Sat.Feb 20, 2021 - Fri.Feb 26, 2021

article thumbnail

Senate SolarWinds Hearing: 4 Key Issues Raised

Data Breach Today

Issues Include Attackers' Use of Amazon's Infrastructure The Senate Intelligence Committee's hearing about the supply chain attack that affected SolarWinds and dozens of other companies and federal agencies answered some questions about what went wrong but also raised four key issues.

293
293
article thumbnail

Optimizing Performance for Your EIM Platform

OpenText Information Management

Slow and inconsistent performance can be a barrier to user adoption and achieving the desired outcomes for a solution. Even small inefficiencies can add up, leading to reduced productivity across the user base. To get the most out of your enterprise information management (EIM) deployment, you’ll want to ensure that performance is optimal.

103
103
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

A Trippy Visualization Charts the Internet's Growth

WIRED Threat Level

In 2003, Barrett Lyon created a map of the internet. In 2021, he did it again—and showed just how quickly it's expanded.

IT 118
article thumbnail

Checkout Skimmers Powered by Chip Cards

Krebs on Security

Easily the most sophisticated skimming devices made for hacking terminals at retail self-checkout lanes are a new breed of PIN pad overlay combined with a flexible, paper-thin device that fits inside the terminal’s chip reader slot. What enables these skimmers to be so slim? They draw their power from the low-voltage current that gets triggered when a chip-based card is inserted.

Retail 338
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

New Malicious Adware Exploits Apple M1 Chip

Data Breach Today

GoSearch22 is an Off-Shoot of macOS-Targeting Pirrit Adware A security researcher has uncovered what is believed to be the first-ever malware variant that can be successfully executed in Apple's M1 chips, its latest central processor unit for Mac computers.

Security 356

More Trending

article thumbnail

What Does a Modern Information Infrastructure Look Like?

AIIM

Information has transformed in a big way over the past few decades, with some of the most significant changes coming in just the last five years. Year over year, information has seen a dramatic increase in both value and volume. The advancement of new technology has transitioned much of this from paper to digital – which presents its own set of new challenges regarding compliance, access, and protection.

article thumbnail

New Ryuk ransomware implements self-spreading capabilities

Security Affairs

French experts spotted a new Ryuk ransomware variant that implements self-spreading capabilities to infect other devices on victims’ local networks. Experts from French national cyber-security agency ANSSI have spotted a new Ryuk ransomware variant that implements worm-like capabilities that allow within local networks. “On top of its usual functions, this version holds a new attribute allowing it to self replicate over the local network.” reads the report published by the ANSS

article thumbnail

ENISA Highlights AI Security Risks for Autonomous Cars

Data Breach Today

Automakers Should Employ Security-By-Design to Thwart Cyber Risks Autonomous vehicle manufacturers are advised to adopt security-by-design models to mitigate cybersecurity risks, as artificial intelligence is susceptible to evasion and poisoning attacks, says a new ENISA report.

Risk 312
article thumbnail

Hackers Tied to Russia's GRU Targeted the US Grid for Years

WIRED Threat Level

A Sandworm-adjacent group has successfully breached US critical infrastructure a handful of times, according to new findings from the security firm Dragos.

Security 144
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

The Gulf Between IM and IT

AIIM

How many times have you left a joint meeting of members of your organization's Information Management (IM) and IT teams thinking that everyone was on the same page, only to find out a few days later that the decisions your colleagues in the "other" unit took away were totally different from what your unit did? It happens more often than we think. And when it does happen, we should consider ourselves lucky if it takes only a few days for the inconsistent understanding to surface.

IT 118
article thumbnail

Sequoia Capital Venture Capital firm discloses a data breach

Security Affairs

Sequoia Capital, one of the most prominent venture capital firms, told its investors that an unauthorized third party had access to their information. Sequoia Capital, one of the most prominent venture capital firms that focus on the technology industry, discloses a data breach. The company informed its investors that an unauthorized third party had access to their personal and financial information.

article thumbnail

Senators Grill Cybersecurity Execs on SolarWinds Attack

Data Breach Today

FireEye, Microsoft, CrowdStrike Offer New Details and Recommendations The CEOs of SolarWinds, Microsoft, FireEye and CrowdStrike rolled out a series of cybersecurity recommendations to a U.S. Senate panel Tuesday while detailing how foreign actors gained access into their firms' systems as a result of the SolarWinds supply chain attack.

article thumbnail

China Hijacked an NSA Hacking Tool—and Used It for Years

WIRED Threat Level

The hackers used the agency’s EpMe exploit to attack Windows devices years before the Shadow Brokers leaked the agency’s zero-day arsenal online.

IT 145
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Assume ClubHouse Conversations Are Being Recorded, Researchers Warn

Threatpost

At nearly a year old, the invitation-only, audio-based social-media platform ClubHouse is grappling with security issues on multiple fronts, but the consensus among researchers is coming into focus: Assume your ClubHouse conversations are being recorded. The company confirmed to Bloomberg that over the weekend a user was able to breach “multiple” ClubHouse room audio feeds […].

Security 118
article thumbnail

Airplane manufacturer Bombardier has disclosed a security breach, data leaked online

Security Affairs

Hackers posted data stolen from manufacturer of business jets Bombardier on Clop ransomware leak site following alleged FTA hack. Hackers exploited vulnerabilities in Accellion FTA file-sharing legacy servers to steal data from the airplane maker Bombardier and leak data on the site operated by the Clop ransomware gang. The wave of attacks exploiting multiple zero-day vulnerabilities in the Accellion File Transfer Appliance (FTA) software began in mid-December 2020, threat actors use to deploy a

article thumbnail

Lazarus Hits Defense Firms with ThreatNeedle Malware

Data Breach Today

Kaspersky Ties Latest Hacking Campaign and Backdoor to Lazarus Group Lazarus, the North Korean-backed advanced persistent threat group, has been conducting a campaign striking defense industry targets in more than a dozen countries using a backdoor called ThreatNeedle that moves laterally through networks and can overcome network segmentation, according to researchers at Kaspersky.

319
319
article thumbnail

On Chinese-Owned Technology Platforms

Schneier on Security

I am a co-author on a report published by the Hoover Institution: “ Chinese Technology Platforms Operating in the United States.” From a blog post : The report suggests a comprehensive framework for understanding and assessing the risks posed by Chinese technology platforms in the United States and developing tailored responses. It starts from the common view of the signatories — one reflected in numerous publicly available threat assessments — that China’s power is

Paper 118
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Organisations turn the tide on ransomware attackers

IT Governance

Ransomware has become one of the most common and profitable forms of cyber crime, but there’s an obvious fact that is neglected: the attacks are only worthwhile if the victim chooses to pay up. Of course, it’s easy to say that organisations can ignore criminals’ demands, but when facing weeks of disruption, huge financial losses and the prospect of customers’ personal data being leaked online, you can understand why some victims cave in.

article thumbnail

Researchers uncovered a new Malware Builder dubbed APOMacroSploit

Security Affairs

Researchers spotted a new Office malware builder, tracked as APOMacroSploit, that was employed in a campaign targeting more than 80 customers worldwide. Researchers from security firm Check Point uncovered a new Office malware builder called APOMacroSploit, which was employed in attacks that targeted more than 80 customers worldwide. APOMacroSploit is a macro builder that was to create weaponized Excel documents used in multiple phishing attacks.

Cleanup 142
article thumbnail

Chinese Attack Tool Gains Gmail Access

Data Breach Today

Campaign Targets Tibetan Organizations Proofpoint reports that Chinese state-sponsored hackers are using a new customized malicious Mozilla Firefox browser extension that facilitates access and control of victims’ Gmail accounts. So far, the hackers are targeting Tibetan organizations.

Access 317
article thumbnail

Deutsche Wohnen fine now declared invalid by a German court

Data Protection Report

There has been a big bang in the data protection world in Berlin as the first and most spectacular GDPR fine in Germany has just been declared invalid. The Berlin Commissioner for Data Protection for Freedom of Information ( Berliner Beauftragte für den Datenschutz und Informationsfreiheit , “ Berlin DPA ”) issued a EUR 14.5 million fine against a German real estate company, die Deutsche Wohnen SE (“ Deutsche Wohnen ”).

GDPR 114
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Dependency Confusion: Another Supply-Chain Vulnerability

Schneier on Security

Alex Birsan writes about being able to install malware into proprietary corporate software by naming the code files to be identical to internal corporate code files. From a ZDNet article : Today, developers at small or large companies use package managers to download and import libraries that are then assembled together using build tools to create a final app.

Libraries 112
article thumbnail

VMware addresses a critical RCE issue in vCenter Server

Security Affairs

VMware addressed a critical remote code execution flaw, tracked as CVE-2021-21972, in vCenter Server virtual infrastructure management platform. VMware has addressed a critical remote code execution (RCE) vulnerability in the vCenter Server virtual infrastructure management platform, tracked as CVE-2021-21972 , that could be exploited by attackers to potentially take control of affected systems. vCenter Server is the centralized management utility for VMware, and is used to manage virtual machin

Security 139
article thumbnail

House SolarWinds Hearing Focuses on Updating Cyber Laws

Data Breach Today

Lawmakers and Witnesses See Expanded Role for CISA Following Attack A pair of U.S. House committees held their first public hearings into the SolarWinds attack, with lawmakers and witnesses offering support for expanding federal cybersecurity laws to address the security failures. This includes a larger role for CISA to conduct threat hunting.

article thumbnail

Regulatory Sandboxes are Gaining Traction with European Data Protection Authorities

Hunton Privacy

The concept of regulatory sandboxes has gained traction in the data protection community. Since the UK Information Commissioner’s Office (the “ICO”) completed its pilot program of regulatory sandboxes in September 2020, two European Data Protection Authorities (“DPAs”) have created their own sandbox initiatives following the ICO’s framework. The Datatilsynet Sandbox Initiative for Responsible Artificial Intelligence.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Cisco Warns of Critical Auth-Bypass Security Flaw

Threatpost

Cisco also stomped out a critical security flaw affecting its Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches.

Security 134
article thumbnail

Google discloses technical details of Windows CVE-2021-24093 RCE flaw

Security Affairs

Google Project Zero team disclosed the details of a recently patched remote code execution vulnerability (CVE-2021-24093) in Windows Operating system. White hat hacker at Google Project Zero disclosed the details of a recently patched Windows vulnerability, tracked as CVE-2021-24093 , that can be exploited for remote code execution in the context of the DirectWrite client.

Security 136
article thumbnail

Chinese Hacking Group 'Cloned' NSA Exploit Tool

Data Breach Today

Researchers: 'Jian' Hacking Tool Targeted Zero-Day Flaw in Windows A Chinese hacking group reportedly "cloned" and deployed a zero-day exploit developed by the NSA's Equation Group before Microsoft patched the Windows flaw being exploited, according to Check Point Research. The analysis shows how some U.S. cyber weapons have been turned against their developers.

276
276