Sat.Jul 31, 2021 - Fri.Aug 06, 2021

article thumbnail

Stay Safe Online in 10 Easy Steps

Elie

Here are the ten most important steps you can take to stay safe online. Blog post

118
118
article thumbnail

Do You Trust Your Smart TV?

Security Affairs

Did you ever stop to think that the office smart TV used for company presentations, Zoom meetings, and other work-related activities may not be so trustworthy? In our latest video, we demonstrate an attack scenario that can occur within any organization – hacking a smart TV. The video shows an insider plugging a USB Rubber Ducky into a smart TV in a company meeting room.

Access 125
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Black Hat: Charming Kitten Leaves More Paw Prints

Threatpost

IBM X-Force detailed the custom-made "LittleLooter" data stealer and 4+ hours of ITG18 operator training videos revealed by an opsec goof.

Security 123
article thumbnail

Cybersecurity M&A Update: Five Firms Make Moves

Data Breach Today

Ivanti, Sophos, Deloitte, Cerberus Sentinel and Feedzai Announce Deals Cybersecurity acquisitions continue at an intense pace, with Ivanti, Sophos, Deloitte Risk & Financial Advisory, Cerberus Sentinel and Feedzai all making moves to bolster their security portfolios.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Ransomware Gangs and the Name Game Distraction

Krebs on Security

It’s nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband. We hang on to these occasional victories because history tells us that most ransomware moneymaking collectives don’t go away so much as reinvent themselves under a new name, with new rules, targets and weaponry. Indeed, some of the most destructive and costly ransomware groups are now in their third incarnation.

More Trending

article thumbnail

Using “Master Faces” to Bypass Face-Recognition Authenticating Systems

Schneier on Security

Fascinating research: “ Generating Master Faces for Dictionary Attacks with a Network-Assisted Latent Space Evolution.” Abstract: A master face is a face image that passes face-based identity-authentication for a large portion of the population. These faces can be used to impersonate, with a high probability of success, any user, without having access to any user-information.

article thumbnail

Unsecured Database Exposed Data on Millions

Data Breach Today

vpnMentor: Server Belonging to OneMoreLead Is Now Secured Researchers at vpnMentor say that B2B marketing company OneMoreLead exposed the data of up to 126 million Americans on a misconfigured Elasticsearch server.

B2B 354
article thumbnail

Threat actors leaked data stolen from EA, including FIFA code

Security Affairs

Threat actors that hacked Electronic Arts in June have leaked full data dump stolen from the company after the failure of the negotiation with the victim. In June, hackers have compromised the network of the gaming giant Electronic Arts (EA) and claimed to have stolen approximately 780 GB of data. The stolen data include the source code of the games, the source code of the FrostBite game engine and debug tools, FIFA 21 matchmaking server code, proprietary EA games frameworks, debug tools, SDK,

article thumbnail

Supply Chain Flaws Found in Python Package Repository

eSecurity Planet

Administrators overseeing the Python Package Index (PyPI) in recent days found themselves responding to vulnerabilities found in the repository of open source software, the latest security problems to hit the Python community. Most recently, the PyPI group sent out fixes for three vulnerabilities that were discovered by security researcher RyotaK and published on his blog.

Mining 143
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Paragon: Yet Another Cyberweapons Arms Manufacturer

Schneier on Security

Forbes has the story : Paragon’s product will also likely get spyware critics and surveillance experts alike rubbernecking: It claims to give police the power to remotely break into encrypted instant messaging communications, whether that’s WhatsApp, Signal, Facebook Messenger or Gmail, the industry sources said. One other spyware industry executive said it also promises to get longer-lasting access to a device, even when it’s rebooted. […].

article thumbnail

Countering Cyberthreats: 2 Legislative Proposals Introduced

Data Breach Today

One Measure Calls for Sanctions Against Nations Tolerating Ransomware Gangs Two bipartisan bills introduced in Congress this week seek to address cyberthreats. One calls for imposing sanctions against countries that allow ransomware gangs to operate within their borders. Another would require law enforcement agencies to better track cybercrime statistics to identify trends.

article thumbnail

MacOS Flaw in Telegram Retrieves Deleted Messages

Threatpost

Telegram declined to fix a scenario in which the flaw can be exploited, spurring a Trustwave researcher to decline a bug bounty and to disclose his findings instead.

143
143
article thumbnail

Open Source Security: A Big Problem

eSecurity Planet

Open source security has been a big focus of this week’s Black Hat conference, but no open source security initiative is bolder than the one proffered by the Open Source Security Foundation (OpenSSF). Amid discussions on the security of open source technologies like eBPF and Hadoop, OpenSSF speakers Jennifer Fernick, SVP and head of global research at NCC Group, and Christopher Robinson, Intel’s director of security communications, outlined the group’s vision to secure open sou

Security 138
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

The European Space Agency Launches Hackable Satellite

Schneier on Security

Of course this is hackable: A sophisticated telecommunications satellite that can be completely repurposed while in space has launched. […]. Because the satellite can be reprogrammed in orbit, it can respond to changing demands during its lifetime. […]. The satellite can detect and characterise any rogue emissions, enabling it to respond dynamically to accidental interference or intentional jamming.

article thumbnail

Audit Slams FDIC for Inadequate Mobile Device Security

Data Breach Today

OIG Outlines Shortcomings, Recommends Fixes The FDIC has failed to properly update its policies for mobile device usage, conduct regular control assessments of its mobile device management solution or adequately log and monitor mobile cybersecurity practices, according to a new report from the Office of the Inspector General.

Security 321
article thumbnail

Advanced Technology Ventures discloses ransomware attack and data breach

Security Affairs

The American venture capital firm Advanced Technology Ventures (ATV) disclosed a ransomware attack, crooks also stole data of some private investors. Advanced Technology Ventures (ATV) is an American venture capital firm with more than $1.8 billion in capital under management. The venture capital firm this week disclosed a ransomware attack, threat actors have also stolen the personal information of some of its private investors.

article thumbnail

Angry Affiliate Leaks Conti Ransomware Gang Playbook

Threatpost

The data includes IP addresses for Cobalt Strike C2 servers as well as an archive including numerous tools and training materials for the group, revealing how it performs attacks.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Zoom Lied about End-to-End Encryption

Schneier on Security

The facts aren’t news, but Zoom will pay $85M — to the class-action attorneys, and to users — for lying to users about end-to-end encryption, and for giving user data to Facebook and Google without consent. The proposed settlement would generally give Zoom users $15 or $25 each and was filed Saturday at US District Court for the Northern District of California.

article thumbnail

UF Health Central Florida: Cyberattack Leads to PHI Breach

Data Breach Today

Incident Bears Similarities to Recent Attack at Scripps Health In the wake of a recent cyberattack on UF Health Central Florida that disrupted access to patients' electronic health records for about a month during recovery, the entity is now reporting the incident also exposed patient information.

Access 321
article thumbnail

BlackMatter ransomware also targets VMware ESXi servers

Security Affairs

BlackMatter gang rapidly evolves, the group has developed a Linux version that allows operators to targets VMware’s ESXi VM platform. The BlackMatter ransomware gang has implemented a Linux encryptor to targets VMware ESXi virtual machine platform. This is the last ransomware in order of time that is able to target VM platforms, some of the other ransomware operations that do the same are REvil , RansomExx/Defray , Mespinoza , HelloKitty , and Babuk.

article thumbnail

U.S. Rep. Castor Reintroduces Kids PRIVCY Act with Updated Provisions

Hunton Privacy

On July 29, 2021, U.S. Representative Rep. Kathy Castor (D-Florida), a member of the House Energy and Commerce Committee, reintroduced the Protecting the Information of our Vulnerable Children and Youth Act (the “Bill”). The Bill would update the Children’s Online Privacy Protection Act (“COPPA”) to, among other requirements: (1) cover teens ages 13-17; (2) expand the categories of information considered to be “personal” (to include physical characteristics, biometric information, health inform

Privacy 125
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Considerations on embedding the new standard contractual clauses in IT contracts

DLA Piper Privacy Matters

Authors: Heidi Waem and Nicolas Becker. On 4 June 2021, the European Commission released the final version of the new Standard Contractual Clauses (new SCCs) (see our blogpost here ). This new set of clauses was launched in the aftermath of the CJEU’s Schrems II decision and includes specific wording to address certain concerns raised by the CJEU. Before Schrems II, the “old” SCCs were routinely included in IT contracts without actually considering thoroughly the interplay between those old SCCs

IT 119
article thumbnail

New RAT Targets Russian Speakers

Data Breach Today

Malwarebytes Describes Unusual Tactics The Malwarebytes threat intelligence team has discovered a remote access Trojan apparently designed to target Russian speakers that may have combined a social engineering technique with a known exploit to maximize chances of infecting targets.

Access 325
article thumbnail

VMware addresses critical flaws in its products

Security Affairs

VMware has addressed a critical vulnerability that affects multiple products that could be exploited to gain access to confidential information. VMware has released security updates to address multiple flaws in its products, including a critical issue that could allow an attacker to access confidential information. A couple of vulnerabilities tracked as CVE-2021-22002 and CVE-2021-22003, impact Workspace One Access (Access), Identity Manager (vIDM), vRealize Automation (vRA), Cloud Foundation, a

IT 137
article thumbnail

Golang Cryptomining Worm Offers 15% Speed Boost

Threatpost

The latest variants of the Monero-mining malware exploit known web server bugs and add efficiency to the mining process.

Mining 143
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

UK High Court Dismisses Claims Following DSG Data Breach

Hunton Privacy

On July 30, 2021, the UK High Court handed down its judgment in the case of Warren v DSG Retail Ltd [2021] EWHC 2168 (QB), determining that the claimant could not seek damages on the basis of misuse of personal information, breach of confidence or common law negligence following a data breach. In 2018, DSG Retail Limited (“DSG”) experienced a cyber attack in which hackers infiltrated DSG’s systems and installed malware that ran on point of sale terminals in DSG stores.

article thumbnail

NSA Reminder: Beware of Public Wi-Fi

Data Breach Today

Agency Emphasizes Value of VPNs, Other Security Steps Teleworking U.S. national security employees are putting sensitive data at risk if they use public Wi-Fi networks without using a virtual private network to encrypt the traffic, the National Security Agency notes in a new advisory.

article thumbnail

Italian energy company ERG hit by LockBit 2.0 ransomware gang

Security Affairs

ERG SPA, an Italian energy company, reports a minor impact on its operations after the recent ransomware attack conducted by LockBit 2.0 gang. Recently the Italian energy company ERG was hit by the LockBit 2.0 ransomware gang, now the company reported “only a few minor disruptions” for its ICT infrastructure. The company is active in the production of wind energy, solar energy, hydroelectric energy and high-yield thermoelectric cogeneration energy with low environmental impact. ̶