Krebs on Security

NOVEMBER 13, 2021

The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities.

Access 362

Access Security Communications IT 362

The Last Watchdog

NOVEMBER 15, 2021

Industry 4.0 has brought about a metamorphosis in the world of business. The new revolution demands the integration of physical, biological and digital systems under one roof. Related: Fake news leveraged in presidential election. Such a transformation however, comes with its own set of risks. Misleading information has emerged as one of the leading cyber risks in our society, affecting political leaders, nations, and people’s lives, with the COVID-19 pandemic having only made it worse.

Risk 235

Risk Artificial Intelligence Digital transformation Paper 235

Dark Reading

NOVEMBER 17, 2021

Security experts weigh in on the value and pitfalls of extended detection and response (XDR), offering consideration and advice on this growing new category.

Security 114

Security 114

Thales Cloud Protection & Licensing

NOVEMBER 15, 2021

How encryption can help address Cloud misconfiguration. divya. Tue, 11/16/2021 - 06:15. Cloud service providers (CSPs) try to make it simple and easy for their users to comply with data privacy regulations and mandates. Still, as all of us who work in technology know, you reduce access to granular controls when you simplify a process. On the flip side, if you allow access to granular controls, the person setting the controls needs to be an expert to set them correctly.

Encryption 143

Encryption Cloud Access Privacy 143

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Security Affairs

NOVEMBER 13, 2021

Threat actors hacked email servers of the FBI to distribute spam email impersonating FBI warnings of fake cyberattacks. The email servers of the FBI were hacked to distribute spam email impersonating the Department of Homeland Security (DHS) warnings of fake sophisticated chain attacks from an advanced threat actor. The message tells the recipients that their network has been breached and that the threat actor has stolen their data. “Our intelligence monitoring indicates exfiltration of se

Security 139

Security Information Security IT 139

Schneier on Security

NOVEMBER 17, 2021

I received email from two people who told me that Microsoft Edge enabled synching without warning or consent, which means that Microsoft sucked up all of their bookmarks. Of course they can turn synching off, but it’s too late. Has this happened to anyone else, or was this user error of some sort? If this is real, can some reporter write about it?

Passwords 131

Passwords Privacy IT 131

Dark Reading

NOVEMBER 17, 2021

Machine learning delivers plenty of benefits. But as the emerging technology gets applied more broadly, be careful about how you handle all the data used in the process.

GDPR 131

GDPR Privacy 131

Security Affairs

NOVEMBER 16, 2021

Maintainers of the npm package manager for the JavaScript programming language disclosed multiple flaws that were recently addressed. GitHub disclosed two major vulnerabilities in the npm that have been already addressed. The first vulnerability can be exploited by an attacker to publish new versions of any npm package using an account without proper authorization.

Authentication 135

Authentication Security IT Access 135

Data Matters

NOVEMBER 19, 2021

Privacy and cybersecurity concerns are expanding, and with them the proliferation of laws and regulations. Boards play a key role in ensuring that companies are positioned to comply with various jurisdictional requirements, that they understand and mitigate related risks, and that they are well-prepared to play a key role in response to security breaches and incidents.

Digital transformation 109

Digital transformation Government Privacy Cybersecurity 109

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

eSecurity Planet

NOVEMBER 19, 2021

In a year in which ransomware attacks seem to get worse by the day, companies have made surprising progress defending themselves against attacks. But the attention paid to the malware by journalists, cybersecurity vendors and increasingly, government agencies , has pushed companies to improve their preparedness to defend themselves against ransomware gangs, according to a report this week by security solutions vendor Cymulate.

Ransomware 121

Ransomware Cybersecurity Cloud Security 121

DLA Piper Privacy Matters

NOVEMBER 16, 2021

In the most significant development this year (arguably more so than the Data Security Law (“ DSL ”) and the Personal Information Protection Law (“ PIPL ”) coming into force), draft detailed guidance on how organisations can in practice comply with China’s strict data, e-commerce and online platform rules – including new compliance obligations – has been published.

Compliance 118

Compliance Personal data Security Risk 118

Security Affairs

NOVEMBER 17, 2021

Researchers detailed the multi-millionaire market of zero-day exploits, a parallel economy that is fueling the threat landscape. Zero-day exploits are essential weapons in the arsenal of nation-state actors and cybercrime groups. The increased demand for exploits is fueling a millionaire market where these malicious codes are incredibly expensive. Researchers from Digital Shadows published an interesting research titled “ Vulnerability Intelligence: Do you know where your flaws are?

Marketing 131

Marketing Sales Paper Risk 131

Dark Reading

NOVEMBER 15, 2021

Ransomware is everywhere, including the nightly news. Most people know what it is, but how do ransomware attackers get in, and how can we defend against them?

Ransomware 121

Ransomware IT 121

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

eSecurity Planet

NOVEMBER 18, 2021

New cybersecurity buzzwords are always in abundance at the Gartner Security & Risk Management Summit, and the concepts that took center stage this week, like cybersecurity mesh and decentralized identity, seem well suited for new threats that have exploded onto the scene in the last year. Gartner analyst Ruggero Contu noted that security risks are becoming external: the software supply chain , the public cloud , the trading of breached data, and IoT and operational technology (OT) are all th

Cybersecurity 119

Cybersecurity Security Analytics Blockchain 119

WIRED Threat Level

NOVEMBER 19, 2021

A hacking group is targeting a broad range of organizations, taking advantage of vulnerabilities that have been patched but not yet updated.

Security 128

Security 128

Security Affairs

NOVEMBER 19, 2021

A Canadian teen has been arrested for his alleged role in the theft of roughly $36.5 million worth of cryptocurrency. A Canadian teenager has been arrested for his alleged role in the theft of roughly $36.5 million worth of cryptocurrency from an American individual. The news of the arrest was disclosed by the Hamilton Police in Ontario, Canada, as a result of a joint investigation conducted by the FBI and the United States Secret Service Electronic Crimes Task Force that started in March 2020.

Security 123

Security Information Security IT 123

Troy Hunt

NOVEMBER 19, 2021

I'm outdoors! I've really wanted to get my mobile recording setup slick for some time now and after a bunch of mucking around with various mics (and a bit of "debugging in production" during this video), I'm finally really happy with it. I've just watched this back and other than mucking around with the gain in the first part of the video, I reckon it's great.

IT 112

IT 112

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

eSecurity Planet

NOVEMBER 18, 2021

A payload is a piece of code that executes when hackers exploit a vulnerability. In other words, it’s an exploit module. It’s usually composed of a few commands that will run on the targeted operating system (e.g., key-loggers) to steal data and other malicious acts. Most operations use payloads, but there are a few payload-less attacks, such as phishing campaigns that do not include malicious links or malware , but rely on more sophisticated deception such as spoofing to trick their targets.

Cybersecurity 117

Cybersecurity Access Phishing Security 117

IT Governance

NOVEMBER 18, 2021

The urgent need for qualified IT professionals was made evident at Microsoft Digital Skills Week (15 – 19 November ), a series of online events that supports the development of digital skills and technological knowledge, and empowering a new digital workforce. The event programme includes keynote presentations and technical workshops aimed at business leaders, IT professionals, HR/training managers and students.

Data science 111

Data science Cloud Government IT 111

Security Affairs

NOVEMBER 15, 2021

Cloudflare announced to have mitigated a distributed denial-of-service (DDoS) attack that peaked at almost 2 terabytes per second (Tbps). Cloudflare, Inc. is an American web infrastructure and website security company that provides content delivery network and DDoS mitigation services. The company announced to have mitigated a distributed denial-of-service (DDoS) attack that peaked just below 2 terabytes per second (Tbps), which is the largest attack Cloudflare has seen to date.

IT 120

IT IoT Cloud Security 120

Dark Reading

NOVEMBER 18, 2021

The danger of anyone being able to spin up new applications is that few are thinking about security. Here's why everyone is responsible for the security of low-code/no-code applications.

Security 111

Security 111

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Threatpost

NOVEMBER 19, 2021

Pen Test Partners didn't disclose the vulnerability after 90 days because it knew ISPs were struggling with a pandemic-increased network load as work from home became the new norm.

IT 108

IT Security 108

eSecurity Planet

NOVEMBER 15, 2021

Hackers got into an email server at the FBI over the weekend to spread fake messages in an attempt to blame a cybersecurity expert for non-existent attacks, apparently in hopes of damaging his reputation. According to intelligence organization Spamhaus and subsequent reports, the hackers sent out emails with the false accusations in two waves to more than 100,000 addresses, using email addresses gleaned from a number of sources, including a database used by the American Registry for Internet Num

Cybersecurity 108

Cybersecurity Communications Security Phishing 108

Security Affairs

NOVEMBER 15, 2021

Security researchers from Cleafy discovered a new Android banking trojan, named SharkBot, that is targeting banks in Europe. At the end of October, researchers from cyber security firms Cleafy and ThreatFabric have discovered a new Android banking trojan named SharkBot. The name comes after one of the domains used for its command and control servers.

Financial Services 117

Financial Services Access Security IT 117

DLA Piper Privacy Matters

NOVEMBER 17, 2021

On 16 November 2021, the English High Court declined to strike-out a claim for damages for distress following an isolated one-off data incident which was quickly remedied. In doing so, however, the Court: confirmed that the de minimis concept is equally applicable to claims under the GDPR and Data Protection Act 2018, as it was to claims under the Data Protection Act 1998; held that a claim for injunctive and declaratory relief in circumstances such as those present in this case was misconceived

GDPR 108

GDPR IT 108

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

Customer Experience

Dark Reading

NOVEMBER 19, 2021

Zero trust isn't a silver bullet, but if implemented well it can help create a much more robust security defense.

Ransomware 135

Ransomware Security IT 135

eSecurity Planet

NOVEMBER 16, 2021

Bad actors are increasingly using a technique called HTML smuggling to deliver ransomware and other malicious code in email campaigns aimed at financial services firms and other organizations, according to Microsoft researchers. In a blog post , the company’s Microsoft 365 Defender Threat Intelligence Team wrote that the highly evasive technique, which is used to deploy banking malware , remote access Trojans (RATs) and other malicious payloads, was being used by such cybercriminal groups as Nob

Ransomware 107

Ransomware Education Phishing Passwords 107

Security Affairs

NOVEMBER 15, 2021

The Emotet botnet is still active, ten months after an international operation coordinated by Europol shut down its infrastructure. Early this year, law enforcement and judicial authorities worldwide conducted a joint operation , named Operation Ladybird , which disrupted the EMOTET botnet. At the time the investigators have taken control of its infrastructure in an international coordinated action. .

Cleanup 113

Cleanup Ransomware Cybersecurity IT 113