Data Breach Today
AUGUST 1, 2022
Known Unknowns Include Count of Victims and Ransoms Paid, Criminal Profits and More How many organizations fall victim to a ransomware outbreak? How many victims pay a ransom? How many victims see stolen data get leaked? A new study from the EU's cybersecurity agency ENISA offers answers, but carries major caveats due to rampant underreporting of such attacks.
WIRED Threat Level
AUGUST 1, 2022
Keep your logins locked down with our favorite apps for PC, Mac, Android, iPhone, and web browsers.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Dark Reading
AUGUST 3, 2022
Because they leave so little time to patch and defuse, zero-day threats require a proactive, multilayered approach based on zero trust.
Krebs on Security
AUGUST 4, 2022
Email scammers sent an Uber to the home of an 80-year-old woman who responded to a well-timed email scam, in a bid to make sure she went to the bank and wired money to the fraudsters. In this case, the woman figured out she was being scammed before embarking for the bank, but her story is a chilling reminder of how far crooks will go these days to rip people off.
Advertisement
Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.
Data Breach Today
AUGUST 3, 2022
Cause of Attack Is Unknown, Moving Funds to Cold Wallets Recommended Hackers are using an unknown exploit to draw down internet-connected wallets on the Solana blockchain. So far, thieves have made off with about $8 million worth of cryptocurrency, predominantly from mobile wallet users of Phantom and Slope. Solana is working to identify the root cause.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Troy Hunt
AUGUST 3, 2022
How best to punish spammers? I give this topic a lot of thought because I spend a lot of time sifting through the endless rubbish they send me. And that's when it dawned on me: the punishment should fit the crime - robbing me of my time - which means that I, in turn, need to rob them of their time. With the smallest possible overhead on my time, of course.
Krebs on Security
AUGUST 2, 2022
With the recent demise of several popular “proxy” services that let cybercriminals route their malicious traffic through hacked PCs, there is now something of a supply chain crisis gripping the underbelly of the Internet. Compounding the problem, several remaining malware-based proxy services have chosen to block new registrations to avoid swamping their networks with a sudden influx of customers.
Data Breach Today
AUGUST 2, 2022
Florida Urgent Care Center Says Incident Involved Billing Vendor PracticeMax A Florida operator of urgent care clinics recently reported to federal regulators a health data breach affecting more than 258,000 individuals tied to a vendor's ransomware attack in May 2021. Why did it take so long to determine that the incident resulted in breach of protected health information?
Security Affairs
JULY 31, 2022
A vulnerability, tracked as CVE-2022-30563, impacting Dahua IP Camera can allow attackers to seize control of IP cameras. The CVE-2022-30563 vulnerability impacting Dahua IP Camera can allow attackers to seize control of IP cameras. The issue affects Dahua’s implementation of the Open Network Video Interface Forum ( ONVIF ). ONVIF provides and promotes standardized interfaces for effective interoperability of IP-based physical security products.
Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage
Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.
Data Protection Report
AUGUST 2, 2022
In our previous publication , we discussed the legal obligations and procedural considerations surrounding maintaining records of privacy incidents. While the specific obligations vary by jurisdiction, maintaining some form of a record that tracks privacy incidents is a statutory obligation for private-sector organizations subject to Quebec, Alberta, or federal laws.
eSecurity Planet
AUGUST 2, 2022
Linux malware is skyrocketing and now surpasses both macOS and Android, according to a new report, suggesting that cybercriminals are increasingly targeting the open source operating system. The Atlas VPN report said the number of new Linux malware samples collected soared by 646% from the first half of 2021 to the first half of 2022, from 226,334 samples to nearly 1.7 million.
Data Breach Today
AUGUST 1, 2022
Check Point Beats Q2 Earnings Forecast Despite Spike in Materials, Shipping Costs Continued supply chain costs dampened an otherwise positive Q2 earnings report for Check Point. The company is spending historic mounts on buying raw materials on the open market and shipping those materials to the production line – an expense issue expected to stretch into 2023.
Security Affairs
AUGUST 5, 2022
A threat actor, tracked as TAC-040, exploited Atlassian Confluence flaw CVE-2022-26134 to deploy previously undetected Ljl Backdoor. Cybersecurity firm Deepwatch reported that a threat actor, tracked as TAC-040, has likely exploited the CVE-2022-26134 flaw in Atlassian Confluence servers to deploy a previously undetected backdoor dubbed Ljl Backdoor.
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
Dark Reading
AUGUST 4, 2022
The CVE-2022-27535 local privilege-escalation security vulnerability in the security software threatens remote and work-from-home users.
IT Governance
AUGUST 1, 2022
Welcome to our July 2022 review of data breaches and cyber attacks. We identified 85 security incidents during the month, resulting in 99,243,757 compromised records. You can find the full list below, broken into categories. Meanwhile, be sure to subscribe to our Weekly Round-up to receive the latest cyber security news and advice delivered straight to your inbox.
Data Breach Today
AUGUST 5, 2022
Increased collaboration between the public and private sectors hasn't slowed the increased frequency and ease of ransomware intrusions, but efforts to change the financial incentives of ransomware are having "a pretty good effect," says Marc Rogers, vice president of cybersecurity strategy at Okta.
Security Affairs
AUGUST 5, 2022
RapperBot is a new botnet employed in attacks since mid-June 2022 that targets Linux SSH servers with brute-force attacks. Researchers from FortiGuard Labs have discovered a new IoT botnet tracked as RapperBot which is active since mid-June 2022. The bot borrows a large portion of its code from the original Mirai botnet, but unlike other IoT malware families, it implements a built-in capability to brute force credentials and gain access to SSH servers instead of Telnet as implemented in Mirai.
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
Dark Reading
AUGUST 1, 2022
"Bruggling" emerges as a novel technique for pilfering data out from a compromised environment — or for sneaking in malicious code and attack tools.
Data Protection Report
AUGUST 2, 2022
The Transportation Security Administration (“TSA”) announced on July 21, 2022 that it is transitioning to a less prescriptive and more result-based approach in its revised emergency cybersecurity directive for critical gas and liquid pipeline companies. The Security Directive Pipeline-2021-02C (“ SD02C ”), effective July 27, 2022, represents a significant departure from the highly prescriptive requirements set forth in its predecessor directives (SD 2021-02A and SD 2021-02B) issued by the TSA l
Data Breach Today
AUGUST 3, 2022
Fortinet Says Price Hikes Have More Than Offset Supply Chain and Geopolitical Issues Fortinet has raised prices on products and services to address macroeconomic challenges including shipping delays, longer activation timelines, and the suspension of sales in Russia. The company says price hikes have more than offset supply chain and geopolitical headwinds in recent months.
Security Affairs
AUGUST 4, 2022
Cisco fixes critical remote code execution vulnerability, tracked as CVE-2022-20842, impacting Small Business VPN routers. Cisco addressed a critical security vulnerability, tracked as CVE-2022-20842, impacting Small Business VPN routers. The flaw resides in the web-based management interface of several Small Business VPN routers, including Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers.
Advertisement
Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.
Schneier on Security
AUGUST 2, 2022
TheMarkup has an extensive analysis of connected vehicle data and the companies that are collecting it. The Markup has identified 37 companies that are part of the rapidly growing connected vehicle data industry that seeks to monetize such data in an environment with few regulations governing its sale or use. While many of these companies stress they are using aggregated or anonymized data, the unique nature of location and movement data increases the potential for violations of user privacy.
KnowBe4
AUGUST 1, 2022
A complex and ambitious investment scam has used more than 10,000 domains to induce speculators to give up not just funds, but personal information as well. Researchers at security firm Group-IB describe the campaign as one that proceeds through several distinct stages. It begins with ads placed in social media, or with pages displayed in compromised Facebook or YouTube accounts.
Data Breach Today
AUGUST 3, 2022
Thoma Bravo-Ping Deal Comes Just Four Months After Thoma Agreed to Buy SailPoint Thoma Bravo is doubling down on identity, inking a deal to buy Ping Identity for $2.8 billion just four months after agreeing to purchase SailPoint. The deals mean that Thoma Bravo will have both Ping's identity and access management and SailPoint's identity governance skill sets under its umbrella.
Security Affairs
AUGUST 5, 2022
US Critical Infrastructure Security Agency (CISA) adds a recently disclosed flaw in the Zimbra email suite to its Known Exploited Vulnerabilities Catalog. The Cybersecurity & Infrastructure Security Agency (CISA) has added a recently disclosed flaw in the Zimbra email suite, tracked as CVE-2022-27924 , to its Known Exploited Vulnerabilities Catalog.
Advertisement
“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.
Schneier on Security
AUGUST 1, 2022
Amazon has revealed that it gives police videos from its Ring doorbells without a warrant and without user consent. Ring recently revealed how often the answer to that question has been yes. The Amazon company responded to an inquiry from US Senator Ed Markey (D-Mass.), confirming that there have been 11 cases in 2022 where Ring complied with police “emergency” requests.
IT Governance
AUGUST 1, 2022
Whether you’re a small organisation with limited resources or an international firm, achieving ISO 27001 certification will be a challenge. Anyone who has already been through the process will know that. You must assemble a team, conduct a gap analysis and risk assessment, apply security controls, create documentation and perform staff awareness training.
Data Breach Today
AUGUST 1, 2022
Crackdown on Ransomware has Operators Seeking Alternatives Hackers are turning to cryptojacking to make easy money despite the fall in cryptocurrency valuation, including ransomware cybercriminals attracted by the lower stakes world of cryptojacking, says threat intelligence firm SonicWall. The financial industry has seen a surge in cryptojacking attacks.
Expert insights. Personalized for you.
320 
Let's personalize your content