Data Breach Today

JUNE 3, 2021

Low-Bandwidth Network Can Share Internet Connections Among Amazon Devices Internet of things security professionals are expressing concern over Amazon's new Sidewalk - a low-bandwidth network program that will allow some of the company's connected and IoT devices to share Wi-Fi access even outside an owner's home.

Privacy 251

Privacy IoT Security Access 251

WIRED Threat Level

MAY 31, 2021

From NotPetya to SolarWinds, it’s a problem that’s not going away any time soon.

Security 96

Security 96

eSecurity Planet

JUNE 3, 2021

The National Security Council is sending a memo to U.S. companies urging them to take the ransomware threat more seriously as the Biden Administration ramps up its responses following recent attacks linked to Russia-based hacker groups on two major corporations. In the open letter dated June 3, Anne Neuberger, the NSC’s cybersecurity adviser, said that while the federal government is doing what it can to combat the accelerating threat, private sector organizations also play a crucial role.

Ransomware 97

Ransomware Cybersecurity Government Agriculture 97

Krebs on Security

MAY 29, 2021

Fake, positive reviews have infiltrated nearly every corner of life online these days, confusing consumers while offering an unwelcome advantage to fraudsters and sub-par products everywhere. Happily, identifying and tracking these fake reviewer accounts is often the easiest way to spot scams. Here’s the story of how bogus reviews on a counterfeit Microsoft Authenticator browser extension exposed dozens of other extensions that siphoned personal and financial data.

Authentication 305

Authentication IT Marketing 305

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Data Breach Today

JUNE 4, 2021

CISO Discusses Changing Security Culture in Organizations Mario Demarillas, CISO and head of IT consulting and software engineering at Exceture, in the Philippines, strikes a balance between securing his organization and its business offering in security.

Security 350

Security IT 350

AIIM

JUNE 3, 2021

The National Archives and Records Administration ( NARA ) and Office of Management and Budget ( OMB ) set forth the government-wide policy M-19-21 as a directive to progress how government records are managed. Read on to learn what this directive is, who it impacts, and seven factors necessary to achieve compliance. What Is M-19-21? Who Does M-19-21 Impact?

Compliance 152

Compliance FOIA Metadata Records Management 152

Security Affairs

JUNE 4, 2021

Trend Micro disclosed technical details of a patched privilege escalation issue, tracked as CVE-2021-30724 , that impacts macOS, iOS and iPadOS. Trend Micro researchers disclosed technical details of a patched privilege escalation vulnerability, tracked as CVE-2021-30724 , that impacts macOS, iOS, and iPadOS. The flaw was reported to Apple by Trend Micro researcher Mickey Jin, and the It giant fixed the issue was addressed by the IT giant on May 24 with the release of macOS 11.4, iOS 14.6, and

Communications 135

Communications Access IT Security 135

Data Breach Today

JUNE 1, 2021

Vulnerability Affects Siemens SIMATIC S7-1200 and S7-1500 CPU Siemens has released patches for certain automation products that have a critical memory protection vulnerability, which attackers could exploit to run arbitrary code to access memory areas, enabling them to read sensitive data and use it to launch further attacks.

Security 347

Security Access IT 347

The Last Watchdog

JUNE 2, 2021

The amount of data in the world topped an astounding 59 zetabytes in 2020, much of it pooling in data lakes. Related: The importance of basic research. We’ve barely scratched the surface of applying artificial intelligence and advanced data analytics to the raw data collecting in these gargantuan cloud-storage structures erected by Amazon, Microsoft and Google.

Encryption 126

Encryption Access Artificial Intelligence IoT 126

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

AIIM

JUNE 1, 2021

What is the future of work? That’s hard to say. But one thing seems certain: Disruption lies ahead. Driven by innovations in technology, shifting business strategies, and evolving definitions of success, the workplace is changing fast. As the adoption of things like process automation, AI, and Machine Learning continue to accelerate, so will the pace of change in the workplace.

Compliance 144

Compliance Digital transformation IT 144

Troy Hunt

JUNE 3, 2021

Supporting national CERTs with free API domain searches across their assets is becoming an increasing focus for Have I Been Pwned and today I'm happy to welcome the 19th government on board, Belgium. As of now, the Centre for Cyber Security Belgium (CCB) has full access to query all their gov domains and gain deeper visibility into the impact of data breaches on their departments.

Government 135

Government Data breaches Access Security 135

Data Breach Today

MAY 29, 2021

2022 Budget Proposal Seeks $750 Million for 'Lessons Learned' From SolarWinds The White House officially released its 2022 federal budget proposal on Friday, and the Biden administration is seeking to spend billions on cybersecurity next year, including $750 million for "lessons learned" from the SolarWinds attack. Officials also want to boost CISA's budget by $110 million.

Cybersecurity 347

Cybersecurity IT 347

Schneier on Security

JUNE 2, 2021

The New York Times has a long story on the DarkSide ransomware gang. A glimpse into DarkSide’s secret communications in the months leading up to the Colonial Pipeline attack reveals a criminal operation on the rise, pulling in millions of dollars in ransom payments each month. DarkSide offers what is known as “ransomware as a service,” in which a malware developer charges a user fee to so-called affiliates like Woris, who may not have the technical skills to actually create ran

Ransomware 132

Ransomware Communications Security 132

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Security Affairs

MAY 31, 2021

A security researcher discovered a bug in PatchGuard Windows security feature that can allow loading unsigned malicious code into the Windows kernel. Japanese researcher Kento Oki has discovered a bug in PatchGuard that could be exploited by an attacker to load unsigned malicious code into the Windows operating system kernel. The PatchGuard, also known as Kernel Patch Protection, is a software protection utility that has been designed to forbid the kernel of 64-bit versions of Windows OS from be

Security 126

Security IT Cybersecurity Information Security 126

Threatpost

JUNE 2, 2021

On June 8, Amazon’s pulling all its devices into a device-to-device wireless mix, inspiring FUD along the way. Now's the time to opt out if you're be-FUDdled.

IT 130

IT IoT Security 130

Data Breach Today

JUNE 1, 2021

World's Largest Meat Supplier Says Servers Hit in North America and Australia The world's largest meat supplier, JBS, says an "organized cybersecurity attack" has led it to shut down servers in North America and Australia. Experts say a prolonged outage could have a noticeable impact on the global supply of meat. The company has yet to disclose if the attack involved ransomware.

Cybersecurity 338

Cybersecurity Ransomware IT 338

Schneier on Security

JUNE 4, 2021

Today is the second day of the fourteenth Workshop on Security and Human Behavior. The University of Cambridge is the host, but we’re all on Zoom. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The forty or so attendees include psychologists, economists, computer security researchers, sociologists, political scientists, criminologists, neuroscientists, des

Security 122

Security Paper IT Risk 122

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Security Affairs

JUNE 4, 2021

Hackers are actively scanning the Internet for VMware vCenter servers vulnerable against a critical RCE flaw recently fixed by VMware. Threat actors are actively scanning the Internet for VMware vCenter servers affected by a critical remote code execution (RCE) vulnerability tracked as CVE-2021-21985. The CVE-2021-21985 flaw is caused by the lack of input validation in the Virtual SAN ( vSAN ) Health Check plug-in, which is enabled by default in the vCenter Server.

Ransomware 125

Ransomware Encryption Access Security 125

Threatpost

JUNE 3, 2021

REvil threat actors may be behind a set of PowerShell scripts developed for encryption and weaponized to exploit vulnerabilities in corporate networks, the ransom note suggests.

Encryption 119

Encryption 119

Data Breach Today

JUNE 2, 2021

FireEye to Sell Product Line, Name to Private Equity FireEye announced on Wednesday the sale of its product line and name to Symphony Technology Group, a private equity group based in Palo Alto, for $1.2 billion. The deal means FireEye will be separated from Mandiant Solutions, its forensics unit that's often called upon after a data breach.

Sales 333

Sales Data breaches IT 333

Schneier on Security

JUNE 1, 2021

The website for the M1racles security vulnerability is an excellent demonstration that not all vulnerabilities are exploitable. Be sure to read the FAQ through to the end.

Security 122

Security 122

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Security Affairs

MAY 30, 2021

Interpol has intercepted $83 million in illicit funds transferred from victims to the accounts used by crooks. An operation conducted by Interpol, codenamed HAECHI-I, conducted by more than 40 officers in the Asia Pacific region over six months period allowed to intercept a total of USD 83 million in illicit funds transferred from victims to the cybercriminals.

Phishing 122

Phishing Security IT Cybersecurity 122

Adam Levin

JUNE 4, 2021

You would think that ExaGrid, a backup appliance and anti-ransomware service might know how to avoid ransomware, but it was hit. . According to the company’s website, “ExaGrid offers a unique approach to ensure that attackers cannot compromise the backup data, allowing organizations to be confident that they can restore the affected primary storage and avoid paying ugly ransoms.

Ransomware 115

Ransomware Insurance Education Risk 115

Data Breach Today

JUNE 3, 2021

Ransomware-as-a-Service Operation REvil - aka Sodinokibi - Has Been Making a Killing The FBI has attributed the ransomware attack against meat processing giant JBS to the REvil - aka Sodinokibi - ransomware-as-a-service operation. Security experts say the operation, which dates from 2019, appears to be run from Russia, and has been hitting increasingly large targets.

Ransomware 331

Ransomware Security 331

Threatpost

JUNE 4, 2021

Judges rule that Georgia police officer did not violate CFAA when he accessed law-enforcement data in exchange for bribe money, a ruling that takes heat off ethical hackers.

Access 116

Access Government 116

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

Customer Experience

Security Affairs

JUNE 2, 2021

A critical zero-day vulnerability in the Fancy Product Designer WordPress plugin exposes more than 17,000 websites to attacks. Researchers from the Wordfence team at WordPress security company Defiant warn that a critical zero-day vulnerability, tracked as CVE-2021-24370, in the Fancy Product Designer WordPress plugin is actively exploited in the wild.

Security 121

Security IT 121

Dark Reading

JUNE 2, 2021

Pen-testing today's threat deception technology is not for the faint-hearted. Do modern deception tools truly frustrate adversaries, and are they ready for the enterprise SOC?

114

114

Data Breach Today

JUNE 4, 2021

Latest Rowhammer Technique Targets Design Flaws in Modern DRAM Chips Researchers at Google have identified a new Rowhammer exploit, dubbed Half-Double, which targets design flaws in some of the newer DRAM chips to alter their memory content.

330

330