Krebs on Security

MAY 17, 2022

Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder’s appropriate security level. But many government employees aren’t issued an approved card reader device that lets them use these cards at home or remotely, and so turn to low-cost readers they find online.

Government 330

Government Military Access Security 330

The Last Watchdog

MAY 19, 2022

You very likely will interact with a content management system (CMS) multiple times today. Related: How ‘business logic’ hackers steal from companies. For instance, the The Last Watchdog article you are reading uses a CMS to store posts, display them in an attractive manner, and provide search capabilities. Wikipedia uses a CMS for textual entries, blog posts, images, photographs, videos, charts, graphics, and “ talk pages ” that help its many contributors collaborate.

CMS 250

CMS Security Encryption Data breaches 250

Data Breach Today

MAY 19, 2022

Incidents Allegedly Involved Conti, Hive Ransomware Gangs Two recent apparent ransomware attacks on health plans have potentially affected hundreds of thousands of individuals. One of the incidents allegedly involved the Conti ransomware group, and the other allegedly involved Hive. One of the health plans is already facing legal fallout.

Ransomware 246

Ransomware 246

Jamf

MAY 16, 2022

The Jamf Threat Labs team has recently identified changes to the UpdateAgent malware dropper. These changes primarily focus on new executables written in Swift that reach out to a registration server to pull down a new set of instructions in the form of a bash script. Perhaps one of the most identifiable features of the malware is that it relies on the AWS infrastructure to host its various payloads and perform its infection status updates to the server.

IT 145

IT 145

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Dark Reading

MAY 19, 2022

Mobile attacks have been going on for many years, but the threat is rapidly evolving as more sophisticated malware families with novel features enter the scene.

138

138

Data Breach Today

MAY 19, 2022

Emergency Directive Says Many Threat Actors Are Exploiting the Bugs in the Wild An emergency directive from the U.S. Cybersecurity and Infrastructure Security Agency advises all federal agencies in the country to immediately patch and address two vulnerabilities - one with a critical CVSS score and the other with a high score - that affect at least five VMware products.

Cybersecurity 337

Cybersecurity Security 337

Security Affairs

MAY 19, 2022

A new China-linked cyberespionage group known as ‘Space Pirates’ is targeting enterprises in the Russian aerospace industry. A previously unknown Chinese cyberespionage group, tracked as ‘Space Pirates’, targets enterprises in the Russian aerospace industry with spear-phishing attacks. The group has been active since at least 2017, researchers believe it is linked with other China-linked APT groups, including APT41 (Winnti), Mustang Panda , and APT27.

Phishing 127

Phishing Archiving Government Access 127

IT Governance

MAY 17, 2022

Cyber security audits are a vital component of an organisation’s defences against data breaches and privacy violations. By probing organisations’ systems and services, an auditor can identify security weaknesses, and determine whether their practices comply with relevant laws, such as the GDPR (General Data Protection Regulation). In this blog, we explain how cyber security audits work and show you how to conduct one.

IT 126

IT Security Data breaches GDPR 126

The Last Watchdog

MAY 18, 2022

The shift to software-defined everything and reliance on IT infrastructure scattered across the Internet has boosted corporate productivity rather spectacularly. Related: Stopping attack surface expansion. And yet, the modern attack surface continues to expand exponentially, largely unchecked. This dichotomy cannot be tolerated over the long run. Encouragingly, an emerging class of network visibility technology is gaining notable traction.

Digital transformation 173

Digital transformation IT Security Cloud 173

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Data Breach Today

MAY 19, 2022

The latest edition of the ISMG Security Report analyzes the changes in the ransomware landscape one year after the attack on Colonial Pipeline. It also revisits the Ryuk ransomware attack on a school district in Illinois and examines common culprits hindering effective Zero Trust adoption.

Ransomware 328

Ransomware Security IT 328

Data Protection Report

MAY 18, 2022

On May 16, 2022, the Office of the Privacy Commissioner of Canada (the “OPC”) released an Interpretation Bulletin (the “Bulletin”) on what it considers to be “sensitive” personal information under the federal Personal Information Protection and Electronic Documents Act (“PIPEDA”). The Bulletin is meant to act as a consolidated guide based on jurisprudence, regulatory findings, and various interpretations of PIPEDA’s key concepts over the years.

Privacy 125

Privacy Insurance Phishing Risk 125

KnowBe4

MAY 17, 2022

Researchers at Fortinet observed a spear phishing attack that targeted a Jordanian diplomat late last month. The researchers attribute this attack to the Iranian state-sponsored threat actor APT34 (also known as OilRig or Helix Kitten). The body of the phishing email isn’t particularly detailed, but the attackers put a significant amount of effort into impersonating an employee at the targeted individual’s organization.

Phishing 123

Phishing 123

Security Affairs

MAY 19, 2022

White hat hackers earned a total of $800,000 on the first day of the Pwn2Own Vancouver 2022, $450,000 for exploits targeting Microsoft Teams. Pwn2Own Vancouver 2022 hacking contest has begun, it is the 15th edition of this important event organized by Trend Micro’s Zero Day Initiative (ZDI). This year, 17 contestants are attempting to exploit 21 targets across multiple categories.

Cybersecurity 121

Cybersecurity Security IT Information Security 121

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Data Breach Today

MAY 20, 2022

Experian's David Britton on Connection Between Benefits Programs, Crypto Fraud There has been a rise in crypto fraud, and a substantial portion of it can be attributed to stimulus funding and paycheck protection programs, says David Britton, vice president of strategy, global ID and fraud at Experian. He discusses new authentication methods and stricter regulations.

Authentication 283

Authentication IT 283

Schneier on Security

MAY 19, 2022

A surprising number of websites include JavaScript keyloggers that collect everything you type as you type it, not just when you submit a form. Researchers from KU Leuven, Radboud University, and University of Lausanne crawled and analyzed the top 100,000 websites, looking at scenarios in which a user is visiting a site while in the European Union and visiting a site from the United States.

Paper 121

Paper Passwords Analytics Marketing 121

KnowBe4

MAY 16, 2022

Scammers use a variety of tried-and-true tactics to trick people, according to André Lameiras at ESET. For example, they can easily find open-source information about people on the internet and use this to craft targeted attacks.

Security awareness 118

Security awareness Security 118

Security Affairs

MAY 19, 2022

Google addressed a high-severity flaw in its OAuth client library for Java that could allow attackers with a compromised token to deploy malicious payloads. Google addressed a high-severity authentication bypass flaw in Google OAuth Client Library for Java, tracked as CVE-2021-22573 (CVS Score 8.7), that could be exploited by an attacker with a compromised token to deploy malicious payloads.

Libraries 117

Libraries Authentication Cybersecurity Security 117

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Data Breach Today

MAY 18, 2022

Ransomware Group Continues to Demand Ransom Payment From Besieged Government Ransomware group Conti, which has been holding to ransom crypto-locked Costa Rican government systems since April, has claimed on its leak site Conti News that it has "insiders" in the country's government, and that they are working toward the compromise of "other systems.

Government 278

Government IT Ransomware 278

OpenText Information Management

MAY 19, 2022

In its 2021 state of the industry report, the Association of Intelligent Information Management (AIIM) found that nearly half its members rated their digital transformation as ‘poor’ or ‘needs improvement.’ We all want to use the latest digital technologies, such as AI and IoT, but there’s an elephant in the room: We’ve yet to solve … The post Intelligent Capture is the secret weapon Life Sciences companies need appeared first on OpenText Blogs.

Digital transformation 115

Digital transformation IoT IT Content services 115

Hunton Privacy

MAY 17, 2022

On May 19, 2022, the Federal Trade Commission will hold a virtual open meeting. The meeting’s tentative agenda includes a vote by the FTC on a policy statement prioritizing the enforcement of the Children’s Online Privacy Protection Act (“COPPA”) as it applies to the use of education technology. In response to the expanded use of education technology during the COVID-19 pandemic, the policy statement clarifies that parents and schools must not be required to sign up for surveillance as a conditi

Education 109

Education Privacy Access IT 109

Security Affairs

MAY 14, 2022

The Pro-Russian volunteer movement known as LEGION is calling to launch DDoS attacks against the final of the Eurovision song contest. The LEGION is a Pro-Russian volunteer movement that focuses on DDOS attacks. The group made the headlines for attacks against Western organizations and governments, including NATO countries and Ukraine. This week the Pro-Russian hacker group Killnet and Legion targeted the websites of several Italian institutions , including the senate and the National Institute

Cybersecurity 116

Cybersecurity Government IT Security 116

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Data Breach Today

MAY 17, 2022

Assured Open Source Software Ensures Software Is Fuzz-Tested for Vulnerabilities Google will offer customers access to the same technology it uses to lock down developer workflows to ensure open-source dependencies are addressed. Assured Open Source Software will allow clients to ensure third-party software they're using is scanned, analyzed and fuzz-tested for vulnerabilities.

Security 278

Security Access IT 278

Schneier on Security

MAY 18, 2022

Researchers have demonstrated iPhone malware that works even when the phone is fully shut down. t turns out that the iPhone’s Bluetooth chip­ — which is key to making features like Find My work­ — has no mechanism for digitally signing or even encrypting the firmware it runs. Academics at Germany’s Technical University of Darmstadt figured out how to exploit this lack of hardening to run malicious firmware that allows the attacker to track the phone’s location or run new features whe

Encryption 108

Encryption Communications Risk IT 108

Dark Reading

MAY 20, 2022

To succeed against dynamic cybercriminals, organizations must go multiple steps further and build a learning system that evolves over time to keep up with attacker tactics.

Authentication 108

Authentication 108

Security Affairs

MAY 18, 2022

The Conti ransomware gang is threatening to ‘overthrow’ the new government of Costa Rica after last month’s attack. Last month, the Conti ransomware gang claimed responsibility for the attack on Costa Rica government infrastructure after that the government refused to pay a ransom. “The Costa Rican state will not pay anything to these cybercriminals.” said Costa Rica President Carlos Alvarado.

Ransomware 108

Ransomware Government Military Encryption 108

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

Customer Experience

Data Breach Today

MAY 18, 2022

EDR Deployments Will be Underway at More Than Half of Federal Agencies This Year EDR deployments will be underway at more than half of federal civilian agencies by the end of September, according to federal officials. CISA is currently in the process of deploying EDR across 26 federal civilian agencies and expects to have work underway at 53 agencies by Sept. 30, 2022.

276

276

eSecurity Planet

MAY 18, 2022

Given the insane security environment we are in, it may seem weird to suggest that a tech company is too good at security. How can you be too good at something that is critical to the safety and operational resilience of companies and nations? Security is weird that way. I grew up in the security business – my family owned one of the largest tech security firms when I was a kid.

IT 107

IT Security Marketing Phishing 107

IT Governance

MAY 19, 2022

The Italian police force announced this week that it thwarted a cyber attack on the Eurovision Song Contest. The competition, which took place in Turin last Saturday, is ostensibly an opportunity for European countries to demonstrate the best (or worst) of their nation’s singing talents. However, over the years it’s faced criticism that votes are cast based on political allegiances rather than the quality of the contestants.

IT 105

IT Government Security 105