Krebs on Security

MARCH 29, 2022

There is a terrifying and highly effective “method” that criminal hackers are now using to harvest sensitive customer data from Internet service providers, phone companies and social media firms. It involves compromising email accounts and websites tied to police departments and government agencies, and then sending unauthorized demands for subscriber data while claiming the information being requested can’t wait for a court order because it relates to an urgent matter of life

Authentication 289

Authentication Government Sales Access 289

The Last Watchdog

MARCH 29, 2022

Log4j is the latest, greatest vulnerability to demonstrate just how tenuous the security of modern networks has become. Related: The exposures created by API profileration. Log4j, aka Log4Shell, blasted a surgical light on the multiplying tiers of attack vectors arising from enterprises’ deepening reliance on open-source software. This is all part of corporations plunging into the near future: migration to cloud-based IT infrastructure is in high gear, complexity is mushrooming and fear of falli

Security 223

Security Cloud Digital transformation Cybersecurity 223

Dark Reading

MARCH 31, 2022

Take a preventative threat approach and apply security measures near end users, applications, and data to increase protection.

Security 85

Security 85

Data Breach Today

MARCH 30, 2022

Nonprofit Managed Care Provider Allegedly Hit by Hive Ransomware An apparent ransomware attack and alleged data theft by the Hive cybercriminal group has left Partnership HealthPlan of California struggling to recover its IT services for more than a week. The nonprofit says it is unable to receive or process treatment authorization requests.

IT 309

IT Ransomware 309

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Krebs on Security

MARCH 31, 2022

On Tuesday, KrebsOnSecurity warned that hackers increasingly are using compromised government and police department email accounts to obtain sensitive customer data from mobile providers, ISPs and social media companies. Today, one of the U.S. Senate’s most tech-savvy lawmakers said he was troubled by the report and is now asking technology companies and federal agencies for information about the frequency of such schemes.

Government 283

Government Sales Education Access 283

Troy Hunt

MARCH 28, 2022

Data breaches impact us all as individuals, companies and as governments. Over the last 4 years, I've been providing additional access to data breach information in Have I Been Pwned for government agencies responsible for protecting their citizens. The access is totally free and amounts to APIs designed to search and monitor government owned domains and TLDs.

Government 145

Government Data breaches Access 145

Data Breach Today

APRIL 1, 2022

No Smoking Gun, But Code Overlaps With Russian VPNFilter Malware, SentinelOne Finds The disruption of tens of thousands of Viasat consumer broadband modems across central Europe on Feb. 24 when Russia invaded Ukraine may have involved "AcidRain" wiper malware, security researchers at SentinelOne report. Viasat says those findings are "consistent" with the known facts of the attack.

Security 277

Security 277

Schneier on Security

APRIL 1, 2022

These techniques are not new, but they’re increasingly popular : …some forms of MFA are stronger than others, and recent events show that these weaker forms aren’t much of a hurdle for some hackers to clear. In the past few months, suspected script kiddies like the Lapsus$ data extortion gang and elite Russian-state threat actors (like Cozy Bear, the group behind the SolarWinds hack) have both successfully defeated the protection. […].

Authentication 144

Authentication Security Passwords 144

The Last Watchdog

MARCH 28, 2022

Some 96 percent of organizations — according to the recently released 2021 Cloud Native Survey — are either using or evaluating Kubernetes in their production environment, demonstrating that enthusiasm for cloud native technologies has, in the words of the report’s authors, “crossed the adoption chasm.”. Related: The targeting of supply-chain security holes.

Cloud 222

Cloud Security Access Digital transformation 222

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Security Affairs

APRIL 1, 2022

Anonymous continues its operations against Russia, the group announced the hack of the Russian investment firm Marathon Group. Anonymous continues to target Russian firms owned by oligarchs, yesterday the collective announced the hack of the Thozis Corp , while today the group claimed the hack of Marathon Group. The Marathon Group is a Russian investment firm owned by oligarch Alexander Vinokuro, who was sanctioned by the EU.

Archiving 139

Archiving Government Security IT 139

Data Breach Today

MARCH 28, 2022

Lesson for Others to Learn: Your Subcontractor, Your Breach-Tracking Responsibility Life comes at you fast, especially when you're a breached business such as Okta, which may have exposed customer data or otherwise put the businesses paying for your product at risk. Here's how after detecting the breach, Okta fumbled its response, and what others should learn from this experience.

Data breaches 246

Data breaches Risk IT 246

eSecurity Planet

MARCH 31, 2022

As web security improves, email security has become a bigger problem than ever. The overwhelming majority of malware attacks now come from email — as high as 89 percent , according to HP Wolf Security research. And with many employees getting multiple emails per day, it’s easy for spam emails to slip their notice. Approximately 83 percent of organizations said they faced a successful phishing attempt in 2021, up from 57 percent in 2020.

Phishing 131

Phishing Cybersecurity Ransomware Security 131

AIIM

MARCH 29, 2022

From the Australian Open offering fans art ball NFTs with real-time match data to JPMorgan Chase’s tiger-friendly lounge in the blockchain-based world Decentraland, metaverse events are exploding into 2022 as powerful new weapons to engage with people. A buzzword du jour, the metaverse was coined in the 1992 Neal Stephenson science fiction novel, “Snow Crash,” which reimagined the mind-bending possibilities of virtual reality.

Blockchain 104

Blockchain Manufacturing Retail Privacy 104

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Security Affairs

APRIL 1, 2022

Researchers spotted a new destructive wiper, tracked as AcidRain , that is likely linked to the recent attack against Viasat. Security researchers at SentinelLabs have spotted a previously undetected destructive wiper, tracked as AcidRain, that hit routers and modems and that was suspected to be linked to the Viasat KA-SAT attack that took place on February 24th, 2022.

Security 137

Security Access IT Information Security 137

Data Breach Today

APRIL 1, 2022

DSS v3.2.1 Active Until March 31, 2024, Then Retired Over 1-Year Period The PCI Security Standards Council on Thursday released the Payment Card Industry Data Security Standard version 4.0. The latest version's improvements are intended to counter evolving threats and technologies, and the new version will enable innovative methods to combat new threats.

Security 262

Security 262

eSecurity Planet

MARCH 26, 2022

SAML is an open standard facilitating the communication and verification of credentials between identity providers and service providers for users everywhere. In 2005, the open standard consortium OASIS released SAML 2.0 to broad appeal. As smart mobile devices boomed, so did the number of web applications and the need to address never-ending logins.

Authentication 131

Authentication Communications Access Passwords 131

KnowBe4

MARCH 31, 2022

A widespread phishing scam is circulating in Facebook Messenger, according to Jeff Parsons at Metro. The phishing messages simply contain the words, “Look what I found,” along with a link. If the user clicks the link, they’ll be taken to a spoofed Facebook login page that will steal their credentials. Notably, the attackers send the messages from compromised accounts of the target’s Facebook friends, which increases the appearance of legitimacy.

Phishing 121

Phishing Security awareness Security 121

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Adam Levin

MARCH 31, 2022

When it comes to backing up your data, IT and cybersecurity experts alike consistently advise what’s known as the “3-2-1” rules, which are: Keep at least three copies of your data: The emphasis here is on at least. Backups are inherently fallible, and can fall prey to malware, ransomware, power surges, and hardware failure. The only way to make sure your data is truly secured is by having backups of your backups.

Archiving 117

Archiving Cloud Cybersecurity Ransomware 117

Data Breach Today

MARCH 31, 2022

Both Bugs Have a POC and at Least 1 Is Known to Be Exploited in the Wild Spring IO, a cohesive, versioned platform used for building modern applications, has reported two remote code execution vulnerabilities in the past two days. Both the RCEs are reportedly having proof of concept exploits, and at least one is actively being targeted in the wild.

Cloud 279

Cloud 279

eSecurity Planet

MARCH 31, 2022

Once an organization has been breached, the overwhelming majority of critical assets are just a few attack techniques away from being compromised, according to a new study. The report by breach and attack simulation (BAS) vendor XM Cyber noted that 63% of critical assets are just a single “hop” away from initial breach to compromise; 81% of critical assets are no more than two attack techniques away from disaster; and 94% of critical assets can be compromised in four or fewer moves b

Security 120

Security Cloud Access Risk 120

Security Affairs

APRIL 1, 2022

Trend Micro has fixed a high severity arbitrary file upload flaw, tracked as CVE-2022-26871 , in the Apex Central product management console. Cybersecurity firm Trend Micro has addressed a high severity security flaw, tracked as CVE-2022-26871 , in the Apex Central product management console. The CVE-2022-26871 vulnerability is an arbitrary file upload issue, its exploitation could lead to remote code execution.

Cybersecurity 126

Cybersecurity Security IT Information Security 126

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Hunton Privacy

MARCH 30, 2022

On March 25, 2022, the U.S. District Court for the Northern District of Illinois approved a $1.1 million settlement with TikTok Inc. (“TikTok”) to resolve claims that TikTok collected children’s data and sold it to third parties without parental consent. The plaintiffs sued TikTok in 2019, alleging that TikTok did not seek verifiable parental consent prior to collecting personal information of children under 13 on the popular video platform in violation of the Children’s Online Privacy Protectio

Privacy 108

Privacy IT Personal data 108

Data Breach Today

MARCH 30, 2022

Popular Game Axie Infinity's Blockchain Security Breached Via Hacked Private Keys Ronin Network, which powers the popular NFT game Axie Infinity, announced it was the victim of a security breach that amounted to around $615 million in stolen funds. The company tweeted that the attacker's wallet had been connected to Binance and that an investigation is currently underway.

Blockchain 246

Blockchain Security IT 246

Troy Hunt

APRIL 1, 2022

Everyone just came for the Ubiquiti discussion, right? This is such a tricky one; if their products sucked we could all just forget about them and go on with our day. But they don't suck - they're awesome - and that makes it hard to fathom how a company that makes such great gear is responding this way to such a well-respected journo. I spend most of this week's video talking about this and perhaps what surprised me most, is even after that discussion there's a bunch of peopl

Passwords 107

Passwords Privacy Government IT 107

Security Affairs

MARCH 26, 2022

The Federal Communications Commission (FCC) added Kaspersky to its Covered List because it poses unacceptable risks to U.S. national security. The Federal Communications Commission (FCC) added multiple Kaspersky products and services to its Covered List saying that they pose unacceptable risks to U.S. national security. “The Federal Communications Commission’s Public Safety and Homeland Security Bureau today added equipment and services from three entities – AO Kaspersky Lab, China Telecom

Risk 116

Risk Security Communications Information Security 116

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

Hunton Privacy

MARCH 29, 2022

On March 24, 2022, the European Union unveiled the final text of the Digital Markets Act (the “DMA”). The final text of the DMA was reached following trilogue negotiations between the European Commission, European Parliament and EU Member States (led by the French Presidency at the European Council). The final text retains essentially the same features as the previous draft text but does include some notable changes.

Marketing 108

Marketing GDPR Compliance Paper 108

Data Breach Today

MARCH 31, 2022

65 Terabytes of Data Wiped Out, According to Reports Hackers have allegedly managed to breach the infrastructure belonging to Russia's Federal Air Transport Agency, or Rosaviatsiya, and wiped out its entire database and files consisting of 65TB of data, including documents, files, aircraft registration data and emails from the servers.

IT 274

IT 274

KnowBe4

MARCH 30, 2022

A new report suggests that everything from endpoints, to passwords, to training, to security policies, to a lack of awareness is all contributing to much higher risk of cyberattack.

Passwords 113

Passwords Risk Security 113