Security Affairs
DECEMBER 27, 2021
Researchers analyzed a new Android banking malware that targets Brazil’s Itaú Unibanco that spreads through fake Google Play Store pages. Researchers from threat intelligence firm Cyble analyzed a new Android banking malware that targets Brazil’s Itaú Unibanco trying to perform fraudulent financial transactions on the legitimate Itaú Unibanco applications without the victim’s knowledge.
Dark Reading
DECEMBER 27, 2021
To protect their staffers, leaders should focus on identifying and alleviating root causes of burnout.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
DECEMBER 26, 2021
Apple recently addressed fixed a flaw in the macOS that could be potentially exploited by an attacker to bypass Gatekeeper security feature. Apple recently addressed a vulnerability in the macOS operating system, tracked as CVE-2021-30853, that could be potentially exploited by an attacker to bypass the Gatekeeper security feature and run arbitrary code.
Threatpost
DECEMBER 29, 2021
Here’s what cybersecurity watchers want infosec pros to know heading into 2022. .
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Schneier on Security
DECEMBER 31, 2021
This development suprises no one who has been paying attention: Researchers now believe AirTags, which are equipped with Bluetooth technology, could be revealing a more widespread problem of tech-enabled tracking. They emit a digital signal that can be detected by devices running Apple’s mobile operating system. Those devices then report where an AirTag has last been seen.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Security Affairs
DECEMBER 31, 2021
Researchers devised a series of attacks against SSDs that could allow to implant malware in a location that is not monitored by security solutions. Korean researchers devised a series of attacks against solid-state drives (SSDs) that could allow to implant malware in specific memory locations bypassing security solutions. The attacks work against drives with flex capacity features and allow to implant a malicious code in a hidden area of SSDs called over-provisioning.
Threatpost
DECEMBER 28, 2021
Security flaws in the recently released Fisher-Price Chatter Bluetooth telephone can allow nearby attackers to spy on calls or communicate with children using the device.
The Last Watchdog
DECEMBER 30, 2021
Workforce management software ( WFM ) is an essential tool companies across industries can use to organize their workforce, track employee work and performance, forecast labor demand, and create schedules for employees. Related: Turning workers into security security sensors. Most, if not all, WFM software is chock full of features that makes managing a workforce more efficient and effortless for top management.
Dark Reading
DECEMBER 28, 2021
Over 80% of Java packages stored on Maven Central Repository have log4j as an indirect dependency, with most of them burying the vulnerable version five levels deep, says Google's Open Source Insights Team.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
DECEMBER 31, 2021
The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The Have I Been Pwned data breach notification service now allows victims of the RedLine malware to check if their credentials have been stolen. The service now includes credentials for 441K accounts stolen by the popular info-stealer.
Threatpost
DECEMBER 29, 2021
Jason Kent, hacker-in-residence at Cequence Security, discusses sneaky shopping bot tactics (i.e., domain parking) seen in a mass campaign, and what retail security teams can do about them.
eSecurity Planet
DECEMBER 29, 2021
MITRE ATT&CK (“miter attack”) is an up-to-date and widely-used knowledge base that focuses on how attackers think and operate. It’s based on practical use cases, so companies can better evaluate security issues and get examples of common tactics and techniques used by threat actors. ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) documents adversary behaviors to be used by red teams (e.g., for pentesting ) but also by defenders who want to understand “the conte
Dark Reading
DECEMBER 28, 2021
Ransomware demands a new approach to incident response.
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
Security Affairs
DECEMBER 29, 2021
T-Mobile discloses a new data breach that impacted a “very small number of customers” who were victim of SIM swap attacks. T-Mobile has suffered another security breach, threat actors gained access to the accounts of “a small number of” customers.’. According to The T-Mo Report , which viewed T-Mobile internal documents, there was “unauthorized activity” on some customer accounts.
Threatpost
DECEMBER 30, 2021
Expect many more zero-day exploits in 2022, and cyberattacks using them being launched at a significantly higher rate, warns Aamir Lakhani, researcher at FortiGuard Labs.
The Texas Record
DECEMBER 28, 2021
The records management assistance unit has launched a Records Management Guidance Library , consisting of one page quick guides on hot topics and frequently asked questions. [link]. The first three topics covered in this newly launched training library are: Social Media Records Email Records Imaging & Scanning. New guides will be published based on popular demand.
Dark Reading
DECEMBER 30, 2021
Security leaders need to examine their business model, document risks, and develop a strategic plan to address those risks.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
DECEMBER 27, 2021
Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities in the Apache Log4j library. Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE2021-4104, and CVE-2021-42550) in the Apache Log4j library warning of the need to adopt protective measures. The vulnerabilities can allow threat actors to execute arbitrary code on the target systems, trigger a Denial of Service condition, or disclose confidential informa
Threatpost
DECEMBER 30, 2021
Researchers from CrowdStrike disrupted an attempt by the threat group to steal industrial intelligence and military secrets from an academic institution.
Hunton Privacy
DECEMBER 30, 2021
On December 15, 2021, the New Jersey Acting Attorney General Andrew J. Bruck announced that its Division of Consumer Affairs had reached a $425,000 settlement with New Jersey-based providers of cancer care, Regional Cancer Care Associates LLC, RCCA MSO LLC and RCCA MD LLC (collectively, “RCCA”), over alleged failures to adequately safeguard patient data.
Dark Reading
DECEMBER 28, 2021
Severe flaws in Microsoft Exchange and Windows Print Spooler stood out amid a wide range of vulnerabilities security teams were forced to prioritize in 2021.
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
Security Affairs
DECEMBER 29, 2021
China-linked BlackTech cyberespionage group was targeting Japanese companies using new malware tracked as ‘Flagpro’. Researchers from NTT Security reported that China-linked BlackTech cyberespionage group targeted Japanese companies using new malware tracked as ‘Flagpro’. Attacks using Flagpro targeted multiple companies in Defense, Media, and Communications industries several times. .
Troy Hunt
DECEMBER 30, 2021
2021 Dumpster fire? Harsh, but fair and I shall keep this 3D-printed reminder handy and hope I don't end up needing to print a 2022 version! So many times throughout this week's video I came back to that theme. But hey, there was some positive stuff too, not least the bits about some of the wonderful organisations I've worked with this year, bought products from or otherwise just been a big part of my digital life in 2021.
The Security Ledger
DECEMBER 29, 2021
In this episode of the podcast (#233) Mark Stanislav, a Vice President at the firm Gemini, joins Paul to talk about what went wrong with disclosure of Log4Shell, the critical, remote code execution flaw in the Log4j open source library. Mark talks about how the Internet community can come together ahead of the next vulnerability to make sure the. Read the whole entry. » Click the icon below to listen.
Dark Reading
DECEMBER 30, 2021
Zero trust moves the control pane closer to the defended asset and attempts to tightly direct access and privileges.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
DECEMBER 25, 2021
A gang behind a recent Dridex Omicron campaign is moking the victims taunting them with a COVID-19 funeral assistance helpline number. Crooks behind a recent Dridex campaign is moking the researchers and victims taunting them with a COVID-19 funeral assistance helpline number. The phishing messages use weaponized Word or Excel attachments to install the Dridex banking Trojan.
Threatpost
DECEMBER 27, 2021
A look back at what was hot with readers in this second year of the pandemic.
Data Matters
DECEMBER 28, 2021
On December 10, the Federal Trade Commission (FTC) announced it is considering a rulemaking on commercial Artificial Intelligence (AI). The purpose of the rulemaking, according to an advanced notice of proposed rulemaking (ANPRM) titled “ Trade Regulation in Commercial Surveillance ,” would be “to curb lax security practices, limit privacy abuses, and ensure that algorithmic decision-making does not result in unlawful discrimination.”.
Expert insights. Personalized for you.
145 
Let's personalize your content