Sat.Nov 06, 2021 - Fri.Nov 12, 2021

article thumbnail

3 Ways to Deal With the Trojan Source Attack

Dark Reading

These scripts and commands provide short-term fixes for blocking the Trojan Source attack that abuses Unicode to inject malicious backdoors in source code.

130
130
article thumbnail

GUEST ESSAY: Securely managing access controls is vital to preserving the privacy of healthcare data

The Last Watchdog

There’s no doubt, the increasing use of telemedicine, the explosion of health-based cloud apps, and innovative medical IoT devices are improving the patient care experience. Related: Hackers relentlessly target healthcare providers. However, healthcare data ranks at the top of the list for needing improvements in security and privacy protections. This data is managed by different entities, such as primary care facilities, acute care facilities and within associated applications that collect, sto

Access 321
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How to Minimize Ransomware's Trail of Destruction and Its Associated Costs

Dark Reading

One of the biggest mistakes an organization can make is blindly throwing technology at the problem instead of properly investing in building a security team.

IT 104
article thumbnail

SMS About Bank Fraud as a Pretext for Voice Phishing

Krebs on Security

Most of us have probably heard the term “smishing” — which is a portmanteau for traditional ph ishing scams sent through SMS text messages. Smishing messages usually include a link to a site that spoofs a popular bank and tries to siphon personal information. But increasingly, phishers are turning to a hybrid form of smishing — blasting out linkless text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text

Phishing 351
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

How to fill a public records request: Common Council committee meeting video

Preservica

Welcome to the "How we do it" Video Series. If you are a Clerk, Records Manager or Archivist for City or County Government, our practical “How we do it” videos are for you! We have compiled a series of videos, from users in City and County Government to share how they quickly and easily perform common electronic records preservation and access tasks with Preservica’ s solutions.

More Trending

article thumbnail

Evolution of Cloud Security: From Shared Responsibility to Shared Fate

Thales Cloud Protection & Licensing

Evolution of Cloud Security: From Shared Responsibility to Shared Fate. madhav. Tue, 11/09/2021 - 11:20. Over the past year and a half, we have witnessed seismic changes with the accelerated adoption of the cloud and the shift to hybrid working. According to McKinsey, cloud adoption has been accelerated by three years compared to pre-pandemic adoption rates while Gartner is estimating that spending on public cloud services will exceed $480 billion next year.

Cloud 122
article thumbnail

REvil Ransom Arrest, $6M Seizure, and $10M Reward

Krebs on Security

The U.S. Department of Justice today announced the arrest of Ukrainian man accused of deploying ransomware on behalf of the REvil ransomware gang, a Russian-speaking cybercriminal collective that has extorted hundreds of millions from victim organizations. The DOJ also said it had seized $6.1 million in cryptocurrency sent to another REvil affiliate, and that the U.S.

article thumbnail

Critical Citrix DDoS Bug Shuts Down Network, Cloud App Access

Threatpost

The distributed computing vendor patched the flaw, affecting Citrix ADC and Gateway, along with another flaw impacting availability for SD-WAN appliances.

Access 138
article thumbnail

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

Security Affairs

Google revealed that threat actors recently exploited a zero-day vulnerability in macOS to deliver malware to users in Hong Kong. Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong. The attackers exploited a XNU privilege escalation vulnerability ( CVE-2021-30869 ) unpatched in macOS Catalina.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Researcher Details Vulnerabilities Found in AWS API Gateway

Dark Reading

AWS fixed the security flaws that left the API service at risk of so-called HTTP header-smuggling attacks, says the researcher who discovered them.

Risk 132
article thumbnail

Microsoft Patch Tuesday, November 2021 Edition

Krebs on Security

Microsoft Corp. today released updates to quash at least 55 security bugs in its Windows operating systems and other software. Two of the patches address vulnerabilities that are already being used in active attacks online, and four of the flaws were disclosed publicly before today — potentially giving adversaries a head start in figuring out how to exploit them.

Passwords 229
article thumbnail

Massive Zero-Day Hole Found in Palo Alto Security Appliances

Threatpost

Researchers have a working exploit for the vulnerability (now patched), which allows for unauthenticated RCE and affects an estimated 70,000+ VPN/firewalls.

Security 127
article thumbnail

Experts found 14 new flaws in BusyBox, millions of devices at risk

Security Affairs

Researchers have identified a total of 14 new vulnerabilities in BusyBox that expose million of Unix-based devices to cyberattacks. Researchers from software development company JFrog and industrial cybersecurity firm Claroty have identified a total of 14 new critical vulnerabilities in BusyBox. The software is used by many network appliances and embedded devices with limited memory and storage resources.

Risk 123
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Hacking the Sony Playstation 5

Schneier on Security

I just don’t think it’s possible to create a hack-proof computer system, especially when the system is physically in the hands of the hackers. The Sony Playstation 5 is the latest example: Hackers may have just made some big strides towards possibly jailbreaking the PlayStation 5 over the weekend, with the hacking group Fail0verflow claiming to have managed to obtain PS5 root keys allowing them to decrypt the console’s firmware. […].

Paper 120
article thumbnail

Hackers Targeted Hong Kong Apple Devices in Widespread Attack

WIRED Threat Level

Visitors to pro-democracy and media sites in the region were infected with malware that could download files, steal data, and more.

Security 138
article thumbnail

Top 10 Cybersecurity Best Practices to Combat Ransomware

Threatpost

Immutable storage and more: Sonya Duffin, data protection expert at Veritas Technologies, offers the Top 10 steps for building a multi-layer resilience profile.

article thumbnail

Experts spotted a phishing campaign impersonating security firm Proofpoint

Security Affairs

Threat actors are impersonating cybersecurity firm Proofpoint to trick victims into providing Microsoft Office 365 and Gmail credentials. Cybercriminals are impersonating the cybersecurity firm Proofpoint to trick victims into providing Microsoft Office 365 and Google Gmail credentials. The phishing messages use mortgage payments as a lure, they have the subject “Re: Payoff Request.”. “The email claimed to contain a secure file sent via Proofpoint as a link.” reads the post published

Phishing 122
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

MacOS Zero-Day Used against Hong Kong Activists

Schneier on Security

Google researchers discovered a MacOS zero-day exploit being used against Hong Kong activists. It was a “watering hole” attack, which means the malware was hidden in a legitimate website. Users visiting that website would get infected. From an article : Google’s researchers were able to trigger the exploits and study them by visiting the websites compromised by the hackers.

article thumbnail

CISA Issues New Cybersecurity Directive for Federal Agencies

Hunton Privacy

On November 3, 2021, the Cybersecurity and Infrastructure Security Agency (“CISA”) announced Directive 22-01 – Reducing the Significant Risk of Known Exploited Vulnerabilities (the “Directive”), establishing a CISA-managed catalog of vulnerabilities and compelling federal agencies to remediate such vulnerabilities on government information systems. The Directive targets vulnerabilities that pose a significant risk to the federal government and applies to all software and hardware found on federa

article thumbnail

The big challenges in wide-scale government cloud adoption

OpenText Information Management

While public clouds offer a breadth of benefits such as cost savings, scalability, and flexibility, many government entities are hesitant to make the leap. As of 2019, only 11% of federal IT systems are running in the cloud, and less than 5% of private government clouds are experiencing the full breadth of benefits available from cloud adoption. This is largely due to security, privacy, … The post The big challenges in wide-scale government cloud adoption appeared first on OpenText Blogs.

Cloud 113
article thumbnail

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

Researchers at AT&T discovered a new BotenaGo botnet that is using thirty three exploits to target millions of routers and IoT devices. BotenaGo is a new botnet discovered by researchers at AT&T that leverages thirty three exploits to target millions of routers and IoT devices. Below is the list of exploits used by the bot: Vulnerability Affected devices CVE-2020-8515 DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices CVE-20

IoT 122
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

4 Tips to Secure the OT Cybersecurity Budget You Require

Dark Reading

OT security engineers and personnel should approach senior management with an emphasis on risk reduction benefits and with a concrete plan to secure budget and funding before it's too late.

Security 113
article thumbnail

Threat from Organized Cybercrime Syndicates Is Rising

Threatpost

Europol reports that criminal groups are undermining the EU’s economy and its society, offering everything from murder-for-hire to kidnapping, torture and mutilation.

IT 116
article thumbnail

Microsegmentation Is Catching On as Key to Zero Trust

eSecurity Planet

For a security technology that’s only a few years old, microsegmentation is catching on quickly. According to a new report from edge security vendor Byos, 88 percent of cybersecurity leaders believe microsegmentation is essential to achieving zero trust security, and 83 percent are currently leveraging microsegmentation in some form. Despite such strong uptake, the market still has plenty of room to grow, the report found: only 17 percent have fully invested in microsegmentation to the poi

article thumbnail

Ukrainian REvil affiliate charged with Ransomware Attack on Kaseya

Security Affairs

The US DoJ has charged a REvil ransomware affiliate that is suspected to have orchestrated the attack on Kaseya MSP platform in July. The US Department of Justice has charged a REvil ransomware affiliate for orchestrating the ransomware attacks on Kaseya MSP platform that took place in July 4. The suspect is 22-year old Ukrainian national Yaroslav Vasinskyi (aka Profcomserv, Rabotnik, Rabotnik_New, Yarik45, Yaraslav2468, and Affiliate 22), who was arrested for cybercriminal activity on October 8

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Why Self-Learning AI Is Changing the Paradigm of ICS Security

Dark Reading

By focusing on the organization rather than the threat, AI can identify subtle changes in your digital environment that point to a cyber threat.

Security 123
article thumbnail

FTC Recommends Steps to Protect Against Ransomware

Hunton Privacy

On November 5, 2021, the Federal Trade Commission suggested two preventative steps small businesses can take to protect against ransomware risks: Step #1: Make sure your tech team is following best practices to fend off a ransomware attack. Be prepared by backing up data. Set up off-line, off-site encrypted backups of information essential to the business.

article thumbnail

REvil Affiliates Arrested; DOJ Seizes $6.1M in Ransom

Threatpost

The U.S. is seeking the extradition of a Ukrainian man, Yaroslav Vasinskyi, whom they suspect is behind the Kaseya supply-chain attacks and other REvil attacks.

Security 114