Sat.Jan 22, 2022 - Fri.Jan 28, 2022

article thumbnail

GUEST ESSAY: A primer on why AI could be your company’s cybersecurity secret weapon in 2022

The Last Watchdog

Artificial intelligence (AI) is woven into the fabric of today’s business world. However, business model integration of AI is in its infancy and smaller companies often lack the resources to leverage AI. Related: Deploying human security sensors. Even so, AI is useful across a wide spectrum of industries. There already are many human work models augmented by AI.

article thumbnail

Are You Prepared to Defend Against a USB Attack?

Dark Reading

Recent "BadUSB" attacks serve as a reminder of the big damage that small devices can cause.

102
102
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Emotet spam uses unconventional IP address formats to evade detection

Security Affairs

Experts warn Emotet malware campaign using “unconventional” IP address formats in an attempt to evade detection. Threat actors behind a recent Emotet malware campaign have been observed using using “unconventional” IP address formats to evade detection. Trend Micro researchers reported that threat actors are using hexadecimal and octal representations of the IP address. “We observed Emotet spam campaigns using hexadecimal and octal representations of IP addresses, l

article thumbnail

Who Wrote the ALPHV/BlackCat Ransomware Strain?

Krebs on Security

In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. “ BlackCat “), considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language. In this post, we’ll explore some of the clues left behind by a developer who was reputedly hired to code the ransomware variant.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

GUEST ESSAY: Addressing data leaks and other privacy, security exposures attendant to M&As

The Last Watchdog

Merger and acquisition (M&A) activity hit record highs in 2021, and isn’t expected to slow down anytime soon. Related: Stolen data used to target mobile services. Many attribute this steady growth to the increase in work-from-home models and adoption of cloud services since the beginning of the COVID-19 pandemic. Such consolidation across markets is good news for customers and vendors alike in terms of market growth and maximizing security investments.

Privacy 265

More Trending

article thumbnail

How I Got Pwned by My Cloud Costs

Troy Hunt

I have been, and still remain, a massive proponent of "the cloud" I built Have I Been Pwned (HIBP) as a cloud-first service that took advantage of modern cloud paradigms such as Azure Table Storage to massively drive down costs at crazy levels of performance I never could have achieved before. I wrote many blog posts about doing big things for small dollars and did talks all over the world about the great success I'd had with these approaches.

Cloud 145
article thumbnail

Scary Fraud Ensues When ID Theft & Usury Collide

Krebs on Security

What’s worse than finding out that identity thieves took out a 546 percent interest payday loan in your name? How about a 900 percent interest loan? Or how about not learning of the fraudulent loan until it gets handed off to collection agents? One reader’s nightmare experience spotlights what can happen when ID thieves and hackers start targeting online payday lenders.

article thumbnail

Easily Exploitable Linux Flaw Exposes All Distributions: Qualys

eSecurity Planet

An easily exploited flaw in a program found in every major Linux distribution is the latest serious security issue that has arisen in the open-source space in recent weeks. Researchers at cybersecurity vendor Qualys this week disclosed the memory corruption vulnerability in polkit’s pkexec, which if exploited by a bad actor can enable an unprivileged user to gain full root privileges on a system, giving the unprivileged user administrative rights.

article thumbnail

OpenSubtitles data breach impacted 7 million subscribers

Security Affairs

OpenSubtitles has suffered a data breach, the maintainers confirmed that the incident impacted 7 Million subscribers. OpenSubtitles is a popular subtitles websites, it suffered a data breach that affected 6,783,158 subscribers. Exposed data include email and IP addresses, usernames, the country of the user and passwords stored as unsalted MD5 hashes.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Tracking Secret German Organizations with Apple AirTags

Schneier on Security

A German activist is trying to track down a secret government intelligence agency. One of her research techniques is to mail Apple AirTags to see where they actually end up: Wittmann says that everyone she spoke to denied being part of this intelligence agency. But what she describes as a “good indicator,” would be if she could prove that the postal address for this “federal authority” actually leads to the intelligence service’s apparent offices. “To understa

article thumbnail

FTC Publishes Health Breach Notification Rule Resources

Hunton Privacy

On January 21, 2022, the Federal Trade Commission published two new resources for complying with the Health Breach Notification Rule (the “Rule”). In September 2021, the FTC issued a Policy Statement clarifying that the Rule applies to makers of health apps, connected devices and similar products. As we previously blogged , the Rule requires vendors of personal health records (“PHR”), PHR-related entities and service providers to these entities, to notify consumers and the FTC (and, in some case

article thumbnail

Microsoft Fights Off Another Record DDoS Attack as Incidents Soar

eSecurity Planet

Microsoft in November fended off a massive distributed denial-of-service (DDoS) attack in its Azure cloud that officials said was the largest ever recorded, the latest in a wave of record attacks that washed over the IT industry in the second half of 2021. The enterprise software and cloud giant said in a blog post this week that during the last six months of the year, there was a 40 percent increase in the number of DDoS attacks worldwide over the first half of 2021, with an average of 1,955 at

IoT 134
article thumbnail

Pay attention to Log4j attacks, Dutch National Cybersecurity Centre (NCSC) warns

Security Affairs

The Dutch National Cybersecurity Centre (NCSC) warns organizations of risks associated with cyberattacks exploiting the Log4J vulnerability. The Dutch National Cybersecurity Centre (NCSC) warns organizations to remain vigilant on possible attacks exploiting the Log4J vulnerability. According to the Dutch agency, threat actors the NCSC will continue to attempt to exploit the Log4Shell flaw in future attacks. “Partly due to the rapid actions of many organizations, the extent of active abuse

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Linux-Targeted Malware Increased by 35%

Schneier on Security

Crowdstrike is reporting that malware targeting Linux has increased considerably in 2021: Malware targeting Linux systems increased by 35% in 2021 compared to 2020. XorDDoS, Mirai and Mozi malware families accounted for over 22% of Linux-targeted threats observed by CrowdStrike in 2021. Ten times more Mozi malware samples were observed in 2021 compared to 2020.

126
126
article thumbnail

U.S. Representatives Request Information from COPPA Safe Harbor Programs

Hunton Privacy

On January 7, 2022, U.S. Representatives Kathy Castor (D-Fla.) and Jan Schakowsky (D-Ill.), members of the House Committee on Energy and Commerce, wrote to all of the Children’s Online Privacy Protection Act (“COPPA”) Safe Harbor programs to request information about each program to ensure “participants in the program are fulfilling their legal obligations to provide ‘substantially the same or greater protections for children’ as those detailed in the COPPA Rule” and “to solicit feedback” regard

article thumbnail

How Hackers Compromise the Software Supply Chain

eSecurity Planet

It seems like a week doesn’t go by without a new vulnerability demonstrating the fragility of the software interdependencies that make up the software supply chain. A large part of software development leverages the benefits of open-source platforms and third-party vendors to deliver results on time. A wide range of people and organizations maintain those code bases.

Risk 131
article thumbnail

US CISA added 17 flaws to its Known Exploited Vulnerabilities Catalog

Security Affairs

US CISA added seventeen new actively exploited vulnerabilities to the ‘Known Exploited Vulnerabilities Catalog’ The ‘ Known Exploited Vulnerabilities Catalog ‘ is a list of known vulnerabilities that threat actors have abused in attacks and that are required to be addressed by Federal Civilian Executive Branch (FCEB) agencies.

CMS 123
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

The wielding force of a taxonomy

OpenText Information Management

“The cure to information overload is more information.” Enrich your information and content with metadata from an OpenText taxonomy. What is taxonomy? A taxonomy is a set of concepts organized into a hierarchical structure covering a topical domain. You could think of it as a structured vocabulary. For example, in biology, a commonly used taxonomy … The post The wielding force of a taxonomy appeared first on OpenText Blogs.

Metadata 111
article thumbnail

China Releases Draft Regulations on Network Data Security Management

Hunton Privacy

On November 14, 2021, the Cyberspace Administration of China (“CAC”) released for public comment its draft Regulations on Network Data Security Management (the “Draft Regulations”). The Draft Regulations are intended to implement portions of three existing laws – the Cybersecurity Law (“CSL”), the Data Security Law (“DSL”) and the Personal Information Protection Law (“PIPL”) (together, the “Three Laws”) – by providing guidance on certain provisions and establishing specific requirements for impl

Security 116
article thumbnail

Zoom Security Issues Are a Wakeup Call for Enterprises

eSecurity Planet

Video conferencing vendor Zoom has seen its fortunes soar amid the remote work boom of the last two years, and other cloud collaboration platforms like Microsoft Teams and Cisco Webex have seen demand skyrocket too. The sharp increase in demand put a focus on security shortcomings in Zoom’s architecture – “Zoombombing” became a thing – that the company was quick to address.

Security 129
article thumbnail

Delta Electronics, a tech giants’ contractor, hit by Conti ransomware

Security Affairs

Delta Electronics, a Taiwanese contractor for multiple tech giants such as Apple, Dell, HP and Tesla, was hit by Conti ransomware. Taiwanese electronics manufacturing company Delta Electronics was hit by the Conti ransomware that took place this week. Delta Electronics operates as a contractor for major tech giants such as Apple, Tesla, HP, and Dell.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

What are you doing for Data Privacy Week?

IT Governance

Data privacy is a concept that governs our everyday lives. We’re asked to hand over our personal data for seemingly everything that we do – from browsing the web to high-street shopping. Although many of us are broadly aware of the risks involved when sharing our personal data, it often doesn’t get the attention it deserves. It’s why, for the past fifteen years, 28 January has marked Data Privacy Day – an international event raises awareness about online privacy and educates people on the ways t

article thumbnail

More Security Flaws Found in Apple's OS Technologies

Dark Reading

Apple's updates this week included fixes for two zero-day flaws, several code execution bugs, and vulnerabilities that allowed attackers to bypass its core security protections.

Security 110
article thumbnail

Best Identity and Access Management (IAM) Solutions for 2022

eSecurity Planet

A lot has changed in the two years since we last examined the identity and access management (IAM) market. Some vendors have disappeared. New ones have emerged. The once-great security giant Symantec is now a division of Broadcom. Idaptive, too, is gone, acquired by Cyberark. The big trends, though, remain the incorporation of behavior analytics and zero trust.

Access 127
article thumbnail

Puerto Rico was hit by a major cyberattack

Security Affairs

Puerto Rico’s Senate announced that is was it by a cyberattack that shut down its internet provider, phone system and official online page. The Senate of Puerto Rico announced this week that it was hit by a major cyberattack that disabled its internet provider, phone system and official online page. Local and federal authorities are investigating the attack.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

UK organisations have experienced a 62% increase in cyber threats since 2020

IT Governance

Since the early days of the pandemic, experts warned that cyber criminals would thrive on new vulnerabilities and unfamiliar working conditions. However, few would have expected just how severe the threat would be. A Software Advice report has found that 62% of UK-based SMEs experienced an increase in cyber threats in the last two years. Cyber attackers were most likely to target organisations with phishing emails, with 57% of incidents involving scam messages.

article thumbnail

New DeadBolt Ransomware Targets NAT Devices

Schneier on Security

There’s a new ransomware that targets NAT devices made by QNAP: The attacks started today, January 25th, with QNAP devices suddenly finding their files encrypted and file names appended with a.deadbolt file extension. Instead of creating ransom notes in each folder on the device, the QNAP device’s login page is hijacked to display a screen stating, “WARNING: Your files have been locked by DeadBolt”… […].

article thumbnail

Best Network Monitoring Tools for 2022

eSecurity Planet

Network monitoring is where business performance meets cybersecurity , making it a critical component of any organization’s development, security, and operations ( DevSecOps ) pipeline. With the rise of enterprise networks in the past few decades – and evolution in recent years with the addition of virtual, cloud , and edge networks – monitoring tools are as important as ever.

Cloud 117