The Last Watchdog

FEBRUARY 17, 2022

Data helps digital businesses make meaningful decisions and fast-track their growth in a global market so that companies that are skilled at harvesting data regularly and consistently tend to grow faster than those that only involve data scantily in making decisions. Related: Kaseya hack highlight supply-chain risks. This has made data extraction one of the most crucial aspects of what makes a company strive in today’s economy.

Access 228

Access Marketing Compliance Security 228

WIRED Threat Level

FEBRUARY 16, 2022

Mozilla’s privacy-heavy browser is flatlining. What it does next is crucial for the future of the web.

Privacy 99

Privacy IT Security 99

Dark Reading

FEBRUARY 16, 2022

Sensitive data stolen on US weapons development and deployment, product development, foreign partnerships, contracts, and more.

89

89

Krebs on Security

FEBRUARY 16, 2022

A network intrusion at the International Committee for the Red Cross (ICRC) in January led to the theft of personal information on more than 500,000 people receiving assistance from the group. KrebsOnSecurity has learned that the email address used by a cybercriminal actor who offered to sell the stolen ICRC data also was used to register multiple domain names the FBI says are tied to a sprawling media influence operation originating from Iran.

Ransomware 264

Ransomware Sales Access Data breaches 264

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

The Last Watchdog

FEBRUARY 14, 2022

Which topics should CEOs, CIOs and CISOs have on their radar when it comes to Identity and Access Management ( IAM ) and cyber security risks in 2022? Related: How IAM authenticates users. Here are a few important issues that relate to the changes in today’s working environment. Reduce manual processes. Automation can help get rid of manual processes.

Authentication 245

Authentication Access Passwords Risk 245

Jamf

FEBRUARY 15, 2022

Learn how the partnership between Jamf Pro and Google BeyondCorp enables you to construct a compliance and security framework around end-user devices, blending Jamf’s device management with Google’s endpoint management security for a comprehensive, cloud-based, Zero Trust solution.

Cloud 143

Cloud Access Compliance Security 143

Krebs on Security

FEBRUARY 14, 2022

In January, KrebsOnSecurity examined clues left behind by “ Wazawaka ,” the hacker handle chosen by a major ransomware criminal in the Russian-speaking cybercrime scene. Wazawaka has since “lost his mind” according to his erstwhile colleagues, creating a Twitter account to drop exploit code for a widely-used virtual private networking (VPN) appliance, and publishing bizarre selfie videos taunting security researchers and journalists.

Ransomware 210

Ransomware Data breaches Security Encryption 210

IT Governance

FEBRUARY 15, 2022

Everybody wants to know what the future holds. Those who are a step ahead of the rest can foresee challenges and avoid falling into pitfalls, or they can spot opportunities and ride to success. This is as true in the cyber security landscape as it is in any other. But predictions are difficult. After all, who at the start of 2020 could have foreseen what the next two years would be like?

Security 141

Security Insurance Authentication Passwords 141

Hunton Privacy

FEBRUARY 16, 2022

On February 14, 2022, Texas Attorney General Ken Paxton brought suit against Meta, the parent company of Facebook and Instagram, over the company’s collection and use of biometric data. The suit alleges that Meta collected and used Texans’ facial geometry data in violation of the Texas Capture or Use of Biometric Identifier Act (“CUBI”) and the Texas Deceptive Trade Practices Act (“DTPA”).

Privacy 132

Privacy IT Information Security Security 132

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Troy Hunt

FEBRUARY 16, 2022

I have a vehement dislike for misleading advertising. We see it every day; weight loss pills, make money fast schemes and if you travel in the same circles I do, claims that extended validation (EV) certificates actually do something useful: Why are you still claiming this @digicert ? This is extremely misleading, anyone feel like reporting this to the relevant advertising standards authority in their jurisdiction?

Phishing 132

Phishing Security IT Paper 132

Security Affairs

FEBRUARY 18, 2022

Iran-linked TunnelVision APT group is actively exploiting the Log4j vulnerability to deploy ransomware on unpatched VMware Horizon servers. Researchers from SentinelOne have observed the potentially destructive Iran-linked APT group TunnelVision is actively exploiting the Log4j vulnerability to deploy ransomware on unpatched VMware Horizon servers. TunnelVision’s TTPs overlap with the ones associated with Iran-linked nation-state actors Phosphorus , Charming Kitten and Nemesis Kitten.

Ransomware 134

Ransomware Security IT Information Security 134

eSecurity Planet

FEBRUARY 15, 2022

Ransomware attacks on critical infrastructure and a surge in exploited vulnerabilities are getting the attention of U.S. cybersecurity agencies, which highlighted the threats in a pair of warnings issued in recent days. The FBI and U.S. Secret Service issued a detailed advisory on the BlackByte Ransomware as a Service (RaaS) group, which has attacked critical infrastructure industries in recent months, among them government, financial and food and agriculture targets.

Ransomware 128

Ransomware Encryption Agriculture Cybersecurity 128

Data Protection Report

FEBRUARY 14, 2022

Recent decisions out of the EU will impact the use of Google Analytics and similar non-European analytics services when targeting EU individuals, with the potential to put many organizations at risk of receiving GDPR fines. At issue was the transfer of personal data from the EU to the US through the use of Google Analytics. These decisions, like the Schrems decisions, make it clear that organizations must have a technical understanding of their data flows, with an emphasis on: (1) where the data

Analytics 128

Analytics GDPR Personal data IT 128

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Schneier on Security

FEBRUARY 17, 2022

A reporter interviews a Uyghur human-rights advocate, and uses the Otter.ai transcription app. The next day, I received an odd note from Otter.ai, the automated transcription app that I had used to record the interview. It read: “Hey Phelim, to help us improve your Otter’s experience, what was the purpose of this particular recording with titled ‘Mustafa Aksu’ created at ‘2021-11-08 11:02:41’?”.

Government 122

Government IT 122

Security Affairs

FEBRUARY 18, 2022

Qualys experts found a new Linux privilege escalation vulnerability, tracked as CVE-2021-44731, in Canonical’s Snap Package Manager. Canonical’s Snap software packaging and deployment system are affected by multiple vulnerabilities, including a privilege escalation flaw tracked as CVE-2021-44731 (CVSS score 7.8). Snap is a software packaging and deployment system developed by Canonical for operating systems that use the Linux kernel.

Security 128

Security Information Security IT 128

Troy Hunt

FEBRUARY 16, 2022

Continuing the march forward to provide governments with better access to their departments' data exposed in breaches , I'm very pleased to welcome the 28th national government onto Have I Been Pwned - New Zealand! They'll join the other govs around the world that have complete free access to breach information impacting their gov domains and TLDs.

Government 121

Government Access Security IT 121

Data Protection Report

FEBRUARY 14, 2022

The French Data Protection Authority (the “ CNIL ”) continues its campaign against companies that do not respect the rules relating to cookies and other trackers, which the CNIL has previously reminded the market about in multiple communications and decisions. The CNIL has already issued four sets of formal notices to over 90 organizations of various sizes for non-compliance with the rules.

GDPR 115

GDPR Compliance Communications Personal data 115

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Schneier on Security

FEBRUARY 15, 2022

Two US Senators claim that the CIA has been running an unregulated — and almost certainly illegal — mass surveillance program on Americans. The senator’s statement. Some declassified information from the CIA. No real details yet.

Data collection 119

Data collection 119

Security Affairs

FEBRUARY 18, 2022

Google introduces Privacy Sandbox on Android aimed at leading to more private advertising solutions for mobile users. Google announced Privacy Sandbox on Android to limit user data sharing and prevent the use of cross-app identifiers. The company states that the Privacy Sandbox technologies are still in development. “Privacy Sandbox on Android will strengthen privacy, while providing tools app developers need to support and grow their businesses.

Privacy 111

Privacy Data collection Security IT 111

Hunton Privacy

FEBRUARY 18, 2022

On February 15, 2022, the French Data Protection Authority (the “CNIL”) published its enforcement priority topics for 2022. Each year, the CNIL conducts numerous investigations in response to complaints, data breach notifications and ongoing events, or based on previously established enforcement priorities. For 2022, the CNIL indicated that it will focus on three major strategic priorities: Direct Marketing.

Cloud 108

Cloud Data breaches GDPR Marketing 108

Threatpost

FEBRUARY 17, 2022

On Tuesday, institutions central to Ukraine’s military and economy were hit with denial-of-service (DoS) attacks. Impact was limited, but the ramifications are not.

Military 110

Military Government Security 110

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Schneier on Security

FEBRUARY 16, 2022

Google’s Project Zero is reporting that software vendors are patching their code faster. tl;dr. In 2021, vendors took an average of 52 days to fix security vulnerabilities reported from Project Zero. This is a significant acceleration from an average of about 80 days 3 years ago. In addition to the average now being well below the 90-day deadline, we have also seen a dropoff in vendors missing the deadline (or the additional 14-day grace period).

Security 103

Security IT 103

Security Affairs

FEBRUARY 17, 2022

Cisco warns of a DoS issue affecting its Email Security Appliance (ESA) product that could be exploited using specially crafted emails. Cisco ESA products are affected by a DoS vulnerability, tracked as CVE-2022-20653 , that resides in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for ESA.

Authentication 115

Authentication Security IT Information Security 115

Micro Focus

FEBRUARY 16, 2022

Derek Britton, Director of Communications and Brand Strategy, discusses how to balance making the critical decisions about digital transformation in today’s economy. Few organizations of any size have ignored the importance of digital transformation. Many were forced to quickly implement fundamental digital transformation activities in order to survive the first waves of COVID-19.

Digital transformation 102

Digital transformation Communications 102

Daymark

FEBRUARY 15, 2022

On February 9, 2020, Infinidat rolled out some major enhancements to its InfiniGuard enterprise data protection platform. The announcement themes revolved around enhanced data protection, faster recovery and overall cyber resilience.

IT 101

IT Security 101

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

Threatpost

FEBRUARY 16, 2022

A group of five security vulnerabilities could lead to a range of bad outcomes for virtual-machine enthusiasts, including command execution and DoS.

Security 111

Security Cloud 111

Security Affairs

FEBRUARY 18, 2022

Researchers developed an exploit code for CVE-2022-24086 vulnerability affecting Adobe?Commerce and?Magento Open Source. Positive Technologies researchers have created a working PoC exploit for the recently patched CVE-2022-24086 vulnerability affecting its Commerce and Magento Open Source products. An attacker could use the exploit to achieve remote code execution from an unauthenticated user.

Authentication 119

Authentication Security Cybersecurity IT 119

IT Governance

FEBRUARY 17, 2022

If you’re serious about information security, you should consider gaining a Microsoft qualification. ISO 27001 is often considered the go-to qualification for information security professionals. But the changing way organisations operate means it’s becoming increasingly valuable to pair a strong understanding of the Standard with a Microsoft certification.

Cloud 97

Cloud Systems administration Information Security Security 97