Sat.Nov 28, 2020 - Fri.Dec 04, 2020

article thumbnail

'Return to Office' Phishing Emails Aim to Steal Credentials

Data Breach Today

Researchers: Employees Lured With Messages About Shift to Workplace Researchers at Abnormal Security have uncovered a credential-stealing phishing campaign that spoofs internal company memos concerning returning to the office.

Phishing 360
article thumbnail

IRS to Make ID Protection PIN Open to All

Krebs on Security

The U.S. Internal Revenue Service (IRS) said this week that beginning in 2021 it will allow all taxpayers to apply for an identity protection personal identification number (IP PIN), a single-use code designed to block identity thieves from falsely claiming a tax refund in your name. Currently, IP PINs are issued only to those who fill out an ID theft affidavit, or to taxpayers who’ve experienced tax refund fraud in previous years.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

This Company Uses AI to Outwit Malicious AI

WIRED Threat Level

Robust Intelligence is among a crop of companies that offer to protect clients from efforts at deception.

article thumbnail

What are the Principles of Change Management?

AIIM

Change Management Principles. Why do so many organizations struggle with implementing change? Is it bad tactical plans? Poor strategy? A lack of focus from senior leadership? Many times, it boils down to people – the human side of change. Careful consideration and planning for your company’s culture, values, people, and behaviors could help separate your project from the majority that fail.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

CISA Warns of Password Leak on Vulnerable Fortinet VPNs

Data Breach Today

Agency Says Hackers Can Use a Known Bug for Further Exploitation CISA is warning about a possible password leak that could affect vulnerable Fortinet VPNs and lead to further exploitation. The latest agency notice comes just days after hackers began publishing what they claim are leaked passwords on underground forums, according to researchers.

Passwords 363

More Trending

article thumbnail

From Chaos to Control with Data Intelligence

erwin

As the amount of data grows exponentially, organizations turn to data intelligence to reach deeper conclusions about driving revenue, achieving regulatory compliance and accomplishing other strategic objectives. It’s no secret that data has grown in volume, variety and velocity, with 2.5 quintillion bytes generated every day and 90 percent of the world’s data volume created just in the last two years.

Metadata 141
article thumbnail

Belgian DPA to Take Down Websites Infringing GDPR

Hunton Privacy

On November 26, 2020, the Belgian Data Protection Authority (“Belgian DPA”) signed a cooperation agreement with DNS Belgium, the organization managing the “.be” country code top-level domain name. The purpose of the cooperation agreement is to allow DNS Belgium to suspend “.be” websites that are linked to infringements of the EU General Data Protection Regulation (the “GDPR”).

GDPR 137
article thumbnail

Serious Apple iOS Exploit Enabled Nearby Device Takeover

Data Breach Today

'Zero-Click Exploit' Hacked 'Any Device in Radio Proximity' via WiFi Until May, all Apple iOS devices were vulnerable to a "zero-click exploit" that would have allowed hackers to remotely gain complete control and view all emails, photos, private messages and more, says Google security researcher Ian Beer. He alerted Apple to multiple vulnerabilities - all now patched.

Security 316
article thumbnail

Bomb Threat, DDoS Purveyor Gets Eight Years

Krebs on Security

A 22-year-old North Carolina man has been sentenced to nearly eight years in prison for conducting bomb threats against thousands of schools in the U.S. and United Kingdom, running a service that launched distributed denial-of-service (DDoS) attacks, and for possessing sexually explicit images of minors. Timothy Dalton Vaughn from Winston-Salem, N.C. was a key member of the Apophis Squad , a gang of young ne’er-do-wells who made bomb threats to more than 2,400 schools and launched DDoS attacks a

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

List of data breaches and cyber attacks in November 2020 – 586 million records breached

IT Governance

We recorded 103 cyber security incidents in November, which accounted for 586,771,602 leaked records. The majority of those came from a credential-stuffing attack targeting Spotify and a data leak at the messaging app GO SMS Pro, which you can learn more about below. Here is our complete list of November’s cyber attacks and data breaches. As usual, incidents affecting UK organisations are in bold.

article thumbnail

Crooks stole 800,000€ from ATMs in Italy with Black Box attack

Security Affairs

A cyber criminal organization has stolen money from at least 35 Italian ATMs with a black box attack technique. A criminal organization has stolen money from at least 35 ATMs and Post Office cash dispensers operated by Italian banks with a new black box attack technique. The Carabinieri of Monza dismantled by the gang, the Italian law enforcement agency confirmed that the cybercrime organization stole about 800,000€ in just 7 months using #ATM Black Box attack.

article thumbnail

Audit Found Baltimore County Schools Lacked Data Security

Data Breach Today

Report Comes as District Struggles With Ransomware Attack The Baltimore County Public Schools system was notified by state auditors of several cybersecurity weaknesses the day before the district was hit with a crippling ransomware attack.

article thumbnail

Media and Marketing Leaders: It’s Time to Stand Up For Truth

John Battelle's Searchblog

Why “information equity” matters. An idea has been tugging at me for months now, one I’ve spent countless hours discussing and debating with leaders in marketing, media, and journalism. And as I often do, I’m turning to writing to see if I can push it into more concrete form. I’m literally thinking out loud here, but I won’t bury the lede: I believe it’s time for all major corporations – not just the companies that pushed for the #StopHateForProfit

Marketing 134
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

[Podcast] Low Code Drives Rapid Change for Financial Services

AIIM

It’s no secret that the continuing coronavirus pandemic has disrupted businesses everywhere, and the financial services industry is no exception. Indeed, the financial services industry is at a tipping point—either disrupt or get disrupted. Even before Covid-19, many areas within banking and capital markets were already experiencing serious existential threats.

article thumbnail

Chip maker Advantech hit by Conti ransomware gang

Security Affairs

The IIoT chip maker Advantech was hit by the Conti ransomware, the gang is now demanding over $13 million ransom from the company. The Conti ransomware gang hit infected the systems of industrial automation and Industrial IoT (IIoT) chip maker Advantech and is demanding over $13 million ransom (roughly 750 BTC) to avoid leaking stolen files and to provide a key to restore the encrypted files.

article thumbnail

Researchers: 25 Countries Use 'Circles' Spyware

Data Breach Today

Application Tracks Individuals via Mobile Phones Twenty-five countries are likely using spyware sold by a company called Circles that can snoop on mobile phone calls and text messages, according to Citizen Lab, a research organization based at the University of Toronto.

286
286
article thumbnail

What Is the Signal Encryption Protocol?

WIRED Threat Level

As the Signal protocol becomes the industry standard, it's worth understanding what sets it apart from other forms of end-to-end encrypted messaging.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Open Source Does Not Equal Secure

Schneier on Security

Way back in 1999, I wrote about open-source software: First, simply publishing the code does not automatically mean that people will examine it for security flaws. Security researchers are fickle and busy people. They do not have the time to examine every piece of source code that is published. So while opening up source code is a good thing, it is not a guarantee of security.

Security 118
article thumbnail

A critical flaw in industrial automation systems opens to remote hack

Security Affairs

Experts found a critical flaw in Real-Time Automation’s (RTA) 499ES EtherNet/IP stack that could allow hacking industrial control systems. Tracked as CVE-2020-25159 , the flaw is rated 9.8 out of 10 in severity by the industry-standard Common Vulnerability Scoring System (CVSS) and impacts all versions of EtherNet/IP Adapter Source Code Stack prior to 2.28, which was released on November 21, 2012.

Security 123
article thumbnail

Bad Cookies: Privacy Regulator Fines Supermarket Giant

Data Breach Today

$3.7 Million Fine for French Supermarket Giant Carrefour for Alleged GDPR Violations France's privacy regulator has hit retail giant Carrefour with a $3.7 million fine for violating privacy laws, including GDPR. It's accused of failing to make privacy policies easy to understand, placing advertising cookies without consent and retaining customer data for unreasonable periods of time.

Privacy 290
article thumbnail

A Broken Piece of Internet Backbone Might Finally Get Fixed

WIRED Threat Level

Efforts to secure the Border Gateway Protocol have picked up critical momentum, including a big assist from Google.

Security 145
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

iPhone Bug Allowed for Complete Device Takeover Over the Air

Threatpost

Researcher Ian Beer from Google Project Zero took six months to figure out the radio-proximity exploit of a memory corruption bug that was patched in May.

Security 122
article thumbnail

Clop Ransomware gang claims to have stolen 2 million credit cards from E-Land

Security Affairs

E-Land Retail suffered a ransomware attack, Clop ransomware operators claim to have stolen 2 million credit cards from the company. E-Land Retail is a South Korean conglomerate headquartered in Changjeon-dong Mapo-gu Seoul, South Korea. E-Land Group takes part in retail malls, restaurants, theme parks, hotels and construction businesses as well as its cornerstone, fashion apparel business.

article thumbnail

Defense Bill Would Restore White House Cybersecurity Post

Data Breach Today

Measure Is the Latest Effort to Revive Position A defense policy bill that Congress plans to vote on later this month now includes a provision that would restore the position of national cyber director at the White House, says Rep. Jim Langevin, D-R.I.

article thumbnail

Impressive iPhone Exploit

Schneier on Security

This is a scarily impressive vulnerability: Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device­ — over Wi-Fi, with no user interaction required at all. Oh, and exploits were wormable­ — meaning radio-proximity exploits could spread from one nearby device to another, once again, with no user interaction needed. […].

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Cayman Islands Bank Records Exposed in Open Azure Blob

Threatpost

An offshore Cayman Islands bank’s backups, covering a $500 million investment portfolio, were left unsecured and leaking personal banking information, passport data and even online banking PINs.

Cloud 113
article thumbnail

Russia-linked APT Turla used a new malware toolset named Crutch

Security Affairs

Russian-linked cyberespionage group Turla employed a new malware toolset, named Crutch, in targeted attacks aimed at high-profile targets. Russian-linked APT group Turla has used a previously undocumented malware toolset, named Crutch, in cyberespionage campaigns aimed at high-profile targets, including the Ministry of Foreign Affairs of a European Union country.

Archiving 119
article thumbnail

New Zealand's Refreshed Privacy Act Takes Effect

Data Breach Today

Includes New Breach Notification Requirements, Fines and Greater Regulatory Powers New Zealand's refreshed Privacy Act, which came into effect Tuesday, introduces breach notification requirements and civil penalties. It also holds data handlers to higher responsibilities to counter new threats to personal data. But the law doesn't impose financial penalties as severe as the EU's GDPR.

Privacy 288