Krebs on Security

NOVEMBER 13, 2021

The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities.

Access 363

Access Security Communications IT 363

The Last Watchdog

NOVEMBER 15, 2021

Industry 4.0 has brought about a metamorphosis in the world of business. The new revolution demands the integration of physical, biological and digital systems under one roof. Related: Fake news leveraged in presidential election. Such a transformation however, comes with its own set of risks. Misleading information has emerged as one of the leading cyber risks in our society, affecting political leaders, nations, and people’s lives, with the COVID-19 pandemic having only made it worse.

Risk 268

Risk Artificial Intelligence Digital transformation Paper 268

Dark Reading

NOVEMBER 17, 2021

Security experts weigh in on the value and pitfalls of extended detection and response (XDR), offering consideration and advice on this growing new category.

Security 114

Security 114

Thales Cloud Protection & Licensing

NOVEMBER 15, 2021

How encryption can help address Cloud misconfiguration. divya. Tue, 11/16/2021 - 06:15. Cloud service providers (CSPs) try to make it simple and easy for their users to comply with data privacy regulations and mandates. Still, as all of us who work in technology know, you reduce access to granular controls when you simplify a process. On the flip side, if you allow access to granular controls, the person setting the controls needs to be an expert to set them correctly.

Encryption 143

Encryption Cloud Access Privacy 143

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, CTO of Betterworks, will explore a practical framework to transform Generative AI prototypes into

Artificial Intelligence

Security Affairs

NOVEMBER 13, 2021

Threat actors hacked email servers of the FBI to distribute spam email impersonating FBI warnings of fake cyberattacks. The email servers of the FBI were hacked to distribute spam email impersonating the Department of Homeland Security (DHS) warnings of fake sophisticated chain attacks from an advanced threat actor. The message tells the recipients that their network has been breached and that the threat actor has stolen their data. “Our intelligence monitoring indicates exfiltration of se

Security 143

Security Information Security IT 143

DLA Piper Privacy Matters

NOVEMBER 18, 2021

Author: Sinead Lynch. At DLA Piper we advise clients that develop or create technology, are enabled by technology, or whose business model is fundamentally based on technology. From start-ups, to fast growing and mid-market businesses, to mature global enterprises, DLA Piper supports innovative businesses and new ventures. It is at the heart of what we do.

Privacy 133

Privacy Digital transformation Government Financial Services 133

Dark Reading

NOVEMBER 17, 2021

Machine learning delivers plenty of benefits. But as the emerging technology gets applied more broadly, be careful about how you handle all the data used in the process.

GDPR 131

GDPR Privacy 131

Security Affairs

NOVEMBER 16, 2021

Maintainers of the npm package manager for the JavaScript programming language disclosed multiple flaws that were recently addressed. GitHub disclosed two major vulnerabilities in the npm that have been already addressed. The first vulnerability can be exploited by an attacker to publish new versions of any npm package using an account without proper authorization.

Authentication 138

Authentication Security IT Access 138

eSecurity Planet

NOVEMBER 19, 2021

In a year in which ransomware attacks seem to get worse by the day, companies have made surprising progress defending themselves against attacks. But the attention paid to the malware by journalists, cybersecurity vendors and increasingly, government agencies , has pushed companies to improve their preparedness to defend themselves against ransomware gangs, according to a report this week by security solutions vendor Cymulate.

Ransomware 124

Ransomware Cybersecurity Cloud Security 124

Advertisement

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

Analytics

Data Matters

NOVEMBER 19, 2021

Privacy and cybersecurity concerns are expanding, and with them the proliferation of laws and regulations. Boards play a key role in ensuring that companies are positioned to comply with various jurisdictional requirements, that they understand and mitigate related risks, and that they are well-prepared to play a key role in response to security breaches and incidents.

Digital transformation 109

Digital transformation Government Privacy Cybersecurity 109

DLA Piper Privacy Matters

NOVEMBER 16, 2021

In the most significant development this year (arguably more so than the Data Security Law (“ DSL ”) and the Personal Information Protection Law (“ PIPL ”) coming into force), draft detailed guidance on how organisations can in practice comply with China’s strict data, e-commerce and online platform rules – including new compliance obligations – has been published.

Compliance 118

Compliance Personal data Security Risk 118

Security Affairs

NOVEMBER 17, 2021

Researchers detailed the multi-millionaire market of zero-day exploits, a parallel economy that is fueling the threat landscape. Zero-day exploits are essential weapons in the arsenal of nation-state actors and cybercrime groups. The increased demand for exploits is fueling a millionaire market where these malicious codes are incredibly expensive. Researchers from Digital Shadows published an interesting research titled “ Vulnerability Intelligence: Do you know where your flaws are?

Marketing 134

Marketing Sales Paper Risk 134

eSecurity Planet

NOVEMBER 18, 2021

New cybersecurity buzzwords are always in abundance at the Gartner Security & Risk Management Summit, and the concepts that took center stage this week, like cybersecurity mesh and decentralized identity, seem well suited for new threats that have exploded onto the scene in the last year. Gartner analyst Ruggero Contu noted that security risks are becoming external: the software supply chain , the public cloud , the trading of breached data, and IoT and operational technology (OT) are all th

Cybersecurity 123

Cybersecurity Security Analytics Blockchain 123

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

Dark Reading

NOVEMBER 15, 2021

Ransomware is everywhere, including the nightly news. Most people know what it is, but how do ransomware attackers get in, and how can we defend against them?

Ransomware 121

Ransomware IT 121

Troy Hunt

NOVEMBER 19, 2021

I'm outdoors! I've really wanted to get my mobile recording setup slick for some time now and after a bunch of mucking around with various mics (and a bit of "debugging in production" during this video), I'm finally really happy with it. I've just watched this back and other than mucking around with the gain in the first part of the video, I reckon it's great.

IT 113

IT 113

Security Affairs

NOVEMBER 19, 2021

A Canadian teen has been arrested for his alleged role in the theft of roughly $36.5 million worth of cryptocurrency. A Canadian teenager has been arrested for his alleged role in the theft of roughly $36.5 million worth of cryptocurrency from an American individual. The news of the arrest was disclosed by the Hamilton Police in Ontario, Canada, as a result of a joint investigation conducted by the FBI and the United States Secret Service Electronic Crimes Task Force that started in March 2020.

Security 132

Security Information Security IT 132

eSecurity Planet

NOVEMBER 18, 2021

A payload is a piece of code that executes when hackers exploit a vulnerability. In other words, it’s an exploit module. It’s usually composed of a few commands that will run on the targeted operating system (e.g., key-loggers) to steal data and other malicious acts. Most operations use payloads, but there are a few payload-less attacks, such as phishing campaigns that do not include malicious links or malware , but rely on more sophisticated deception such as spoofing to trick their targets.

Cybersecurity 122

Cybersecurity Access Phishing Security 122

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

IT Governance

NOVEMBER 18, 2021

The urgent need for qualified IT professionals was made evident at Microsoft Digital Skills Week (15 – 19 November ), a series of online events that supports the development of digital skills and technological knowledge, and empowering a new digital workforce. The event programme includes keynote presentations and technical workshops aimed at business leaders, IT professionals, HR/training managers and students.

Data science 111

Data science Cloud Government IT 111

Dark Reading

NOVEMBER 18, 2021

The danger of anyone being able to spin up new applications is that few are thinking about security. Here's why everyone is responsible for the security of low-code/no-code applications.

Security 111

Security 111

Security Affairs

NOVEMBER 15, 2021

Cloudflare announced to have mitigated a distributed denial-of-service (DDoS) attack that peaked at almost 2 terabytes per second (Tbps). Cloudflare, Inc. is an American web infrastructure and website security company that provides content delivery network and DDoS mitigation services. The company announced to have mitigated a distributed denial-of-service (DDoS) attack that peaked just below 2 terabytes per second (Tbps), which is the largest attack Cloudflare has seen to date.

IT 129

IT IoT Cloud Security 129

eSecurity Planet

NOVEMBER 16, 2021

Bad actors are increasingly using a technique called HTML smuggling to deliver ransomware and other malicious code in email campaigns aimed at financial services firms and other organizations, according to Microsoft researchers. In a blog post , the company’s Microsoft 365 Defender Threat Intelligence Team wrote that the highly evasive technique, which is used to deploy banking malware , remote access Trojans (RATs) and other malicious payloads, was being used by such cybercriminal groups as Nob

Ransomware 111

Ransomware Education Phishing Passwords 111

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Threatpost

NOVEMBER 19, 2021

Pen Test Partners didn't disclose the vulnerability after 90 days because it knew ISPs were struggling with a pandemic-increased network load as work from home became the new norm.

IT 108

IT Security 108

Schneier on Security

NOVEMBER 16, 2021

The FBI has issued a bulletin describing a bitcoin variant of a wire fraud scam : As the agency describes it, the scammer will contact their victim and somehow convince them that they need to send money, either with promises of love, further riches, or by impersonating an actual institution like a bank or utility company. After the mark is convinced, the scammer will have them get cash (sometimes out of investment or retirement accounts), and head to an ATM that sells cryptocurrencies and suppor

IT 111

IT 111

Security Affairs

NOVEMBER 15, 2021

Security researchers from Cleafy discovered a new Android banking trojan, named SharkBot, that is targeting banks in Europe. At the end of October, researchers from cyber security firms Cleafy and ThreatFabric have discovered a new Android banking trojan named SharkBot. The name comes after one of the domains used for its command and control servers.

Financial Services 128

Financial Services Access Security IT 128

eSecurity Planet

NOVEMBER 15, 2021

Hackers got into an email server at the FBI over the weekend to spread fake messages in an attempt to blame a cybersecurity expert for non-existent attacks, apparently in hopes of damaging his reputation. According to intelligence organization Spamhaus and subsequent reports, the hackers sent out emails with the false accusations in two waves to more than 100,000 addresses, using email addresses gleaned from a number of sources, including a database used by the American Registry for Internet Num

Cybersecurity 109

Cybersecurity Communications Security Phishing 109

Advertisement

Start-ups & SMBs launching products quickly must bundle dashboards, reports, & self-service analytics into apps. Customers expect rapid value from your product (time-to-value), data security, and access to advanced capabilities. Traditional Business Intelligence (BI) tools can provide valuable data analysis capabilities, but they have a barrier to entry that can stop small and midsize businesses from capitalizing on them.

Analytics

DLA Piper Privacy Matters

NOVEMBER 17, 2021

On 16 November 2021, the English High Court declined to strike-out a claim for damages for distress following an isolated one-off data incident which was quickly remedied. In doing so, however, the Court: confirmed that the de minimis concept is equally applicable to claims under the GDPR and Data Protection Act 2018, as it was to claims under the Data Protection Act 1998; held that a claim for injunctive and declaratory relief in circumstances such as those present in this case was misconceived

GDPR 108

GDPR IT 108

Dark Reading

NOVEMBER 19, 2021

Zero trust isn't a silver bullet, but if implemented well it can help create a much more robust security defense.

Ransomware 135

Ransomware Security IT 135

Security Affairs

NOVEMBER 15, 2021

The Emotet botnet is still active, ten months after an international operation coordinated by Europol shut down its infrastructure. Early this year, law enforcement and judicial authorities worldwide conducted a joint operation , named Operation Ladybird , which disrupted the EMOTET botnet. At the time the investigators have taken control of its infrastructure in an international coordinated action. .

Cleanup 124

Cleanup Ransomware Cybersecurity IT 124