DLA Piper Privacy Matters

MARCH 15, 2021

Authors: Carol A.F. Umhoefer and Alaa Salaheldin. Global companies face increased pressure to adopt strong cyber risk mitigation measures in today’s rapidly evolving cyber threat-heavy business environment. According to security company PurpleSec LLC, in 2020 alone, cybercrime is reported to have increased by up to 600% as a result of new incentives and opportunities for hackers – including many more remote work environments – in the COVID-19 pandemic.

Risk 119

Risk Data Privacy Ransomware Privacy 119

Data Breach Today

MARCH 18, 2021

CISA Acting Director and Federal CISO Tell Senate of Need for a New Government Strategy The SolarWinds supply chain attack should push federal government agencies to adopt the "zero trust" model and deploy better endpoint detection and response tools, according to the new federal CISO and the acting director of the U.S. Cybersecurity and Infrastructure Security Agency.

Government 281

Government Cybersecurity Security 281

IG Guru

MARCH 18, 2021

A smart city is pretty much an urban region that makes use of information and communication technology, with electronic sensors to optimize efficiency, collect data, share information, and better the services rendered by the government and the lives of the citizens. There are several smart cities in the world, with the 5 most prominent being […].

IT 98

IT Communications Government Risk 98

Data Breach Today

MARCH 16, 2021

NSA, CISA Offer Advice on Using PDNS Services to Help Thwart Attacks As concerns about the number of attacks targeting domain name system protocols continue to grow, the NSA and CISA have released new guidance on how to choose and deploy a Protective Domain Name System service to strengthen security.

Security 307

Security 307

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Krebs on Security

MARCH 16, 2021

SMS text messages were already the weakest link securing just about anything online, mainly because there are tens of thousands of employees at mobile stores who can be tricked or bribed into swapping control over a mobile phone number to someone else. Now we’re learning about an entire ecosystem of companies that anyone could use to silently intercept text messages intended for other mobile users.

Security 363

Security Passwords Authentication Communications 363

AIIM

MARCH 18, 2021

Migrating to a new system or moving to a new platform? Then you’ll definitely need to create a successful data migration strategy to protect your valuable data and achieve the desired results. In this article, we’ll take a look at several ways to migrate your data. They will allow you to build a successful strategy, prevent data loss, and make everything as efficient as possible. 1.

Data migration 189

Data migration Cloud Sales Marketing 189

Data Breach Today

MARCH 15, 2021

Experts Say Increase Owes to Lack of Funding, Virtual Learning U.S. public schools faced a record number of cyber incidents in 2020, with over 400 attacks reported. This led to a spike in school cancellations, as IT staff members struggled to get systems back online while dealing with the COVID-19 pandemic, reports the K-12 Cybersecurity Resource Center.

Cybersecurity 363

Cybersecurity IT 363

Krebs on Security

MARCH 17, 2021

If you sell Web-based software for a living and ship code that references an unregistered domain name, you are asking for trouble. But when the same mistake is made by a Fortune 500 company, the results can range from costly to disastrous. Here’s the story of one such goof committed by Fiserv [ NASDAQ:FISV ], a $15 billion firm that provides online banking software and other technology solutions to thousands of financial institutions.

e-Discovery 327

e-Discovery Phishing Communications IT 327

Schneier on Security

MARCH 17, 2021

Security researchers have recently discovered a botnet with a novel defense against takedowns. Normally, authorities can disable a botnet by taking over its command-and-control server. With nowhere to go for instructions, the botnet is rendered useless. But over the years, botnet designers have come up with ways to make this counterattack harder. Now the content-delivery network Akamai has reported on a new method: a botnet that uses the Bitcoin blockchain ledger.

Blockchain 145

Blockchain Paper Government Mining 145

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

AIIM

MARCH 16, 2021

Metadata resides at the center of many of the essential aspects of content management. In addition to helping organize and classify content, Metadata enables good findability, can trigger workflow and transactional processes, reveals document usage patterns and history, and helps establish retention and disposition events. So far in our exploration of Metadata, we've answered some of the big questions already, including: What is Metadata?

Metadata 172

Metadata ECM Customer Experience Analytics 172

Data Breach Today

MARCH 19, 2021

Protecting Servers Is Foundational For Modern Data Center Security. View this OnDemand webinar to learn how VMware Carbon Black is delivering unified workload protection that’s purpose-built for vSphere.

Security 345

Security 345

Krebs on Security

MARCH 15, 2021

A little over a year ago, the FBI and law enforcement partners overseas seized WeLeakInfo[.]com , a wildly popular service that sold access to more than 12 billion usernames and passwords stolen from thousands of hacked websites. In an ironic turn of events, a lapsed domain registration tied to WeLeakInfo let someone plunder and publish account data on 24,000 customers who paid to access the service with a credit card.

Passwords 317

Passwords Mining Data breaches Access 317

Security Affairs

MARCH 13, 2021

Three 15-year-old flaws in Linux kernel could be exploited by local attackers with basic user privileges to gain root privileges on vulnerable Linux systems. GRIMM researchers found three vulnerabilities in the SCSI (Small Computer System Interface) component of the Linux kernel, the issues could be exploited by local attackers with basic user privileges to gain root privileges on unpatched Linux systems.

Security 145

Security Risk Access IT 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Schneier on Security

MARCH 15, 2021

Interesting research: “ Who Can Find My Devices? Security and Privacy of Apple’s Crowd-Sourced Bluetooth Location Tracking System “: Abstract: Overnight, Apple has turned its hundreds-of-million-device ecosystem into the world’s largest crowd-sourced location tracking network called offline finding (OF). OF leverages online finder devices to detect the presence of missing offline devices using Bluetooth and report an approximate location back to the owner via the Internet

Security 143

Security Paper Privacy Access 143

Data Breach Today

MARCH 14, 2021

Microsoft Investigating; Devcore Pentesters Say They're in the Clear It has been an open question as to how a half-dozen hacking groups began exploiting Exchange servers in an automated fashion in the days leading up to Microsoft's patches. But there are strong signs that the exploit data leaked, and the question now is: Who leaked it?

IT 340

IT 340

Threatpost

MARCH 16, 2021

Researchers from Sucuri discovered the tactic, which creatively hides malicious activity until the info can be retrieved, during an investigation into a compromised Magento 2 e-commerce site.

140

140

Security Affairs

MARCH 13, 2021

The fire at the OVH datacenter in Strasbourg also impacted the command and control infrastructure used by several nation-state APT groups and cybercrime gangs. OVH, one of the largest hosting providers in the world, has suffered this week a terrible fire that destroyed its data centers located in Strasbourg. The French plant in Strasbourg includes 4 data centers, SBG1, SBG2, SBG3, and SBG4 that were shut down due to the incident, and the fire started in SBG2 one.

Risk 145

Risk Security IT Information Security 145

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Hunton Privacy

MARCH 16, 2021

On March 15, 2021, the California Attorney General (“AG”) approved additional CCPA Regulations that impact certain sections of the initial CCPA Regulations that went into effect on August 14, 2020. These amendments, which were the subject of the third and fourth sets of proposed modifications, went into effect on March 15, 2021. Notably, the newly amended CCPA Regulations state that methods for submitting requests to opt-out may not be designed with the purpose of, or have the substantial effect

129

129

Data Breach Today

MARCH 19, 2021

Supply Chain Attack Hits Development Environment Hackers used Trojanized Xcode projects to install backdoors on developers' devices as part of a supply chain attack, according to security firm Sentinel Labs. Xcode is Apple's integrated development environment for macOS.

Security 334

Security 334

Threatpost

MARCH 18, 2021

The newly discovered steganography method could be exploited by threat actors to obscure nefarious activity inside photos hosted on the social-media platform.

Security 135

Security 135

Security Affairs

MARCH 14, 2021

Google released proof-of-concept code to conduct Spectre attacks against its Chrome browser to share knowledge of browser-based side-channel attacks. Google released proof-of-concept code for conducting a Spectre attack against its Chrome browser on GitHub. The experts decided to publish the proof of concept code to demonstrate the feasibility of a web-based Spectre exploit.

Metadata 145

Metadata Encryption Authentication Security 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

eSecurity Planet

MARCH 14, 2021

Network Access Control (NAC) helps enterprises implement policies for controlling devices and user access to their networks. NAC can set policies for resource, role, device and location-based access and enforce security compliance with security and patch management policies, among other controls. NAC is an effort to create order out of the chaos of connections from within and outside the organization.

Access 127

Access Compliance Authentication Education 127

Data Breach Today

MARCH 19, 2021

Electric Vehicle Charging Firm Investigating Criminal Campaign Criminals have been targeting customers of British electric vehicle charging infrastructure provider BP Pulse with malicious emails that appear to have been sent from legitimate accounts and domains tied to BP Chargemaster, which is what the service was previously called.

334

334

DXC Technology

MARCH 17, 2021

E-skimming has been an online shopping threat for a long time, keeping pace with the growth of e-commerce overall. The current global crisis presents another big opportunity for hackers to launch these strikes as people increasingly shop online. The nefarious cybercrime targets online payment systems to collect or “skim” the payment details of customers’ payment […].

Risk 125

Risk Retail Security 125

Security Affairs

MARCH 14, 2021

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. Netgear has released security and firmware updates to address 15 vulnerabilities in its JGS516PE Ethernet switch, including an unauthenticated remote code execution flaw rated as critical.

Authentication 143

Authentication Security IT Access 143

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

IT Governance

MARCH 18, 2021

The UK government plans to invest £24 billion in cyber security and the armed forces as part of a major shake-up of its defence policy. Published earlier this week, Global Britain in a Competitive Age: the Integrated Review of Security, Defence, Development and Foreign Policy includes a new “full-spectrum” approach to the UK’s cyber security capabilities, which are designed to improve the country’s defences and deter potential attackers.

Security 119

Security Military Government Communications 119

Data Breach Today

MARCH 17, 2021

Review Confirms Disinformation Campaigns, But No Signs Hackers Altered Vote Tallies U.S. intelligence agency reports conclude that Russia and Iran tried to interfere in the 2020 presidential election via disinformation campaigns, but found "no indication that any foreign actor attempted to alter any technical aspect of the voting process," including voting results.

331

331

Threatpost

MARCH 19, 2021

Researchers are reporting mass scanning for – and in-the-wild exploitation of – a critical-severity flaw in the F5 BIG-IP and BIG-IQ enterprise networking infrastructure.

122

122