Sat.Jan 16, 2021 - Fri.Jan 22, 2021

article thumbnail

Biden's $10 Billion Cybersecurity Proposal: Is It Enough?

Data Breach Today

Security Experts Say Proposal Amounts to a 'Down Payment' President-elect Joe Biden's $1.9 trillion plan for COVID-19 relief includes nearly $10 billion in cybersecurity and IT spending. Some security experts hope the amount as just a "down payment" toward a broader effort.

article thumbnail

Parler Finds a Reprieve in Russia—but Not a Solution

WIRED Threat Level

The far-right platform still hasn't found a US-based home. Where it lands could have serious consequences for its users' privacy.

Privacy 142
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

What is a DoS (Denial-of-Service) Attack?

IT Governance

Denial-of-service (DoS) attacks are intended to shut down or severely disrupt an organisation’s systems. Unlike most cyber attacks, the goal isn’t to steal sensitive information but to frustrate the victim by knocking their website offline.

Risk 114
article thumbnail

The AIIM Conference 2021 - Now Boarding Info Pros

AIIM

We're so excited to announce that registration for The AIIM Conference 2021 for records and information professionals is now live! This year, join us as we "Go Big, and Stay Home!" That's right, this year's event will be virtual and delivered to a screen near you. AIIM21 is set for April 27-29th, 2021. The sky is no longer the limit for this year's virtual event to bring together the world's top records and informations professionals to meet, learn, and have fun!

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Texas Medical Center Breach Affects 640,000

Data Breach Today

Apparent Ransomware Attack Exposed Patient Information An apparent ransomware incident at a Texas healthcare organization has potentially compromised the protected health information of more than 640,000 individuals.

More Trending

article thumbnail

The IoT Cybersecurity Act of 2020: Implications for Devices

eSecurity Planet

A universe of devices and technology has fallen into our laps at a speed that organizations struggle to manage effectively. And that boom in devices shows no signs of stopping. In 2019, there were an estimated 9.9 billion Internet of Things (IoT) devices. By 2025, we expect 21.5 billion. As more information about IoT device vulnerabilities is published, the pressure on industry and government authorities to enhance security standards might be reaching a tipping point.

IoT 140
article thumbnail

Four Steps to Support Compliant Data Transfers Without Privacy Shield

AIIM

The recent Court of Justice of the European Union (CJEU) Schrems II ruling, which invalidated the longstanding U.S.-EU Privacy Shield framework, has created a wave of uncertainty for the legal industry. Ever since the U.S.-EU Safe Harbor framework was retired in 2015 as a result of Schrems I , lawyers have faced challenges in ensuring the legality of transferring data between the EU and U.S. in multi-national litigation and investigations.

Privacy 160
article thumbnail

Fueled by Profits, Ransomware Persists in New Year

Data Breach Today

Increasing Ransomware Varieties and Attack Volume Look Set to Continue, Experts Warn Ransomware dominated the cybercrime landscape in 2020 and looks set to do so again this year, as criminals seek fresh new ways to make victims pay. Experts predict gangs will double down on whatever works, which lately includes data exfiltration.

article thumbnail

Raindrop, a fourth malware employed in SolarWinds attacks

Security Affairs

The threat actors behind the SolarWinds attack used malware dubbed Raindrop for lateral movement and deploying additional payloads. Security experts from Symantec revealed that threat actors behind the SolarWinds supply chain attack leveraged a malware named Raindrop for lateral movement and deploying additional payloads. Raindrop is the fourth malware that was discovered investigating the SolarWinds attack after the SUNSPOT backdoor, the Sunburst / Solorigate backdoor and the Teardrop tool. .

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

UK Case Tests the Territorial Application of the GDPR to U.S. Run Website

Hunton Privacy

The recent UK case of Soriano v Forensic News and Others tested the territorial reach of the General Data Protection Regulation (“GDPR”) and represents the first UK judgment dealing with the territorial scope of the GDPR. This was a “service out” case, where the claimant, Walter T. Soriano, sought the Court’s permission under the UK Civil Procedure Rules to serve proceedings on the defendants, who were all domiciled in the U.S.

GDPR 137
article thumbnail

How Many COBOL Programmers Does it Take to Change a Lightbulb?

Micro Focus

COBOL’s continued popularity receives further evidence. Digital Marketing expert and avid COBOL fan Mark Plant reports that another major milestone has been met – this time on Facebook. The answer to the jokey headline is: None – that’s a hardware problem of course! However, if you ever did really need to find out I’d recommend. View Article.

IT 134
article thumbnail

President Biden Orders SolarWinds Intelligence Assessment

Data Breach Today

New Administration Signals Importance of Cybersecurity to National Security Agenda The new Biden administration has pledged to hold Russia accountable for its recent "reckless and adversarial" actions and has ordered a full-scale intelligence review of the SolarWinds hack. The moves signal the importance of cybersecurity to President Biden's national security agenda.

article thumbnail

Abusing Windows RDP servers to amplify DDoS attacks

Security Affairs

Threat actors are abusing Windows Remote Desktop Protocol (RDP) servers to amplify Distributed Denial of Service (DDoS) attacks. Attackers are abusing Windows Remote Desktop Protocol (RDP) servers to amplify Distributed Denial of Service (DDoS) attacks. The Microsoft Remote Desktop Protocol (RDP) is a built-in service in Microsoft Windows operating systems that provides authenticated remote virtual desktop infrastructure (VDI) access to Windows-based workstations and servers.

Access 139
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

A Site Published Every Face From Parler's Capitol Riot Videos

WIRED Threat Level

Faces of the Riot used open source software to detect, extract, and deduplicate every face from the 827 videos taken from the insurrection on January 6.

Privacy 145
article thumbnail

Hacker Pig Latin: A Base64 Primer for Security Analysts

Dark Reading

The Base64 encoding scheme is often used to hide the plaintext elements in the early stages of an attack that can't be concealed under the veil of encryption. Here's how to see through its tricks.

article thumbnail

Biden Fills 3 Cybersecurity Positions

Data Breach Today

Senior Director for Cyber and Others Announced President Joe Biden's cybersecurity team is beginning to take shape, with three appointments recently announced, including Michael Sulmeyer as senior director for cyber.

article thumbnail

FreakOut botnet target 3 recent flaws to compromise Linux devices

Security Affairs

Security researchers uncovered a series of attacks conducted by the FreakOut botnet that leveraged recently discovered vulnerabilities. Security researchers from Check Point have uncovered a series of attacks associated with the FreakOut botnet that is targeting multiple unpatched flaws in applications running on top of Linux systems. The botnet appeared in the threat landscape in November 2020, in some cases the attacks leveraged recently disclosed vulnerabilities to inject OS commands.

Mining 136
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

How your staff make security decisions: The psychology of information security

IT Governance

Your employees encounter potential cyber security threats on a daily basis. Perhaps there’s a new face in the office that they don’t recognise, or a new password they need to remember, or a database of sensitive information that they need to upload onto the Cloud. In The Psychology of Information Security , Leron Zinatullin explains how employees respond to those challenges and explains why they make the decisions they do.

article thumbnail

4 Intriguing Email Attacks Detected by AI in 2020

Dark Reading

Here's to the sneakiest of the sneaky. These clever phishing messages -- that standard validation measures often missed -- deserve proper dishonor.

Phishing 144
article thumbnail

Chinese Hacking Group Targets Airlines, Semiconductor Firms

Data Breach Today

'Chimera' Exfiltrates Intellectual Property, Personal Data A hacking group with apparent ties to China is targeting airlines and semiconductor firms to steal intellectual property and personal data in repeated exfiltration efforts, according to the NCC Group.

article thumbnail

KindleDrip exploit – Hacking a Kindle device with a simple email

Security Affairs

KindleDrip : Amazon addressed a number of flaws affecting the Kindle e-reader that could have allowed an attacker to take control of victims’ devices. Security experts at Realmode Labs discovered multiple vulnerabilities in the Kindle e-reader that could have allowed an attacker to take over victims’ devices. The researchers noticed that the “Send to Kindle” feature allows Kindle users to send e-books to their devices as email attachments, a behavior that could be potentially explo

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Which Records Should We Retain in Paper? A Global Guide to Media, Location, and Transfer Compliance

ARMA International

Just tell me which records we must retain in paper! This is a common frustration among records managers and information governance (IG) professionals. Those responsible for maintaining and producing records want to retain or transfer their records using the most efficient method of storage, but do not want to break the law by retaining the information in an illegal format.

Paper 124
article thumbnail

Injecting a Backdoor into SolarWinds Orion

Schneier on Security

Crowdstrike is reporting on a sophisticated piece of malware that was able to inject malware into the SolarWinds build process: Key Points. SUNSPOT is StellarParticle’s malware used to insert the SUNBURST backdoor into software builds of the SolarWinds Orion IT management product. SUNSPOT monitors running processes for those involved in compilation of the Orion product and replaces one of the source files to include the SUNBURST backdoor code.

IT 122
article thumbnail

'FreakOut' Botnet Targets Unpatched Linux Systems

Data Breach Today

Researchers Says Malicious Network Could Be Used to Launch DDoS Attacks Researchers at Check Point Research are tracking a new botnet dubbed "FreakOut" that's targeting vulnerabilities in Linux systems. The malware is creating a malicious network that has the potential to launch DDoS attacks.

332
332
article thumbnail

OpenWRT forum hacked, intruders stole user data

Security Affairs

The OpenWRT forum, the community behind the open-source project for embedded operating systems based on Linux, disclosed a data breach. OpenWrt is an open-source project for embedded operating systems based on Linux, primarily used on embedded devices to route network traffic. The main components are Linux, util-linux, musl, and BusyBox. All components have been optimized to be small enough to fit into the limited storage and memory available in home routers.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Why OpenText has so much to offer the Healthcare sector

OpenText Information Management

This is a pivotal moment for the Healthcare sector. We have just gone through a period of incredible disruption. Content will be increasingly critical as organizations strive to improve operations and better understand and personalize the patient journey. COVID-19 has added fuel to the fire in Healthcare’s move toward digital transformation. Many of the significant changes we need to make because of the pandemic are forcing us to embrace new solutions quickly.

article thumbnail

SVR Attacks on Microsoft 365

Schneier on Security

FireEye is reporting the current known tactics that the SVR used to compromise Microsoft 365 cloud data as part of its SolarWinds operation: Mandiant has observed UNC2452 and other threat actors moving laterally to the Microsoft 365 cloud using a combination of four primary techniques: Steal the Active Directory Federation Services (AD FS) token-signing certificate and use it to forge tokens for arbitrary users (sometimes described as Golden SAML ).

article thumbnail

OpenWRT Project Community Investigating Data Breach

Data Breach Today

Open-Source Development Project Asking Members to Reset Passwords OpenWRT, an open-source project that develops operating systems, firmware and other software for connected and embedded devices, is investigating a data breach after a hacker gained access to an administrator account and apparently was able to access usernames and email addresses for community members.