Krebs on Security
NOVEMBER 17, 2022
Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “ Zeppelin ” in May 2020. He’d been on the job less than six months, and because of the way his predecessor architected things, the company’s data backups also were encrypted by Zeppelin. After two weeks of stalling their extortionists, Peter’s bosses were ready to capitulate and pay the ransom demand.
The Last Watchdog
NOVEMBER 14, 2022
Ever feel like your smart home has dyslexia? Siri and Alexa are terrific at gaining intelligence with each additional voice command. And yet what these virtual assistants are starkly missing is interoperability. Related: Why standards are so vital. Matter 1.0 is about to change that. This new home automation connectivity standard rolls out this holiday season with sky high expectations.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Data Breach Today
NOVEMBER 15, 2022
Hackers Gain Path to Potential Account Takeover by Turning Off SMS Second Factor Twitter accounts that use SMS for two-factor authentication are at a heightened risk of account takeover with the disclosure that texting "STOP" to the verification service results in it being turned off. The vulnerability opens the door to a password reset attack or a password stuffing attack.
eSecurity Planet
NOVEMBER 18, 2022
John Jay Ray III is one of the world’s top bankruptcy lawyers. He has worked on cases like Enron and Nortel. But his latest gig appears to be the most challenging. On November 11, he took the helm at FTX, a massive crypto platform, which has plunged into insolvency. His Chapter 11 filing reads more like a Netflix script. In it, he notes : “Never in my career have I seen such a complete failure of corporate controls and such a complete absence of trustworthy financial information as occurred here
Advertisement
Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.
Krebs on Security
NOVEMBER 16, 2022
A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode , an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic. The Disneyland Team’s Web interface, which allows them to interact with malware victims in real time to phish their login credentials using phony bank websites.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Data Breach Today
NOVEMBER 16, 2022
Cybereason's Sam Curry on the Financial and Business Impact of After-Hours Strikes Cyberattackers love to strike on weekends and holidays - that's not news. What is news: These attacks cost more than weekday incidents, and they take a heavy toll on defenders. Cybereason's Sam Curry shares insight from the new study "Organizations at Risk: Ransomware Attackers Don’t Take Holidays.
Schneier on Security
NOVEMBER 17, 2022
Twitter is having intermittent problems with its two-factor authentication system: Not all users are having problems receiving SMS authentication codes, and those who rely on an authenticator app or physical authentication token to secure their Twitter account may not have reason to test the mechanism. But users have been self-reporting issues on Twitter since the weekend, and WIRED confirmed that on at least some accounts, authentication texts are hours delayed or not coming at all.
KnowBe4
NOVEMBER 17, 2022
Researchers at Vade Secure describe a type of phishing attack dubbed “clone phishing,” in which attackers follow up a legitimate email from a trusted sender with a replica, claiming that they forgot to include a link or attachment.
eSecurity Planet
NOVEMBER 17, 2022
Public-facing cloud storage buckets are a data privacy nightmare, according to a study released today. Members of Laminar Labs’ research team recently found that one in five public-facing cloud storage buckets contains personally identifiable information (PII) – and the majority of that data isn’t even supposed to be online in the first place.
Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage
Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.
Data Breach Today
NOVEMBER 15, 2022
KillNet Asserts It Temporarily Made FBI Websites Unavailable Pro-Kremlin hackers claimed credit for a denial-of-service attack against FBI websites, marking the latest in a series of nuisance attacks. The FBI earlier said it is aware of "pro-Russian hacktivist groups employing DDoS attacks to target critical infrastructure companies with limited success.
Dark Reading
NOVEMBER 17, 2022
Researchers find current data protections strategies are failing to get the job done, and IT leaders are concerned, while a lack of qualified IT security talent hampers cyber-defense initiatives.
Security Affairs
NOVEMBER 17, 2022
Public schools in two Michigan counties were forced to halt their activities, including the lessons, after a ransomware attack. Public schools in Jackson and Hillsdale counties, Michigan, reopen after a closure of two days caused by a ransomware attack that hit its systems. The public schools started experiencing a systems outage affecting critical operating systems on Monday, the outage occurred because they were victims of a ransomware attack detected over the weekend.
OpenText Information Management
NOVEMBER 17, 2022
Capture in the mailroom is not a new concept. It was first deployed in Europe in the aughts to understand the scanned contents of an envelope—to classify and route incoming mail to whomever it is addressed. It caught on in a more limited fashion in the U.S., often including integration with business process management (BPM) technology. … The post The new wave of digital mailroom automation appeared first on OpenText Blogs.
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
Data Breach Today
NOVEMBER 15, 2022
Suspect in Jabberzeus Banking Malware Gang Nabbed in Geneva The apparent arrest of a Ukrainian national long wanted on cybercrime charges in the U.S. shows that with much patience, law enforcement can notch successes. A key member of the Jabberzeus gang, which stole tens of millions of dollars, was arrested in Geneva.
Data Protection Report
NOVEMBER 14, 2022
On November 9, 2022, the New York Department of Financial Services (NYDFS) officially proposed changes to its cybersecurity regulation and opened a 60-day public comment period. NYDFS had issued a “pre-proposed” version of the changes in July of this year, which we had summarized here. NYDFS retained many of those earlier proposed changes, and made a few clarifications, but has made some significant changes in this version.
Security Affairs
NOVEMBER 16, 2022
North Korea-linked Lazarus APT is using a new version of the DTrack backdoor in attacks aimed at organizations in Europe and Latin America. North Korea-linked APT Lazarus is using a new version of the DTrack backdoor to attack organizations in Europe and Latin America, Kaspersky researchers warn. DTrack is a modular backdoor used by the Lazarus group since 2019 , it was employed in attacks against a wide variety of targets, from financial environments to a nuclear power plan.
Hunton Privacy
NOVEMBER 15, 2022
On November 14, 2022, Google LLC (“Google”) agreed to a $391.5 million settlement with the attorneys general of 40 U.S. states over the company’s location tracking controls available in its user account settings. . The investigation by the state attorneys general found that, between 2014 and 2020, Google misled users by failing to disclose that toggling the “Location History” setting to off did not disable all tracking activities.
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
Data Breach Today
NOVEMBER 14, 2022
From Russia with Love Group Boasted of Removing Decryptor from Somnia Ransomware Russian hackers are on a campaign to maliciously encrypt the files of Ukrainian victims - but unlike other ransomware groups, doing so without the possibility of offering a decryptor. Ukraine’s Computer Emergency Response Team identifies the group as UAC-0118, also known as From Russia with love.
eSecurity Planet
NOVEMBER 17, 2022
Speakers at last week’s MITRE ResilienCyCon conference had a surprisingly candid message for attendees: You will likely be breached at some point so focus on the controls and response capabilities your organization needs to survive a cyber attack. The conference’s focus on cyber resilience doesn’t mean that organizations should abandon core security defenses like EDR , access control and firewalls , but they should be prepared for the advanced threats that will, at some point,
Security Affairs
NOVEMBER 16, 2022
Iran-linked threat actors compromised a Federal Civilian Executive Branch organization using a Log4Shell exploit and installed a cryptomining malware. According to a joint advisory published by the FBI and CISA, an Iran-linked APT group compromised a Federal Civilian Executive Branch (FCEB) organization using an exploit for the Log4Shell flaw ( CVE-2021-44228 ) and deployed a cryptomining malware.
Schneier on Security
NOVEMBER 15, 2022
Last month, we were warned not to install Qatar’s World Cup app because it was spyware. This month, it’s Egypt’s COP27 Summit app : The app is being promoted as a tool to help attendees navigate the event. But it risks giving the Egyptian government permission to read users’ emails and messages. Even messages shared via encrypted services like WhatsApp are vulnerable, according to POLITICO’s technical review of the application, and two of the outside experts.
Advertisement
Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.
Data Breach Today
NOVEMBER 17, 2022
Video Streamer Pays 800,000 Euros to Settle Probe of Privacy and Security Practices The French data protection authority fined Discord 800,000 euros for privacy and security practices that violate the General Data Protection Regulation. Authorities said the fine might have been higher except that Discord's "business model is not based on the exploitation of personal data.
IT Governance
NOVEMBER 17, 2022
Medibank faced angry questioning during its annual general meeting yesterday as shareholders sought explanations for the organisation’s response to last month’s cyber attack. The Australian health insurance giant fell victim to ransomware in October, as a result of which the personal data of 9.7 million current and former customers was compromised. In most cases, basic personal information – such as their name, date of birth, email address, phone number and gender – was exposed.
Security Affairs
NOVEMBER 17, 2022
Researchers warn of a surge in cyberattacks targeting CVE-2022-24086, a pre-authentication issue impacting Adobe Commerce and Magento stores. In September 2022, Sansec researchers warned of a surge in hacking attempts targeting a critical Magento 2 vulnerability tracked as CVE-2022-24086. Magento is a popular open-source e-commerce platform owned by Adobe, which is used by hundreds of thousands of e-stores worldwide.
Schneier on Security
NOVEMBER 16, 2022
Computer code developed by a company called Pushwoosh is in about 8,000 Apple and Google smartphone apps. The company pretends to be American when it is actually Russian. According to company documents publicly filed in Russia and reviewed by Reuters, Pushwoosh is headquartered in the Siberian town of Novosibirsk, where it is registered as a software company that also carries out data processing.
Advertisement
“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.
Data Breach Today
NOVEMBER 18, 2022
Services Include Subscription Models, Bug Bounties and High-Paying Jobs Budding cybercriminals can purchase a large number of specialized services from the ransomware criminal underground, reports cybersecurity firm Sophos. The services range from malware distribution to network scanning and even include OPSEC-as-a-service.
KnowBe4
NOVEMBER 17, 2022
As we enter the holiday season, we start getting bombarded with amazing offers and often take advantage of not only grabbing ourselves a bargain, but also stockpiling gifts for friends and family. During this time, not a day goes by where we do not receive a couple of packages, to the extent that we often become friendly on a first name basis with the delivery drivers.
Security Affairs
NOVEMBER 15, 2022
Researchers discovered a critical vulnerability impacting Spotify’s Backstage Software Catalog and Developer Platform. Researchers from the security firm Oxeye discovered a critical Remote Code Execution in Spotify’s Backstage (CVSS Score of 9.8). Backstage is Spotify’s open-source platform for building developer portals, it’s used by a several organizations , including American Airlines, Netflix, Splunk, Fidelity Investments and Epic Games.
Expert insights. Personalized for you.
300 
Let's personalize your content