eSecurity Planet
AUGUST 11, 2021
As users have increasingly moved from desktop operating systems to mobile devices as their primary form of computing, cyber attackers have taken notice and malware has followed. While the total volume of mobile malware is a fraction of that created for desktops, it is nonetheless a growing security concern, as more and more high-value and sensitive tasks are performed on mobile devices.
Troy Hunt
AUGUST 12, 2021
More than 3 years ago now, Scott Helme and I launched a little project called Why No HTTPS? It listed the world's largest websites that didn't properly redirect insecure requests to secure ones. We updated it December before last and pleasingly, noted that more websites than ever were doing the right thing and forcing browsers down the secure path.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Threatpost
AUGUST 12, 2021
Threat actors are targeting everyone from job hunters to Bitcoin traders to college students wanting a break on their student loans, by exploiting the popular technology's trust relationship with users.
Data Breach Today
AUGUST 13, 2021
Researchers Say the Tool Is Designed To Help Gangs Launder Bitcoin Cybercriminals have developed a blockchain analytics tool on the darknet that could help a gang launder illegally obtained bitcoin, and they are actively marketing it, according to the cryptocurrency analytics firm Elliptic. The tool, however, is rated as not entirely effective.
Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage
Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.
Krebs on Security
AUGUST 9, 2021
I was preparing to knock off work for the week on a recent Friday evening when a curious and annoying email came in via the contact form on this site: “Hello I go by the username Nuclear27 on your site Briansclub[.]com ,” wrote “ Mitch ,” confusing me with the proprietor of perhaps the underground’s largest bazaar for stolen credit and identity data. “I made a deposit to my wallet on the site but nothing has shown up yet and I would like to know why.” Th
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
eSecurity Planet
AUGUST 9, 2021
A malicious advertising campaign originating out of Eastern Europe and operating since at least mid-June is targeting Internet of Things (IoT) devices connected to home networks, according to executives with GeoEdge, which offers ad security and quality solutions to online and mobile advertisers. The executives said the “malvertising” campaign – which was uncovered by GeoEdge’s security research team with AdTech partners InMobi and Verve Group – came out of Ukraine and Slovenia and reached as fa
Data Breach Today
AUGUST 7, 2021
Symantec: China-Linked Actors Investigate SCADA Systems An unidentified hacking group with suspected Chinese ties is targeting critical infrastructure in Southeast Asia as part of a cyberespionage campaign to exfiltrate information about the victim's SCADA systems, says a report by security firm Symantec.
Krebs on Security
AUGUST 13, 2021
A new dark web service is marketing to cybercriminals who are curious to see how their various cryptocurrency holdings and transactions may be linked to known criminal activity. Dubbed “ Antinalysis,” the service purports to offer a glimpse into how one’s payment activity might be flagged by law enforcement agencies and private companies that try to link suspicious cryptocurrency transactions to real people.
AIIM
AUGUST 10, 2021
For millions of Microsoft 365 users, a substantial portion of the organizational knowledge is created, shared, and stored in SharePoint, Exchange email, or OneDrive. Teams offers yet another way to share content with colleagues and even customers, storing files in SharePoint and OneDrive separately. Organizations must oversee this activity across multiple jurisdictions.
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
Schneier on Security
AUGUST 9, 2021
This is a really interesting story explaining how to defeat Microsoft’s TPM in 30 minutes — without having to solder anything to the motherboard. Researchers at the security consultancy Dolos Group, hired to test the security of one client’s network, received a new Lenovo computer preconfigured to use the standard security stack for the organization.
Data Breach Today
AUGUST 9, 2021
VMware ESXi Servers Targeted by Crypto-Locking Malware, MalwareHunterTeam Warns The new BlackMatter Russian-speaking ransomware-as-a-service group, which announced its launch last month, has created a Linux version of its malware designed to target VmWare's ESXi servers hosting virtual machines, according to MalwareHunterTeam.
eSecurity Planet
AUGUST 10, 2021
Cybercriminals using an IP address in China are trying to exploit a vulnerability disclosed earlier this month to deploy a variant of the Mirai malware on network routers affected by the vulnerability, according to researchers with Juniper Threat Labs. In a recent blog post , the researchers said the bad actors are looking to leverage a path traversal vulnerability that could affect millions of home routers and other Internet of Things (IoT) devices that use the same code base and are manufactur
Troy Hunt
AUGUST 9, 2021
Today I'm very happy to welcome the national Turkish CERT to Have I Been Pwned, TR-CERT or USOM, the National Cyber Incident Response Center. They are now the 26th government to have complete and free API level access to query their government domains. Providing governments with greater visibility into the impact of data breaches on their staff helps protect against all manner of online attacks.
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
Schneier on Security
AUGUST 10, 2021
Apple’s announcement that it’s going to start scanning photos for child abuse material is a big deal. ( Here are five news stories.) I have been following the details, and discussing it in several different email lists. I don’t have time right now to delve into the details, but wanted to post something. EFF writes : There are two main features that the company is planning to install in every Apple device.
Data Breach Today
AUGUST 9, 2021
John Deere, Researchers Spar Over Impact of Vulnerabilities Flaws uncovered in tractor manufacturer John Deere's systems underscore the cyber risks that come in tandem with the productivity gains from high-tech farming. John Deere claims the issues would not affect machines in use, but a researcher who presented at the Def Con security conference on Sunday disagrees.
Security Affairs
AUGUST 7, 2021
Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot. “A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthent
eSecurity Planet
AUGUST 13, 2021
SIEM solutions can be expensive and difficult to manage, so one company built its own – and is pleased with the results. At last week’s Black Hat USA, NYC-based financial technology firm Two Sigma Investments took the virtual stage to outline why their existing solution didn’t cut it, the work needed to create an in-house security information and event management (SIEM) system, and the project’s implications.
Advertisement
Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.
Schneier on Security
AUGUST 11, 2021
Cobolt Strike is a security tool, used by penetration testers to simulate network attackers. But it’s also used by attackers — from criminals to governments — to automate their own attacks. Researchers have found a vulnerability in the product. The main components of the security tool are the Cobalt Strike client — also known as a Beacon — and the Cobalt Strike team server, which sends commands to infected computers and receives the data they exfiltrate.
Data Breach Today
AUGUST 11, 2021
Deal Will 'Strengthen Cyber Safety Program' Antivirus and identity protection firm NortonLifeLock confirmed Tuesday that it has entered into an agreement to acquire its rival, Avast, for $8.1 billion to $8.6 billion.
Security Affairs
AUGUST 11, 2021
Global consulting giant Accenture has allegedly been hit by a ransomware attack carried out by LockBit 2.0 ransomware operators. IT and consulting giant Accenture was hit by a ransomware attack carried out by LockBit 2.0 ransomware operators, the group announced the hack on its leak site, “These people are beyond privacy and security. I really hope that their services are better than what I saw as an insider.
Threatpost
AUGUST 9, 2021
A mere three days after disclosure, cyberattackers are hijacking home routers from 20 vendors & ISPs to add them to a Mirai-variant botnet used for carrying out DDoS attacks.
Advertisement
“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.
Schneier on Security
AUGUST 13, 2021
The problem with spear phishing it that it takes time and creativity to create individualized enticing phishing emails. Researchers are using GPT-3 to attempt to solve that problem: The researchers used OpenAI’s GPT-3 platform in conjunction with other AI-as-a-service products focused on personality analysis to generate phishing emails tailored to their colleagues’ backgrounds and traits.
Data Breach Today
AUGUST 9, 2021
Millions of Smartphone Users Nationwide Are Targets The Federal Trade Commission has issued a warning about a new smishing scheme targeting millions of smartphones nationwide that impersonates state workforce agencies in an attempt to obtain personal data.
Security Affairs
AUGUST 13, 2021
The SynAck ransomware gang released the master decryption keys for their operations and rebranded as a new group dubbed El_Cometa group. Good news for the victims of the SynAck ransomware gang, the group released the master decryption keys to allow victims to decrypt their files for free. The gang has now rebranded as the new El_Cometa group. The news was first reported by TheRecord website, the master decryption keys work for victims that were infected between July 2017 and early 2021. “T
IT Governance
AUGUST 12, 2021
Last month, Amazon was hit with a €746 million (about £630 million) fine for violating the GDPR (General Data Protection Regulation) – an astronomical figure by data protection regulation, or indeed most, standards. It is by far the biggest fine issued under the GDPR, surpassing the €50 million penalty that Google received in 2019. In fact, the scale of this penalty – dished out by Amazon’s EU supervisory authority, the Luxembourg-based National Data Protection Commission – is so large that it i
Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO
The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.
Troy Hunt
AUGUST 13, 2021
Well this week went on for a bit, an hour and 6 mins in all. The 2 Apple things were particularly interesting due to the way in which both catching CSAM baddies and catching baddies who steal your things involves using technology that can be abused. Is it good tech because it can do good things? Bad tech because it can do bad things? Or is tech just morally neutral and we need to look at it more holistically?
Data Breach Today
AUGUST 9, 2021
Prosecutors Say Operation Aided Cybercriminals Two Latvian men tied to an extensive international money laundering operation that aided prominent cybercriminals have pleaded guilty to conspiracy charges.
Security Affairs
AUGUST 8, 2021
A remote code execution (RCE) vulnerability in the Cisco Adaptive Security Device Manager (ADSM) Launcher disclosed in July has yet to be addressed. Cisco provided an update on a remote code execution (RCE) vulnerability (CVE-2021-1585) in the Adaptive Security Device Manager (ADSM) Launcher, the IT giant confirmed that the flaw has yet to be addressed.
Expert insights. Personalized for you.
102 
Let's personalize your content