Sat.Feb 12, 2022 - Fri.Feb 18, 2022

article thumbnail

GUEST ESSAY – Here’s how web-scraping proxies preserve anonymity while aiding data access

The Last Watchdog

Data helps digital businesses make meaningful decisions and fast-track their growth in a global market so that companies that are skilled at harvesting data regularly and consistently tend to grow faster than those that only involve data scantily in making decisions. Related: Kaseya hack highlight supply-chain risks. This has made data extraction one of the most crucial aspects of what makes a company strive in today’s economy.

Access 228
article thumbnail

Is Firefox Okay?

WIRED Threat Level

Mozilla’s privacy-heavy browser is flatlining. What it does next is crucial for the future of the web.

Privacy 101
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Russian Actors Targeting US Defense Contractors in Cyber Espionage Campaign, CISA Warns

Dark Reading

Sensitive data stolen on US weapons development and deployment, product development, foreign partnerships, contracts, and more.

89
article thumbnail

Red Cross Hack Linked to Iranian Influence Operation?

Krebs on Security

A network intrusion at the International Committee for the Red Cross (ICRC) in January led to the theft of personal information on more than 500,000 people receiving assistance from the group. KrebsOnSecurity has learned that the email address used by a cybercriminal actor who offered to sell the stolen ICRC data also was used to register multiple domain names the FBI says are tied to a sprawling media influence operation originating from Iran.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

GUEST ESSAY: 5 steps all SMBs should take to minimize IAM exposures in the current enviroment

The Last Watchdog

Which topics should CEOs, CIOs and CISOs have on their radar when it comes to Identity and Access Management ( IAM ) and cyber security risks in 2022? Related: How IAM authenticates users. Here are a few important issues that relate to the changes in today’s working environment. Reduce manual processes. Automation can help get rid of manual processes.

More Trending

article thumbnail

Conditional access with Jamf + Google Cloud BeyondCorp

Jamf

Learn how the partnership between Jamf Pro and Google BeyondCorp enables you to construct a compliance and security framework around end-user devices, blending Jamf’s device management with Google’s endpoint management security for a comprehensive, cloud-based, Zero Trust solution.

Cloud 143
article thumbnail

Wazawaka Goes Waka Waka

Krebs on Security

In January, KrebsOnSecurity examined clues left behind by “ Wazawaka ,” the hacker handle chosen by a major ransomware criminal in the Russian-speaking cybercrime scene. Wazawaka has since “lost his mind” according to his erstwhile colleagues, creating a Twitter account to drop exploit code for a widely-used virtual private networking (VPN) appliance, and publishing bizarre selfie videos taunting security researchers and journalists.

article thumbnail

9 cyber security predictions for 2022

IT Governance

Everybody wants to know what the future holds. Those who are a step ahead of the rest can foresee challenges and avoid falling into pitfalls, or they can spot opportunities and ride to success. This is as true in the cyber security landscape as it is in any other. But predictions are difficult. After all, who at the start of 2020 could have foreseen what the next two years would be like?

Security 142
article thumbnail

Iran-linked TunnelVision APT is actively exploiting the Log4j vulnerability

Security Affairs

Iran-linked TunnelVision APT group is actively exploiting the Log4j vulnerability to deploy ransomware on unpatched VMware Horizon servers. Researchers from SentinelOne have observed the potentially destructive Iran-linked APT group TunnelVision is actively exploiting the Log4j vulnerability to deploy ransomware on unpatched VMware Horizon servers. TunnelVision’s TTPs overlap with the ones associated with Iran-linked nation-state actors Phosphorus , Charming Kitten and Nemesis Kitten.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

How Everything We're Told About Website Identity Assurance is Wrong

Troy Hunt

I have a vehement dislike for misleading advertising. We see it every day; weight loss pills, make money fast schemes and if you travel in the same circles I do, claims that extended validation (EV) certificates actually do something useful: Why are you still claiming this @digicert ? This is extremely misleading, anyone feel like reporting this to the relevant advertising standards authority in their jurisdiction?

Phishing 132
article thumbnail

Texas AG Sues Meta Over Collection and Use of Biometric Data

Hunton Privacy

On February 14, 2022, Texas Attorney General Ken Paxton brought suit against Meta, the parent company of Facebook and Instagram, over the company’s collection and use of biometric data. The suit alleges that Meta collected and used Texans’ facial geometry data in violation of the Texas Capture or Use of Biometric Identifier Act (“CUBI”) and the Texas Deceptive Trade Practices Act (“DTPA”).

Privacy 132
article thumbnail

Possible Government Surveillance of the Otter.ai Transcription App

Schneier on Security

A reporter interviews a Uyghur human-rights advocate, and uses the Otter.ai transcription app. The next day, I received an odd note from Otter.ai, the automated transcription app that I had used to record the interview. It read: “Hey Phelim, to help us improve your Otter’s experience, what was the purpose of this particular recording with titled ‘Mustafa Aksu’ created at ‘2021-11-08 11:02:41’?”.

article thumbnail

CVE-2021-44731 Linux privilege escalation bug affects Canonical’s Snap Package Manager

Security Affairs

Qualys experts found a new Linux privilege escalation vulnerability, tracked as CVE-2021-44731, in Canonical’s Snap Package Manager. Canonical’s Snap software packaging and deployment system are affected by multiple vulnerabilities, including a privilege escalation flaw tracked as CVE-2021-44731 (CVSS score 7.8). Snap is a software packaging and deployment system developed by Canonical for operating systems that use the Linux kernel.

Security 135
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

European rulings on the use of Google Analytics and how it may affect your business

Data Protection Report

Recent decisions out of the EU will impact the use of Google Analytics and similar non-European analytics services when targeting EU individuals, with the potential to put many organizations at risk of receiving GDPR fines. At issue was the transfer of personal data from the EU to the US through the use of Google Analytics. These decisions, like the Schrems decisions, make it clear that organizations must have a technical understanding of their data flows, with an emphasis on: (1) where the data

Analytics 128
article thumbnail

Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities

eSecurity Planet

Ransomware attacks on critical infrastructure and a surge in exploited vulnerabilities are getting the attention of U.S. cybersecurity agencies, which highlighted the threats in a pair of warnings issued in recent days. The FBI and U.S. Secret Service issued a detailed advisory on the BlackByte Ransomware as a Service (RaaS) group, which has attacked critical infrastructure industries in recent months, among them government, financial and food and agriculture targets.

article thumbnail

Secret CIA Data Collection Program

Schneier on Security

Two US Senators claim that the CIA has been running an unregulated — and almost certainly illegal — mass surveillance program on Americans. The senator’s statement. Some declassified information from the CIA. No real details yet.

article thumbnail

Researchers created a PoC exploit for recently disclosed critical Magento CVE-2022-24086 bug

Security Affairs

Researchers developed an exploit code for CVE-2022-24086 vulnerability affecting Adobe?Commerce and?Magento Open Source. Positive Technologies researchers have created a working PoC exploit for the recently patched CVE-2022-24086 vulnerability affecting its Commerce and Magento Open Source products. An attacker could use the exploit to achieve remote code execution from an unauthenticated user.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Welcoming the New Zealand Government to Have I Been Pwned

Troy Hunt

Continuing the march forward to provide governments with better access to their departments' data exposed in breaches , I'm very pleased to welcome the 28th national government onto Have I Been Pwned - New Zealand! They'll join the other govs around the world that have complete free access to breach information impacting their gov domains and TLDs.

article thumbnail

Ransomware Adds New Wrinkle in Russian Cybercrime Market

Dark Reading

Government crackdowns may destabilize Russian crime rings and strengthen their ties to Chinese allies.

Marketing 117
article thumbnail

Rejecting cookies should be as easy as accepting cookies: new sanctions by the French authority (CNIL)

Data Protection Report

The French Data Protection Authority (the “ CNIL ”) continues its campaign against companies that do not respect the rules relating to cookies and other trackers, which the CNIL has previously reminded the market about in multiple communications and decisions. The CNIL has already issued four sets of formal notices to over 90 organizations of various sizes for non-compliance with the rules.

GDPR 115
article thumbnail

Specially crafted emails could crash Cisco ESA devices

Security Affairs

Cisco warns of a DoS issue affecting its Email Security Appliance (ESA) product that could be exploited using specially crafted emails. Cisco ESA products are affected by a DoS vulnerability, tracked as CVE-2022-20653 , that resides in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for ESA.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Critical VMware Bugs Open ESXi, Fusion & Workstation to Attackers

Threatpost

A group of five security vulnerabilities could lead to a range of bad outcomes for virtual-machine enthusiasts, including command execution and DoS.

Security 111
article thumbnail

How to Make Cybersecurity Effective and Invisible

Dark Reading

Cybersecurity should be a shield that protects the business, not a barrier that holds it back.

article thumbnail

French CNIL Releases 2022 Enforcement Priorities

Hunton Privacy

On February 15, 2022, the French Data Protection Authority (the “CNIL”) published its enforcement priority topics for 2022. Each year, the CNIL conducts numerous investigations in response to complaints, data breach notifications and ongoing events, or based on previously established enforcement priorities. For 2022, the CNIL indicated that it will focus on three major strategic priorities: Direct Marketing.

Cloud 108
article thumbnail

Google Privacy Sandbox promises to protect user privacy online

Security Affairs

Google introduces Privacy Sandbox on Android aimed at leading to more private advertising solutions for mobile users. Google announced Privacy Sandbox on Android to limit user data sharing and prevent the use of cross-app identifiers. The company states that the Privacy Sandbox technologies are still in development. “Privacy Sandbox on Android will strengthen privacy, while providing tools app developers need to support and grow their businesses.

Privacy 117
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Ukrainian DDoS Attacks Should Put US on Notice–Researchers

Threatpost

On Tuesday, institutions central to Ukraine’s military and economy were hit with denial-of-service (DoS) attacks. Impact was limited, but the ramifications are not.

Military 110
article thumbnail

Vendors are Fixing Security Flaws Faster

Schneier on Security

Google’s Project Zero is reporting that software vendors are patching their code faster. tl;dr. In 2021, vendors took an average of 52 days to fix security vulnerabilities reported from Project Zero. This is a significant acceleration from an average of about 80 days 3 years ago. In addition to the average now being well below the 90-day deadline, we have also seen a dropoff in vendors missing the deadline (or the additional 14-day grace period).

Security 107
article thumbnail

Could Biology Hold the Clue to Better Cybersecurity?

Dark Reading

Sophisticated malware attacks underscore the need for a more dynamic security framework, inspired by biological concepts.