IT Governance

DECEMBER 20, 2022

2022 will go down as the year where some semblance of normality returned. Social distancing restrictions were gone, masks disappeared and we made travel plans unfettered by fear of positive lateral flow tests. These were truly precedented times. Although there have still been a few surprises, with the death of Queen Elizabeth II and blazing heatwaves across the UK to name but two, it was a familiar year in the cyber security landscape.

Security 130

Security Data breaches Ransomware Military 130

Data Breach Today

DECEMBER 20, 2022

Breach Is Latest in Long List of Complex Vendor Incidents An Oklahoma-based provider of administrative and technology services to healthcare organizations is notifying more than 271,000 individuals that their personal information may have been compromised in a hacking incident involving a third-party data storage vendor.

320

320

Dark Reading

DECEMBER 22, 2022

New technical chatbot capabilities raise the promise that their help in threat modeling could free humans for more interesting work.

106

106

Krebs on Security

DECEMBER 19, 2022

Photo: BrandonKleinPhoto / Shutterstock.com. Two U.S. men have been charged with hacking into the Ring home security cameras of a dozen random people and then “swatting” them — falsely reporting a violent incident at the target’s address to trick local police into responding with force. Prosecutors say the duo used the compromised Ring devices to stream live video footage on social media of police raiding their targets’ homes, and to taunt authorities when they arri

Passwords 313

Passwords Access IT Security 313

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

The Last Watchdog

DECEMBER 20, 2022

The 2020s are already tumultuous. Related: The Holy Grail of ‘digital resiliency’ Individuals are experiencing everything from extraordinary political and social upheaval to war on the European continent to the reemergence of infectious diseases to extreme weather events. Against this unsettling backdrop, citizens, consumers, employees, and partners will look to organizations that they trust for stability and positive long-term relationships.

Privacy 145

Privacy Risk Government Compliance 145

Security Affairs

DECEMBER 19, 2022

IT giant Cisco is warning of threat actors exploiting many old vulnerabilities in attacks in the wild. Cisco has updated multiple security advisories to warn of the active exploitation of several old vulnerabilities impacting its products. The bugs, some of which are rated as ‘critical’ severity, impact Cisco IOS, NX-OS, and HyperFlex software. Below are the critical vulnerabilities being exploited in attacks in the wild: CVE-2017-12240 (CVSS score of 9.8) – The vulnerability affects the D

Security 145

Security Access IT Information Security 145

Krebs on Security

DECEMBER 20, 2022

Millions of people likely just received an email or snail mail notice saying they’re eligible to claim a class action payment in connection with the 2017 megabreach at consumer credit bureau Equifax. Given the high volume of reader inquiries about this, it seemed worth pointing out that while this particular offer is legit (if paltry), scammers are likely to soon capitalize on public attention to the settlement money.

Data breaches 261

Data breaches Data collection Paper Personal data 261

The Last Watchdog

DECEMBER 19, 2022

Cybercrime is a big business. And like any other large industry, specialization has emerged. Related: IABs fuel ransomware surge. As data becomes more valuable, criminals can profit more from stealing, selling or holding it for ransom, leading to a massive black market of information. Initial access brokers (IABs) play an increasingly central role in this cyber underworld.

Access 124

Access Ransomware Digital transformation Cybersecurity 124

Data Breach Today

DECEMBER 20, 2022

'Gamaredon,' Tied to FSB, Expands Intelligence Ops as Invasion of Ukraine Persists Security researchers at Palo Alto Networks say they identified an attempted hack on a large petroleum refining company based inside a NATO member that came from a threat actor known as Gamaredon and Trident Ursa. The Ukrainian government traces the group to a Russian FSB.

Government 277

Government Security 277

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Security Affairs

DECEMBER 22, 2022

North Korea-linked threat actors have stolen an estimated $1.2 billion worth of cryptocurrency and other virtual assets in the past five years. South Korea’s spy agency, the National Intelligence Service, estimated that North Korea-linked threat actors have stolen an estimated 1.5 trillion won ($1.2 billion) in cryptocurrency and other virtual assets in the past five years.

Military 140

Military Government Ransomware Security 140

Thales Cloud Protection & Licensing

DECEMBER 21, 2022

Thales collaborates with Hewlett Packard Enterprise to Enhance 5G Subscriber Privacy and Security. divya. Thu, 12/22/2022 - 05:40. Thales collaborates with Hewlett Packard Enterprise (HPE) to provide enhanced privacy and secure authentication for global 5G users, further extending its partner ecosystem. The Thales Luna 7 Hardware Security Module (HSM), a world-class HSM, will power a foundation of trust around HPE’s Subscriber Data Management (SDM) solutions, ensuring subscriber data, transactio

Privacy 126

Privacy Security Authentication Cloud 126

Schneier on Security

DECEMBER 19, 2022

The Ukrainian army has released an instructional video explaining how Russian soldiers should surrender to a drone: “Seeing the drone in the field of view, make eye contact with it,” the video instructs. Soldiers should then raise their arms and signal they’re ready to follow. After that the drone will move up and down a few meters, before heading off at walking pace in the direction of the nearest representatives of Ukraine’s army, it says.

IT 121

IT 121

Data Breach Today

DECEMBER 23, 2022

Federal Agencies Told to Prepare to Move Quickly Once Standards Get Identified U.S. President Joe Biden signed into law the Quantum Computing Cybersecurity Preparedness Act, designed "to encourage the migration of federal government IT systems to quantum-resistant cryptography" by ensuring they prepare strategies now for implementing forthcoming cryptography standards.

IT 270

IT Cybersecurity Government 270

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Security Affairs

DECEMBER 19, 2022

Researchers spotted a new variant of the Agenda ransomware which is written in the cross-platform programming language Rust. Trend Micro researchers have spotted a new variant of the Agenda ransomware (aka Qilin) that is written in Rust Language. The move follows the decision of other ransomware gangs, like Hive , Blackcat , RansomExx , and Luna , of rewriting their ransomware into Rust.

Ransomware 143

Ransomware Encryption Passwords Education 143

KnowBe4

DECEMBER 21, 2022

A well-trained Knowster posted: " I lost my dog this weekend and my mother in law was trying to be helpful and put my real phone number on a few social media posts she made. Now im getting these kinds of texts and it’s heartbreaking to think someone else may have fallen for this!

118

118

Dark Reading

DECEMBER 19, 2022

Revived levels of holiday spending have caught the eye of threat actors who exploit consumer behaviors and prey on the surge of online payments and digital activities during the holidays.

Retail 113

Retail Phishing 113

Data Breach Today

DECEMBER 17, 2022

International Fraudulent Cryptocurrency Pyramid Scheme Netted $4 Billion Karl Sebastian Greenwood, a dual citizen of Sweden and the United Kingdom pleaded guilty in U.S. federal court to his role in selling the purported multi-billion-dollar cryptocurrency pyramid OneCoin that netted $4 billion. He now faces sentencing.

255

255

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Security Affairs

DECEMBER 22, 2022

The Vice Society ransomware group has adopted new custom ransomware, with a strong encryption scheme, in recent intrusions. SentinelOne researchers discovered that the Vice Society ransomware gang has started using a custom ransomware that implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms. Vice Society ransomware has been active since June 2021, it is considered by researchers a spin-off of the HelloKitty ransomware , the malware targets both Windows and L

Ransomware 145

Ransomware Encryption File names Education 145

Hunton Privacy

DECEMBER 20, 2022

On December 19, 2022, the Federal Trade Commission announced two settlements, amounting to $520 million, with Epic Games, Inc. in connection with alleged violations of the Children’s Online Privacy Protection Act Rule (the “COPPA Rule”) and alleged use of “dark patterns” relating to in-game purchases. The first action arises from a complaint and proposed order filed in federal court by the Department of Justice on behalf of FTC.

Privacy 105

Privacy Access IT Personal data 105

Dark Reading

DECEMBER 22, 2022

Tech Insight report co-produced by Black Hat, Dark Reading, and Omdia examines how cloud security is evolving in a rapid race to beat threat actors to the (cloud) breach.

Cloud 110

Cloud Security 110

Data Breach Today

DECEMBER 20, 2022

Suresh Vasudevan on Why Falco Has Become the Industry Standard for Threat Detection Cloud vendors from Amazon, Microsoft and Google to IBM and Sumo Logic have turned to Sysdig's Falco open-source threat detection engine to secure their environments. Sysdig CEO Suresh Vasudevan says Falco has become the standard for threat detection in the industry.

Cloud 208

Cloud Security 208

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Security Affairs

DECEMBER 19, 2022

US government is warning of business email compromise (BEC) attacks aimed at hijacking shipments of food products and ingredients. The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of Agriculture (USDA) have published a joint security advisory to warn of business email compromise (BEC) attacks leading to the hijack of shipments of food products and ingredients.

Agriculture 143

Agriculture Communications Sales Access 143

Schneier on Security

DECEMBER 21, 2022

They’re using commercial phones, which go through the Ukrainian telecom network : “You still have a lot of soldiers bringing cellphones to the frontline who want to talk to their families and they are either being intercepted as they go through a Ukrainian telecommunications provider or intercepted over the air,” said Alperovitch. “That doesn’t pose too much difficulty for the Ukrainian security services.” […]. “Security has always been a mess, bot

Security 105

Security IT 105

Dark Reading

DECEMBER 20, 2022

When properly designed and trained, artificial intelligence and machine learning can help improve the accuracy of DDoS detection and mitigation.

Artificial Intelligence 112

Artificial Intelligence 112

Data Breach Today

DECEMBER 20, 2022

European Commission Took Key Step in Finalizing Trans-Atlantic Data Flow Framework Europe took a key step in formalizing a framework to underpin the trans-Atlantic flow of commercial data but privacy activists say the EU-U.S. agreement won't stand up to a legal challenge. The Commission on Dec. 13 issued a draft adequacy decision on the EU-U.S. Data Privacy Framework.

Data Privacy 208

Data Privacy Privacy 208

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

Security Affairs

DECEMBER 21, 2022

Play ransomware attacks target Exchange servers with a new exploit that bypasses Microsoft’s ProxyNotShell mitigations. Play ransomware operators target Exchange servers using a new exploit chain, dubbed OWASSRF by Crowdstrike, that bypasses Microsoft’s mitigations for ProxyNotShell vulnerabilities. The ProxyNotShell flaws are: CVE-2022-41040 – Microsoft Exchange Server Elevation of Privilege Vulnerability.

Ransomware 140

Ransomware Access Authentication Security 140

KnowBe4

DECEMBER 21, 2022

Attackers are using XLL files to embed malicious code in Office documents, according to researchers at Cisco Talos. Microsoft is phasing out the ability to execute VBA macros in Office documents. These macros have been one of the most popular ways to deliver malware, so attackers are turning to new ways to smuggle malicious code.

105

105

Collibra

DECEMBER 20, 2022

In the public sector, the consequences of bad data can have a profound effect on the daily life of citizens everywhere. . From budgets to policy proposals, the risk that the government not only makes bad decisions but that it doesn’t have the data capabilities to make good ones is real. So it’s not surprising that 87% of government agencies consider data among their “greatest strategic assets.

Government 98

Government Data science Cloud Paper 98