Krebs on Security

APRIL 13, 2022

Microsoft on Tuesday released updates to fix roughly 120 security vulnerabilities in its Windows operating systems and other software. Two of the flaws have been publicly detailed prior to this week, and one is already seeing active exploitation, according to a report from the U.S. National Security Agency (NSA). Of particular concern this month is CVE-2022-24521 , which is a “privilege escalation” vulnerability in the Windows common log file system driver.

Ransomware 245

Ransomware Security IT Access 245

Data Breach Today

APRIL 14, 2022

The latest edition of the ISMG Security Report analyzes the latest cyberthreats to the energy sector as Russia's invasion of Ukraine continues. It also examines best practices for Customer Identity and Access Management and how healthcare institutions can sharpen their defense strategies.

Access 260

Access Security IT 260

WIRED Threat Level

APRIL 13, 2022

The malware toolkit, known as Pipedream, is perhaps the most versatile tool ever made to target critical infrastructure like power grids and oil refineries.

Security 125

Security 125

The Last Watchdog

APRIL 14, 2022

It’s no secret that cyberattacks can happen to any business, and we should all be suspicious of messages from unfamiliar senders appearing in our email inboxes. Related: Deploying human sensors. But surely, we can feel confident in email communications and requests from our organization’s executives and fellow coworkers, right? The short answer: Not always.

Phishing 243

Phishing Authentication Communications Ransomware 243

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Krebs on Security

APRIL 12, 2022

The U.S. Department of Justice (DOJ) said today it seized the website and user database for RaidForums , an extremely popular English-language cybercrime forum that sold access to more than 10 billion consumer records stolen in some of the world’s largest data breaches since 2015. The DOJ also charged the alleged administrator of RaidForums — 21-year-old Diogo Santos Coelho , of Portugal — with six criminal counts, including conspiracy, access device fraud and aggravated identi

Sales 216

Sales Data breaches Government Access 216

Security Affairs

APRIL 12, 2022

The dark web marketplace RaidForums has been shut down and its infrastructure seized as a result of Operation TOURNIQUET. The illegal dark web marketplace RaidForums has been shut down and its infrastructure seized as a result of the international law enforcement Operation TOURNIQUET coordinated by Europol’s European Cybercrime Centre. Operation TOURNIQUET was conducted by law enforcement agencies from the United States, United Kingdom, Sweden, Portugal, and Romania.

Sales 143

Sales Data breaches Passwords Marketing 143

The Last Watchdog

APRIL 11, 2022

From financial institutions to meat producers, it seems every industry has been impacted by ransomware in the past year — maybe even the past week. The world’s largest enterprises to the smallest mom-and-pop shops have been devastated by cybercriminals who are looking to hold assets hostage for a big pay day. Related: Tech solutions alone can’t stop ransomware.

Ransomware 214

Ransomware IT Passwords Government 214

Troy Hunt

APRIL 10, 2022

In my ongoing bid to make more useful information on data breaches available to impacted national governments , today I'm very happy to welcome the 32nd national CERT to Have I Been Pwned, the Republic of North Macedonia! They now join their counterparts across the globe in having free API-level access to monitor and query their government domains.

Government 131

Government Data breaches Access 131

Data Breach Today

APRIL 14, 2022

Target Was Submarine Cable Servers Covering 95% of Regional Telecommunications A branch of the U.S. Department of Homeland Security says that it stopped an international hacking group from launching a major cyberattack on an underground cable system's servers. If the attackers had been successful, the incident could have become a national security threat, security experts say.

Communications 324

Communications Security IT 324

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Security Affairs

APRIL 13, 2022

Apache addressed a critical flaw in Apache Struts RCE that was linked to a previous issue that was not properly fixed. Apache Struts is an open-source web application framework for developing Java EE web applications. The Apache Software Foundation urges organizations to address a vulnerability, tracked as CVE-2021-31805, affecting Struts versions ranging 2.0.0 to 2.5.29.

Cybersecurity 132

Cybersecurity Security IT Information Security 132

The Last Watchdog

APRIL 13, 2022

Cyberattacks preceded Russia’s invasion of Ukraine, and these attacks continue today as the war unfolds. As the United States and other nations condemn Russia’s actions, the odds of Russian cyber actors targeting the U.S., allied countries, and businesses steadily increases. Related: Cyber espionage is in a Golden Age. These Russian cyber actors are government organizations and include other parties who take their orders from the Russian military or intelligence organizations – while not technic

Cybersecurity 188

Cybersecurity Military Passwords Education 188

AIIM

APRIL 14, 2022

Cloud-based systems and applications are popular across organizations in all industries today and are largely regarded as a powerful platform for process innovation and improved organizational performance. According to the IDG 2021 Cloud Computing Survey , the majority (55%) of organizations are now using more than one public cloud. Cloud adoption has also reached more than two-thirds in every industry.

Cloud 104

Cloud Metadata Financial Services Insurance 104

Data Breach Today

APRIL 14, 2022

Accenture's Robert Boyce on Adopting an Effective Communications Plan Accenture's new ransomware report reveals key challenges in executing an effective communications plan. Robert Boyce, managing director of global cyber response, discusses why existing recovery strategies aren't enough and offers practical steps for managing a ransomware response.

Ransomware 290

Ransomware Communications 290

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

WIRED Threat Level

APRIL 13, 2022

Ukraine claims to have doxed Russian troops and spies, while hacktivists are regularly leaking private information from Russian organizations.

Privacy 145

Privacy Security 145

Security Affairs

APRIL 12, 2022

Russia-linked Sandworm APT group targeted energy facilities in Ukraine with INDUSTROYER2 and CADDYWIPER wipers. Russia-linked Sandworm threat actors targeted energy facilities in Ukraine with a new strain of the Industroyer ICS malware (INDUSTROYER2) and a new version of the CaddyWiper wiper. According to the CERT-UA, nation-state actors targeted high-voltage electrical substations with INDUSTROYER2, the variant analyzed by the researchers were customized to target respective substations.

Cybersecurity 125

Cybersecurity Government Security IT 125

AIIM

APRIL 12, 2022

I’m at that age when the body starts to go. I now see 100 doctors – no, really, 85 at least. Or so it seems. If I’m not Zooming with my primary care provider, I’m swapping data with a specialist via a phone app or transmitting my blood pressure readings from my remote monitor to the disembodied nurse in my voicemail who chides me with messages if I miss a reading.

Computer and Electronics 104

Computer and Electronics Insurance Marketing Paper 104

Data Breach Today

APRIL 15, 2022

Declining Loss Ratios Means Insurance Premium Increases Might Moderate in Late 2022 A surprising improvement in loss ratios for cyber insurance providers in 2021 means the rapid rise in premiums might at last subside later this year. The loss ratio declined for the first time since 2018 despite the frequency and severity of claims filed for cyberattacks increasing again in 2021.

Insurance 280

Insurance 280

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Data Matters

APRIL 15, 2022

Utah has become the fourth state, following California, Virginia and Colorado, to enact a comprehensive consumer data privacy law. The Utah Consumer Privacy Act (“UCPA”), formerly known as Senate Bill 227, passed the Utah Senate and House with no opposition, and was signed by Governor Cox on March 24, 2022. The UCPA shares many similarities with Virginia’s Consumer Data Protection Act (“VCDPA”) and the Colorado Privacy Act (“CPA”), and some similarities with the California Consumer

Privacy 109

Privacy Personal data Sales Insurance 109

Jamf

APRIL 13, 2022

Arguably, the healthcare sector is one of the industries that can least afford a security breach. So why was 2021 the tenth year in a row that the healthcare industry had the highest breach costs of any industry? And why, according to the HIPAA Journal , has the number of healthcare data breaches risen every year for the last decade? And what is the industry planning to do about it?

IT 121

IT Security Data breaches 121

KnowBe4

APRIL 12, 2022

Organizations in the US lost $2.4 billion to business email compromise (BEC) scams (also known as CEO fraud ) last year, according to Alan Suderman at Fortune.

Phishing 128

Phishing 128

Data Breach Today

APRIL 13, 2022

5 Critical Vulnerabilities Could Allow Hackers to Tamper with Certain Gear Researchers say five critical vulnerabilities in certain mobile hospital robots - if exploited - could allow hackers to interfere with delivery of medication and supplies, elevator operation and patient privacy. Some experts say the situation is a reminder of commonly overlooked IoT device risks.

Risk 261

Risk IoT Privacy 261

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

eSecurity Planet

APRIL 14, 2022

Critical infrastructure , industrial control (ICS) and supervisory control and data acquisition (SCADA) systems are under increasing threat of cyber attacks, according to a number of recent warnings from government agencies and private security researchers. CERT-UA (Computer Emergency Response Team of Ukraine) reported a major attack on Ukrainian energy infrastructure last week.

Authentication 119

Authentication Security awareness Cybersecurity Passwords 119

IT Governance

APRIL 12, 2022

Welcome to our first quarterly review of security incidents for 2022, in which we take a closer look at the information gathered in our monthly list of data breaches and cyber attacks. In this article, you’ll find an overview of the cyber security landscape from the past three months, including the latest statistics and our observations. This includes year-on-year comparisons in the number of publicly disclosed data breaches, a review of the most breached sectors and a running total of incidents

Data breaches 115

Data breaches Ransomware Government Retail 115

Security Affairs

APRIL 14, 2022

The US government agencies warned of threat actors that are targeting ICS and SCADA systems from various vendors. The Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) published a joint Cybersecurity Advisory (CSA) to warn of offensive capabilities developed by APT actors that could allow them to compromise multiple industrial control system (ICS)/supervisory control and data

Passwords 115

Passwords Communications Cybersecurity Access 115

Data Breach Today

APRIL 13, 2022

Latest Batch of Fixes Includes 10 Critical, 2 Zero-Day Vulnerabilities A week after Microsoft announced the Windows Autopatch feature and declared that, come July, the tradition of Patch Tuesday will end, it's Patch Tuesday again, and the company has issued more than 100 security fixes for software that resolve critical issues, including two zero-day vulnerabilities.

Security 260

Security IT 260

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

Customer Experience

eSecurity Planet

APRIL 15, 2022

Not everyone adopts multi-factor authentication (MFA) to secure their accounts. Many stick with simple username and password combinations despite the weaknesses of this authentication method. Yet if someone wanted to enable MFA, which option should they use? Each MFA option suffers vulnerabilities and creates user friction, so IT managers need to select the MFA option that best suits their users and their security concerns.

Authentication 117

Authentication Passwords Phishing Access 117

Schneier on Security

APRIL 13, 2022

A Russian cyberweapon, similar to the one used in 2016, was detected and removed before it could be used. Key points: ESET researchers collaborated with CERT-UA to analyze the attack against the Ukrainian energy company The destructive actions were scheduled for 2022-04-08 but artifacts suggest that the attack had been planned for at least two weeks The attack used ICS-capable malware and regular disk wipers for Windows, Linux and Solaris operating systems We assess with high confidence that the

IT 113

IT 113

Security Affairs

APRIL 13, 2022

Microsoft’s Digital Crimes Unit (DCU) announced to have shut down dozens C2 servers used by the infamous ZLoader botnet. Microsoft dismantled the C2 infrastructure used by the ZLoader trojan with the help of telecommunications providers around the world and cybersecurity firms. The IT giant obtained a court order that allowed it to sinkhole 65 domains used by the ZLoader operators along with an additional 319 currently registered DGA domains. “Today, we’re announcing that Microsoft’

Ransomware 115

Ransomware Cybersecurity Access Security 115