Data Breach Today
JANUARY 8, 2021
Hacked Firm Also Taps Former Facebook CSO as It Responds to Supply Chain Attack As security software firm SolarWinds investigates the supply chain attack involving its Orion software and looks to rebuild its security processes and reputation, it's hired former U.S. cybersecurity czar Chris Krebs and former Facebook CSO Alex Stamos as advisers.
WIRED Threat Level
JANUARY 20, 2021
Faces of the Riot used open source software to detect, extract, and deduplicate every face from the 827 videos taken from the insurrection on January 6.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Dark Reading
JANUARY 22, 2021
Cybersecurity experts share their savvy tips and useful resources for infosec hopefuls.
Krebs on Security
JANUARY 7, 2021
The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S. Courts. The judicial branch agency said it will be deploying more stringent controls for receiving and storing sensitive documents filed with the federal courts, following a d
Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage
Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.
Thales Cloud Protection & Licensing
JANUARY 26, 2021
The Future of Payments Security. madhav. Tue, 01/26/2021 - 09:17. Criminals use a wide range of methods to commit fraud. The increasing trend of using mobile payments for in-store purchases (especially during the pandemic) is leading criminals to increasingly focus their efforts on defrauding people through online fraud and scams. Fraud and scams move to the web.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Data Breach Today
JANUARY 22, 2021
Apparent Ransomware Attack Exposed Patient Information An apparent ransomware incident at a Texas healthcare organization has potentially compromised the protected health information of more than 640,000 individuals.
Security Affairs
JANUARY 1, 2021
Cybercriminals are abusing Facebook ads in a large-scale phishing scam aimed at stealing victims’ login credentials. Researchers from security firm ThreatNix spotted a new large-scale campaign abusing Facebook ads. Threat actors are using Facebook ads to redirect users to Github accounts hosting phishing pages used to steal victims’ login credentials.
Schneier on Security
JANUARY 7, 2021
Researchers have been able to find all sorts of personal information within GPT-2. This information was part of the training data, and can be extracted with the right sorts of queries. Paper: “ Extracting Training Data from Large Language Models.” Abstract: It has become common to publish large (billion parameter) language models that have been trained on private datasets.
Krebs on Security
JANUARY 11, 2021
Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. The company says an incident at a third-party cloud provider may have exposed customer account information and credentials used to remotely manage Ubiquiti gear.
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
eSecurity Planet
JANUARY 22, 2021
A universe of devices and technology has fallen into our laps at a speed that organizations struggle to manage effectively. And that boom in devices shows no signs of stopping. In 2019, there were an estimated 9.9 billion Internet of Things (IoT) devices. By 2025, we expect 21.5 billion. As more information about IoT device vulnerabilities is published, the pressure on industry and government authorities to enhance security standards might be reaching a tipping point.
erwin
JANUARY 14, 2021
While many believe that the dawn of a new year represents a clean slate or a blank canvas, we simply don’t leave the past behind by merely flipping over a page in the calendar. As we enter 2021, we will also be building off the events of 2020 – both positive and negative – including the acceleration of digital transformation as the next normal begins to be defined.
Data Breach Today
JANUARY 25, 2021
Unknown Attack Has Disrupted the Company's Global IT Infrastructure The Austrian construction equipment manufacturing firm Palfinger AG reports being hit with a cyberattack that has knocked the majority of its worldwide IT infrastructure offline, eliminating its ability to use email and conduct business.
Security Affairs
JANUARY 16, 2021
The development team behind the Linux Mint distro has fixed a security flaw that could have allowed users to bypass the OS screensaver. The maintainers of the Linux Mint project have addressed a security bug that could have allowed attackers to bypass the OS screensaver. The curious aspect of this vulnerability is related to its discovery, in fact, it was found by too children that were playing on their dad’s computer.
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
Data Protection Report
JANUARY 5, 2021
On December 18, 2020, the US Department of the Treasury (Office of the Comptroller of the Currency), Federal Reserve and Federal Deposit Insurance Corporation (FDIC) jointly announced a 53-page proposed rule that would require banks to notify their regulators within 36 hours of a “computer-security incident” that rises to the level of a “notification incident.
Krebs on Security
JANUARY 12, 2021
New research into the malware that set the stage for the megabreach at IT vendor SolarWinds shows the perpetrators spent months inside the company’s software development labs honing their attack before inserting malicious code into updates that SolarWinds then shipped to thousands of customers. More worrisome, the research suggests the insidious methods used by the intruders to subvert the company’s software development pipeline could be repurposed against many other major software p
Hunton Privacy
JANUARY 22, 2021
The recent UK case of Soriano v Forensic News and Others tested the territorial reach of the General Data Protection Regulation (“GDPR”) and represents the first UK judgment dealing with the territorial scope of the GDPR. This was a “service out” case, where the claimant, Walter T. Soriano, sought the Court’s permission under the UK Civil Procedure Rules to serve proceedings on the defendants, who were all domiciled in the U.S.
Schneier on Security
JANUARY 4, 2021
From an interview with an Amazon Web Services security engineer: So when you use AWS, part of what you’re paying for is security. Right; it’s part of what we sell. Let’s say a prospective customer comes to AWS. They say, “I like pay-as-you-go pricing. Tell me more about that.” We say, “Okay, here’s how much you can use at peak capacity.
Advertisement
Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.
Data Breach Today
JANUARY 29, 2021
Researchers: 'LogoKit' Found on 700 Domains Researchers at the security firm RiskIQ have discovered a phishing kit they call "LogoKit" that fraudsters can use to easily change lures, logos and text in real time to help trick victims into opening up messages and clicking on malicious links.
Security Affairs
JANUARY 19, 2021
The threat actors behind the SolarWinds attack used malware dubbed Raindrop for lateral movement and deploying additional payloads. Security experts from Symantec revealed that threat actors behind the SolarWinds supply chain attack leveraged a malware named Raindrop for lateral movement and deploying additional payloads. Raindrop is the fourth malware that was discovered investigating the SolarWinds attack after the SUNSPOT backdoor, the Sunburst / Solorigate backdoor and the Teardrop tool. .
Threatpost
JANUARY 3, 2021
Insider threats are redefined in 2021, the work-from-home trend will continue define the threat landscape and mobile endpoints become the attack vector of choice, according 2021 forecasts.
Krebs on Security
JANUARY 29, 2021
The unprecedented volume of unemployment insurance fraud witnessed in 2020 hasn’t abated, although news coverage of the issue has largely been pushed off the front pages by other events. But the ID theft problem is coming to the fore once again: Countless Americans will soon be receiving notices from state regulators saying they owe thousands of dollars in taxes on benefits they never received last year.
Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO
The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.
The Guardian Data Protection
JANUARY 26, 2021
Information commissioner says data was voluntarily deleted amid concerns about ‘weak’ enforcement The Conservative party acted illegally when it collected data on the ethnic backgrounds of 10 million voters before the 2019 general election, the information commissioner has told a committee of MPs. However, Elizabeth Denham insisted there had been no need to issue an enforcement notice against the party, as it had voluntarily deleted the data it held after a “recommendation” from her office.
Micro Focus
JANUARY 21, 2021
COBOL’s continued popularity receives further evidence. Digital Marketing expert and avid COBOL fan Mark Plant reports that another major milestone has been met – this time on Facebook. The answer to the jokey headline is: None – that’s a hardware problem of course! However, if you ever did really need to find out I’d recommend. View Article.
Data Breach Today
JANUARY 18, 2021
Security Experts Say Proposal Amounts to a 'Down Payment' President-elect Joe Biden's $1.9 trillion plan for COVID-19 relief includes nearly $10 billion in cybersecurity and IT spending. Some security experts hope the amount as just a "down payment" toward a broader effort.
Security Affairs
JANUARY 31, 2021
Expert disclosed an unpatched vulnerability in Microsoft Azure Functions that could be exploited to escape the Docker container hosting them. Cybersecurity researcher Paul Litvak from Intezer Lab disclosed an unpatched vulnerability in Microsoft Azure Functions that could be exploited by an attacker to escalate privileges and escape the Docker container that hosts them.
Advertisement
Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.
Threatpost
JANUARY 7, 2021
Major browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.
Dark Reading
JANUARY 21, 2021
The Base64 encoding scheme is often used to hide the plaintext elements in the early stages of an attack that can't be concealed under the veil of encryption. Here's how to see through its tricks.
Schneier on Security
JANUARY 14, 2021
Security researcher Ahmed Hassan has shown that spoofing the Android’s “People Nearby” feature allows him to pinpoint the physical location of Telegram users: Using readily available software and a rooted Android device, he’s able to spoof the location his device reports to Telegram servers. By using just three different locations and measuring the corresponding distance reported by People Nearby, he is able to pinpoint a user’s precise location. […].
Expert insights. Personalized for you.
363 
Let's personalize your content