2022 - Information Management Today

Highlights of RSA Conference 2022

Data Breach Today

JUNE 16, 2022

The latest edition of the ISMG Security Report includes highlights and observations from RSA Conference 2022, including a key message from RSA CEO Rohit Ghai. It also discusses the value of automation and the Cybersecurity and Infrastructure Security Agency's mission to grow cyber talent.

Cybersecurity

Cybersecurity Security IT

Microsoft Patch Tuesday, May 2022 Edition

Krebs on Security

MAY 10, 2022

By all accounts, the most urgent bug Microsoft addressed this month is CVE-2022-26925 , a weakness in a central component of Windows security (the “ Local Security Authority ” process within Windows). CVE-2022-26925 was publicly disclosed prior to today, and Microsoft says it is now actively being exploited in the wild.

Authentication

Authentication Security Ransomware IT

Microsoft Patch Tuesday, October 2022 Edition

Krebs on Security

OCTOBER 11, 2022

The new zero-day flaw– CVE-2022-41033 — is an “elevation of privilege” bug in the Windows COM+ event service, which provides system notifications when users logon or logoff. Microsoft says the flaw is being actively exploited, and that it was reported by an anonymous individual.

Security

Security IT Access

Microsoft Patch Tuesday, August 2022 Edition

Krebs on Security

AUGUST 9, 2022

This latest MSDT bug — CVE-2022-34713 — is a remote code execution flaw that requires convincing a target to open a booby-trapped file, such as an Office document. Microsoft this month also issued a different patch for another MSDT flaw, tagged as CVE-2022-35743.

Authentication

Authentication Access IT Security

Going to Market Smarter in the New Economy

Advertiser: ZoomInfo

In 2022, as companies continue to move more functions online, employees will take a more virtual -- and flexible -- mindset and lifestyle in parallel to the digitization of businesses. The fight to find new customers and retain existing ones is the biggest business challenge for many companies.

Marketing

Microsoft Patch Tuesday, April 2022 Edition

Krebs on Security

APRIL 13, 2022

Of particular concern this month is CVE-2022-24521 , which is a “privilege escalation” vulnerability in the Windows common log file system driver. Among the scariest critical bugs is CVE-2022-26809, a potentially “wormable” weakness in a core Windows component ( RPC ) that earned a CVSS score of 9.8 (10

Ransomware

Ransomware Security IT Access

Australia, US, UK Sanction Russian Over 2022 Medibank Breach

Data Breach Today

JANUARY 23, 2024

Governments Accuse Aleksandr Ermakov and REvil of Being Medibank Hackers The United States, Australia and the United Kingdom sanctioned a Russian man the governments say was behind the October 2022 hacking of Medibank, Australia's largest private health insurer.

Insurance

Insurance Data breaches Government

‘Wormable’ Flaw Leads January 2022 Patch Tuesday

Krebs on Security

JANUARY 11, 2022

By all accounts, the most severe flaw addressed today is CVE-2022-21907, a critical, remote code execution flaw in the “ HTTP Protocol Stack.” ” Microsoft says the flaw affects Windows 10 and Windows 11 , as well as Server 2019 and Server 2022. “Test and deploy this patch quickly.” ” Quickly indeed.

Libraries

Libraries Security Access IT

Australian Telecom Watchdog Sues Optus Over 2022 Data Breach

Data Breach Today

MAY 24, 2024

Telecom Company Also Faces OAIC Investigation and Potentially Millions in Fines The Australian Communications and Media Authority says it has filed proceedings against Optus in a federal court as the company failed to protect sensitive customer data during a data breach in September 2022.

Data breaches

Data breaches Communications IT

The ABC’s of Recruiting for Gen Z

Advertiser: ZoomInfo

In 2022, society has fully immersed itself in the web and all it has to offer - and no one more so than those of Generation Z. Take a look around you at any given moment, and somebody is likely surfing the web on their phone.

IT

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Krebs on Security

FEBRUARY 28, 2023

Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. But by the time we got to claims made in the middle of May 2022, completing the rest of the year’s timeline seemed unnecessary.

Phishing

Phishing Authentication Access Security

Microsoft Patch Tuesday, June 2022 Edition

Krebs on Security

JUNE 15, 2022

On top of the critical heap this month is CVE-2022-30190 , a vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows. Beaumont said other researchers on April 12, 2022 told Microsoft about active exploitation of the MSDT flaw, but Microsoft closed the ticket saying it wasn’t a security issue.

Cloud

Cloud Security IT Cybersecurity

Ukraine Observed Nearly 14M Cyber Incidents in Q1 2022

Data Breach Today

MAY 31, 2022

The Majority of Incidents Entailed Malware Distribution, Phishing and Intrusion Attempts Three months after Russia’s ongoing invasion of Ukraine began, the country takes a look back at the turbulence the nation has faced in its cyber sphere during Q1 2022, and considers the way ahead.

Phishing

Phishing IT

Ukraine Successfully Blocked Over 4,500 Cyberattacks in 2022

Data Breach Today

DECEMBER 28, 2022

Russia Continued Its Cyber Offensive With an Average of 10 Cyberattacks a Day Ukraine's domestic intelligence agency revealed this week that it successfully blocked more than 4,500 cyberattacks in 2022.

IT

What We Learned From Our Own Data-Driven ABM Strategy

Advertiser: ZoomInfo

So, what does ABM look like in 2022? Analysts and professionals alike tend to argue that account based marketing (ABM) is not new. On the surface, this is an accurate statement. However, ABM practitioners have evolved the strategy from development to implementation.

B2B

Two U.S. Men Charged in 2022 Hacking of DEA Portal

Krebs on Security

MARCH 14, 2023

The government alleges that on May 7, 2022, Singh used stolen credentials to log into a U.S. On May 12, 2022, KrebsOnSecurity broke the news that hackers had gained access to a DEA portal that taps into 16 different federal law enforcement databases. .” federal government portal without authorization. ” Image: USDOJ.

Government

Government Communications Access Security

Proofpoint to Get 3rd CEO Since 2022 as Ashan Willy Departs

Data Breach Today

OCTOBER 25, 2023

Remi Thomas to Become Interim CEO After Joining Proofpoint as CFO in February 2023 Proofpoint will have its third CEO since March 2022 after tapping recently-hired CFO Remi Thomas to become its interim top leader.

Cybersecurity

Cybersecurity IT

CISA: Majority of US Gov Will Be Getting EDR Later in 2022

Data Breach Today

MAY 18, 2022

30, 2022. EDR Deployments Will be Underway at More Than Half of Federal Agencies This Year EDR deployments will be underway at more than half of federal civilian agencies by the end of September, according to federal officials.

Medical Imaging Firm Faces 2 Class Actions in 2022 Breach

Data Breach Today

JANUARY 13, 2023

Massachusetts Citizens Excluded From Feds' Case Against Shields Health Care Group Shields Health Care Group, a Massachusetts-based medical imaging services provider, is facing two class action lawsuits filed this week - a consolidated federal case and a similar, separate case filed in state court - both in the wake of the same 2022 data breach affecting (..)

Data breaches

Partner Webinar: A Framework for Building Data Mesh Architecture

Speaker: Jeremiah Morrow, Nicolò Bidotti, and Achille Barbieri

Register now for the webinar on June 9, 2022 at 2:00 am PST, 5:00 am EST, and 11:00 am CEST. How Agile Lab and Enel Group used Dremio to connect their disparate organizations across geographies and business units. Leveraging Dremio for data governance and multi-cloud with Arrow Flight.

Government

Australia Optus 2022 Data Breach 'Not Highly Sophisticated'

Data Breach Today

JUNE 21, 2024

Hackers Exploited Coding Error, Says Australian Communications and Media Authority Hackers behind the leak of 10 million records from Australia's second-largest telecommunications carrier Optus exploited a vulnerability the company unwittingly inserted four years earlier into a web portal access control, said the Australian Communications and Media (..)

Data breaches

Data breaches Communications Access

Why Cybereason Is Making Its 3rd Round of Layoffs Since 2022

Data Breach Today

MARCH 20, 2024

Among Those Leaving Is Zohar Alon, Who Was Hired in 2023 to Spearhead Product, R&D Cybereason is carrying out its third round of layoffs in 21 months, with dozens of senior employees expected to be let go, Among the exiting employees is Zohar Alon, the longtime Dome9 Security leader whCybereason is carrying out its third round of layoffs in 21 months, (..)

IT

IT Security

Will Cybersecurity Get Its 1st New Unicorn Since June 2022?

Data Breach Today

MARCH 13, 2024

Data Security Startup Cyera Seeks to Raise $150M to $200M at a Valuation of $1.55B Cyera is raising between $150 million and $200 million in a new funding round that would value the Silicon Valley-based data security startup at as much as $1.55

Cybersecurity

Cybersecurity IT Security

Biden Budget Seeks to Invest Billions in US Cybersecurity

Data Breach Today

MAY 29, 2021

2022 Budget Proposal Seeks $750 Million for 'Lessons Learned' From SolarWinds The White House officially released its 2022 federal budget proposal on Friday, and the Biden administration is seeking to spend billions on cybersecurity next year, including $750 million for "lessons learned" from the SolarWinds attack.

Cybersecurity

Cybersecurity IT

Building Best-in-Class Enterprise Analytics

Speaker: Anthony Roach, Director of Product Management at Tableau Software, and Jeremiah Morrow, Partner Solution Marketing Director at Dremio

Register now for the webinar on April 21, 2022 at 10:00 am PDT, 12:00 pm EDT to learn how Dremio and Tableau are delivering mission critical BI and interactive analytics on data directly in the data lake. A self-service platform for data exploration and visualization that broadens access to analytic insights.

Analytics

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

JUNE 15, 2024

. — and charged him with stealing at least $800,000 from five victims between August 2022 and March 2023. Urban allegedly went by the nicknames “ Sosa ” and “ King Bob, ” and is believed to be part of the same crew that hacked Twilio and a slew of other companies in 2022.

Phishing

Phishing Passwords Authentication Encryption

Illinois Man Convicted of Running DDoS Facilitation Websites

Data Breach Today

SEPTEMBER 19, 2021

He is now facing a statutory maximum sentence of 35 years in federal prison when sentenced in January 2022. Matthew Gatrel Offered Subscription-Based Computer Attack Platforms An Illinois man has been found guilty of running subscription-based distributed denial of service attacks that enabled customers to launch DDoS strikes of their own.

DDoS Attacks Becoming More Potent, Shorter in Duration

Data Breach Today

FEBRUARY 22, 2023

US, India and East Asia Were Top Targets in 2022, Microsoft Report Says In a new report, tech giant Microsoft says distributed denial-of-service attacks became shorter in duration but more potent in 2022.

IoT

Ukrainian Behind Raccoon Stealer Operations Extradited to US

Data Breach Today

FEBRUARY 16, 2024

Mark Sokolovsky Has Fought Extradition From the Netherlands Since March 2022 Arrest A Dutch court extradited a Ukrainian national to the United States, where he faces criminal charges related to his role in the malware-as-a-service Raccoon Stealer.

Marketing-Led COVID-19 Growth Strategies: 2022 and Beyond

Advertiser: ZoomInfo

More than two years into the pandemic, COVID-19 is far from over. Businesses are tasked with beating pre-pandemic numbers, making marketing more essential than ever before.

Marketing

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

technology companies during the summer of 2022. stole at least $800,000 from at least five victims between August 2022 and March 2023. 2022 that an intrusion had exposed a “limited number” of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

Passwords

Passwords Phishing Access Encryption

ITRC Report: Breaches Up 78% in 2023, Breaking 2021 Record

Data Breach Today

JANUARY 25, 2024

Lee, COO of the group, explained why the number of compromises grew so dramatically - from 1,801 incidents in 2022 to 3,205 in 2023. Lee Calls for Uniform Breach Reporting Supply chain attacks and zero-day exploits surged in 2023, helping to set yet another record for data breaches tracked by the Identity Theft Resource Center.

Data breaches

600,000 Prison Inmates to Share in $6.49M Breach Settlement

Data Breach Today

OCTOBER 3, 2024

CorrectCare to Settle Lawsuit After 'Inadvertently' Exposing PHI on Web for Months A misconfigured web server and the exposure of sensitive information for nearly 600,000 prison inmates in 2022 will cost medical claims processing company CorrectCare $6.49

Chinese Threat Group Leaks Hacking Secrets in Failed Attack

Data Breach Today

FEBRUARY 14, 2023

The Tonto Team Used Spear-Phishing Emails to Target Group-IB Employees Group-IB says a July 2022 spear-phishing attempt on its own employees came from the Chinese threat actor known variously as Tonto Team and CactusPete. Tonto Team may be a unit of China's People's Liberation Army.

Phishing

Phishing Government IT

A Practical Guide to Business Intelligence Governance

Speaker: Marius Moscovici, CEO Metric Insights & Mike Smitheman, VP Metric Insights

September 14th, 2022 at 9:30 am PT, 12:30 pm ET, 5:30 pm BST This presentation will provide a practical step-by-step guide for implementing effective BI governance and a toolkit for addressing the three critical aspects of any program: People - Roles and responsibility in the governance process.

Government

Google: Russian FSB Hacking Group Turns to Malware

Data Breach Today

JANUARY 18, 2024

Coldriver' Has Been Sending Backdoors Embedded in PDFs Since November 2022 A Russian domestic intelligence agency hacking group known for long-lasting logon credential phishing campaigns against Western targets is now deploying malware embedded into PDFs, say security researchers from Google.

Phishing

Phishing Security

Ukrainian Pleads Guilty for Role in Raccoon Stealer Malware

Data Breach Today

OCTOBER 7, 2024

Dutch authorities extradited him in February after arresting him in March 2022. Federal Court A Ukrainian national pleaded guilty Monday in U.S. federal court to one count of conspiracy to commit computer intrusion in connection with his role in the malware-as-a-service Raccoon info stealer criminal operation.

Court Orders Optus to Release Data Breach Report to Lawyers

Data Breach Today

MAY 27, 2024

Class Action Law Firms Seek Access to Commissioned Deloitte Report Into Mega-Breach The Federal Court of Australia has rejected a request from telecommunications giant Optus to keep private a detailed digital forensic investigation report conducted by Deloitte into the massive data breach it suffered in 2022, exposing private information pertaining (..)

Data breaches

Data breaches Access IT

On the Increase: Zero-Days Being Exploited in the Wild

Data Breach Today

MARCH 27, 2024

In 2023, 97 new zero-days came to light, up from 62 in 2022.

Build Your Open Data Lakehouse on Apache Iceberg

Speaker: Veena Vasudevan and Jason Hughes

Register now for the live webinar on August 16th, 2022 at 9:00 am PST, 12:00 pm EST. In this webinar, Dremio and AWS will discuss the most common challenges in data architecture and how to overcome them with an open data lakehouse architecture on AWS.

Access

Experian Glitch Exposing Credit Files Lasted 47 Days

Krebs on Security

JANUARY 25, 2023

23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how to bypass its security and access any consumer’s full credit report — armed with nothing more than a person’s name, address, date of birth, and Social Security number. 9, 2022 and Dec.

Mining

Mining Paper Access Security

To Avoid Bankruptcy, EMR Firm Settles Lawsuit for $4M

Data Breach Today

FEBRUARY 15, 2024

Pediatric Tech Vendor Hit by 2022 Data Breach Affecting 3 Million - Mostly Children An electronic health record and practice management software firm says the only way to avoid bankruptcy from the consolidation of nine proposed class action lawsuits filed in the wake of a 2022 data breach is to settle the case for $4 million.

Data breaches

Black Hat: Web3 Defense, Open-Source Intel & Directory Hacks

Data Breach Today

AUGUST 10, 2022

An ISMG Overview of the Technology Buzz Leading Up to Black Hat Conference 2022 ISMG caught up with 11 security executives in Las Vegas on Tuesday to discuss everything from open-source intelligence and Web3 security to training new security analysts and responding to directory attacks.

Security

ISMG Editors: Are We Closing in on a Federal Privacy Law?

Data Breach Today

JUNE 17, 2022

The State of Passwordless in 2022, New Identity Technologies In the latest weekly update, Jeremy Grant, coordinator of the Better Identity Coalition, joins three editors at ISMG to discuss important cybersecurity issues, including where we are with passwordless, if we are getting closer to a U.S.

Privacy

Privacy Authentication Cybersecurity

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

August 11, 2022 at 11:00 am PDT, 2:00 pm EDT, 7:00 pm GMT In this webinar, you will learn how to: Outline popular change management models and processes. Organize ERM strategy, operations, and data. Determine impact tangents. Practice change management process with ERM data.

Risk

Highlights of RSA Conference 2022

Microsoft Patch Tuesday, May 2022 Edition

Trending Sources

Microsoft Patch Tuesday, October 2022 Edition

Microsoft Patch Tuesday, August 2022 Edition

Going to Market Smarter in the New Economy

Microsoft Patch Tuesday, April 2022 Edition

Australia, US, UK Sanction Russian Over 2022 Medibank Breach

‘Wormable’ Flaw Leads January 2022 Patch Tuesday

Australian Telecom Watchdog Sues Optus Over 2022 Data Breach

The ABC’s of Recruiting for Gen Z

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Microsoft Patch Tuesday, June 2022 Edition

Ukraine Observed Nearly 14M Cyber Incidents in Q1 2022

Ukraine Successfully Blocked Over 4,500 Cyberattacks in 2022

What We Learned From Our Own Data-Driven ABM Strategy

Two U.S. Men Charged in 2022 Hacking of DEA Portal

Proofpoint to Get 3rd CEO Since 2022 as Ashan Willy Departs

CISA: Majority of US Gov Will Be Getting EDR Later in 2022

Medical Imaging Firm Faces 2 Class Actions in 2022 Breach

Partner Webinar: A Framework for Building Data Mesh Architecture

Australia Optus 2022 Data Breach 'Not Highly Sophisticated'

Why Cybereason Is Making Its 3rd Round of Layoffs Since 2022

Will Cybersecurity Get Its 1st New Unicorn Since June 2022?

Biden Budget Seeks to Invest Billions in US Cybersecurity

Building Best-in-Class Enterprise Analytics

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Illinois Man Convicted of Running DDoS Facilitation Websites

DDoS Attacks Becoming More Potent, Shorter in Duration

Ukrainian Behind Raccoon Stealer Operations Extradited to US

Marketing-Led COVID-19 Growth Strategies: 2022 and Beyond

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

ITRC Report: Breaches Up 78% in 2023, Breaking 2021 Record

600,000 Prison Inmates to Share in $6.49M Breach Settlement

Chinese Threat Group Leaks Hacking Secrets in Failed Attack

A Practical Guide to Business Intelligence Governance

Google: Russian FSB Hacking Group Turns to Malware

Ukrainian Pleads Guilty for Role in Raccoon Stealer Malware

Court Orders Optus to Release Data Breach Report to Lawyers

On the Increase: Zero-Days Being Exploited in the Wild

Build Your Open Data Lakehouse on Apache Iceberg

Experian Glitch Exposing Credit Files Lasted 47 Days

To Avoid Bankruptcy, EMR Firm Settles Lawsuit for $4M

Black Hat: Web3 Defense, Open-Source Intel & Directory Hacks

ISMG Editors: Are We Closing in on a Federal Privacy Law?

Successful Change Management with Enterprise Risk Management

Stay Connected