Sat.Mar 13, 2021 - Fri.Mar 19, 2021

article thumbnail

US: Cyber Risk: Facing Off Against Employee Monitoring Requirements

DLA Piper Privacy Matters

Authors: Carol A.F. Umhoefer and Alaa Salaheldin. Global companies face increased pressure to adopt strong cyber risk mitigation measures in today’s rapidly evolving cyber threat-heavy business environment. According to security company PurpleSec LLC, in 2020 alone, cybercrime is reported to have increased by up to 600% as a result of new incentives and opportunities for hackers – including many more remote work environments – in the COVID-19 pandemic.

Risk 119
article thumbnail

The Case for 'Zero Trust' Approach After SolarWinds Attack

Data Breach Today

CISA Acting Director and Federal CISO Tell Senate of Need for a New Government Strategy The SolarWinds supply chain attack should push federal government agencies to adopt the "zero trust" model and deploy better endpoint detection and response tools, according to the new federal CISO and the acting director of the U.S. Cybersecurity and Infrastructure Security Agency.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Smart City Trends – Benefits, Concerns and its Future by Tech Fools

IG Guru

A smart city is pretty much an urban region that makes use of information and communication technology, with electronic sensors to optimize efficiency, collect data, share information, and better the services rendered by the government and the lives of the citizens. There are several smart cities in the world, with the 5 most prominent being […].

IT 98
article thumbnail

Tips on Selecting a Protective DNS Service

Data Breach Today

NSA, CISA Offer Advice on Using PDNS Services to Help Thwart Attacks As concerns about the number of attacks targeting domain name system protocols continue to grow, the NSA and CISA have released new guidance on how to choose and deploy a Protective Domain Name System service to strengthen security.

Security 310
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Can We Stop Pretending SMS Is Secure Now?

Krebs on Security

SMS text messages were already the weakest link securing just about anything online, mainly because there are tens of thousands of employees at mobile stores who can be tricked or bribed into swapping control over a mobile phone number to someone else. Now we’re learning about an entire ecosystem of companies that anyone could use to silently intercept text messages intended for other mobile users.

Security 363

More Trending

article thumbnail

8 Tips to Create a Data Migration Strategy

AIIM

Migrating to a new system or moving to a new platform? Then you’ll definitely need to create a successful data migration strategy to protect your valuable data and achieve the desired results. In this article, we’ll take a look at several ways to migrate your data. They will allow you to build a successful strategy, prevent data loss, and make everything as efficient as possible. 1.

article thumbnail

Over 400 Cyberattacks at US Public Schools in 2020

Data Breach Today

Experts Say Increase Owes to Lack of Funding, Virtual Learning U.S. public schools faced a record number of cyber incidents in 2020, with over 400 attacks reported. This led to a spike in school cancellations, as IT staff members struggled to get systems back online while dealing with the COVID-19 pandemic, reports the K-12 Cybersecurity Resource Center.

article thumbnail

Fintech Giant Fiserv Used Unclaimed Domain

Krebs on Security

If you sell Web-based software for a living and ship code that references an unregistered domain name, you are asking for trouble. But when the same mistake is made by a Fortune 500 company, the results can range from costly to disastrous. Here’s the story of one such goof committed by Fiserv [ NASDAQ:FISV ], a $15 billion firm that provides online banking software and other technology solutions to thousands of financial institutions.

article thumbnail

Russian National pleads guilty to conspiracy to plant malware on Tesla systems

Security Affairs

The Russian national who attempted to convince a Tesla employee to plant malware on Tesla systems has pleaded guilty. The U.S. Justice Department announced on Thursday that the Russian national Egor Igorevich Kriuchkov (27), who attempted to convince a Tesla employee to install malware on the company’s computers, has pleaded guilty. “A Russian national pleaded guilty in federal court today for conspiring to travel to the United States to recruit an employee of a Nevada company into a schem

Security 145
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

How to Build a Metadata Plan in Five Steps

AIIM

Metadata resides at the center of many of the essential aspects of content management. In addition to helping organize and classify content, Metadata enables good findability, can trigger workflow and transactional processes, reveals document usage patterns and history, and helps establish retention and disposition events. So far in our exploration of Metadata, we've answered some of the big questions already, including: What is Metadata?

Metadata 166
article thumbnail

Researchers Uncover Widely Used Malware Crypter

Data Breach Today

Avast Says OnionCrypter Has Been in Use Since 2016 Security researchers at Avast have discovered that more than 30 hacker groups have been using a malware crypter dubbed OnionCrypter.

Security 347
article thumbnail

WeLeakInfo Leaked Customer Payment Info

Krebs on Security

A little over a year ago, the FBI and law enforcement partners overseas seized WeLeakInfo[.]com , a wildly popular service that sold access to more than 12 billion usernames and passwords stolen from thousands of hacked websites. In an ironic turn of events, a lapsed domain registration tied to WeLeakInfo let someone plunder and publish account data on 24,000 customers who paid to access the service with a credit card.

Passwords 328
article thumbnail

Illegal Content and the Blockchain

Schneier on Security

Security researchers have recently discovered a botnet with a novel defense against takedowns. Normally, authorities can disable a botnet by taking over its command-and-control server. With nowhere to go for instructions, the botnet is rendered useless. But over the years, botnet designers have come up with ways to make this counterattack harder. Now the content-delivery network Akamai has reported on a new method: a botnet that uses the Bitcoin blockchain ledger.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

The fire in the OVH datacenter also impacted APTs and cybercrime groups

Security Affairs

The fire at the OVH datacenter in Strasbourg also impacted the command and control infrastructure used by several nation-state APT groups and cybercrime gangs. OVH, one of the largest hosting providers in the world, has suffered this week a terrible fire that destroyed its data centers located in Strasbourg. The French plant in Strasbourg includes 4 data centers, SBG1, SBG2, SBG3, and SBG4 that were shut down due to the incident, and the fire started in SBG2 one.

Risk 145
article thumbnail

Free Tool Helps Hospitals Block Ransomware

Data Breach Today

To help strengthen the healthcare sector's defenses, the Center for Internet Security is offering all U.S. hospitals and healthcare delivery systems a free protection service designed to help block ransomware and other malware, says Ed Mattison, the center's executive vice president.

article thumbnail

Google Warns Mac, Windows Users of Chrome Zero-Day Flaw

Threatpost

The use-after-free vulnerability is the third Google Chrome zero-day flaw to be disclosed in three months.

144
144
article thumbnail

Security Analysis of Apple’s “Find My…” Protocol

Schneier on Security

Interesting research: “ Who Can Find My Devices? Security and Privacy of Apple’s Crowd-Sourced Bluetooth Location Tracking System “: Abstract: Overnight, Apple has turned its hundreds-of-million-device ecosystem into the world’s largest crowd-sourced location tracking network called offline finding (OF). OF leverages online finder devices to detect the presence of missing offline devices using Bluetooth and report an approximate location back to the owner via the Internet

Security 144
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Google releases Spectre PoC code exploit for Chrome browser

Security Affairs

Google released proof-of-concept code to conduct Spectre attacks against its Chrome browser to share knowledge of browser-based side-channel attacks. Google released proof-of-concept code for conducting a Spectre attack against its Chrome browser on GitHub. The experts decided to publish the proof of concept code to demonstrate the feasibility of a web-based Spectre exploit.

Metadata 145
article thumbnail

Purpose Built: Securing vSphere Workloads

Data Breach Today

Protecting Servers Is Foundational For Modern Data Center Security. View this OnDemand webinar to learn how VMware Carbon Black is delivering unified workload protection that’s purpose-built for vSphere.

Security 345
article thumbnail

Facebook's ‘Red Team X’ Hunts Bugs Outside the Social Network

WIRED Threat Level

The internal hacking team has spent the last year looking for vulnerabilities in the products the company uses, which could in turn make the whole internet safer.

Security 142
article thumbnail

Magecart Attackers Save Stolen Credit-Card Data in.JPG File

Threatpost

Researchers from Sucuri discovered the tactic, which creatively hides malicious activity until the info can be retrieved, during an investigation into a compromised Magento 2 e-commerce site.

140
140
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Experts found three new 15-year-old bugs in a Linux kernel module

Security Affairs

Three 15-year-old flaws in Linux kernel could be exploited by local attackers with basic user privileges to gain root privileges on vulnerable Linux systems. GRIMM researchers found three vulnerabilities in the SCSI (Small Computer System Interface) component of the Linux kernel, the issues could be exploited by local attackers with basic user privileges to gain root privileges on unpatched Linux systems.

Security 145
article thumbnail

Feds Charge Verkada Camera Hacker With 'Theft and Fraud'

Data Breach Today

Swiss Citizen Allegedly Leaked Multiple Victims' Stolen Data, Including Source Code A Swiss national who recently highlighted flaws in Verkada surveillance cameras has been charged with hacking by a U.S. federal grand jury, and accused of illegally accessing and leaking data from a number of organizations, apparently including Intel, Nissan and the U.S.

Access 341
article thumbnail

Hackers Accessed Security Cameras Inside Tesla and Beyond

WIRED Threat Level

Plus: A Molson-Coors hack, Github controversy, and more of the week's top security news.

Access 142
article thumbnail

Security Researcher Hides ZIP, MP3 Files Inside PNG Files on Twitter

Threatpost

The newly discovered steganography method could be exploited by threat actors to obscure nefarious activity inside photos hosted on the social-media platform.

Security 135
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Google fixes the third actively exploited Chrome 0-Day since January

Security Affairs

Google has addressed a new zero-day flaw in its Chrome browser that has been actively exploited in the wild, the second one within a month. Google has fixed a new actively exploited zero-day in its Chrome browser, this is the second zero-day issue addressed by the IT giant within a month. The flaw, tracked as CVE-2021-21193, is a use after free vulnerability in the Blink rendering engine.

Libraries 144
article thumbnail

How Did the Exchange Server Exploit Leak?

Data Breach Today

Microsoft Investigating; Devcore Pentesters Say They're in the Clear It has been an open question as to how a half-dozen hacking groups began exploiting Exchange servers in an automated fashion in the days leading up to Microsoft's patches. But there are strong signs that the exploit data leaked, and the question now is: Who leaked it?

IT 340
article thumbnail

Apple Bent the Rules for Russia. Other Nations Will Take Note

WIRED Threat Level

Russian iPhone buyers will soon be prompted to install software developed in that country, setting a precedent that other authoritarian governments may follow.