Krebs on Security

APRIL 29, 2021

Some of the world’s top tech firms are backing a new industry task force focused on disrupting cybercriminal ransomware gangs by limiting their ability to get paid, and targeting the individuals and finances of the organized thieves behind these crimes. In a 50-page report delivered to the Biden administration this week, top executives from Amazon , Cisco , FireEye , McAfee , Microsoft and dozens of other firms joined the U.S.

Ransomware 277

Ransomware Government Insurance Sales 277

Data Breach Today

APRIL 29, 2021

Coalition Offers a Framework for Disrupting Attacks A coalition of government agencies and security firms has released a framework for how to disrupt ransomware attacks that calls for expanded regulation of the global cryptocurrency market to better track the virtual coins paid to cybercriminals during extortion schemes.

Ransomware 215

Ransomware Marketing Government Security 215

Information Governance Perspectives

APRIL 27, 2021

When you think about the fact that libraries are about information and not simply about books, you begin to see where the value is. The post Public Affairs: Your New Neighborhood Library appeared first on Rafael Moscatel.

Libraries 98

Libraries 98

AIIM

APRIL 29, 2021

One would think that the rapid pace of changing technology is the primary struggle for organizations on their journey to transforming into a truly digital organization. However, based on our recent state of the intelligent information management industry research , that is simply not the case. At the top of the list of true obstacles that organizations face is money – "lack of budget and resources" (26%).

Education 267

Education Marketing Information governance IT 267

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Krebs on Security

APRIL 28, 2021

Big-three consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned. Experian says it has plugged the data leak, but the researcher who reported the finding says he fears the same weakness may be present at countless other lending websites that work with the credit bureau.

Insurance 361

Insurance Access Authentication Security 361

Security Affairs

APRIL 24, 2021

The cybersecurity community has lost its star, the popular hacker Dan Kaminsky has passed away. The popular cyber security researcher Dan Kaminsky (42) has passed away. Dan is a star, a myth, and a beacon for us. At the moment the causes of death are not known, but it does not matter. Dan has left us an immense emptiness, the silence after his death is deafening.

Cybersecurity 145

Cybersecurity Security IT Information Security 145

AIIM

APRIL 27, 2021

Global research and advisory firm, Gartner, predicts that by 2024 more than 45% of IT spending will shift from legacy on-premises solutions to the cloud. Cloud infrastructure spending is expected to jump from $63 billion in 2020 to $81 billion by 2022. The cloud race was well underway in 2020 when COVID reared its unfortunate head and sent businesses still on the cloud adoption starting blocks into a frenzy.

Cloud 204

Cloud ROT Metadata Content services 204

Krebs on Security

APRIL 26, 2021

In 2017, KrebsOnSecurity showed how easy it is for identity thieves to undo a consumer’s request to freeze their credit file at Experian , one of the big three consumer credit bureaus in the United States. Last week, KrebsOnSecurity heard from a reader who had his freeze thawed without authorization through Experian’s website, and it reminded me of how truly broken authentication and security remains in the credit bureau space.

Security 339

Security Authentication Access Insurance 339

Data Breach Today

APRIL 30, 2021

Suspicious Activity Detected; Investigation Continues CISA is investigating whether five U.S. government agencies may have been breached when attackers exploited vulnerabilities in Pulse Connect Secure VPN products, according to a senior official. Security researchers believe that at least two nation-state groups have been attempting to exploit these flaws.

Security 328

Security Government 328

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Security Affairs

APRIL 26, 2021

Apple addresses a zero-day in macOS exploited by Shlayer malware to bypass Apple’s security features and deliver second-stage malicious payloads. Apple has addressed a zero-day flaw in macOS that was exploited by Shlayer malware to bypass Apple’s File Quarantine, Gatekeeper, and Notarization security checks and download second-stage malicious payloads.

Security 145

Security IT Cybersecurity Information Security 145

Schneier on Security

APRIL 26, 2021

If you don’t have enough to worry about already, consider a world where AIs are hackers. Hacking is as old as humanity. We are creative problem solvers. We exploit loopholes, manipulate systems, and strive for more influence, power, and wealth. To date, hacking has exclusively been a human activity. Not for long. As I lay out in a report I just published , artificial intelligence will eventually find vulnerabilities in all sorts of social, economic, and political systems, and then exploit

Artificial Intelligence 144

Artificial Intelligence Government IT Marketing 144

Jamf

APRIL 26, 2021

Shlayer malware detected allows an attacker to bypass Gatekeeper, Notarization and File Quarantine security technologies in macOS. The exploit allows unapproved software to run on Mac and is distributed via compromised websites or poisoned search engine results.

Security 144

Security 144

Data Breach Today

APRIL 26, 2021

Law Enforcement 'Update' to Erase Malware From Infected Devices Activated An "update" pushed out earlier this year by law enforcement agencies, including Europol, on Sunday began erasing Emotet malware from infected devices worldwide, Malwarebytes reports. The move comes after the FBI recently remotely removed web shells from vulnerable on-premises Microsoft Exchange servers.

312

312

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Troy Hunt

APRIL 29, 2021

Today I'm very happy to announce the arrival of the 15th government to Have I Been Pwned, Romania. As of now, CERT-RO has access to query all Romanian government domains across HIBP and subscribe them for future notifications when subsequent data breaches affect aliases on those domains. Romania joins a steadily growing number of governments across the globe to have free and unrestricted access to API-based domain searches for their assets in HIBP.

Government 142

Government Data breaches Access 142

Security Affairs

APRIL 29, 2021

A vulnerability in the PHP Composer could have allowed an attacker to execute arbitrary commands and backdoor every PHP package. The maintainers of the PHP Composer package have addressed a critical vulnerability, tracked as CVE-2021-29472, that could have allowed an attacker to execute arbitrary commands and establish a backdoor in every PHP package.

Metadata 143

Metadata Security Access IT 143

Dark Reading

APRIL 30, 2021

Security pros may be working with a false sense of security. We explore seven places where old methods and techniques have to change to keep their organizations safe.

Cybersecurity 145

Cybersecurity Security 145

Data Breach Today

APRIL 25, 2021

Cybereason Says Russian Hacking Group Prometei is Behind the Campaign A Russian botnet group called Prometei is exploiting critical Microsoft Exchange Server vulnerabilities to mine cryptocurrency from various organizations across the world, a new report by security firm Cybereason finds. The group appears to be financially-motivated.

Mining 306

Mining Security 306

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Troy Hunt

APRIL 26, 2021

Earlier this year, the FBI in partnership with the Dutch National High Technical Crimes Unit (NHTCU), German Federal Criminal Police Office (BKA) and other international law enforcement agencies brought down what Europol rereferred to as the world's most dangerous malware: Emotet. This strain of malware dates back as far as 2014 and it became a gateway into infected machines for other strains of malware ranging from banking trojans to credential stealers to ransomware.

Passwords 137

Passwords Authentication Ransomware Security 137

Security Affairs

APRIL 30, 2021

China-linked APT group targets Russian nuclear sub designer with an undocumented backdoor. A China-linked cyberespionage group targets a Russian defense contractor involved in designing nuclear submarines for the Russian Navy. Cybereason researchers reported that a China-linked APT group targets a Russian defense contractor involved in designing nuclear submarines for the Russian Navy.

Phishing 142

Phishing Encryption Security IT 142

Hunton Privacy

APRIL 28, 2021

On April 27, 2021, the Portuguese Data Protection Authority ( Comissão Nacional de Proteção de Dados , the “CNPD”) ordered the National Institute of Statistics (the “INE”) to suspend, within 12 hours, any international transfers of personal data to the U.S. or other third countries that have not been recognized as providing an adequate level of data protection.

Personal data 137

Personal data Access Security IT 137

Data Breach Today

APRIL 30, 2021

FireEye: Attacks Happened Before Patch Issued for VPN Vulnerability A cyberthreat gang that's been active since 2020 exploited a now-patched zero-day vulnerability in the SonicWall SMA 100 Series appliance to plant ransomware in attacks launched earlier this year, FireEye Mandiant researchers say.

Ransomware 290

Ransomware 290

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

IT Governance

APRIL 28, 2021

Welcome to our first quarterly review of cyber attacks and data breaches. For several years, we’ve produced a monthly list of security incidents , comprised of publicly disclosed breaches from mainstream publications. At the start of 2021, we decided to expand our research to learn more about the organisations that are being breached and how they were falling victim.

Data breaches 137

Data breaches Passwords Education Phishing 137

DLA Piper Privacy Matters

APRIL 30, 2021

Authors: Emily Maus and Anna Spencer. HIPAA covered entities and business associates should finalize their comments soon, before the comment period for the 2020 Health Insurance Portability and Accountability Act (HIPAA) Notice of Proposed Rulemaking ( NPRM ) closes on May 6. The Office for Civil Rights (OCR), which is the federal agency within the US Department of Health and Human Services (HHS) that enforces HIPAA, released the NPRM on December 10, 2020 and later extended the deadline for sub

Access 137

Access Sales Privacy Insurance 137

Security Affairs

APRIL 24, 2021

ToxicEye is a new Remote Access Trojan (RAT) that exploits the Telegram service as part of it command and control infrastructure. ToxicEye RAT is a new malware that leverages the Telegram services for command & control, experts from Check Point already observed iover 130 attacks recorded in the past three months. The use of the popular IM service gives to the attackers multiple benefits.

Communications 134

Communications File names Encryption Education 134

Data Breach Today

APRIL 25, 2021

Social Media Giant says 2 Groups Were Conducting Cyberespionage Facebook says it disrupted two Palestinian advanced persistent threat groups that targeted victims across the Middle East as part of cyber espionage campaigns. The groups used malware and advanced social engineering tactics to target journalists, human rights activists and military groups.

Military 290

Military IT 290

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

erwin

APRIL 30, 2021

Before the COVID-19 pandemic, many enterprise architects were focused on standardization. Identifying and putting into practice standard approaches to deploying systems, from the IT infrastructure and network protocols to the integration with other components, decreases the time to market for businesses and increases efficiency. In a world where agility and innovation are highly valued, speed is a critical factor for success.COVID-19 forced many businesses to radically change their business mode

Digital transformation 131

Digital transformation Cloud Paper Risk 131

Schneier on Security

APRIL 27, 2021

Moxie Marlinspike has an intriguing blog post about Cellebrite , a tool used by police and others to break into smartphones. Moxie got his hands on one of the devices, which seems to be a pair of Windows software packages and a whole lot of connecting cables. According to Moxie, the software is riddled with vulnerabilities. (The one example he gives is that it uses FFmpeg DLLs from 2012, and have not been patched with the 100+ security updates since then.). …we found that it’s possib

Security 125

Security IT 125

Security Affairs

APRIL 29, 2021

Banca di Credito Cooperativo (BCC), one of the largest Italian cooperative credit banks was hit by a ransomware attack. Banca di Credito Cooperativo (BCC), one of the largest Italian cooperative credit banks, was hit by a cyberattack allegedly carried out by one of the most aggressive ransomware gangs, Darkside. The attack paralyzed the operations at 188 branches causing serious problems to the customers of the bank as reported by the Italian newspaper La Repubblica.

Ransomware 132

Ransomware Communications Security IT 132