Krebs on Security

APRIL 29, 2021

Some of the world’s top tech firms are backing a new industry task force focused on disrupting cybercriminal ransomware gangs by limiting their ability to get paid, and targeting the individuals and finances of the organized thieves behind these crimes. In a 50-page report delivered to the Biden administration this week, top executives from Amazon , Cisco , FireEye , McAfee , Microsoft and dozens of other firms joined the U.S.

Ransomware 237

Ransomware Government Insurance Sales 237

Data Breach Today

APRIL 29, 2021

Coalition Offers a Framework for Disrupting Attacks A coalition of government agencies and security firms has released a framework for how to disrupt ransomware attacks that calls for expanded regulation of the global cryptocurrency market to better track the virtual coins paid to cybercriminals during extortion schemes.

Ransomware 251

Ransomware Marketing Government Security 251

Information Governance Perspectives

APRIL 27, 2021

When you think about the fact that libraries are about information and not simply about books, you begin to see where the value is. The post Public Affairs: Your New Neighborhood Library appeared first on Rafael Moscatel.

Libraries 98

Libraries 98

AIIM

APRIL 29, 2021

One would think that the rapid pace of changing technology is the primary struggle for organizations on their journey to transforming into a truly digital organization. However, based on our recent state of the intelligent information management industry research , that is simply not the case. At the top of the list of true obstacles that organizations face is money – "lack of budget and resources" (26%).

Education 265

Education Marketing Information governance Communications 265

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Krebs on Security

APRIL 26, 2021

In 2017, KrebsOnSecurity showed how easy it is for identity thieves to undo a consumer’s request to freeze their credit file at Experian , one of the big three consumer credit bureaus in the United States. Last week, KrebsOnSecurity heard from a reader who had his freeze thawed without authorization through Experian’s website, and it reminded me of how truly broken authentication and security remains in the credit bureau space.

Security 304

Security Authentication Access Insurance 304

The Last Watchdog

APRIL 26, 2021

Historically, consumers have had to rely on self-discipline to protect themselves online. Related: Privacy war: Apple vs. Facebook. I’ve written this countless times: keep your antivirus updated, click judiciously, practice good password hygiene. Then about 10 years ago, consumer-grade virtual private networks, or VPNs, came along, providing a pretty nifty little tool that any individual could use to deflect invasive online tracking.

B2C 212

B2C Security Marketing Privacy 212

AIIM

APRIL 27, 2021

Global research and advisory firm, Gartner, predicts that by 2024 more than 45% of IT spending will shift from legacy on-premises solutions to the cloud. Cloud infrastructure spending is expected to jump from $63 billion in 2020 to $81 billion by 2022. The cloud race was well underway in 2020 when COVID reared its unfortunate head and sent businesses still on the cloud adoption starting blocks into a frenzy.

Cloud 188

Cloud ROT Metadata Content services 188

Jamf

APRIL 26, 2021

Shlayer malware detected allows an attacker to bypass Gatekeeper, Notarization and File Quarantine security technologies in macOS. The exploit allows unapproved software to run on Mac and is distributed via compromised websites or poisoned search engine results.

Security 144

Security 144

Data Breach Today

APRIL 30, 2021

Suspicious Activity Detected; Investigation Continues CISA is investigating whether five U.S. government agencies may have been breached when attackers exploited vulnerabilities in Pulse Connect Secure VPN products, according to a senior official. Security researchers believe that at least two nation-state groups have been attempting to exploit these flaws.

Security 328

Security Government 328

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Troy Hunt

APRIL 29, 2021

Today I'm very happy to announce the arrival of the 15th government to Have I Been Pwned, Romania. As of now, CERT-RO has access to query all Romanian government domains across HIBP and subscribe them for future notifications when subsequent data breaches affect aliases on those domains. Romania joins a steadily growing number of governments across the globe to have free and unrestricted access to API-based domain searches for their assets in HIBP.

Government 142

Government Data breaches Access 142

Schneier on Security

APRIL 26, 2021

If you don’t have enough to worry about already, consider a world where AIs are hackers. Hacking is as old as humanity. We are creative problem solvers. We exploit loopholes, manipulate systems, and strive for more influence, power, and wealth. To date, hacking has exclusively been a human activity. Not for long. As I lay out in a report I just published , artificial intelligence will eventually find vulnerabilities in all sorts of social, economic, and political systems, and then exploit

Artificial Intelligence 142

Artificial Intelligence Government IT Marketing 142

Dark Reading

APRIL 30, 2021

Security pros may be working with a false sense of security. We explore seven places where old methods and techniques have to change to keep their organizations safe.

Cybersecurity 145

Cybersecurity Security 145

Data Breach Today

APRIL 26, 2021

Law Enforcement 'Update' to Erase Malware From Infected Devices Activated An "update" pushed out earlier this year by law enforcement agencies, including Europol, on Sunday began erasing Emotet malware from infected devices worldwide, Malwarebytes reports. The move comes after the FBI recently remotely removed web shells from vulnerable on-premises Microsoft Exchange servers.

312

312

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Security Affairs

APRIL 24, 2021

The cybersecurity community has lost its star, the popular hacker Dan Kaminsky has passed away. The popular cyber security researcher Dan Kaminsky (42) has passed away. Dan is a star, a myth, and a beacon for us. At the moment the causes of death are not known, but it does not matter. Dan has left us an immense emptiness, the silence after his death is deafening.

Cybersecurity 139

Cybersecurity Security IT Information Security 139

Hunton Privacy

APRIL 28, 2021

On April 27, 2021, the Portuguese Data Protection Authority ( Comissão Nacional de Proteção de Dados , the “CNPD”) ordered the National Institute of Statistics (the “INE”) to suspend, within 12 hours, any international transfers of personal data to the U.S. or other third countries that have not been recognized as providing an adequate level of data protection.

Personal data 137

Personal data Access Security IT 137

DLA Piper Privacy Matters

APRIL 30, 2021

Authors: Emily Maus and Anna Spencer. HIPAA covered entities and business associates should finalize their comments soon, before the comment period for the 2020 Health Insurance Portability and Accountability Act (HIPAA) Notice of Proposed Rulemaking ( NPRM ) closes on May 6. The Office for Civil Rights (OCR), which is the federal agency within the US Department of Health and Human Services (HHS) that enforces HIPAA, released the NPRM on December 10, 2020 and later extended the deadline for sub

Access 137

Access Sales Privacy Insurance 137

Data Breach Today

APRIL 25, 2021

Cybereason Says Russian Hacking Group Prometei is Behind the Campaign A Russian botnet group called Prometei is exploiting critical Microsoft Exchange Server vulnerabilities to mine cryptocurrency from various organizations across the world, a new report by security firm Cybereason finds. The group appears to be financially-motivated.

Mining 306

Mining Security 306

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Security Affairs

APRIL 26, 2021

Apple addresses a zero-day in macOS exploited by Shlayer malware to bypass Apple’s security features and deliver second-stage malicious payloads. Apple has addressed a zero-day flaw in macOS that was exploited by Shlayer malware to bypass Apple’s File Quarantine, Gatekeeper, and Notarization security checks and download second-stage malicious payloads.

Security 136

Security IT Cybersecurity Information Security 136

erwin

APRIL 30, 2021

Before the COVID-19 pandemic, many enterprise architects were focused on standardization. Identifying and putting into practice standard approaches to deploying systems, from the IT infrastructure and network protocols to the integration with other components, decreases the time to market for businesses and increases efficiency. In a world where agility and innovation are highly valued, speed is a critical factor for success.COVID-19 forced many businesses to radically change their business mode

Digital transformation 131

Digital transformation Cloud Paper Risk 131

Threatpost

APRIL 30, 2021

Azure Defender security team discovers that memory allocation is a systemic problem that can allow threat actors to execute malicious code remotely or cause entire systems to crash.

IoT 124

IoT Security 124

Data Breach Today

APRIL 30, 2021

Experts Offer Advice on Avoiding Patient Data Exposure Recent incidents involving inadvertent exposure of patient data on GitHub, a software development platform, point to the need to ensure that data loss prevention tools are implemented, all available security controls are leveraged and employees are made aware of the risks involved.

Risk 296

Risk Security 296

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Security Affairs

APRIL 29, 2021

A vulnerability in the PHP Composer could have allowed an attacker to execute arbitrary commands and backdoor every PHP package. The maintainers of the PHP Composer package have addressed a critical vulnerability, tracked as CVE-2021-29472, that could have allowed an attacker to execute arbitrary commands and establish a backdoor in every PHP package.

Metadata 125

Metadata Security Access IT 125

Dark Reading

APRIL 27, 2021

Let's teach students how to teach themselves. Once we do that, we will have taught a generation of students how to think like hackers.

Education 141

Education 141

Threatpost

APRIL 29, 2021

There is a way to protect users from deceptive OAuth apps, misconfigurations and misappropriated user permissions. SaaS Security Posture Management (SSPM) takes an automated approach to tracking, and even remediating, the exploitable misconfigurations in organizations’ SaaS apps.

Security 121

Security 121

Data Breach Today

APRIL 29, 2021

Phishing, online fraud, cryptocurrency scams – they are coming at lightning speed, threating enterprises and their brands. And just as fraudsters rely on automation to deliver these attacks, defenders can use automated tools to protect their brands. Jeff Baher of Bolster tells how.

Phishing 292

Phishing 292

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

Customer Experience

Security Affairs

APRIL 30, 2021

China-linked APT group targets Russian nuclear sub designer with an undocumented backdoor. A China-linked cyberespionage group targets a Russian defense contractor involved in designing nuclear submarines for the Russian Navy. Cybereason researchers reported that a China-linked APT group targets a Russian defense contractor involved in designing nuclear submarines for the Russian Navy.

Phishing 123

Phishing Encryption Security IT 123

IT Governance

APRIL 27, 2021

Too often, organisations fall into the trap of thinking that cyber security is only about preventing data breaches. Their budget is dedicated to anti-malware software, firewalls, staff awareness training and a host of other tools designed to prevent sensitive information falling into the wrong people’s hands. But what happens when those defences fail?

Data breaches 119

Data breaches Risk Security Access 119

DLA Piper Privacy Matters

APRIL 30, 2021

On yet another application of the principles contained in the Schrems II case , on the 27th of April 2021, the Portuguese Data Protection Authority (“ CNPD ”) issued a decision ordering the suspension, within 12 hours, of any transfer of personal data resulting from the Census 2021 to the US, or to other third countries outside the EU not ensuring an adequate level of protection for the data.

Personal data 119

Personal data Privacy Access Security 119