Krebs on Security
MAY 11, 2021
The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe , stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast. Here’s a closer look at the DarkSide cybercrime gang, as seen through their negotiations with a recent U.S. victim that earns $15 billion in annual revenue.
Data Breach Today
MAY 8, 2021
SVR's TTPs and General Tradecraft Detailed U.S. and U.K. cyber, law enforcement and intelligence agencies issued a joint advisory Friday offering detailed information on how to defend against the activities of the Russian Foreign Intelligence Service, or SVR, in the wake of the 2020 SolarWinds attacks.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
eSecurity Planet
MAY 13, 2021
Oil and gas companies have two key areas of concern when addressing cybersecurity, especially in their unmanned remote facilities. They have to supply physical security that denies access to the cyber-physical assets, and they sometimes must employ several cyber defenses depending on the device or system in question. So when you are looking at doing a Zero Trust deployment for critical infrastructure, it is important to be mindful of the fact that a site’s physical security is typically th
AIIM
MAY 18, 2021
Quick question: What’s your business’s most prized asset? Is it a tangible asset, like a high-rise building in an upmarket area? Is it owning groundbreaking high-tech tools? What about your inventory, cash, or cash equivalents? In today’s knowledge economy, it's knowledge assets that are vital to a company’s growth. When you think about it, knowledge assets are more important than tangible assets.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Last Watchdog
MAY 25, 2021
Resilience was the theme of RSA Conference 2021 which took place virtually last week. Related: Web attacks spike 62 percent in 2020. I’ve been covering this cybersecurity gathering since 2004 and each year cybersecurity materially advances. By the same token, the difficulties of defending modern IT systems has redoubled as organizations try to balance security and productivity.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Krebs on Security
MAY 21, 2021
One of the oldest scams around — the fake job interview that seeks only to harvest your personal and financial data — is on the rise, the FBI warns. Here’s the story of a recent LinkedIn impersonation scam that led to more than 100 people getting duped, and one almost-victim who decided the job offer was too-good-to-be-true. Last week, someone began began posting classified notices on LinkedIn for different design consulting jobs at Geosyntec Consultants , an environmental engi
Data Breach Today
MAY 25, 2021
Report: Oil Provides Electricity for Cryptomining Servers Iran is using its abundance of oil to generate electricity that powers a massive bitcoin cryptomining operation that enables the country to turn its greatest natural resource into money, offsetting some of its income lost as a result of economic sanctions, according to cryptocurrency analysis firm Elliptic.
Jamf
MAY 24, 2021
A zero-day discovery allows an attacker to bypass Apple’s TCC protections which safeguard privacy. By leveraging an installed application with the proper permissions set, the attacker can piggyback off that donor app when creating a malicious app to execute on victim devices, without prompting for user approval.
AIIM
MAY 4, 2021
How will humanity survive the AI revolution? Simple—we become superhuman. That is the subject of our new AIIM On Air interview with author and researcher Alex Bates. In his book " Augmented Mind, " Alex explains how the combination of AI with human intelligence – what he calls Intelligence Augmentation -- has revolutionary potential. After a decade on the front lines of AI research and implementation facilitating the collaboration of humans and AI, Bates created a global mastermind network of ap
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Last Watchdog
MAY 18, 2021
Keeping up with the pace of technology, information, and the evolving threat landscape is a challenge for all enterprises. Related: DHS launches 60-day cybersecurity sprints. To make matters more difficult, implementing new security software and processes to address these issues is another big hurdle, often causing disruption—and not the good kind. But with mounting pressure to replace legacy, perimeter-centric defenses with cloud- and hybrid-cloud protection, many organizations are stuck betwee
Security Affairs
MAY 25, 2021
Apple has addressed three zero-day vulnerabilities in macOS and tvOS actively exploited in the wild by threat actors. Apple has released security updates to address three zero-day vulnerabilities affecting macOS and tvOS which have been exploited in the wild. The macOS flaw has been exploited by the XCSSET malware to bypass security protections. “Apple is aware of a report that this issue may have been actively exploited.” reads the security advisories published by Apple for the abov
Krebs on Security
MAY 14, 2021
The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The crime gang announced it was closing up shop after its servers were seized and someone drained the cryptocurrency from an account the group uses to pay affiliates. “Servers were seized (country not named), money of advertisers and founders was transferred to an unknown account,” reads a
Data Breach Today
MAY 28, 2021
Microsoft: Russians Used Malicious Messages Portrayed as Coming From USAID A Russian group that was behind the massive SolarWinds supply chain attack has returned with a fresh phishing campaign, according to Microsoft. This new campaign compromised a marketing firm used by the U.S. Agency for International Development - USAID - to send malicious messages to thousands.
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
Schneier on Security
MAY 21, 2021
This seems to be a new tactic : Emsisoft has identified two distinct tactics. In the first, hackers encrypt data with ransomware A and then re-encrypt that data with ransomware B. The other path involves what Emsisoft calls a “side-by-side encryption” attack, in which attacks encrypt some of an organization’s systems with ransomware A and others with ransomware B.
AIIM
MAY 6, 2021
This post is focused on the following topics. You may click these links to jump to a specific section: What Is Knowledge Management? Tacit Knowledge vs. Explicit Knowledge. Strategies for Making Tacit Knowledge More Explicit. What Is Knowledge Management? According to the late Carl Frappaolo, one of the leading practitioners and analysts in the knowledge management space, “Knowledge Management is the leveraging of collective wisdom to increase responsiveness and innovation.”.
The Last Watchdog
MAY 12, 2021
A permissions glut is giving rise to an explosion of new exposures in modern business networks. Related: Securing digital identities. Companies are adopting multi-cloud and hybrid cloud infrastructures and relying on wide-open app development like never before. In doing so, permissions to make myriad software connections are proliferating. Taken together these man-to-machine and machine-to-machine connections result in cool new digital services.
Security Affairs
MAY 22, 2021
QNAP warns customers of updating the HBS 3 disaster recovery app to prevent Qlocker ransomware attack. Taiwanese vendor QNAP is warning its customers of updating the HBS 3 disaster recovery app running on their Network Attached Storage (NAS) devices to prevent Qlocker ransomware infections. At the end of April, experts warned of a new strain of ransomware named Qlocker that was infecting hundreds of QNAP NAS devices on daily bases.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Krebs on Security
MAY 19, 2021
Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can be devastating. Even so, plenty of people willingly abandon a mobile number without considering the potential fallout to their digital identities when those digits invariably get reassigned to someone el
Data Breach Today
MAY 29, 2021
2022 Budget Proposal Seeks $750 Million for 'Lessons Learned' From SolarWinds The White House officially released its 2022 federal budget proposal on Friday, and the Biden administration is seeking to spend billions on cybersecurity next year, including $750 million for "lessons learned" from the SolarWinds attack. Officials also want to boost CISA's budget by $110 million.
Schneier on Security
MAY 10, 2021
This is a newly unclassified NSA history of its reaction to academic cryptography in the 1970s: “ New Comes Out of the Closet: The Debate over Public Cryptography in the Inman Era ,” Cryptographic Quarterly , Spring 1996, author still classified.
AIIM
MAY 25, 2021
Knowledge is power - both in our personal lives and work lives. But, in our organizations, the management of this knowledge is one of the most crucial yet overlooked aspects of workplace progress. When employees fail to get access to the knowledge necessary for completing their tasks, the organization can suffer. In fact, there are many benefits to using a practice called Knowledge Management to purposefully manage your organization's knowledge assets and ensure access.
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
The Last Watchdog
MAY 11, 2021
By patiently slipping past the best cybersecurity systems money can buy and evading detection for 16 months, the perpetrators of the SolarWinds hack reminded us just how much heavy lifting still needs to get done to make digital commerce as secure as it needs to be. Related: DHS launches 60-day cybersecurity sprints. Obviously, one change for the better would be if software developers and security analysts paid much closer attention to the new and updated coding packages being assembled and depl
Security Affairs
MAY 20, 2021
Microsoft released SimuLand, an open-source tool that can be used to build lab environments to simulate attacks and verify their detection. Microsoft has released SimuLand, an open-source lab environment that allows to reproduce the techniques used in real attack scenarios. The tool could be used to test and improve Microsoft solutions, including Microsoft 365 Defender, Azure Defender, and Azure Sentinel defenses against real attack scenarios. “SimuLand is an open-source initiative by Micr
Krebs on Security
MAY 5, 2021
Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization’s own email login page. After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others.
Data Breach Today
MAY 26, 2021
Attackers Could Exploit 'Critical' Flaw to Remotely Execute Arbitrary Code VMware is warning all vCenter Server administrators to patch their software to fix both a serious vulnerability that could be used to execute arbitrary code, as well as a separate authentication flaw. Experts warn that these and other recent flaws are likely to be targeted by ransomware gangs.
Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL
Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.
Schneier on Security
MAY 18, 2021
A lot of Russian malware — the malware that targeted the Colonial Pipeline, for example — won’t install on computers with a Cyrillic keyboard installed. Brian Krebs wonders if this could be a useful defense: In Russia, for example, authorities there generally will not initiate a cybercrime investigation against one of their own unless a company or individual within the country’s borders files an official complaint as a victim.
AIIM
MAY 11, 2021
A staple of many Information Technology (IT) policy suites is the Acceptable Use Policy (AUP), intended to govern what people working in the organization can and cannot do with the technology we provide them. IIM professionals and consultants push to have these kinds of policies in place, and countless templates and best practices are available on the Internet to use as a starting point if we don't have one already.
The Last Watchdog
MAY 3, 2021
Encryption agility is going to be essential as we move forward with digital transformation. Refer: The vital role of basic research. All of the technical innovation cybersecurity vendors are churning out to deal with ever-expanding cyber risks, at the end of the day, come down to protecting encrypted data. But cryptography historically has been anything but agile; major advances require years, if not decades, of inspired theoretical research.
Expert insights. Personalized for you.
364 
Let's personalize your content