Data Breach Today
APRIL 30, 2022
Killnet Claims Responsibility for Targeting Romanian Authorities The Computer Emergency Response Team of Ukraine, along with the National Bank of Ukraine, are warning of massive DDoS attacks against pro-Ukrainian targets. The intelligence service in Romania, SRI, also warns of a similar type of attack targeting sites belonging to its national authorities.
Dark Reading
MAY 3, 2022
The same infrastructure traced back to Russian-speaking threat group Nobelium is being used to set up misspelled domain names, presaging impersonation attacks bent on credential harvesting, analysts say.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
MAY 2, 2022
IoT gizmos make our lives easier, but we forget that these doohickeys are IP endpoints that act as mini-radios. They continuously send and receive data via the internet and can be the easiest way for a hacker to access your home network. IoT devices can spy on people, steal data, or bring down vast swathes of the internet, as happened in 2016 when Mirai malware infiltrated devices such as baby monitors and refrigerators and locked them into a botnet for the Dyn cyberattack.
Krebs on Security
MAY 2, 2022
Image: Proxima Studios, via Shutterstock. Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within the nation’s prison population to perform low-cost IT work for domestic companies.
Advertisement
Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.
Data Breach Today
MAY 3, 2022
California Resident Found Guilty on Total of 6 Criminal Counts Sercan Oyuntur, a 40-year-old California resident, has been found guilty of stealing payments of over $23 million from the U.S. Department of Defense, according to the U.S. Department of Justice. The stolen payment was meant for DOD's jet fuel suppliers.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Data Matters
MAY 4, 2022
Washington, D.C. – Sidley announced today that David Lashway and John Woods have joined as partners in the firm’s Privacy and Cybersecurity practice in Washington, D.C. Mr. Lashway and Mr. Woods join Sidley from Baker McKenzie where they started and led the global cybersecurity practice group for over 10 years. “David and John’s industry leading knowledge and global experience provide a rare viewpoint of the current geopolitical risks in the world today and will have an immediate and positive im
Jamf
MAY 5, 2022
Yes; Apple devices have a lower cost of ownership when compared to other technology in the classroom. But it’s not just about the bottom line. Apple devices better prepare schools for remote education, improve digital literacy and teach students skills that will be required in tomorrow’s workplace.
Data Breach Today
MAY 4, 2022
John Riggi and Carolyn Crandall Discuss the Top Threats John Riggi, national adviser for cybersecurity at the American Hospital Association, and Carolyn Crandall, chief security advocate at Attivo Networks, explain why threats involving the Russia-Ukraine war are exacerbating cybersecurity pressures on healthcare sector entities in the U.S. and globally.
eSecurity Planet
MAY 3, 2022
Databases contain some of the most critical data in enterprises, so vulnerabilities in them are serious issues. Researchers at Singapore-based cybersecurity company Group-IB recently discovered thousands of databases exposed to the internet that could have been exploited when they were left unprotected. The Attack Surface Management team at Group-IB said it constantly scans the IPv4 landscape for exposed databases, potentially unwanted programs, and other risks.
Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage
Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.
Threatpost
MAY 3, 2022
Popular apps to support people’s psychological and spiritual well-being can harm them by sharing their personal and sensitive data with third parties, among other privacy offenses.
Hunton Privacy
MAY 2, 2022
On April 28, 2022, India issued new guidance relating to “information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet.” Notably, the guidance requires “service providers, intermediary, data centre, body corporate and Government organizations” to report cyber incidents to India’s Computer Emergency Response Team (“CERT-In”) within six hours of noticing such incidents or being notified about such incidents.
Data Breach Today
MAY 5, 2022
Rules Similar to Privacy Laws Passed in California, Colorado, Virginia and Utah Connecticut has just become the fifth U.S. state to get a comprehensive data privacy and online monitoring law, as Senate Bill No. 6 passed into law on Wednesday. The law will go into effect on July 1, 2023, which means that organizations in the state have just 14 months to prepare for compliance.
eSecurity Planet
MAY 2, 2022
Ransomware just keeps getting worse, it seems. Cybersecurity researchers last week revealed that a new ransomware gang called Onyx is simply destroying larger files rather than encrypting them. As the MalwareHunterTeam noted in a Twitter thread , “as the ransomware they are using is a trash skidware, it’s destroying a part of the victims’ files.” The team would recommend that “no company should pay to these idiots … but they are stealing files too.” Most
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
Data Matters
MAY 5, 2022
Jen Easterly, Director of the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”), repeatedly emphasizes CISA’s cooperative approach with the U.S. private sector. During her interview with Sidley’s Alan Raul on April 13, 2022, Easterly emphasized that CISA’s role was not to “name, blame, shame, or stab the wounded” victims of cybersecurity incidents.
Hunton Privacy
MAY 4, 2022
In April 2022, two states enacted insurance data security legislation based on the National Association of Insurance Commissioners (“NAIC”) Insurance Data Security Model Law (MDL-668). Kentucky Governor Andy Beshear signed HB 474 into law on April 8, 2022, and Maryland Governor Larry Hogan signed SB 207 into law on April 21, 2022. The new laws establish data security obligations for insurance carriers and generally require carriers to take the following actions, subject to certain exemptions: Co
Data Breach Today
MAY 4, 2022
Mosyle Wants to Expand Beyond MDM and Provide a Holistic Apple Security Platform Mosyle closed a $196 million funding round to expand beyond mobile device management and provide a holistic security platform for Apple devices. The company wants to boost adoption of Mosyle Fuse, which combines MDM, endpoint security, encrypted DNS, identity management and app management.
Security Affairs
MAY 3, 2022
China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge , is targeting Russian government agencies. The Google TAG team published a report focused on cybersecurity activity in Eastern Europe.
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
eSecurity Planet
MAY 3, 2022
Security researchers have uncovered a critical vulnerability that could lead to DNS spoofing attacks in two popular C standard libraries that provide functions for common DNS operations. Nozomi Networks Labs found the vulnerability in the Uclibc and uClibc-ng libraries, which provide functions to make common DNS operations such as lookups or translating domain names to IP addresses.
OpenText Information Management
MAY 6, 2022
The statistics about increased cybercrime are everywhere you turn. According to the FBI’s 2021 Internet Crime Report, the FBI Internet Crime Complaint Center saw a record 847,376 complaints in 2021, representing a 7% increase from the prior year. Perhaps more disturbing is the cybercrimes committed against the most vulnerable in society – our children.
Data Breach Today
MAY 2, 2022
California Resident Found Guilty on Total of 6 Criminal Counts Sercan Oyuntur, a 40-year-old California resident, has been found guilty of stealing payments of over $23 million from the U.S. Department of Defense, according to the U.S. Department of Justice. The stolen payment was meant for DOD's jet fuel suppliers.
Security Affairs
MAY 4, 2022
Pro-Ukraine hackers are using Docker images to launch distributed denial-of-service (DDoS) attacks against a dozen Russian and Belarusian websites. Pro-Ukraine hackers, likely linked to Ukraine IT Army , are using Docker images to launch distributed denial-of-service (DDoS) attacks against a dozen websites belonging to government, military, and media.
Advertisement
Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.
Troy Hunt
MAY 6, 2022
It's back to business as usual with more data breaches, more poor handling of them and more IoT pain. I think on all those fronts there's a part of me that just likes the challenge and the opportunity to fix a broken thing. Or maybe I'm just a sucker for punishment, I don't know, but either way it's kept me entertained and given me plenty of new material for this week's video 😊 References The book is almost ready to launch!
Dark Reading
MAY 2, 2022
Breaches can happen to anyone, but a well-oiled machine can internally manage and externally remediate in a way that won't lead to extensive damage to a company's bottom line. (Part 1 of a series.
Data Breach Today
MAY 2, 2022
Amit Basu of International Seaways on the Various Approaches to Zero Trust As one embarks on a zero trust journey, it's best to start with a network approach, according to Amit Basu, who is vice president, chief information officer and chief information security officer at International Seaways, a New York-based tanker company.
IT Governance
MAY 5, 2022
“My password was hacked”: it’s one of the oldest excuses in the book for people who post something regrettable online. But it’s also a growing reality, with Verizon’s 2021 Data Breach Investigations Report discovering that 61% of all data breaches involve stolen credentials. All of us have dozens of accounts that are only one password breach away from compromising sensitive information.
Advertisement
“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.
KnowBe4
MAY 2, 2022
A phishing campaign is using short, terse emails to trick people into visiting a credential-harvesting site, according to Paul Ducklin at Naked Security. The email informs recipients that two incoming messages were returned to the sender, and directs the user to visit a link in order to view the messages. Since the emails are so short, the scammers avoid risking typos or grammatical errors that could have tipped off the recipient.
Dark Reading
MAY 3, 2022
As the talent shortage rages on, companies have found mentorship programs to be one of the best ways to obtain the security skills they need to develop their existing teams.
Data Breach Today
MAY 2, 2022
5 Kellogg Community Colleges - and Nearly 8,400 Students - Affected All five campuses of the Kellogg Community College, or KCC, have suspended classes until further notice as the result of a ransomware attack, according to its website. The campuses in Battle Creek, Albion, Coldwater, Hastings and Fort Custer Industrial Park in Michigan house nearly 8,400 students.
Expert insights. Personalized for you.
361 
Let's personalize your content