Sat.Aug 21, 2021 - Fri.Aug 27, 2021

article thumbnail

Top Code Debugging and Code Security Tools

eSecurity Planet

There’s a lot of code in the world, and a lot more is created every day. The browser you’re reading this article on is likely supported by millions of lines of code. And as even a casual reader would know from the headlines, not all of that code is flawless. In fact, there are more than a few flaws present, as well as the occasional gaping security hole.

Security 143
article thumbnail

Intelligent Search – Strategies to Find What You Need

AIIM

Regardless of your industry, managing information intelligently requires the ability to find, store, and use information effectively and flexibly in order to get good results. It all boils down to: Finding the right information when you need it. Storing important information in a secure and compliant way. Using that information in ways that matter. But, the job of managing information has become increasingly challenging.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Financial Execs Say Security a Top Cryptocurrency Barrier

Data Breach Today

Survey: Cybersecurity, Regulatory Concerns May Slow Digital Asset Adoption Although a majority of financial services executives predict that cryptocurrency will replace or rival fiat currency within the next five to 10 years, they say cybersecurity, regulatory and privacy issues are among the biggest obstacles to its adoption, according to a survey by Deloitte.

article thumbnail

Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents

Krebs on Security

In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin. After several years of working with investigators, Schober says he’s confident he has located two young men in the United Kingdom responsible for using a clever piece of digital clipboard-stealing malware that let them siphon his crypto holdings. Schober is now suing each of their parents in a civil case that seeks to extract what their children would not return voluntarily.

Libraries 349
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

GUEST ESSAY: Top 5 cyber exposures tied to the rising use of international remote workforces

The Last Watchdog

While every business needs to prioritize cybersecurity, doing so is becoming increasingly complicated. With many employees now working remotely, securing company data isn’t as straightforward as it used to be. Things get even more complicated if you have an international remote workforce. Related: Employees as human sensors. As of 2018, more than 2 million people were working abroad for U.S. companies in China alone.

More Trending

article thumbnail

Cloudflare Thwarts Largest Ever HTTP DDoS Attack

Data Breach Today

17.2 Million RPS Attack Originated From Over 20,000 Bots In 125 Countries Security firm Cloudflare says it detected and mitigated a 17.2 million request-per-second (rps) distributed denial of service attack, almost three times larger than any previously reported HTTP DDoS attack.

Security 363
article thumbnail

A Bad Solar Storm Could Cause an 'Internet Apocalypse'

WIRED Threat Level

The undersea cables that connect much of the world would be hit especially hard by a coronal mass ejection.

Security 145
article thumbnail

Surveillance of the Internet Backbone

Schneier on Security

Vice has an article about how data brokers sell access to the Internet backbone. This is netflow data. It’s useful for cybersecurity forensics, but can also be used for things like tracing VPN activity. At a high level, netflow data creates a picture of traffic flow and volume across a network. It can show which server communicated with another, information that may ordinarily only be available to the server owner or the ISP carrying the traffic.

article thumbnail

New LockFile ransomware gang uses ProxyShell and PetitPotam exploits

Security Affairs

A new ransomware gang named LockFile targets Microsoft Exchange servers exploiting the recently disclosed ProxyShell vulnerabilities. A new ransomware gang named LockFile targets Microsoft Exchange servers using the recently disclosed ProxyShell vulnerabilities. The popular security expert Kevin Beaumont was one of the first researchers to report that the LockFile operators are using the Microsoft Exchange ProxyShell and the Windows PetitPotam vulnerabilities to take over Windows domains.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

The Ransomware Files, Episode 1: The School District

Data Breach Today

This is the first episode of The Ransomware Files, a podcast miniseries focused on stories of resilience in the fight against ransomware. A systems administrator with a school district in Washington state recounts a brush with the Ryuk ransomware and how the district recovered through tenacity and a bit of luck.

article thumbnail

UK ICO Approves the First UK GDPR Certification Scheme Criteria

Hunton Privacy

On August 19, 2021, the UK Information Commissioner’s Office (“ICO”) approved the criteria for three certification schemes, as required under Article 42(5) of the UK General Data Protection Regulation (“UK GDPR”). Certification schemes are one method for organizations to demonstrate compliance with the UK GDPR. The ICO has approved criteria for the following schemes: ADISA ICT Asset Recovery Certification 8.0 : This certification standard was developed for data processors or sub-processors provi

GDPR 142
article thumbnail

Cloudflare: Mirai Botnet Launched Record-Breaking DDoS Attack

eSecurity Planet

Cloudflare last month fought off a massive distributed denial-of-service (DDoS) attack by a botnet that was bombarding 17.2 million requests per second (rps) at one of the internet infrastructure company’s customers in the financial services space. The attack was almost three times larger than any previous attack that Cloudflare is aware of, according to Omar Yoachimik, product manager for DDoS protection at Cloudflare.

article thumbnail

LPE zero-day flaw in Razer Synapse allows attackers to take over Windows PCs

Security Affairs

A zero-day vulnerability in Razer Synapse could allow threat actors to gain Windows admin privileges by plugging in a Razer mouse or keyboard. Razer is a popular manufacturer of computer accessories, including gaming mouses and keyboards. A local privilege escalation (LPE) zero-day flaw in Razer Synapse allows attackers to gain SYSTEM privileges on Windows systems by plugging in a Razer mouse or keyboard.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

T-Mobile CEO Apologizes for Mega-Breach, Offers Update

Data Breach Today

Hacker Claiming Responsibility for Attack Calls Company's Security 'Awful' T-Mobile CEO Mike Sievert on Friday issued an official mea culpa for the data breach that exposed information on 54 million of the company's customers and prospects. On Thursday, a hacker who claimed responsibility for the attack called the company's cybersecurity "awful," the Wall Street Journal reports.

article thumbnail

Details of the Recent T-Mobile Breach

Schneier on Security

Seems that 47 million customers were affected. Surprising no one, T-Mobile had awful security. I’ve lost count of how many times T-Mobile has been hacked.

Security 141
article thumbnail

[Podcast] Doing Agile Right - Transformation Without Chaos

AIIM

We hear a lot about "Agile" as a way to manage change and spur innovation. But what exactly is Agile? And how can we use it to make a difference? That was the topic of our AIIM On Air interview with Darrell Rigby. Darrell leads Bain & Company's Global Innovation and Agile practices and is the co-author of " Doing Agile Right." He's a frequent speaker and writer on innovation and Agile, and has appeared on CNBC, CNN, and Bloomberg, and has had his research published in Harvard Business Review

article thumbnail

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Security Affairs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. The U.S. CISA published five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. “As part of CISA’s ongoing response to Pulse Secure compromises, CISA has analyzed five malware samples related to exploited Pulse Secure devices.

Security 142
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

US Agencies Increasing Use of Facial Recognition Tech

Data Breach Today

GAO Finds Increasing Use for Security and Access; Privacy Concerns Remain At least 10 U.S. government agencies are planning to increase the use of facial recognition technologies by 2023, according to a GAO report. The growing utilization comes as facial recognition technology raises privacy concerns.

Privacy 334
article thumbnail

Interesting Privilege Escalation Vulnerability

Schneier on Security

If you plug a Razer peripheral (mouse or keyboard, I think) into a Windows 10 or 11 machine, you can use a vulnerability in the Razer Synapse software — which automatically downloads — to gain SYSTEM privileges. It should be noted that this is a local privilege escalation (LPE) vulnerability, which means that you need to have a Razer devices and physical access to a computer.

Access 139
article thumbnail

Efficient QR codes

Imperial Violet

QR codes seem to have won the battle for 2D barcodes, but they're not just a bag of bits inside. Their payload is a series of segments , each of which can have a different encoding. Segments are bitstrings, concatenated without any byte-alignment, and terminated with an empty segment of type zero. If you want to squeeze the maximum amount of data into a QR code without it turning into a gray square, understanding segmentation helps.

Libraries 138
article thumbnail

FBI flash alert warns on OnePercent Group Ransomware attacks

Security Affairs

The FBI shared info about OnePercent Group that has been actively targeting US organizations in ransomware attacks since at least November 2020. The Federal Bureau of Investigation (FBI) has published a flash alert about a threat actor known as OnePercent Group that has been actively targeting US organizations in ransomware attacks since at least November 2020.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

After Ransomware Attack, When Must Patients Be Notified?

Data Breach Today

Eskenazi Health Says It's Still Assessing Whether Individual Notifications Are Required Eskenazi Health, Brett Callow, Vice Society, Rob Bonta, Waikato District Health Board, HIPAA, ransomware, exfiltration, breach notification, David Holtzman, California, attorney general

article thumbnail

Neural Fuzzing: A Faster Way to Test Software Security

eSecurity Planet

Software vulnerabilities are a grave threat to the security of computer systems. They often go undetected for years until it is too late and the consequences are irreversible. In order to find these weaknesses, software security testers and developers often have to manually test the entire codebase and determine if any vulnerabilities exist. However, this can take months or even years of work due to the scale of modern software projects.

Security 137
article thumbnail

Why MSPs must prioritise Cloud security

IT Governance

Cloud computing has become an integral part of business, providing affordable and flexible options for organisations as they grow. But as Cloud services become more popular, they become increasingly lucrative targets for cyber criminals. If they’re not properly managed, they create a raft of vulnerabilities that can be exploited to great effect. This is particularly the case for MSPs (managed service providers), which often work with dozens, if not hundreds, of organisations.

Cloud 136
article thumbnail

Personal Data and docs of Swiss town Rolle available on the dark web

Security Affairs

Documents and personal details of residents of the small Swiss town Rolle, on the shores of Lake Geneva, were stolen in a ransomware attack. The Swiss town Rolle disclosed the data breach after a ransomware attack, personal details of all its 6,200 inhabitants were stolen by threat actors. The threat actors compromised some administrative servers and exfiltrated sensitive documents.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

7 Emerging Ransomware Groups Practicing Double Extortion

Data Breach Today

Fresh Ransomware-as-a-Service Operations Seek Affiliates for Extorting New Victims After a string of high-profile hits, many of the largest and most notorious ransomware operations recently disappeared. But the pace of ransomware attacks hasn't diminished because of a steady influx of new operations, existing operations getting more sophisticated and old players rebranding.

article thumbnail

3 Tests to Ensure Zero Trust Network Security

eSecurity Planet

The COVID pandemic has highlighted the challenges of ensuring security across an expanding enterprise network forced to support more and more remote workers , an ever-increasing diversity of devices, and frequent mobility. Praveen Jain, founder and CEO of cloud networking startup WiteSand, spoke with eSecurity Planet about the challenges of maximizing security in today’s environment, the value of a zero trust model – and three key questions to address to make sure you’re on the right

Security 132
article thumbnail

Windows 10 Admin Rights Gobbled by Razer Devices

Threatpost

So much for Windows 10's security: A zero-day in the device installer software grants admin rights just by plugging in a mouse or other compatible device. UPDATE: Microsoft is investigating.

Security 130