Data Breach Today
APRIL 4, 2022
Company Initiates Complete Shutdown of IT Systems; Attack May Link to Viasat German wind turbine manufacturer Nordex, which develops, manufactures and distributes wind power systems across the world, has switched off its IT systems in multiple locations after a reported cybersecurity incident. It says the shutdown may affect customers, employees and other stakeholders.
Dark Reading
APRIL 5, 2022
Security features to come include a TPM-like security processor for protecting artifacts that a computer uses during the secure boot-up process, as well as a control for blocking unsigned and untrusted apps.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
WIRED Threat Level
APRIL 5, 2022
The blockchain isn’t as “anonymous” as you might think.
Krebs on Security
APRIL 7, 2022
The U.S. Federal Bureau of Investigation (FBI) says it has disrupted a giant botnet built and operated by a Russian government intelligence unit known for launching destructive cyberattacks against energy infrastructure in the United States and Ukraine. Separately, law enforcement agencies in the U.S. and Germany moved to decapitate “ Hydra ,” a billion-dollar Russian darknet drug bazaar that also helped to launder the profits of multiple Russian ransomware groups.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Data Breach Today
APRIL 2, 2022
Threat Actors Luring Ukrainian Phishing Targets to Download Malicious Files Researchers from Malwarebytes have found that cyber espionage actor UAC-0056, also known as SaintBear, UNC2589 and TA471, is now using a macro-embedded Excel document to target several entities in Ukraine, including ICTV, a private TV channel.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Hunton Privacy
APRIL 7, 2022
On February 28, 2022, the Emirate of Dubai enacted Law No. 4 of 2022 on the Regulation of Virtual Assets (“ VAL ”) and established the Dubai Virtual Assets Regulatory Authority (“ VARA ”). By establishing a legal framework for businesses related to virtual assets, including crypto assets and non-fungible tokens ( NFTs ), this landmark law reflects Dubai’s vision to become one of the leading jurisdictions for entrepreneurs and investors of blockchain technology.
Krebs on Security
APRIL 6, 2022
Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breach. But few organizations have a playbook for responding to the kinds of virtual “smash and grab” attacks we’ve seen recently from LAPSUS$, a juvenile data extortion group whose short-lived, low-tech and remarkably effective tactic
Data Breach Today
APRIL 4, 2022
Among Charges: Unauthorized Computer Access With Intent to Impair Data Reliability Two teenage boys arrested and charged by the City of London Police in connection with its investigation into the Lapsus$ hacking group have been released on bail for an undisclosed sum. They are due to appear in Southwark Crown Court on April 29.
The Last Watchdog
APRIL 4, 2022
APIs have become a security nightmare for SMBs and enterprises alike. Hackers don’t discriminate based on the number of employees or the size of the IT budget. The same types of security risks impact businesses, whatever their size. Related: Using employees as human sensors. Day in and day out, small-to-medium businesses are targeted by cyberattacks.
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
Security Affairs
APRIL 7, 2022
Experts discovered a vulnerability, tracked as CVE-2022-22292, which can be exploited to compromise Android 9, 10, 11, and 12 devices. Researchers from mobile cybersecurity firm Kryptowire discovered a vulnerability, tracked as CVE-2022-22292 , in Android 9, 10, 11, and 12 devices. The vulnerability resides in the pre-installed Phone app that executes with system privileges on Samsung devices.
eSecurity Planet
APRIL 6, 2022
Spring4Shell ( CVE-2022-22965 ) is a remote code execution (RCE) vulnerability that affects Spring Core, a comprehensive framework for Java-based enterprise applications. Spring4Shell gets its name from the Log4Shell vulnerability , one of the most critical zero-day threats ever, which affected a Java software component called Log4j and allowed hackers to take control of web servers and networks.
Data Breach Today
APRIL 7, 2022
Three Aspects of Governance that Need Consideration If an organization doesn’t know who is accessing what, how can they be trusted to make sure a bad actor isn’t gaining access to data, assets, or systems they shouldn’t?
Schneier on Security
APRIL 8, 2022
Ever since Apple introduced AirTags, security people have warned that they could be used for stalking. But while there have been a bunch of anecdotal stories, this is the first vaguely scientific survey: Motherboard requested records mentioning AirTags in a recent eight month period from dozens of the country’s largest police departments. We obtained records from eight police departments.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
APRIL 4, 2022
Threat actors gained access to internal tools of the email marketing giant MailChimp to conduct phishing attacks against crypto customers. During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported. @Trezor WARNING: Elaborate Phishing attack.
eSecurity Planet
APRIL 8, 2022
Bypassing detection tools is part of a hacker’s routine these days. Despite the incredible evolution of defensive technologies, attackers often remain undetected for weeks or months, earning the label advanced persistent threat (APT). Classic security tools are necessary but less and less sufficient. That’s why most security companies are now focusing on behavioral analysis and active endpoint protection , as evasion keeps becoming easier.
Data Breach Today
APRIL 8, 2022
Rule Would Force Firms to Disclose 'Material Cybersecurity Incidents' in 4 Days A proposed rule requiring publicly traded companies to disclose a breach within four days of deeming it material will force CISOs to determine the consequences of breaches sooner. CISOs will need to have board-level conversations within a day or two of discovering an issue to assess materiality.
Dark Reading
APRIL 4, 2022
Fraudsters are out in full force as Tax Day approaches. Use this list to keep your company’s employees informed on what to watch out for this year.
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
Security Affairs
APRIL 3, 2022
Cyble researchers discovered a new remote access trojan (RAT) named Borat capable of conducting DDoS and ransomware attacks. Researchers from threat intelligence firm Cyble discovered a new RAT, named Borat, that enables operators to gain full access and remote control of an infected system. Unlike other RATs, the Borat RAT provides Ransomware and DDOS services to attackers expanding their capabilities.
eSecurity Planet
APRIL 5, 2022
MITRE Engenuity has released the latest round of its ATT&CK endpoint security evaluations, and the results show some familiar names leading the pack with the most detections. The MITRE evaluations are unique in that they emulate advanced persistent threat (APT) and nation-state hacking techniques, making them different from tests that might look at static malware samples, for example.
Data Breach Today
APRIL 4, 2022
Data of 102 Mailchimp Accounts Exported; One Trezor user clams 55,000 pounds losses A data breach involving email marketing firm Mailchimp has affected customers of cryptocurrency hardware wallet provider Trezor, which launched an investigation after its customers received phishing emails containing their Trezor email addresses. Mailchimp says it learned of the breach on March 26.
IT Governance
APRIL 5, 2022
Welcome to our March 2022 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over their personal data. This month, we look at a new phishing technique that makes scams “invisible” and delve into a scam targeting British holidaymakers. Browser-in-the-browser attack defies phishing guidance.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
APRIL 5, 2022
Ukraine CERT-UA spotted a spear-phishing campaign conducted by Russia-linked Armageddon APT targeting local state organizations. Ukraine CERT-UA published a security advisory to warn of spear-phishing attacks conducted by Russia-linked Armageddon APT (aka Gamaredon , Primitive Bear, Armageddon, Winterflounder, or Iron Tilden) targeting local state organizations.
Schneier on Security
APRIL 5, 2022
Brian Krebs has a detailed post about hackers using fake police data requests to trick companies into handing over data. Virtually all major technology companies serving large numbers of users online have departments that routinely review and process such requests, which are typically granted as long as the proper documents are provided and the request appears to come from an email address connected to an actual police department domain name.
Data Breach Today
APRIL 6, 2022
Regulators Examine 'Recognized' Security Practices and How to Divvy Up HIPAA Fines Federal regulators are seeking public input about how they should consider the "recognized" security practices of organizations when taking potential HIPAA enforcement actions - and how to distribute a percentage of HIPAA fines to individuals harmed by violations.
Dark Reading
APRIL 4, 2022
The newly created bureau will help shape norms of responsible government behavior in cyberspace and help US allies bolster their own cybersecurity programs.
Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL
Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.
Security Affairs
APRIL 5, 2022
Anonymous continues to support Ukraine against the Russian criminal invasion targeting the Russian military and propaganda. Anonymous leaked personal details of the Russian military stationed in Bucha where the Russian military carried out a massacre of civilians that are accused of having raped and shot local women and children. Leaked data include names, ranks and passport details of Russians serving in the 64 Motor Rifle Brigade which occupied Bucha prior to March 31.
Threatpost
APRIL 6, 2022
Threat actors target Office 365 and Google Workspace in a new campaign, which uses a legitimate domain associated with a road-safety center in Moscow to send messages.
Data Breach Today
APRIL 5, 2022
Witnesses at Hearing Also Discuss Role of Government in Security Incident Response A water trade association, at a congressional hearing Tuesday, urged the federal government to institute minimum cybersecurity standards for water systems. This comes as water providers see a big increase in the risk they face by connecting their legacy machines to the internet.
Expert insights. Personalized for you.
258 
Let's personalize your content