Dark Reading
SEPTEMBER 29, 2020
Remote workers and scattered teams are relying on Slack more and more for messaging and collaboration. Here are a few extra tips for keeping data and systems more secure when using Slack.
Data Breach Today
SEPTEMBER 28, 2020
Stolen Credentials, Lack of MFA Leading to Millions in Banking Losses The FBI is warning organizations in the financial sector about an increase in botnet-launched credential stuffing attacks that are leading to the theft of millions. Many of these attacks, which target APIs, are being fed by billions of stolen credentials leaked over the last several years.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Data Breach Today
SEPTEMBER 30, 2020
Report Finds Hackers Targeting Think Tanks, Human Rights Groups, Healthcare Organizations Over the last year, nation-state hackers, including those with links to the Russian government, have shifted from targeting critical infrastructure to focusing on think tanks, human rights groups and nongovernment organizations in an attempt to influence public policy, according to Microsoft.
Krebs on Security
OCTOBER 1, 2020
Companies victimized by ransomware and firms that facilitate negotiations with ransomware extortionists could face steep fines from the U.S. federal government if the crooks who profit from the attack are already under economic sanctions, the Treasury Department warned today. Image: Shutterstock. In its advisory (PDF), the Treasury’s Office of Foreign Assets Control (OFAC) said “companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial in
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Data Protector
OCTOBER 2, 2020
I am he as you are he as you are me and we are all together See how they stun the world and my mum, see how they fine I'm crying Sitting in the courthouse, waiting for the man to come Covid mask and goggles, stupid bloody Tuesday Man, you been a naughty boy, you set your cookies wrong I am the bad man, I spammed some good men My fine is enormous, goo goo g'joob Mister lead prosecutor sitting Pretty little lawyers in a row See how they drone “he should have known,” see how they fine I'm crying, I
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Data Breach Today
SEPTEMBER 28, 2020
Research Highlights Danger of Insecure Firmware in Line of Coffee Machines An internet-connected coffee machine is the IoT latest device to show security problems. Avast infected the Smarter Coffee machine with ransomware that causes uncontrollable spinning of its grinder and dispensing of hot water. The only option to stop it? Unplug the machine.
Krebs on Security
SEPTEMBER 29, 2020
Emergency 911 systems were down for more than an hour on Monday in towns and cities across 14 U.S. states. The outages led many news outlets to speculate the problem was related to Microsoft ‘s Azure web services platform, which also was struggling with a widespread outage at the time. However, multiple sources tell KrebsOnSecurity the 911 issues stemmed from some kind of technical snafu involving Intrado and Lumen , two companies that together handle 911 calls for a broad swath of the Uni
The Guardian Data Protection
SEPTEMBER 29, 2020
Allegation follows new law that lets Hong Kong ask for sensitive data if deemed to threaten national security Big technology companies may already be complying with secret Chinese requests for user information held in Hong Kong and ought to “come clean” about the vulnerability of the data they hold there, a senior US state department official has said.
Security Affairs
SEPTEMBER 29, 2020
The French maritime transport and logistics giant CMA CGM S.A. revealed it was the victim of a malware attack that affecting some servers on its network. CMA CGM S.A. , a French maritime transport and logistics giant, revealed that a malware attack affected some servers on its network. The company is present in over 160 countries through 755 offices and 750 warehouses with 110,000 employees and 489 vessels.
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
Data Breach Today
SEPTEMBER 30, 2020
Hackers Continue to Exploit the Vulnerability as Users Struggle With Initial Fix Microsoft has issued additional instructions on how to better implement a patch to fix an elevation of privilege vulnerability called Zerologon in Windows Server that affects the Netlogon Remote Protocol. The update comes as Cisco Talos researchers report a spike in attempts to exploit the flaw.
Krebs on Security
OCTOBER 2, 2020
Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot , an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying ransomware within compromised organizations. A text snippet from one of the bogus Trickbot configuration updates.
AIIM
OCTOBER 1, 2020
Organizations today have an overwhelming amount of data to manage. AIIM members tell us that they expect the amount of information coming into their organizations to grow by as much as 4.5 times in the next coming months.and this will include everything from scanned images, to audio and video files, and everything in-between. At times it may seem like managing these overflowing buckets is a losing proposition.
Security Affairs
SEPTEMBER 26, 2020
Hungarian financial institutions and telecommunications infrastructure were hit by a powerful DDoS attack originating from servers in Russia, China and Vietnam. A powerful DDoS attack hit some Hungarian banking and telecommunication services that briefly disrupted them. According to telecoms firm Magyar Telekom, the attack took place on Thursday and was launched from servers in Russia, China and Vietnam.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Data Breach Today
SEPTEMBER 29, 2020
Separately, Ivanti Buys Security Firms MobileIron and Pulse Secure McAfee is set to become a public company once again, with the cybersecurity firm filing for an IPO with the U.S. Securities and Exchange Commission to trade under "MCFE" on the Nasdaq Stock Market. Separately, Ivanti announced that it would buy security firms MobileIron and Pulse Secure.
Schneier on Security
OCTOBER 2, 2020
Note: This isn’t my usual essay topic. Still, I want to put it on my blog. Six months into the pandemic with no end in sight, many of us have been feeling a sense of unease that goes beyond anxiety or distress. It’s a nameless feeling that somehow makes it hard to go on with even the nice things we regularly do. What’s blocking our everyday routines is not the anxiety of lockdown adjustments, or the worries about ourselves and our loved ones — real though those worries ar
erwin
OCTOBER 1, 2020
The erwin WFH (Work From Home) Impact Manager is a remote-work app that provides visibility and intelligence to help remote workers be more productive and process-compliant. The global pandemic is the single most disruptive event in modern times. Almost overnight organizations across the globe faced lockdowns, forcing them to switch to a remote-first workforce.
Security Affairs
SEPTEMBER 27, 2020
Google removed this week 17 Android apps from its Play Store because they were infected with the Joker (aka Bread) malware, Zscaler revealed. Security researchers from Zscaler spotter 17 apps in the Play Store that were infected with the Joker (Bread) malware. The Joker malware is a malicious code camouflaged as a system app and allows attackers to perform a broad range of malicious operations, including disable the Google Play Protect service , install malicious apps, generate fake reviews, and
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
Data Breach Today
SEPTEMBER 29, 2020
William Dixon of World Economic Forum on the Need to Create a Coalition William Dixon of the World Economic Forum is calling for the formation of a "quantum computing security coalition" to help build trust in the technology, which could play a key role in enhancing security.
Schneier on Security
SEPTEMBER 29, 2020
As expected, IoT devices are filled with vulnerabilities : As a thought experiment, Martin Hron, a researcher at security company Avast, reverse engineered one of the older coffee makers to see what kinds of hacks he could do with it. After just a week of effort, the unqualified answer was: quite a lot. Specifically, he could trigger the coffee maker to turn on the burner, dispense water, spin the bean grinder, and display a ransom message, all while beeping repeatedly.
Hunton Privacy
OCTOBER 2, 2020
On October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) issued an advisory alerting companies of potential sanctions risks related to facilitating ransomware payments. The five-page advisory states that ransomware victims who pay ransom amounts, and third-party companies that negotiate or pay ransom on their behalf, “not only encourage future ransomware payment demands but also may risk violating OFAC regulations.”.
Security Affairs
SEPTEMBER 28, 2020
REvil Ransomware (Sodinokibi) operators deposited $1 million in Bitcoins on a Russian-speaking hacker forum to demonstrate their willingness to involve new affiliates. The REvil Ransomware (Sodinokibi) operators have deposited $1 million in bitcoins on a Russian-speaking hacker forum to prove to potential affiliates that they mean business. Some hacker forum allows members to deposit funds that can be used to buy any kind of illicit services or product offered by other members.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Data Breach Today
SEPTEMBER 28, 2020
Tyler Technologies Urges Agencies to Reset Passwords After 'Suspicious Logins' Following a ransomware attack last week that affected its corporate network and phone systems, Tyler Technologies, a supplier of software and services to local, state and federal government agencies, is urging its customers to reset their passwords after reports of "suspicious logins to client systems.
OneHub
SEPTEMBER 30, 2020
Transferring operations to the cloud has ensured it’s been ‘business as usual’ for many companies during the recent crisis. Being cloud-enabled has allowed firms to continue to collaborate across different geographical parameters and time zones. In particular, the cloud has become the ‘go to’ solution for businesses who have had to concentrate on effective virtual team building to keep employees connected whilst working from home.
Hunton Privacy
SEPTEMBER 30, 2020
On September 24, 2020, the Centre for Information Policy Leadership at Hunton Andrews Kurth (“CIPL”) released a new paper (the “Paper”) on the Path Forward for International Data Transfers under the GDPR after the CJEU Schrems II Decision. The Paper follows the recent decision of the Court of Justice of the European Union (the “CJEU”) to strike down the EU-U.S.
Security Affairs
SEPTEMBER 27, 2020
Microsoft removed 18 Azure Active Directory applications from its Azure portal that were created by a Chinese-linked APT group Gadolinium. Microsoft announced this week to have removed 18 Azure Active Directory applications from its Azure portal that were created by a China-linked cyber espionage group tracked as APT group Gadolinium (aka APT40 , or Leviathan ).
Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL
Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.
Data Breach Today
SEPTEMBER 29, 2020
Andrei Barysevich of Gemini Advisory on How Carders Are Using New Technologies The COVID-19 pandemic has shifted the dynamic of card fraud in favor of the fraudsters due to the massive increase of online transactions, says Andrei Barysevich of the fraud intelligence company Gemini Advisory. And many fraudsters are using more sophisticated tools, including anti-fingerprinting technology.
Schneier on Security
SEPTEMBER 28, 2020
Mark Jaycox has written a long article on the US Executive Order 12333: “ No Oversight, No Limits, No Worries: A Primer on Presidential Spying and Executive Order 12,333 “: Abstract : Executive Order 12,333 (“EO 12333”) is a 1980s Executive Order signed by President Ronald Reagan that, among other things, establishes an overarching policy framework for the Executive Branch’s spying powers.
WIRED Threat Level
OCTOBER 2, 2020
There’s a small but real possibility that we won’t know which party controls the Senate until 2021, thanks to a special election and a unique state requirement.
Expert insights. Personalized for you.
131 
Let's personalize your content