Krebs on Security

JANUARY 8, 2022

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. But Norton 360 isn’t alone in this dubious endeavor: Avira antivirus — which has built a base of 500 million users worldwide largely by making the product free — was recently bought by the same company that owns Norton 360 and is introducing its customers to a service called Avira Crypto.

Mining 360

Mining Privacy IT Security 360

The Last Watchdog

JANUARY 11, 2022

Might it be possible to direct cool digital services at holistically improving the wellbeing of each citizen of planet Earth? Related: Pursuing a biological digital twin. A movement aspiring to do just that is underway — and it’s not being led by a covey of tech-savvy Tibetan monks. This push is coming from the corporate sector. Last August, NTT , the Tokyo-based technology giant, unveiled its Health and Wellbeing initiative – an ambitious effort to guide corporate, political and community

Big data 279

Big data Analytics Personal data Government 279

Dark Reading

JANUARY 11, 2022

Nine of the Microsoft patches released today are classified as critical, 89 are Important, and six are publicly known.

Security 145

Security 145

eSecurity Planet

JANUARY 13, 2022

An astonishing incident in recent days highlights the risks of widespread dependence on open source software – while also highlighting the free labor corporations benefit from by using open source software. Marak Squires, an open source coder and maintainer, sabotaged his repository to protest against unpaid work and his failed attempts to monetize faker.js and color.js , two major NPM packages used by a huge range of other packages and projects.

Libraries 145

Libraries Access Cloud Security 145

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Krebs on Security

JANUARY 11, 2022

Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems. More concerning, Microsoft warns that one of the flaws fixed this month is “wormable,” meaning no human interaction would be required for an attack to spread from one vulnerable Windows box to another.

Libraries 266

Libraries Security Access IT 266

Security Affairs

JANUARY 9, 2022

Russian submarines threatening undersea network of undersea cables, says UK defence chief Sir Tony Radakin. UK defence chief Sir Tony Radakin warns of Russian submarines threatening the undersea network of internet cables, which are critical infrastructure of our society. Multiple activities heavily depend on the global network of undersea cables, including financial transactions and communications. “In the financial sector alone, undersea cables carry some $10 trillion of financial transf

Manufacturing 144

Manufacturing Risk Security Communications 144

eSecurity Planet

JANUARY 11, 2022

As we enter 2022, the shortage of cybersecurity pros hasn’t gotten better. In fact, it’s gotten worse. There are currently about 435,000 cybersecurity job openings available in the United States, up from approximately 314,000 in 2019. The move to remote work in response to the COVID-19 pandemic increased the workloads for skilled IT professionals, and combined with the rising rate of ransomware attacks , many security pros are suffering from burnout.

Cybersecurity 138

Cybersecurity Government Digital transformation Communications 138

Dark Reading

JANUARY 11, 2022

Two-thirds of all malware distributed to enterprise networks last year originated from cloud apps such as Google Drive, OneDrive, and numerous other cloud apps, new research shows.

Cloud 135

Cloud 135

The Last Watchdog

JANUARY 10, 2022

Working with personal data in today’s cyber threat landscape is inherently risky. Related: The dangers of normalizing encryption for government use. It’s possible to de-risk work scenarios involving personal data by carrying out a classic risk assessment of an organization’s internal and external infrastructure. This can include: Security contours. Setting up security contours for certain types of personal data can be useful for: •Nullifying threats and risks applicable to general infrastructura

Personal data 240

Personal data Risk Access Encryption 240

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Security Affairs

JANUARY 14, 2022

A weakness in the Microsoft Defender antivirus can allow attackers to retrieve information to use to avoid detection. Threat actors can leverage a weakness in Microsoft Defender antivirus to determine in which folders plant malware to avoid the AV scanning. Microsoft Defender allows users to exclude locations on their machines that should be excluded from scanning by the security solution.

Access 145

Access Security IT Information Security 145

Hunton Privacy

JANUARY 13, 2022

In a letter addressed to certain members of the European Parliament (“MEPs”), European Commissioner for Justice Reynders refuted some of the criticism that has been raised against the Irish Data Protection Commissioner (“DPC”). Background. On December 6, 2021, the concerned MEPs sent a letter to Commissioner Reynders to raise concerns about how the DPC enforces the EU General Data Protection (“GDPR”) and applies the GDPR’s cooperation mechanism.

GDPR 133

GDPR IT 133

Thales Cloud Protection & Licensing

JANUARY 10, 2022

How Can We Secure The Future of Digital Payments? divya. Tue, 01/11/2022 - 06:35. The financial services ecosystem has evolved tremendously over the past few years driven by a surge in the adoption of digital payments. This raises the question of where digital payment technologies will take us in the future, and how will this affect consumers? In the latest episode of Thales Security Sessions podcast , I was asked by Neira Jones to join Simon Keates, Head of Strategy and Payment Security at Thal

Retail 126

Retail Security Financial Services Authentication 126

Schneier on Security

JANUARY 12, 2022

Researchers have figured how how to intercept and fake an iPhone reboot: We’ll dissect the iOS system and show how it’s possible to alter a shutdown event, tricking a user that got infected into thinking that the phone has been powered off, but in fact, it’s still running. The “NoReboot” approach simulates a real shutdown.

IT 131

IT Security 131

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Security Affairs

JANUARY 8, 2022

Researchers disclosed a critical RCE flaw in the H2 open-source Java SQL database which is similar to the Log4J vulnerability. Jfrog researchers discovered a critical vulnerability in the H2 open-source Java SQL database related to the Log4Shell Log4J vulnerability. The flaw, tracked as CVE-2021-42392 , could allow attackers to execute remote code on vulnerable systems, the good news is that unlike the Log4J issue it should not be as widespread.

IoT 145

IoT Passwords IT Access 145

eSecurity Planet

JANUARY 14, 2022

The profile of patch management has risen considerably in the last year due to the number of major breaches that have taken place where basic patches had been overlooked. News stories repeatedly note that the organizations impacted by breaches had often failed to install high-priority security patches from the likes of Microsoft Exchange , Fortinet , and other well-known names.

Ransomware 130

Ransomware Compliance Risk Cloud 130

Dark Reading

JANUARY 14, 2022

Companies look to multifactor authentication and identity and access management to block attacks, but hedge their bets with disaster recovery.

Cybersecurity 145

Cybersecurity Authentication Access 145

Schneier on Security

JANUARY 13, 2022

Remember when the US and Australian police surreptitiously owned and operated the encrypted cell phone app ANOM? They arrested 800 people in 2021 based on that operation. New documents received by Motherboard show that over 100 of those phones were shipped to users in the US, far more than previously believed. What’s most interesting to me about this new information is how the US used the Australians to get around domestic spying laws: For legal reasons, the FBI did not monitor outgoing me

Communications 129

Communications Encryption Government IT 129

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Security Affairs

JANUARY 12, 2022

Experts warn of a new variant of the RedLine malware that is distributed via emails as fake COVID-19 Omicron stat counter app as a lure. Fortinet researchers have spotted a new version of the RedLine info-stealer that is spreading via emails using a fake COVID-19 Omicron stat counter app as a lure. The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials st

Manufacturing 145

Manufacturing File names Archiving Encryption 145

eSecurity Planet

JANUARY 14, 2022

Distributed denial of service (DDoS) attacks can cripple an organization, a network, or even an entire country, and they show no sign of slowing down. DDoS attacks may only make up a small percentage of security threats, but their consequences can be devastating. The country of Estonia was brought offline a few years back by a DDoS attack. Over the past year or so, Google, Amazon and Microsoft have been subjected to massive DDoS incursions.

Cloud 127

Cloud IoT Analytics Security 127

OpenText Information Management

JANUARY 10, 2022

As we head into 2022, it’s clear that the Financial Services industry overall has responded well to the impact of COVID-19 — but it hasn’t emerged unscathed. In fact, McKinsey’s Global Banking Review states that half of banks are not covering their cost of equity. The future remains uncertain apart from one thing: Financial Services … The post Key trends for the Financial Services industry in 2022 appeared first on OpenText Blogs.

Financial Services 126

Financial Services IT Insurance 126

Schneier on Security

JANUARY 14, 2022

I don’t even know what I think about this. Researchers have developed a malware detection system that uses EM waves: “ Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification.” Abstract : The Internet of Things (IoT) is constituted of devices that are exponentially growing in number and in complexity.

IoT 126

IoT IT Security Paper 126

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Security Affairs

JANUARY 9, 2022

The US NCSC and the Department of State published joint guidance on defending against attacks using commercial surveillance tools. The US National Counterintelligence and Security Center (NCSC) and the Department of State have published joint guidance that provides best practices on defending against attacks carried out by threat actors using commercial surveillance tools.

Sales 145

Sales Risk Encryption Passwords 145

Dark Reading

JANUARY 13, 2022

While these roles have different needs, drivers, and objectives, they should complement each other rather than compete with one another.

141

141

The Guardian Data Protection

JANUARY 10, 2022

EU police body accused of unlawfully holding information and aspiring to become an NSA-style mass surveillance agency The EU’s police agency, Europol, will be forced to delete much of a vast store of personal data that it has been found to have amassed unlawfully by the bloc’s data protection watchdog. The unprecedented finding from the European Data Protection Supervisor (EDPS) targets what privacy experts are calling a “big data ark” containing billions of points of information.

Personal data 122

Personal data Big data Libraries Encryption 122

eSecurity Planet

JANUARY 10, 2022

A report last week by the New York Attorney General’s Office put a spotlight on the ongoing threat of credential stuffing, a common technique used by cybercriminals that continues to spread and is helping to fuel the push for security practices that don’t involve usernames and passwords. AG Letitia James’ office ran a months-long investigation into credential attacks in the state, uncovering credentials for more than 1.1 million online accounts at 17 companies, including online retailers, restau

Passwords 120

Passwords Authentication Retail Access 120

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

Security Affairs

JANUARY 11, 2022

AvosLocker is the latest ransomware that implemented the capability to encrypt Linux systems including VMware ESXi servers. AvosLocker expands its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers, Bleeping computed reported. “While we couldn’t find what targets were attacked using this AvosLocker ransomware Linux variant , BleepingComputer knows of at least one victim that got hit with a $1 million ransom demand.” reported Blee

Ransomware 139

Ransomware Encryption Government Security 139

Dark Reading

JANUARY 11, 2022

On a recent Friday night, three security experts got together to play custom games that explore attack risks in an engaging way.

Risk 144

Risk Security 144

Schneier on Security

JANUARY 11, 2022

Some European cell phone carriers , and now T-Mobile , are blocking Apple’s Private Relay anonymous browsing feature. This could be an interesting battle to watch. Slashdot thread.

Encryption 120

Encryption Privacy 120