduce access to granular controls when you simplify a process. On the flip side, if you allow access to granular controls, the person setting the controls needs to be an expert to set them correctly.

Encryption 143

Encryption Cloud Access Privacy 143

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

WIRED Threat Level

NOVEMBER 5, 2021

DDoSecrets published the trove Friday afternoon. Privacy advocates say it shows how pervasive law enforcement's eye has become, and how lax its data protection can be.

Privacy 145

Privacy IT Security 145

Security Affairs

NOVEMBER 13, 2021

Threat actors hacked email servers of the FBI to distribute spam email impersonating FBI warnings of fake cyberattacks. The email servers of the FBI were hacked to distribute spam email impersonating the Department of Homeland Security (DHS) warnings of fake sophisticated chain attacks from an advanced threat actor. The message tells the recipients that their network has been breached and that the threat actor has stolen their data. “Our intelligence monitoring indicates exfiltration of se

Security 141

Security Information Security IT 141

Krebs on Security

NOVEMBER 4, 2021

The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a lure about a wayward package that needs redelivery. Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients. One of dozens of FedEx-themed phishing sites currently being advertised via SMS spam.

Phishing 299

Phishing Insurance Passwords Privacy 299

Data Breach Today

NOVEMBER 2, 2021

A Nevada Cancer Center Is Also Dealing With the Aftermath of an Attack A recent cyberattack on Community Medical Centers in Northern California has potentially compromised the information of more than 656,000 individuals. Meanwhile, Las Vegas Cancer Center reportedly fell victim to a ransomware attack during Labor Day weekend.

Ransomware 264

Ransomware 264

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Micro Focus

NOVEMBER 30, 2021

Micro Focus’ innovation in the modernization space continues to gather pace. Eddie Houghton, Enterprise Product Director explains the latest developments in mainframe workload modernization with AWS and Micro Focus. The Rich Micro Focus Heritage in Mainframe Modernization Most large enterprises and public institutions run business-critical applications on mainframe environments that execute vast numbers of transactions.

139

139

Dark Reading

NOVEMBER 24, 2021

The convergence and integration of OT and IT has resulted in a growing number of cyber-risks for critical infrastructure. Here are some of the ways attackers are targeting operational technology systems.

Risk 139

Risk IT 139

IT Governance

NOVEMBER 24, 2021

Cloud services are an integral part of modern business. They provide a cost-effective way to store data; and with the rise in hybrid workforces, they deliver a reliable way for employees to access information remotely. But as is often the case with technological solutions, the benefits of convenience comes with security risks. In this blog, we look at the top five Cloud security challenges that organisations face, and provide tips on how to overcome them. 1.

Cloud 133

Cloud Risk Security Data breaches 133

Security Affairs

NOVEMBER 21, 2021

Researchers discovered 11 malicious Python packages in the PyPI repository that can steal Discord access tokens, passwords, and conduct attacks. JFrog researchers have discovered 11 malicious Python packages in the Python Package Index (PyPI) repository that can steal Discord access tokens, passwords, and even carry out dependency confusion attacks.

Communications 143

Communications Passwords Access Security 143

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Krebs on Security

NOVEMBER 8, 2021

The U.S. Department of Justice today announced the arrest of Ukrainian man accused of deploying ransomware on behalf of the REvil ransomware gang, a Russian-speaking cybercriminal collective that has extorted hundreds of millions from victim organizations. The DOJ also said it had seized $6.1 million in cryptocurrency sent to another REvil affiliate, and that the U.S.

Ransomware 282

Ransomware Passwords Systems administration IT 282

Data Breach Today

NOVEMBER 1, 2021

How CISOs Can Ensure That the Business Succeeds While It Transforms While doing digital transformation, CISOs tend to look more at technology and try to adapt it without making the distinction between technologies that are must-have and good to have. Krishnamurthy Rajesh of ICRA says CISOs must analyze risks, update security, and change the mindset of employees.

Digital transformation 263

Digital transformation Risk Security IT 263

DLA Piper Privacy Matters

NOVEMBER 18, 2021

Author: Sinead Lynch. At DLA Piper we advise clients that develop or create technology, are enabled by technology, or whose business model is fundamentally based on technology. From start-ups, to fast growing and mid-market businesses, to mature global enterprises, DLA Piper supports innovative businesses and new ventures. It is at the heart of what we do.

Privacy 133

Privacy Digital transformation Government Financial Services 133

Dark Reading

NOVEMBER 4, 2021

Hiring managers must rethink old-school practices to find the right candidates and be ready to engage in meaningful conversations about their company's values. Here are three ways to start.

Cybersecurity 132

Cybersecurity 132

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

Customer Experience

Schneier on Security

NOVEMBER 17, 2021

I received email from two people who told me that Microsoft Edge enabled synching without warning or consent, which means that Microsoft sucked up all of their bookmarks. Of course they can turn synching off, but it’s too late. Has this happened to anyone else, or was this user error of some sort? If this is real, can some reporter write about it?

Passwords 132

Passwords Privacy IT 132

Security Affairs

NOVEMBER 26, 2021

Resecurity researchers found a zero-day vulnerability in the TP-Link enterprise device with model number TL-XVR1800L. Resecurity, a Los Angeles-based cybersecurity company has identified an active a zero-day vulnerability in the TP-Link device with model number TL-XVR1800L (Enterprise AX1800 Dual Band Gigabit Wi-Fi 6 Wireless VPN Router), which is primarily suited to enterprises.

IoT 141

IoT Honeypots Cybersecurity Sales 141

Threatpost

NOVEMBER 10, 2021

The distributed computing vendor patched the flaw, affecting Citrix ADC and Gateway, along with another flaw impacting availability for SD-WAN appliances.

Access 138

Access Cloud Security 138

OpenText Information Management

NOVEMBER 26, 2021

Who’d have thought the humble invoice was a superhero? Yet, slip a digital cloak on it and it becomes the scourge of tax fraud. Governments worldwide have recognized this; today there are more than 50 e-Invoicing mandates worldwide, and many more coming into force over the next few years. The day is fast approaching when, … The post Why e-Invoicing has become a global superhero appeared first on OpenText Blogs.

Government 127

Government IT Manufacturing 127

Advertisement

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

Analytics

Hunton Privacy

NOVEMBER 3, 2021

On October 28, 2021, the European Parliament’s Committee on Industry, Research and Energy adopted a draft directive on cybersecurity (“NIS2 Directive”). The NIS2 Directive will broaden the scope of the existing NIS Directive to apply to “important sectors,” such as waste management, postal services, chemicals, food, medical device manufacturers, digital providers and producers of electronics, in addition to “essential sectors.

Cybersecurity 126

Cybersecurity Manufacturing Encryption Security 126

Dark Reading

NOVEMBER 29, 2021

Despite heightened concerns over ransomware, fewer organizations in a Dark Reading survey reported being an actual victim of a ransomware attack over the past year.

Data breaches 137

Data breaches Phishing Ransomware 137

Schneier on Security

NOVEMBER 22, 2021

I have long been annoyed that the word “crypto” has been co-opted by the blockchain people, and no longer refers to “cryptography.” I’m not the only one.

Blockchain 125

Blockchain 125