Krebs on Security

NOVEMBER 13, 2021

The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities.

Access 363

Access Security Communications IT 363

Data Breach Today

NOVEMBER 1, 2021

This Flaw Could Lead to an Attack Like SolarWinds Two researchers from the University of Cambridge have discovered a vulnerability that affects most computer code compilers and many software development environments, according to a new research paper. The bug could cause a SolarWinds-like open-source supply chain attack scenario, they say.

Paper 279

Paper 279

The Last Watchdog

NOVEMBER 3, 2021

Last Watchdog’s mission is to foster useful understanding about emerging cybersecurity and privacy exposures. Related article: The road to a Pulitzer. While I no longer concern myself with seeking professional recognition for doing this, it’s, of course, always terrific to receive peer validation that we’re steering a good course. That’s why I’m thrilled to point out that Last Watchdog has been recognized, once again, as a trusted source of information on cybersecurity and privacy topics.

Cybersecurity 278

Cybersecurity Privacy Data breaches Ransomware 278

Thales Cloud Protection & Licensing

NOVEMBER 2, 2021

Quantum Resistant Encryption – Are You Ready? madhav. Tue, 11/02/2021 - 09:10. . Some good news and a couple of tips for being prepared. Over the past few months, a handful of Thales CPL clients have mentioned their concern regarding the future threat of quantum computing to their data security frameworks. If you take a good hard look at the risks arising from Quantum, there is bad news and good news.

Encryption 156

Encryption Risk Cybersecurity Compliance 156

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

Artificial Intelligence

Preservica

NOVEMBER 9, 2021

Welcome to the "How we do it" Video Series. If you are a Clerk, Records Manager or Archivist for City or County Government, our practical “How we do it” videos are for you! We have compiled a series of videos, from users in City and County Government to share how they quickly and easily perform common electronic records preservation and access tasks with Preservica’ s solutions.

Digital preservation 144

Digital preservation Records Management Archiving Education 144

Krebs on Security

NOVEMBER 10, 2021

Most of us have probably heard the term “smishing” — which is a portmanteau for traditional ph ishing scams sent through SMS text messages. Smishing messages usually include a link to a site that spoofs a popular bank and tries to siphon personal information. But increasingly, phishers are turning to a hybrid form of smishing — blasting out linkless text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text

Phishing 358

Phishing Security IT 358

Data Breach Today

NOVEMBER 1, 2021

Operators Left Exposed After Overreaching, Says McAfee Enterprise’s John Fokker How is the ransomware ecosystem set to evolve? Since some operations overreached - notably with DarkSide's hit on Colonial Pipeline - "what we're seeing … is that there is going to be a power balance shift," says McAfee's John Fokker, with more affiliates, not gang leaders, calling the shots.

Ransomware 327

Ransomware 327

Threatpost

NOVEMBER 5, 2021

CISA is urging vendors to patch, given the release of public exploit code & a proof of concept tool for bugs that open billions of devices – phones, PCs, toys, etc. – to DoS & code execution.

Security 141

Security 141

Thales Cloud Protection & Licensing

NOVEMBER 15, 2021

How encryption can help address Cloud misconfiguration. divya. Tue, 11/16/2021 - 06:15. Cloud service providers (CSPs) try to make it simple and easy for their users to comply with data privacy regulations and mandates. Still, as all of us who work in technology know, you reduce access to granular controls when you simplify a process. On the flip side, if you allow access to granular controls, the person setting the controls needs to be an expert to set them correctly.

Encryption 143

Encryption Cloud Access Privacy 143

Advertisement

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

Analytics

WIRED Threat Level

NOVEMBER 5, 2021

DDoSecrets published the trove Friday afternoon. Privacy advocates say it shows how pervasive law enforcement's eye has become, and how lax its data protection can be.

Privacy 145

Privacy IT Security 145

Security Affairs

NOVEMBER 13, 2021

Threat actors hacked email servers of the FBI to distribute spam email impersonating FBI warnings of fake cyberattacks. The email servers of the FBI were hacked to distribute spam email impersonating the Department of Homeland Security (DHS) warnings of fake sophisticated chain attacks from an advanced threat actor. The message tells the recipients that their network has been breached and that the threat actor has stolen their data. “Our intelligence monitoring indicates exfiltration of se

Security 142

Security Information Security IT 142

Krebs on Security

NOVEMBER 4, 2021

The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a lure about a wayward package that needs redelivery. Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients. One of dozens of FedEx-themed phishing sites currently being advertised via SMS spam.

Phishing 311

Phishing Insurance Passwords Privacy 311

Data Breach Today

NOVEMBER 2, 2021

A Nevada Cancer Center Is Also Dealing With the Aftermath of an Attack A recent cyberattack on Community Medical Centers in Northern California has potentially compromised the information of more than 656,000 individuals. Meanwhile, Las Vegas Cancer Center reportedly fell victim to a ransomware attack during Labor Day weekend.

Ransomware 264

Ransomware 264

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

Micro Focus

NOVEMBER 30, 2021

Micro Focus’ innovation in the modernization space continues to gather pace. Eddie Houghton, Enterprise Product Director explains the latest developments in mainframe workload modernization with AWS and Micro Focus. The Rich Micro Focus Heritage in Mainframe Modernization Most large enterprises and public institutions run business-critical applications on mainframe environments that execute vast numbers of transactions.

139

139

Dark Reading

NOVEMBER 24, 2021

The convergence and integration of OT and IT has resulted in a growing number of cyber-risks for critical infrastructure. Here are some of the ways attackers are targeting operational technology systems.

Risk 139

Risk IT 139

eSecurity Planet

NOVEMBER 18, 2021

New cybersecurity buzzwords are always in abundance at the Gartner Security & Risk Management Summit, and the concepts that took center stage this week, like cybersecurity mesh and decentralized identity, seem well suited for new threats that have exploded onto the scene in the last year. Gartner analyst Ruggero Contu noted that security risks are becoming external: the software supply chain , the public cloud , the trading of breached data, and IoT and operational technology (OT) are all th

Cybersecurity 135

Cybersecurity Security Analytics Blockchain 135

Security Affairs

NOVEMBER 26, 2021

Resecurity researchers found a zero-day vulnerability in the TP-Link enterprise device with model number TL-XVR1800L. Resecurity, a Los Angeles-based cybersecurity company has identified an active a zero-day vulnerability in the TP-Link device with model number TL-XVR1800L (Enterprise AX1800 Dual Band Gigabit Wi-Fi 6 Wireless VPN Router), which is primarily suited to enterprises.

IoT 140

IoT Honeypots Cybersecurity Sales 140

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Krebs on Security

NOVEMBER 8, 2021

The U.S. Department of Justice today announced the arrest of Ukrainian man accused of deploying ransomware on behalf of the REvil ransomware gang, a Russian-speaking cybercriminal collective that has extorted hundreds of millions from victim organizations. The DOJ also said it had seized $6.1 million in cryptocurrency sent to another REvil affiliate, and that the U.S.

Ransomware 300

Ransomware Passwords Systems administration IT 300

Data Breach Today

NOVEMBER 1, 2021

How CISOs Can Ensure That the Business Succeeds While It Transforms While doing digital transformation, CISOs tend to look more at technology and try to adapt it without making the distinction between technologies that are must-have and good to have. Krishnamurthy Rajesh of ICRA says CISOs must analyze risks, update security, and change the mindset of employees.

Digital transformation 263

Digital transformation Risk Security IT 263

Schneier on Security

NOVEMBER 17, 2021

I received email from two people who told me that Microsoft Edge enabled synching without warning or consent, which means that Microsoft sucked up all of their bookmarks. Of course they can turn synching off, but it’s too late. Has this happened to anyone else, or was this user error of some sort? If this is real, can some reporter write about it?

Passwords 135

Passwords Privacy IT 135

IT Governance

NOVEMBER 24, 2021

Cloud services are an integral part of modern business. They provide a cost-effective way to store data; and with the rise in hybrid workforces, they deliver a reliable way for employees to access information remotely. But as is often the case with technological solutions, the benefits of convenience comes with security risks. In this blog, we look at the top five Cloud security challenges that organisations face, and provide tips on how to overcome them. 1.

Cloud 133

Cloud Risk Security Data breaches 133

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

eSecurity Planet

NOVEMBER 18, 2021

A payload is a piece of code that executes when hackers exploit a vulnerability. In other words, it’s an exploit module. It’s usually composed of a few commands that will run on the targeted operating system (e.g., key-loggers) to steal data and other malicious acts. Most operations use payloads, but there are a few payload-less attacks, such as phishing campaigns that do not include malicious links or malware , but rely on more sophisticated deception such as spoofing to trick their targets.

Cybersecurity 134

Cybersecurity Access Phishing Security 134

Security Affairs

NOVEMBER 21, 2021

Researchers discovered 11 malicious Python packages in the PyPI repository that can steal Discord access tokens, passwords, and conduct attacks. JFrog researchers have discovered 11 malicious Python packages in the Python Package Index (PyPI) repository that can steal Discord access tokens, passwords, and even carry out dependency confusion attacks.

Communications 141

Communications Passwords Access Security 141

Krebs on Security

NOVEMBER 22, 2021

In August, KrebsOnSecurity warned that scammers were contacting people and asking them to unleash ransomware inside their employer’s network, in exchange for a percentage of any ransom amount paid by the victim company. This week, authorities in Nigeria arrested a suspect in connection with the scheme — a young man who said he was trying to save up money to help fund a new social network.

Ransomware 266

Ransomware Phishing Education Government 266

DLA Piper Privacy Matters

NOVEMBER 18, 2021

Author: Sinead Lynch. At DLA Piper we advise clients that develop or create technology, are enabled by technology, or whose business model is fundamentally based on technology. From start-ups, to fast growing and mid-market businesses, to mature global enterprises, DLA Piper supports innovative businesses and new ventures. It is at the heart of what we do.

Privacy 133

Privacy Digital transformation Government Financial Services 133

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

Customer Experience

Dark Reading

NOVEMBER 4, 2021

Hiring managers must rethink old-school practices to find the right candidates and be ready to engage in meaningful conversations about their company's values. Here are three ways to start.

Cybersecurity 132

Cybersecurity 132

Schneier on Security

NOVEMBER 22, 2021

I have long been annoyed that the word “crypto” has been co-opted by the blockchain people, and no longer refers to “cryptography.” I’m not the only one.

Blockchain 129

Blockchain 129

eSecurity Planet

NOVEMBER 19, 2021

In a year in which ransomware attacks seem to get worse by the day, companies have made surprising progress defending themselves against attacks. But the attention paid to the malware by journalists, cybersecurity vendors and increasingly, government agencies , has pushed companies to improve their preparedness to defend themselves against ransomware gangs, according to a report this week by security solutions vendor Cymulate.

Ransomware 131

Ransomware Cybersecurity Cloud Security 131