Sat.Apr 17, 2021 - Fri.Apr 23, 2021

article thumbnail

7 Old IT Things Every New InfoSec Pro Should Know

Dark Reading

Beneath all those containers and IoT devices, there's a rich patchwork of gear, protocols, and guidelines that have been holding it together since before you were born. Knowledge of those fundamentals is growing more valuable, not less.

IoT 131
article thumbnail

NFTs: The Newest Collectible

eSecurity Planet

NFT-mania, pronounced nifty , is upon us with little time to prepare. From news of a collage selling for almost $70 million at Christie’s auction house to a portrayal of Janet Yellen and Morpheus rapping about cryptocurrency on SNL , the current craze is all about non-fungible tokens (NFTs). But what are NFTs, how do they work, and what security precautions should we take?

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Telehealth: Safeguarding Patient Data

Data Breach Today

New Guidance Spells Out Security Precautions Given the surge in the use of telehealth during the COVID-19 pandemic - and expectations for continued growth - the Healthcare and Public Health Sector Coordinating Council has unveiled guidance on safeguarding patient data during remote care encounters.

Security 222
article thumbnail

Note to Self: Create Non-Exhaustive List of Competitors

Krebs on Security

What was the best news you heard so far this month? Mine was learning that KrebsOnSecurity is listed as a restricted competitor by Gartner Inc. [ NYSE:IT ] — a $4 billion technology goliath whose analyst reports can move markets and shape the IT industry. Earlier this month, a reader pointed my attention to the following notice from Gartner to clients who are seeking to promote Gartner reports about technology products and services: What that notice says is that KrebsOnSecurity is somehow

Marketing 211
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

NEW TECH: DigiCert unveils ‘Automation Manager’ to help issue, secure digital certificates

The Last Watchdog

How do you bring a $9 billion-a-year, digitally-agile corporation to a grinding halt? Related: Why it’s vital to secure IoT. Ask Spotify. When the popular streaming audio service went offline globally, last August, we saw a glimpse of just how tenuous digital transformation sometimes can be. Someone reportedly forgot to renew Spotify’s TLS certificate.

More Trending

article thumbnail

Payment Card Theft Ring Tech Leader Gets 10-Year Sentence

Data Breach Today

Fedir Hladyr of Ukraine Admitted to Working as System Admin for FIN7 A Ukrainian national who admitted to working as a system administrator and IT manager for the notorious FIN7 cybercriminal gang, which has been involved in the theft of millions of payment cards, has been sentenced to 10 years in federal prison.

article thumbnail

Crooks made more than $560K with a simple clipboard hijacker

Security Affairs

Avast researchers analyzed the activity of a simple cryptocurrency malware dubbed HackBoss that allowed its operators to earn over $560K. While the value of major cryptocurrencies continues to increase, cybercriminals and malware authors focus their efforts on cryptocurrency miners and malicious code that could empty the wallets of the victims. The antivirus company Avast analyzed the case of a simple malware dubbed HackBoss and how it allowed its operators to earn more $560K worth of cryptocurr

IT 144
article thumbnail

SHARED INTEL: Report details how cyber criminals leverage HTTPS TLS to hide malware

The Last Watchdog

Google was absolutely right to initiate a big public push a couple of years ago to make HTTPS Transport Layer Security (TLS) a de facto standard. Related: Malicious activity plagues the cloud services. At the time, in the spring of 2018, only 25 percent of commercial websites used HTTPS; today adoption is at 98 percent and rising. Far beyond just protecting websites, TLS has proven to be a linchpin of network-level communications across the board.

article thumbnail

The cost of a cyber attack in 2021

IT Governance

It’s been rough sailing for organisations in the past year or so. In addition to the ongoing challenges of COVID-19, there are the effects of Brexit, increasing public awareness of privacy rights and regulatory pressure to improve data protection practices. And, of course, there is the threat of cyber attacks. According to a UK government survey, 39% of UK businesses came under attack in the first quarter of 2021 , with many incidents causing significant damage.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

ER Physician Association Hacked

Data Breach Today

ACEP Reports Tens of Thousands of Doctors Affected The American College of Emergency Physicians says a "malware" attack affected tens of thousands of the group's current and former members as well as members of three other emergency medical professional organizations.

318
318
article thumbnail

WhatsApp Pink malware spreads via group chat messages

Security Affairs

A WhatsApp malware dubbed WhatsApp Pink is able to automatically reply to victims’ Signal, Telegram, Viber, and Skype messages. A WhatsApp malware dubbed WhatsApp Pink has now been updated, authors have implemented the ability to automatically respond to victims’ Signal, Telegram, Viber, and Skype messages. WhatsApp Pink is a fake app that was first discovered this week, it poses as a “pink” themed version of the legitimate app.

IT 135
article thumbnail

Belgian Constitutional Court Annuls Data Retention Framework for Electronic Communications Data

Hunton Privacy

On April 22, 2021, the Belgian Constitutional Court annulled (in French) the framework set forth by the Law of 29 May 2016 (the “Law”) requiring telecommunications providers to retain electronic communications data in bulk. The Constitutional Court’s decision follows an October 6, 2020 Court of Justice of the European Union (“CJEU”) ruling (in French) on preliminary questions related to the compatibility of the data retention framework with EU law.

article thumbnail

Small Acts Make a Big Difference: Earth Day and Beyond

Micro Focus

At Micro Focus, we are committed to reducing our environmental impact – as are our customers, partners and suppliers. Our aim is to make sustainable and responsible business part of the way we operate. From lowering our energy consumption and waste materials, to helping our customers address their carbon footprint and adopt carbon friendly IT. View Article.

IT 124
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Analysts Uncover More Servers Used in SolarWinds Attack

Data Breach Today

RiskIQ: Discovery Sheds Light on Size of Cyberespionage Operation Researchers at RiskIQ say they've discovered more than a dozen previously undocumented command-and-control servers used in the SolarWinds supply chain attack, showing that the cyberespionage operation was much larger than previously identified.

318
318
article thumbnail

Codecov was a victim of a supply chain attack

Security Affairs

The software company Codecov suffered a security breach, threat actors compromised the supply chain of one of its tools. A new supply chain attack made the headlines, the software company Codecov recently disclosed a major security breach after a threat actor compromised its infrastructure to inject a credentials harvester code to one of its tools named Bash Uploader.

Access 131
article thumbnail

Backdoor Found in Codecov Bash Uploader

Schneier on Security

Developers have discovered a backdoor in the Codecov bash uploader. It’s been there for four months. We don’t know who put it there. Codecov said the breach allowed the attackers to export information stored in its users’ continuous integration (CI) environments. This information was then sent to a third-party server outside of Codecov’s infrastructure,” the company warned.

Access 128
article thumbnail

Pulse Secure Critical Zero-Day Security Bug Under Active Exploit

Threatpost

CVE-2021-22893 allows remote code-execution (RCE) and is being used in the wild by nation-state cyberattackers to compromise VPN appliances in defense, finance and government orgs.

Security 120
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Nation-State Actor Linked to Pulse Secure Attacks

Data Breach Today

Vulnerabilities Exploited Include a Zero-Day in Ivanti's Pulse Connect Secure The U.S. Cybersecurity and Infrastructure Security Agency, Ivanti and FireEye report that U.S. federal agencies and other entities have been compromised by two attack groups, with one possibly acting on behalf of the Chinese government, exploiting vulnerabilities found in Ivanti's Pulse Connect Secure.

Security 318
article thumbnail

Crooks stole driver’s license numbers from Geico auto insurer

Security Affairs

Car insurance provider Geico has suffered a data breach, attackers have stolen the driver’s licenses for policyholders for several weeks. Geico, the second-largest auto insurer in the U.S., has suffered a data breach, threat actors exploited a now-fixed bug in their website to steal the driver’s licenses for policyholders for several weeks.

Insurance 127
article thumbnail

FTC Reiterates AI Best Practices

Hunton Privacy

Building upon its April 2020 business guidance on Artificial Intelligence and algorithms , on April 19, 2021, the FTC published new guidance focused on how businesses can promote truth, fairness and equity in their use of AI. In the guidance, the FTC recognizes the potential benefits of AI, but stresses the need to harness these benefits without inadvertently introducing bias or other unfair outcomes.

article thumbnail

It’s Easy to Become a Cyberattack Target, but a VPN Can Help

Threatpost

You might think that cybercrime is more prevalent in less digitally literate countries. However, NordVPN's Cyber Risk Index puts North American and Northern European countries at the top of the target list.

Risk 122
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

REvil Ransomware Gang Threatens Stolen Apple Blueprint Leak

Data Breach Today

$50 Million Extortion Demand Issued to Apple and Taiwanese Manufacturer Quanta The REvil - aka Sodinokibi - ransomware gang is threatening to release stolen Apple device blueprints unless it receives a massive payoff. The extortion threat - with a reported $50 million opening demand - was unveiled hours before Apple made a series of major new product announcements.

article thumbnail

Nitroransomware demands gift codes as ransom payments

Security Affairs

A new ransomware dubbed ‘NitroRansomware’ has appeared in the threat landscape, it demands a Discord Nitro gift code to decrypt files. Researchers from BleepingComputer reported infections of a new singular ransomware dubbed NitroRansomware which demands a Discord Nitro gift code to the victims to decrypt their files. Discord is a free VoIP, instant messaging and digital distribution platform designed for creating communities.

article thumbnail

They Hacked McDonald’s Ice Cream Machines—and Started a Cold War

WIRED Threat Level

Secret codes. Legal threats. Betrayal. How one couple built a device to fix McDonald’s notoriously broken soft-serve machines—and how the fast-food giant froze them out.

Security 125
article thumbnail

Top 8 Cybersecurity Podcasts of 2021

eSecurity Planet

Cybersecurity podcasts are an easy way to immerse yourself in the world of SecOps. Depending on your interests, you can catch up on the latest news and hear analysis from experts in the field, or you can take a deep-dive into a major cybersecurity story or concept. The best part? You can listen while doing tasks that require little concentration such as washing dishes or folding laundry.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Lazarus Group Hid RATs in BMP Images

Data Breach Today

Group Used Fresh Tactic to Target South Korea Malwarebytes researchers report the North Korean APT group Lazarus rolled out a new weapon during a recent phishing campaign targeting South Korea in which the gang incorporated malicious BMP files in an image-laden document.

Phishing 313
article thumbnail

Trend Micro flaw actively exploited in the wild

Security Affairs

Cybersecurity firm Trend Micro revealed that a threat actor is actively exploiting a flaw, tracked as CVE-2020-24557, in its antivirus solutions to gain admin rights on Windows systems. Security solutions one again are used as attack vectors by threat actors, this time cybersecurity company Trend Micro revealed that attackers are actively exploiting a vulnerability, tracked as CVE-2020-24557, in its antivirus solutions to gain admin rights on Windows systems.

article thumbnail

Biden Administration Imposes Sanctions on Russia for SolarWinds

Schneier on Security

On April 15, the Biden administration both formally attributed the SolarWinds espionage campaign to the Russian Foreign Intelligence Service (SVR), and imposed a series of sanctions designed to punish the country for the attack and deter future attacks. I will leave it to those with experience in foreign relations to convince me that the response is sufficient to deter future operations.

IT 122