The Last Watchdog

DECEMBER 13, 2023

Notable progress was made in 2023 in the quest to elevate Digital Trust. Related: Why IoT standards matter Digital Trust refers to the level of confidence both businesses and consumers hold in digital products and services – not just that they are suitably reliable, but also that they are as private and secure as they need to be. We’re not yet at a level of Digital Trust needed to bring the next generation of connected IT into full fruition – and the target keeps moving.

Encryption 311

Encryption IoT Authentication Security 311

Krebs on Security

DECEMBER 19, 2023

The U.S. Federal Bureau of Investigation (FBI) disclosed today that it infiltrated the world’s second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang’s darknet website, and released a decryption tool that hundreds of victim companies can use to recover systems. Meanwhile, BlackCat responded by briefly “unseizing” its darknet site with a message promising 90 percent commissions for affiliates who con

Ransomware 280

Ransomware Encryption IT Access 280

Data Breach Today

DECEMBER 20, 2023

Attackers Apparently Stole Authenticated Sessions to Hit Telecommunications Giant Comcast says attackers stole personal information pertaining to 35.9 million customers of its Xfinity-branded TV, internet and home telephone services in an October attack that targeted a vulnerability - dubbed Citrix Bleed - present in NetScaler and Citrix networking equipment.

Authentication 317

Authentication IT 317

AIIM

DECEMBER 5, 2023

AIIM debuted a new version of the Certified Information Professional (CIP) credential. As of November 27, 2023, AIIM is offering a new version of the exam, which reflects the skills needed for today’s information professionals.

210

210

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Security Affairs

DECEMBER 28, 2023

Leaksmas: On Christmas Eve, multiple threat actors released substantial data leaks, Resecurity experts reported. On Christmas Eve, Resecurity protecting Fortune 100 and government agencies globally, observed multiple actors on the Dark Web releasing substantial data leaks. Over 50 million records containing PII of consumers from around the world have been leaked.

Data breaches 145

Data breaches Personal data Government IT 145

The Last Watchdog

DECEMBER 17, 2023

The Internet of Things ( IoT ) is on the threshold of ascending to become the Internet of Everything ( IoE.) Related: Why tech standards matter IoT is transitioning from an array of devices that we can control across the Internet into a realm where billions of IoE devices can communicate with each other and make unilateral decisions on our behalf. This, of course, is the plot of endless dystopian books and movies that end with rogue machines in charge.

IoT 264

IoT Cloud Authentication Manufacturing 264

Schneier on Security

DECEMBER 4, 2023

I trusted a lot today. I trusted my phone to wake me on time. I trusted Uber to arrange a taxi for me, and the driver to get me to the airport safely. I trusted thousands of other drivers on the road not to ram my car on the way. At the airport, I trusted ticket agents and maintenance engineers and everyone else who keeps airlines operating. And the pilot of the plane I flew.

Government 144

Government Artificial Intelligence IT Marketing 144

Data Breach Today

DECEMBER 12, 2023

Parliamentary Committee Says UK Must Be More Aggressive A U.K. parliamentary committee investigating ransomware threats recommended a more aggressive stance against threat actors and said the government should consider making incident reporting mandatory and provide government support for public sector victims "to the point of full recovery.

Ransomware 321

Ransomware IT Government 321

eSecurity Planet

DECEMBER 19, 2023

As 2023 draws to an end and cybersecurity budgeting is nearly complete, it helps to consider the year’s events and try to predict next year’s trends. After receiving input from industry experts and doing my own analysis of the year’s driving forces, I identified five major cybersecurity trends. We each need to consider how these trends may affect our organizations and allocate our budgets and resources accordingly: AI will turbo-charge cybersecurity and cyberthreats: Artificial intelligence (AI

Cybersecurity 140

Cybersecurity Cloud Ransomware Risk 140

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Security Affairs

DECEMBER 8, 2023

Researchers devised a novel attack vector for process injection, dubbed Pool Party, that evades EDR solutions. Researchers from cybersecurity firm SafeBreach devised a set of process injection techniques, dubbed Pool Party, that allows bypassing EDR solutions. They presented the technique at Black Hat Europe 2023. The experts relied on the less-explored Windows thread pools to discover a novel attack vector for process injection.

Cybersecurity 145

Cybersecurity IT Security Information Security 145

WIRED Threat Level

DECEMBER 18, 2023

On Telegram, scammers are impersonating doctors to sell fake Covid-19 vaccination certificates and other products, showing how criminals are taking advantage of conspiracy theories.

Security 129

Security 129

KnowBe4

DECEMBER 6, 2023

A phishing campaign is impersonating Disney+ with phony invoices, according to researchers at Abnormal Security. The phishing emails targeted individuals at 22 organizations in September.

Phishing 129

Phishing Security 129

Schneier on Security

DECEMBER 5, 2023

Spying and surveillance are different but related things. If I hired a private detective to spy on you, that detective could hide a bug in your home or car, tap your phone, and listen to what you said. At the end, I would get a report of all the conversations you had and the contents of those conversations. If I hired that same private detective to put you under surveillance, I would get a different report: where you went, whom you talked to, what you purchased, what you did.

Marketing 140

Marketing Government Data Privacy Privacy 140

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Data Breach Today

DECEMBER 18, 2023

Cyber Group Dubbed Predatory Sparrow Takes Responsibility for Widespread Attack A group known as Predatory Sparrow claimed responsibility for a Monday cyberattack that shut down a majority of gas stations across Iran as officials blamed the attack on foreign powers. The group has previously taken credit for a number of attacks targeting Iran's fuel supply and rail system.

327

327

Hunton Privacy

DECEMBER 18, 2023

As we previously reported , the U.S. Securities and Exchange Commission’s (“SEC”) new Form 8-K rules for reporting material cybersecurity incidents take effect today, December 18, for filers other than smaller reporting companies. The new rules require reporting to the SEC within four business days from the determination of materiality. Incident response will potentially become more complicated as the incremental burdens of timely compliance with the new Form 8-K requirements add additional comp

Cybersecurity 121

Cybersecurity Risk Compliance Security 121

Security Affairs

DECEMBER 10, 2023

WordPress 6.4.2 addressed a security vulnerability that could be chained with another flaw to achieve remote code execution. WordPress released a security update to address a flaw that can be chained with another issue to gain remote code execution. According to the advisory, the RCE flaw is not directly exploitable in the core, however, threat actors can chain it with some plugins, especially in multisite installations, to execute arbitrary code. “A Remote Code Execution vulnerability tha

Cybersecurity 145

Cybersecurity Security IT Information Security 145

WIRED Threat Level

DECEMBER 4, 2023

A WIRED investigation into internet censorship in US schools found widespread use of filters to censor health, identity, and other crucial information. Students say it makes the web entirely unusable.

IT 129

IT Privacy Security 129

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

eSecurity Planet

DECEMBER 10, 2023

Firewalls monitor and control incoming and outgoing traffic while also preventing unauthorized access. The consistent implementation of firewall best practices establish a strong defense against cyber attacks to secure sensitive data, protect the integrity and continuity of business activities, and ensure network security measures function optimally.

Security 120

Security Education Access Risk 120

Schneier on Security

DECEMBER 12, 2023

Interesting attack based on malicious pre-OS logo images : LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux… The vulnerabilities are the subject of a coordinated mass disclosure released Wednesday.

Manufacturing 129

Manufacturing Libraries Security IT 129

Data Breach Today

DECEMBER 8, 2023

European Union Will Enact Comprehensive Regulations on AI EU officials announced a compromise over a regulation on artificial intelligence in the works since 2021, making the trading bloc first in the world to comprehensively regulate the nascent technology. Europe understands "the importance of its role as global standard setter,” said Thierry Breton.

Artificial Intelligence 312

Artificial Intelligence IT 312

Hanzo Learning Center

DECEMBER 19, 2023

In 2023, the legal landscape has been significantly shaped by two key trends: the rapid evolution of Artificial Intelligence (AI) and the advancements in ediscovery. These developments have not only transformed legal processes but also presented new challenges and opportunities for legal professionals. As we delve into this first part of our series, we examine the top blogs that have been at the forefront of these trends.

Artificial Intelligence 119

Artificial Intelligence 119

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

Security Affairs

DECEMBER 25, 2023

The threat actor UAC-0099 is exploiting a flaw in the WinRAR to deliver LONEPAGE malware in attacks against Ukraine. A threat actor, tracked as UAC-0099, continues to target Ukraine. In some attacks, the APT group exploited a high-severity WinRAR flaw CVE-2023-38831 to deliver the LONEPAGE malware. UAC-0099 threat actor has targeted Ukraine since mid-2022, it was spotted targeting Ukrainian employees working for companies outside of Ukraine.

Archiving 145

Archiving Phishing Security IT 145

WIRED Threat Level

DECEMBER 7, 2023

Mark Zuckerberg personally promised that the privacy feature would launch by default on Messenger and Instagram chat. WIRED goes behind the scenes of the company’s colossal effort to get it right.

Encryption 126

Encryption IT Privacy Security 126

KnowBe4

DECEMBER 28, 2023

With so much of an attack riding on a cybercriminals ability to gain access to systems, applications and data, experts predict the trend of rising impersonation is only going to get worse.

Data breaches 124

Data breaches Access Phishing 124

Schneier on Security

DECEMBER 7, 2023

When you get a push notification on your Apple or Google phone, those notifications go through Apple and Google servers. Which means that those companies can spy on them—either for their own reasons or in response to government demands. Sen. Wyden is trying to get to the bottom of this : In a statement, Apple said that Wyden’s letter gave them the opening they needed to share more details with the public about how governments monitored push notifications. “In this case, the fed

Metadata 128

Metadata Government IT Privacy 128

Advertisement

Gearing up for 2025 annual planning? Our latest eBook from the Operators Guild is your ultimate guide. Discover real-world solutions and best practices shared by top CFOs, drawn directly from discussions within OG’s vibrant online community. Learn from senior executives at high-growth tech startups as they outline financial planning strategies, align CEO and board goals, and coordinate budgets across departments.

Education

Data Breach Today

DECEMBER 7, 2023

The Risk of Insider Threats Is Growing, But So Are Methods to Detect Them Whether because they're malicious, oblivious to company rules or outsmarted by hackers, insiders pose a mounting degree of risk to companies. Hunting for outside hackers offers lessons in preventing insider incidents, said Thomas Etheridge, CrowdStrike chief global professional services officer.

Risk 306

Risk 306

Hunton Privacy

DECEMBER 14, 2023

On December 12, 2023, the Centre for Information Policy Leadership at Hunton Andrews Kurth LLP (“CIPL”) released a white paper on Privacy-Enhancing and Privacy-Preserving Technologies: Understanding the Role of PETs and PPTs in the Digital Age. The paper explores how organizations are approaching privacy-enhancing technologies (“PETs”) and how PETs can advance data protection principles, and provides examples of how specific types of PETs work.

Paper 118

Paper Privacy Data Privacy Education 118

Security Affairs

DECEMBER 1, 2023

The popular cybersecurity researcher Patrick Wardle dissected the new macOS ransomware Turtle used to target Apple devices. The popular cyber security researcher Patrick Wardle published a detailed analysis of the new macOS ransomware Turtle. Wardle pointed out that since Turtle was uploaded on Virus Total, it was labeled as malicious by 24 anti-malware solutions, suggesting it is not a sophisticated threat.

Ransomware 141

Ransomware Encryption Archiving Cybersecurity 141