Data Breach Today

MAY 23, 2023

With data distributed across multiple clouds serving an increasingly remote workforce, can existing data protection programs truly be successful? Most data protection solutions have been built on a foundation of legacy technologies and operations that only drive up complexity and costs. A best-in-class data protection program should be easy to operate, reduce costs, and ultimately drive down data loss risk.

Cloud 262

Cloud Risk 262

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. What follows is an interview with a Russian hacker responsible for a series of aggressive crypto spam campaigns that recently prompted several large Mastodon communities to temporarily halt new registrations.

IoT 231

IoT Data science Information Security Access 231

The Last Watchdog

MAY 24, 2023

Hackers can hurt your business or organization in many ways. First and foremost, cyberattacks can lead to data breaches in which sensitive information is stolen. If a cyber-criminal uses you as a way to get at your customers, suppliers, or employees, these vital business relationships can turn sour. Related: Tapping hidden pools of security talent Sometimes hackers can encrypt your systems, holding them hostage and asking you to pay money to regain access to them.

Cybersecurity 162

Cybersecurity Data breaches Phishing Security 162

Jamf

MAY 22, 2023

Learn about the discovery of a novel threat vector on iPhone that allows attackers to circumvent security mitigations by exploiting under-protected co-processors, leveraging access to further compromise the iOS kernel.

Security 145

Security Access 145

Advertisement

Unleash the power of NoSQL with "Apache Cassandra® NoSQL for the Relational DBA." Learn from Lewis DiFelice, an experienced Professional Services Consultant at Instaclustr, as he shares his journey transitioning from SQL to managing a 40-node Cassandra cluster. Gain insights into Cassandra's architecture, configuration strategies, and best practices.

Dark Reading

MAY 24, 2023

Any new cybersecurity technology should be not just a neutral addition to a security stack but a benefit to the other technologies or people managing them.

Cybersecurity 120

Cybersecurity Security 120

Krebs on Security

MAY 26, 2023

The number of phishing websites tied to domain name registrar Freenom dropped precipitously in the months surrounding a recent lawsuit from social networking giant Meta , which alleged the free domain name provider has a long history of ignoring abuse complaints about phishing websites while monetizing traffic to those abusive domains. The volume of phishing websites registered through Freenom dropped considerably since the registrar was sued by Meta.

Phishing 215

Phishing Mining IT 215

The Last Watchdog

MAY 24, 2023

Zero trust networking architecture (ZTNA) is a way of solving security challenges in a cloud-first world. Related: The CMMC sea change NIST SP 800-207A (SP 207A), the next installment of Zero Trust guidance from the National Institute of Standards and Technology (NIST), has been released for public review. This special publication was written for security architects and infrastructure designers; it provides useful guidance when designing ZTNA for cloud-native application platforms, especially th

Cloud 191

Cloud Encryption Authentication Cybersecurity 191

WIRED Threat Level

MAY 22, 2023

In response to an EU proposal to scan private messages for illegal material, the country's officials said it is “imperative that we have access to the data.

Encryption 145

Encryption Access IT Privacy 145

Data Breach Today

MAY 25, 2023

Now-Fixed Expo Framework API Vulnerability Posed Credential, Identity Theft Risks A new OAuth-related vulnerability in an open-source application development framework could expose Facebook, Google, Apple and Twitter users to account takeover, personal data leakage, identity theft, financial fraud and unauthorized actions on other online platforms, security researchers said.

Personal data 261

Personal data Risk Security 261

As a business leader, you know it's important to update your apps, but it can be tough to figure out the best approach. This whitepaper helps you in upgrading your current applications using modernization strategies without any business disruptions.

IT

Dark Reading

MAY 26, 2023

Informants have released data that includes thousands of safety complaints the company has received about its self-driving capability, as well as sensitive information regarding current and past employees.

IT 126

IT 126

The Last Watchdog

MAY 20, 2023

The ransomware plague endures — and has arisen as a potent weapon in geopolitical conflicts. Related: The Golden Age of cyber espionage Cyber extortion remains a material threat to organizations of all sizes across all industries. Ransomware purveyors have demonstrated their capability to endlessly take advantage of a vastly expanded network attack surface – one that will only continue to expand as the shift to massively interconnected digital services accelerates.

Ransomware 171

Ransomware Security IT Privacy 171

National Archives Records Express

MAY 23, 2023

Digital Imaging Lab [technologies] at Archives 2–[photographed for] Prologue use. National Archives Identifier: 184340999 We continue our series of posts to support the publication of 36 CFR section 1236 subpart E – Digitizing Permanent Records , which provides the requirements for digitizing permanent records. Records management is a crucial part of any agency operation, and the rise of digital technology has led many agencies to digitize their records for improved efficiency and ac

Records Management 112

Records Management Archiving Access Security 112

Data Breach Today

MAY 24, 2023

Local Authority Finds Sensitive Data Was Exposed Despite Assurances to the Contrary Breach notifications from British outsourcing giant Capita mount amid signs the multibillion-pound company doesn't have a firm grip on how much data it exposed. For a company that trumpets its ability to "achieve better outcomes," Capita's inability to grasp the impact of its breaches is ironic.

IT 259

IT 259

Advertisement

Getting off of Hadoop is a critical objective for organizations, with data executives well aware of the significant benefits of doing so. The problem is, there are few options available that minimize the risk to the business during the migration process and that’s one of the reasons why many organizations are still using Hadoop today. By migrating to the data lakehouse, you can get immediate benefits from day one using Dremio’s phased migration approach.

Risk

Dark Reading

MAY 26, 2023

Data breaches 119

Data breaches Security 119

The Last Watchdog

MAY 25, 2023

The inadequacy of siloed security solutions is well-documented. Related: Taking a security-first path The good news is that next-gen security platforms designed to unify on-prem and cloud threat detection and remediation are, indeed, coalescing. At RSA Conference 2023 I visited with Elias Terman , CMO, and Sudarsan Kannan , Director of Product Management, from Uptycs , a Walthan, Mass.

Cloud 144

Cloud Security IT 144

Schneier on Security

MAY 25, 2023

Interesting essay on the poisoning of LLMs—ChatGPT in particular: Given that we’ve known about model poisoning for years, and given the strong incentives the black-hat SEO crowd has to manipulate results, it’s entirely possible that bad actors have been poisoning ChatGPT for months. We don’t know because OpenAI doesn’t talk about their processes, how they validate the prompts they use for training, how they vet their training data set, or how they fine-tune ChatGPT.

Paper 103

Paper Artificial Intelligence IT 103

Data Breach Today

MAY 24, 2023

Vulnerable Small to Midsized Organizations Are Now Favored Victims of APT Actors State-aligned hackers are increasingly targeting small and medium-sized businesses worldwide, as SMBs are more likely to be under-protected against cybersecurity threats such as phishing campaigns, according to a new report by cybersecurity firm Proofpoint.

Phishing 258

Phishing Cybersecurity 258

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

Risk

Dark Reading

MAY 25, 2023

Ukraine's head of cybersecurity Victor Zhora says the world needs "efficient legal instruments to confront cyber terrorism.

Cybersecurity 138

Cybersecurity 138

The Last Watchdog

MAY 23, 2023

As digital transformation accelerates, Application Programming Interfaces (APIs) have become integral to software development – especially when it comes to adding cool new functionalities to our go-to mobile apps. Related: Collateral damage of T-Mobile hack Yet, APIs have also exponentially increased the attack vectors available to malicious hackers – and the software community has not focused on slowing the widening of this security gap.

Encryption 142

Encryption Digital transformation Financial Services Security 142

Jamf

MAY 26, 2023

Cyber threats come from all sides. As bad actors continue to evolve their toolsets to more succinctly attack targets, organizations are faced with the challenges of preparing for threats while implementing mitigations to address them as quickly and efficiently as possible. One of the most critical are external threats originating from outside the organization – proving to be amongst the most common threat types and the most difficult to protect against – but not impossible to address

Security 90

Security 90

Data Breach Today

MAY 22, 2023

Tejay Fletcher Made It Easy for Scammers to Impersonate Phone Numbers The mastermind behind a criminal website that sold tools for scammers who defrauded victims globally of more than 115 million euros received a 13-year, four-month prison sentence in the United Kingdom just months after law enforcement seized the site.

IT 264

IT 264

Advertiser: ZoomInfo

When economic headwinds pick up, sales leaders are the first to sound the alarm — and chart a new course. Longer sales cycles, larger buying committees, increased price pressure, and smaller teams can quickly combine to reduce your margin for error and increase the urgency to find a solution. To thrive in a challenging environment, sales teams need a rock-solid grasp of the fundamentals and the biggest force-multipliers they can get their hands on.

B2B

Dark Reading

MAY 24, 2023

The company's ESG appliances were breached, but their other services remain unaffected by the compromise.

Security 144

Security 144

IBM Big Data Hub

MAY 23, 2023

As more enterprises move to hybrid cloud environments, hybrid cloud security has become imperative to business growth. According to a 2021 study by the IBM Institute for Business Value (IBV), 80% of executives expected their organizations to operate more than 10 distinct clouds by 2023, up from eight in 2020. “The scale of most enterprise hybrid cloud deployments is so vast and penetrates so deeply that the need for an all-in security culture is absolute,” says Shue-Jane Thompson, ma

Cloud 103

Cloud Security Cybersecurity Data breaches 103

Information Governance Perspectives

MAY 25, 2023

In T he Bastard of Beverly Hills , I tell a crazy story about the time my mother was married to restaurateur Tony Roma, and though it’s true to the best of my recollection, people shouldn’t get the wrong impression about him. Tony was a fine man. He was driven, charismatic, funny, and, like me, a bit of a romantic. You can read more about exactly what happened between us in the book, but the bottom line is that the chef didn’t deserve the hell I put him through during the short

IT 93

IT 93

Data Breach Today

MAY 24, 2023

Targets Are Critical Infrastructure - Likely for Cyberespionage, Long-Term Access A Chinese state hacker has targeted critical infrastructure in Guam and the United States with the likely intent of cyberespionage and maintaining long-term access. Microsoft dubbed the threat actor "Volt Typhoon" on Wednesday in a coordinated disclosure with the U.S. government and close allies.

Government 221

Government Access 221

As a business leader, you know it's important to update your apps, but it can be tough to figure out the best approach. This whitepaper helps you in upgrading your current applications using modernization strategies without any business disruptions.

IT

Dark Reading

MAY 22, 2023

Techniques used in cyber warfare can be sold to anyone — irrespective of borders, authorities, or affiliations. We need to develop strategies to respond at scale.

128

128

Jamf

MAY 23, 2023

Following the release of the Jamf Security 360: Annual Threat Trends Report 2023, where we highlight security threat trends, we utilize threat intelligence gathered by Jamf to inform security professionals about which threats from the previous year most critically affected the enterprise. Preserving user privacy is a growing threat that the data supports and is the focus of this blog series.

Privacy 98

Privacy Security Information Security Risk 98

Security Affairs

MAY 24, 2023

Barracuda warned customers that some of its Email Security Gateway (ESG) appliances were breached exploiting a zero-day vulnerability. Network security solutions provider Barracuda warned customers that some of its Email Security Gateway (ESG) appliances were recently breached by threat actors exploiting a now-patched zero-day vulnerability. The vulnerability, tracked as CVE-2023-2868, resides in the module for email attachment screening, the issue was discovered on May 19 and the company fixed

Security 95

Security Cybersecurity Access IT 95