Dark Reading

MARCH 22, 2021

Understanding each one can go a long way toward demystifying the topic as a whole - and combatting the threat.

134

134

AIIM

MARCH 23, 2021

Many organizations have an obligation to maintain the information they create and receive as part of regular business activities and to ensure that the information is secured and maintained in official filing systems. But, with an endless amount of information flowing in and out of your business on a daily basis - how do you determine what to capture and what to avoid?

Information capture 211

Information capture Records Management IT Access 211

erwin

MARCH 25, 2021

erwin recently hosted the second in its six-part webinar series on the practice of data governance and how to proactively deal with its complexities. Led by Frank Pörschmann of iDIGMA GmbH, an IT industry veteran and data governance strategist, the second webinar focused on “ The Value of Data Governance & How to Quantify It.”. As Mr. Pörschmann highlighted at the beginning of the series, data governance works best when it is strongly aligned with the drivers, motivations and goals of the bu

Government 109

Government IT Compliance Risk 109

Data Breach Today

MARCH 21, 2021

PC and Device Maker Appears to Have Been Targeted by REvil Acer, one of the world's largest PC and device makers, has reportedly been targeted by the ransomware gang REvil, aka Sodinokibi, according to multiple published reports. To date, the Taiwanese company has not confirmed it has been attacked, but data has been posted to the gang's darknet site.

Ransomware 350

Ransomware IT 350

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Krebs on Security

MARCH 23, 2021

A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO), an agency responsible for handling more than $100 billion in public funds each year. The phishers had access for more than 24 hours, and sources tell KrebsOnSecurity the intruders used that time to steal Social Security numbers and sensitive files on thousands of state workers, and to send targeted phishing messages to at least 9,000 other workers and their contacts.

Phishing 302

Phishing Data breaches Access Passwords 302

AIIM

MARCH 25, 2021

In another post this week, we took a look at the first step in the information lifecycle – information capture. We not only talked about the importance of capture, but we also talked about what you should be capturing and what you should avoid capturing. Today, I’d like to dig a little deeper into that discussion and talk about how to distinguish between a record and a non-record.

Records Management 155

Records Management Information capture IT 155

Data Breach Today

MARCH 24, 2021

Investigation Continues; Law Enforcement Notified Insurance provider CNA reported Tuesday it was victimized over the weekend by a "cybersecurity attack" that caused a network disruption and impacted certain systems, including corporate email.

Insurance 340

Insurance Cybersecurity IT 340

Krebs on Security

MARCH 22, 2021

Remember Norse Corp. , the company behind the interactive “pew-pew” cyber attack map shown in the image below? Norse imploded rather suddenly in 2016 following a series of managerial missteps and funding debacles. Now, the founders of Norse have launched a new company with a somewhat different vision: RedTorch , which for the past two years has marketed a mix of services to high end celebrity clients, including spying and anti-spying tools and services.

Computer and Electronics 289

Computer and Electronics Honeypots Archiving Marketing 289

Security Affairs

MARCH 26, 2021

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. The Federal Bureau of Investigation (FBI) published an alert to warn that the Mamba ransomware is abusing the DiskCryptor open-source tool (aka HDDCryptor, HDD Cryptor) to encrypt entire drives.

Ransomware 145

Ransomware Encryption File names Passwords 145

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Schneier on Security

MARCH 26, 2021

Lukasz Olejnik has a good essay on hacking weapons systems. Basically, there is no reason to believe that software in weapons systems is any more vulnerability free than any other software. So now the question is whether the software can be accessed over the Internet. Increasingly, it is. This is likely to become a bigger problem in the near future.

Access 143

Access IT Military Security 143

Data Breach Today

MARCH 23, 2021

Employee and Customer Information Compromised in January Attack; ICO Investigating British clothing and accessories retailer Fat Face says it detected a data breach in January, which exposed personal information - including partial payment card numbers - for an unspecified number of customers and employees. The Information Commissioner's Office is investigating.

Retail 334

Retail Data breaches IT 334

IT Governance

MARCH 25, 2021

Cyber Essentials is one of the most cost-effective ways of bolstering your organisation’s information security. The UK government-backed scheme is designed to help organisations address common weaknesses without having to spend a fortune overhauling their cyber security practices. In this blog, we explain the costs involved in Cyber Essentials certification, including consultancy fees, renewal and advancing to Cyber Essentials Plus.

Government 121

Government Information Security Data breaches Risk 121

Security Affairs

MARCH 20, 2021

Taiwanese multinational hardware and electronics corporation Acer was victim of a REvil ransomware attack, the gang demanded a $50,000,000 ransom. Taiwanese computer giant Acer was victim of the REvil ransomware attack, the gang is demanding the payment of a $50,000,000 ransom, the largest one to date. Acer is the world’s 6th-largest PC vendor by unit sales as of January 2021, it has more than 7,000 employees (2019) and in 2019 declared 234.29 billion in revenue.

Ransomware 145

Ransomware Computer and Electronics Sales Encryption 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Schneier on Security

MARCH 22, 2021

This is a longish video that describes a profitable computer banking scam that’s run out of call centers in places like India. There’s a lot of fluff about glitterbombs and the like, but the details are interesting. The scammers convince the victims to give them remote access to their computers, and then that they’ve mistyped a dollar amount and have received a large refund that they didn’t deserve.

Computer and Electronics 138

Computer and Electronics Access IT Security 138

Data Breach Today

MARCH 23, 2021

Brian Byrne and Bastien Latge of EMVCo Discuss Enhancement of Specifications As digital payments have skyrocketed as a result of the surge in e-commerce during the pandemic, more organizations have provided feedback on enhancing EMVCo's specifications to help fight fraud, two executives with the global technical body say.

336

336

Threatpost

MARCH 24, 2021

Thrive Themes has recently patched vulnerabilities in its WordPress plugins and legacy Themes - but attackers are targeting those who haven't yet applied security updates.

Security 122

Security IT 122

Security Affairs

MARCH 24, 2021

Security experts reported that a second ransomware gang, named Black Kingdom , is targeting Microsoft Exchange servers. After the public disclosure of ProxyLogon vulnerabilities, multiple threat actors started targeting vulnerable Microsoft Exchange servers exposed online. The first ransomware gang exploiting the above issues in attacks in the wild was a group tracked as DearCry.

Ransomware 145

Ransomware Encryption Security IT 145

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Schneier on Security

MARCH 24, 2021

It’s not yet very accurate or practical, but under ideal conditions it is possible to figure out the shape of a house key by listening to it being used. Listen to Your Key: Towards Acoustics-based Physical Key Inference. Abstract: Physical locks are one of the most prevalent mechanisms for securing objects such as doors. While many of these locks are vulnerable to lock-picking, they are still widely used as lock-picking requires specific training with tailored instruments, and easily raise

Paper 137

Paper Security IT 137

Data Breach Today

MARCH 23, 2021

Proofpoint Update Describes the Fraud Tactics The SolarWinds supply chain attackers manipulated OAuth app certificates to maintain persistence and access privileged resources, including email, according to researchers at Proofpoint.

Access 331

Access 331

OpenText Information Management

MARCH 25, 2021

Public-sector organizations around the world have made significant progress in improving interactions with their citizen customers by modernizing their infrastructure and digitally transforming the services they deliver. The COVID-19 pandemic highlighted the importance of a consistent, personalized and resilient digital citizen experience. Join me at this year’s OpenText™ World Europe to hear from government agencies … The post Delivering outstanding citizen experience in a post-COVID worl

Digital transformation 119

Digital transformation Government Customer Experience 119

Security Affairs

MARCH 26, 2021

Accenture security researchers published an analysis of the latest Hades campaign, which is ongoing since at least December 2020. . Accenture’s Cyber Investigation & Forensic Response (CIFR) and Cyber Threat Intelligence (ACTI) teams published an analysis of the latest campaign conducted by financially motivated threat group Hades which have been operating since at least December 2020. .

Ransomware 145

Ransomware Encryption File names Manufacturing 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

DLA Piper Privacy Matters

MARCH 23, 2021

Authors: Carolyn Bigg and Venus Cheung. Mobile apps have been heavily regulated in China for the last 18 months, under specific TC260 guidelines and CAC circulars. Since these have been in force China mobile app operators have had to comply with a long checklist of specific privacy requirements. Mobile apps have during this period been one of the regulator’s enforcement priorities, and there has been a stream of enforcement action (notably apps taken down from app stores) for non-compliance with

Data collection 119

Data collection Compliance Privacy 119

Data Breach Today

MARCH 21, 2021

BIG-IP Server Flaw Ranked 9.8 out of 10 in Severity Threats actors are actively exploiting a critical remote code vulnerability in F5 Networks' BIG-IP server appliances, for which patches were released by the company on March 10. The vulnerability has a CVSS ranking of 9.8 out of 10 - highly critical.

346

346

Threatpost

MARCH 23, 2021

A former IT contractor is facing jailtime after a retaliatory hack into a company’s network and wiping the majority of its employees’ Microsoft Office 365 accounts.

IT 120

IT Government Security 120

Security Affairs

MARCH 20, 2021

A hacking group has employed at least 11 zero-day flaws as part of an operation that took place in 2020 and targeted Android, iOS, and Windows users. Google’s Project Zero security team published a report about the activity of a mysterious hacking group that operated over the course of 2020 and exploited at least 11 zero-day vulnerabilities in its attacks on Android, iOS, and Windows users.

Security 144

Security IT Information Security 144

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

DLA Piper Privacy Matters

MARCH 24, 2021

Authors: Carolyn Bigg , Venus Cheung. Operators of e-commerce platforms, websites and apps in China, and those using third party e-commerce, social media or livestreaming platforms to sell their products and services in China, must update their operations, services and systems in advance of wide-ranging new rules. The Measures for the Supervision and Administration of Online Transactions (“Measures”) will come into force on 1 May 2021.

Personal data 111

Personal data Data Privacy Marketing Privacy 111

Data Breach Today

MARCH 24, 2021

MalwareHunter Team Finds Updated Capabilities The REvil ransomware gang has added a new malware capability that enables the attackers to reboot an infected device after encryption, security researchers at MalwareHunter Team report.

Ransomware 325

Ransomware Encryption Security 325

Threatpost

MARCH 23, 2021

Attackers accessed personal and business data from the company’s legacy file-transfer service in a recent data-security incident but core IT systems remained untouched.

Access 117

Access Security IT 117