The Last Watchdog

MARCH 14, 2022

When was the last time you read an online privacy policy in its entirety? Perhaps, never? Yet our world has moved online. We have on average 67 applications on our mobile phones, seven social media accounts and more than 120 online accounts. But these accounts are not all about networking and games. Related: What happened to privacy in 2021. COVID crisis has forced us to work remotely.

Privacy 223

Privacy Artificial Intelligence Financial Services Archiving 223

Data Breach Today

MARCH 15, 2022

Critical Infrastructure Defense Project From Cloudflare, CrowdStrike, Ping Identity As Western cybersecurity officials warn that Russia's Ukraine invasion poses an elevated cybersecurity risk to all, kudos to Cloudflare, CrowdStrike and Ping Identity for offering free endpoint security and other defenses to the healthcare sector and power sectors, for at least four months.

Cybersecurity 340

Cybersecurity Risk Security 340

Dark Reading

MARCH 15, 2022

A simple request to the VirusTotal scanning service reveals thousands of mobile-application databases left open to the public by developers in a three-month period.

131

131

Krebs on Security

MARCH 17, 2022

Researchers are tracking a number of open-source “ protestware ” projects on GitHub that have recently altered their code to display “Stand with Ukraine” messages for users, or basic facts about the carnage in Ukraine. The group also is tracking several code packages that were recently modified to erase files on computers that appear to be coming from Russian or Belarusian Internet addresses.

Libraries 346

Libraries IT Security 346

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

AIIM

MARCH 14, 2022

There are some chores I love, many I don’t mind, and a few that sap my will to live. Folding laundry falls into the soul-crushing category. I’ve tried doing it while I watch the Price is Right or rock out to Taylor Swift (yes, she’s my guilty pleasure!), but nothing distracts me from the monotony of that task. And my least favorite part about it has always been trying to match the socks.

IT 144

IT Marketing 144

Imperial Violet

MARCH 14, 2022

When taking something from cryptographic theory into practice, it's very important to pick parameters. I don't mean picking the right parameters — although that certainly helps. I mean picking parameters at all. That might seem obvious, but there are pressures pushing towards abdication: what if you get it wrong? Why not hedge bets and add another option?

IT 154

IT Security 154

Security Affairs

MARCH 17, 2022

The collective Anonymous and its affiliated groups continue to target the Russian government and private organizations. The collective Anonymous, and other groups in its ecosystem, continue to target the Russian government and private organizations. Let’s summarize the most interesting attacks observed in the last few days. Yesterday Anonymous announced the hack of the website of the Ministry of Emergencies of Russia, the hackers defaced them and published the message: “Don’t t

Military 145

Military Communications Government Access 145

eSecurity Planet

MARCH 14, 2022

Cobalt Strike was created a decade ago by Raphael Mudge as a tool for security professionals. It’s a comprehensive platform that emulates very realistic attacks. Indeed, the tool can assess vulnerabilities and run penetration tests , while most tools on the market cannot do both. Vulnerability assessment and pentesting are two different things. The first consists of identifying vulnerabilities that could be used by hackers, not exploiting them.

Energy and Utilities 131

Energy and Utilities Ransomware Communications Security 131

Data Breach Today

MARCH 15, 2022

Despite Russian Aggression, Distributed Denial-of-Service Attacks Remain Illegal With Ukraine having called on the world to join its "IT Army" and help it hack Russia and ally Belarus, what could possibly go wrong? For starters, launching distributed denial-of-service attacks - at least from outside Ukraine - remains illegal and risks triggering an escalation by Moscow.

IT 346

IT Risk 346

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

IT Governance

MARCH 15, 2022

Cyber threat management is the process of identifying, analysing, evaluating and addressing an organisation’s cyber security requirements. With more than a 1,000 publicly disclosed security incidents last year – and countless others that weren’t reported – cyber security is a growing priority. It’s only by actively monitoring threats throughout their lifecycle that organisations can identify the risks that they face and the steps they should take to mitigate them.

Risk 124

Risk Data breaches Information Security Government 124

Security Affairs

MARCH 16, 2022

In mere seconds, a hacker remotely accessed a computer belonging to a regional Russian Ministry of Health, taking advantage of sloppy cybersecurity practices to expose its entire network. Original post at [link]. Spielerkid89, who wished to remain anonymous, did not intend to harm the organization and left its systems intact. However, his experiment is a perfect example of how poor cyber hygiene can leave organizations vulnerable to cyber attacks.

Authentication 139

Authentication Access Systems administration Military 139

eSecurity Planet

MARCH 18, 2022

Many security professionals think that if they have done the hard work of securing their organization, that should be enough. There is, however, a next step: Documenting policies. Even though drafting IT security policies can be a pain, formal policies provide a valuable resource to protect both the IT team and their organization. In this article, we’ll briefly touch on what policies are; tips for writing them; and the advantages policies provide for compliance, transitions, and IT team liabilit

IT 123

IT Security Compliance Access 123

Data Breach Today

MARCH 15, 2022

Report: Business Operations Unaffected, Despite Some Disruption International hacking collective Anonymous reportedly hacked the German subsidiary of Russian energy company Rosneft on Monday, die Welt newspaper says, citing the country's cybersecurity watchdog, the Federal Office for Information Security.

Information Security 297

Information Security Cybersecurity Security 297

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Schneier on Security

MARCH 18, 2022

My proof of COVID-19 vaccination is recorded on an easy-to-forge paper card. With little trouble, I could print a blank form, fill it out, and snap a photo. Small imperfections wouldn’t pose any problem; you can’t see whether the paper’s weight is right in a digital image. When I fly internationally, I have to show a negative COVID-19 test result. That, too, would be easy to fake.

Paper 119

Paper Security Compliance Privacy 119

Security Affairs

MARCH 17, 2022

Researchers uncovered a new Linux botnet, tracked as B1txor20, that exploits the Log4J vulnerability and DNS tunnel. Researchers from Qihoo 360’s Netlab have discovered a new backdoor used to infect Linux systems and include them in a botnet tracked as B1txor20. The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured an unknown ELF file that was spreading by exploiting the Log4J vulnerability.

Honeypots 144

Honeypots File names Communications Encryption 144

eSecurity Planet

MARCH 16, 2022

Organizations are under pressure on both the cybersecurity and staffing fronts. They often struggle to fill vital security roles such as security analysts, leaving their data and infrastructure vulnerable to attacks at a time when cyber threats are soaring. One way to alleviate the strain on security operation centers (SOCs) is to reinforce the security posture via a security orchestration, automation, and response (SOAR) platform.

Security 122

Security Cybersecurity Marketing Cloud 122

Data Breach Today

MARCH 18, 2022

Also: Anonymous Continues Its Cyberwar Against the Russian Government As the Ukrainian military resists Russian advances toward its major population centers, its IT security teams are contending with record cyber incidents - although the same is true of their eastern neighbors, with Russia reporting "unprecedented" cyberattacks on its networks.

IT 263

IT Military Government Security 263

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Hunton Privacy

MARCH 18, 2022

On March 16, 2022, Google announced the launch of its new analytics solution, “Google Analytics 4.” Google Analytics 4 aims, among other things, to address recent developments in the EU regarding the use of analytics cookies and data transfers resulting from such use. Background. On August 17, 2020, the non-governmental organization None of Your Business (“NOYB”) filed 101 identical complaints with 30 European Economic Area data protection authorities (“DPAs”) regarding the use of Google Analyti

Analytics 118

Analytics Privacy GDPR Personal data 118

Security Affairs

MARCH 15, 2022

OpenSSL addressed a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778, related to certificate parsing. OpenSSL released updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778 , that affects the BN_mod_sqrt() function used when certificate parsing. The flaw was discovered by the popular Google Project Zero researchers Tavis Ormandy.

IT 145

IT Security Information Security 145

eSecurity Planet

MARCH 15, 2022

Managing mobile apps and devices is a challenge faced by all organizations these days. One technology that’s evolved to address mobile security, access management , and control is enterprise mobility management (EMM). EMM is the combination of mobile device management (MDM) and bring your own device (BYOD) practices in one solution that is now often offered in broader endpoint management suites.

MDM 120

MDM Cloud Access Risk 120

Data Breach Today

MARCH 18, 2022

Feds Issue Satellite Network Security Alert; Viasat Saw 'Deliberate' Cyberattack If Russia uses hack attacks to support its invasion, would Western governments want to immediately attribute those attacks or disruptions? Enter a Thursday alert from the U.S. government warning that it is "aware of possible threats to U.S. and international satellite communication networks.

Communications 263

Communications Government Security IT 263

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Schneier on Security

MARCH 16, 2022

Basically, the SafeZone library doesn’t sufficiently randomize the two prime numbers it used to generate RSA keys. They’re too close to each other, which makes them vulnerable to recovery. There aren’t many weak keys out there, but there are some: So far, Böck has identified only a handful of keys in the wild that are vulnerable to the factorization attack.

Manufacturing 118

Manufacturing Libraries Encryption IT 118

Security Affairs

MARCH 18, 2022

Experts spotted a new Unix rootkit, called Caketap, that was used to steal ATM banking data. Mandiant researchers discovered a new Unix rootkit named Caketap, which is used to steal ATM banking data, while investigating the activity of the LightBasin cybercrime group (aka UNC1945 ). The China-linked hacking group has been active since at least 2016, according to the CrowdStrike researchers it is using a very sophisticated toolset.

Systems administration 144

Systems administration Security IT Access 144

eSecurity Planet

MARCH 18, 2022

Users may believe that when they delete a file on their hard drive, the document no longer exists. However, IT professionals understand that the data itself may remain. Yet even experienced IT professionals may not understand the differences between different types of hard drive file erasure, data overwrite standards, or when those methods might fail to delete data from a hard drive.

Access 117

Access Cleanup Ransomware Passwords 117

Data Breach Today

MARCH 17, 2022

This report analyzes how sanctions levied against Russia and Belarus for the invasion of Ukraine are affecting security researchers in those countries who participate in bug bounty programs. It also examines lessons to be learned from data breaches and developments in passwordless authentication.

Data breaches 260

Data breaches Authentication Security IT 260

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

Micro Focus

MARCH 18, 2022

We all have a competitive drive within us. Explore yours while you’re learning how to run and transform your business at the same time—at Micro Focus Universe 2022. Micro Focus Universe is more than a high-profile IT industry event. Just like our technical partner, Jaguar TCS Racing, we like to compete! So we’re bringing the. View Article. The post Scratch Your Competitive Itch at Universe appeared first on Micro Focus Blog.

IT 116

IT 116

Security Affairs

MARCH 17, 2022

Microsoft released an open-source tool to secure MikroTik routers and check for indicators of compromise for Trickbot malware infections. Microsoft has released an open-source tool, dubbed RouterOS Scanner, that can be used to secure MikroTik routers and check for indicators of compromise associated with Trickbot malware infections. “This analysis has enabled us to develop a forensic tool to identify Trickbot-related compromise and other suspicious indicators on MikroTik devices.

Ransomware 132

Ransomware Passwords IoT Communications 132

Schneier on Security

MARCH 17, 2022

Oops : Instead of telling you when it’s safe to cross the street, the walk signs in Crystal City, VA are just repeating ‘CHANGE PASSWORD.’ Something’s gone terribly wrong here.

Passwords 112

Passwords IT 112