Data Breach Today
MAY 26, 2022
Firm Deceptively Used Account Security Data of 140 Million Users A $150 million penalty has been slapped on Twitter for deceptively using account security data of millions of users for targeted advertising, the U.S. Justice Department and the Federal Trade Commission say. Twitter says it has paid the fine and ensured that personal user data is secure and private.
The Last Watchdog
MAY 24, 2022
Google, Microsoft and Apple are bitter arch-rivals who don’t often see eye-to-eye. Related: Microsoft advocates regulation of facial recognition tools. Yet, the tech titans recently agreed to adopt a common set of standards supporting passwordless access to websites and apps. This is one giant leap towards getting rid of passwords entirely. Perhaps not coincidently, it comes at a time when enterprises have begun adopting passwordless authentication systems in mission-critical parts of their inte
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Dark Reading
MAY 25, 2022
Google has disclosed a nasty set of six bugs affecting Zoom chat that can be chained together for MitM and RCE attacks, no user interaction required.
Security Affairs
MAY 27, 2022
Security researchers devised a technique, dubbed GhostTouch, to remotely control touchscreens using electromagnetic signals. A team of researchers from Zhejiang University and Technical University of Darmstadt devised a technique, dubbed GhostTouch, to remotely control capacitive touchscreens using electromagnetic signals. According to the experts, GhostTouch is the first active contactless attack against capacitive touchscreens.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Data Breach Today
MAY 26, 2022
Experts: Case Spotlights Critical, But Often Overlooked, Insider Threats, Risks A former IT consultant has been charged with allegedly hacking into a computer server of a healthcare company client that had months earlier denied him employment with the organization. Experts say the case spotlights insider threats that must not be underestimated.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Dark Reading
MAY 26, 2022
Let the threat landscape guide your company's timeline for complying with new data security standards for credit cards. Use the phase-in time to improve security overall — security as a process — not just comply with new standards.
Security Affairs
MAY 27, 2022
A new version of the ERMAC Android banking trojan is able to target an increased number of apps. The ERMAC Android banking trojan version 2.0 can target an increasing number of applications, passing from 378 to 467 target applications to steal account credentials and crypto-wallets. ERMAC was first spotted by researchers from Threatfabric in July 2021, it is based on the popular banking trojan Cerberus.
Data Breach Today
MAY 23, 2022
Ontario Entity Says Patient, Employee Information Affected A cyberattack detected in December at a Canadian healthcare entity has compromised a wide range of data, including some patient information dating back to 1996, as well as employee vaccination records from last year. Some of the affected data belonged to a nonprofit group of affiliated clinicians.
The Last Watchdog
MAY 23, 2022
Modern digital systems simply could not exist without trusted operations, processes and connections. They require integrity, authentication, trusted identity and encryption. Related: Leveraging PKI to advance electronic signatures. It used to be that trusting the connection between a workstation and a mainframe computer was the main concern. Then the Internet took off and trusting the connection between a user’s device and a web server became of paramount importance.
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
eSecurity Planet
MAY 25, 2022
Encryption and the development of cryptography have been a cornerstone of IT security for decades and remain critical for data protection against evolving threats. While cryptology is thousands of years old, modern cryptography took off in the 1970s with the help of the Diffie-Hellman-Merkle and RSA encryption algorithms. As networks evolved and organizations adopted internet communications for critical business processes, these cryptographic systems became essential for protecting data.
Security Affairs
MAY 25, 2022
US Critical Infrastructure Security Agency (CISA) adds 41 new vulnerabilities to its Known Exploited Vulnerabilities Catalog. The Cybersecurity & Infrastructure Security Agency (CISA) has added 41 flaws to its Known Exploited Vulnerabilities Catalog, including recently addressed issues in the Android kernel ( CVE-2021-1048 and CVE-2021-0920) and Cisco IOS XR ( CVE-2022-20821 ).
Data Breach Today
MAY 27, 2022
Discussion Outlines Key Trends and Themes Four editors at Information Security Media Group discuss highlights from ISMG's recent London Summit, including whether if collateral damage from the Russia-Ukraine war isn't necessarily all it was reputed to be, then what are the most concerning emerging threats; building a cyber risk playbook to help businesses identify actual exposure; and stress and burnout in the workplace.
Dark Reading
MAY 27, 2022
The malware’s abuse of PowerShell makes it more dangerous, allowing for more advanced attacks such as ransomware, fileless malware, and malicious code memory injections.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
eSecurity Planet
MAY 27, 2022
Open source software libraries are frequent targets of hackers, who see them as an attractive path for stealing credentials and distributing malware. Hundreds of thousands of software projects depend on these open source packages – and each of these dependencies has its own dependencies, a complex web that some call “ dependency hell ” – so hackers know that any new version they successfully compromise will be downloaded by countless developers when they run npm, composer
Security Affairs
MAY 25, 2022
Security flaws in Zoom can be exploited to compromise another user over chat by sending specially crafted messages. A set of four security flaws in the popular video conferencing service Zoom could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol ( XMPP ) messages. Tracked from CVE-2022-22784 through CVE-2022-22787, the issues range between 5.9 and 8.1 in severity.
Data Breach Today
MAY 23, 2022
Attack Began on May 9; Patient Records Currently Inaccessible The healthcare services in the island country of Greenland, an autonomous Danish dependent territory, have been crippled by a cyberattack that began on May 9, 2022. Healthcare executives continue to face IT challenges to date, including lack of access to patient records and email services.
Dark Reading
MAY 27, 2022
The Chaos ransomware-builder was known for creating destructor malware that overwrote files and made them unrecoverable -- but the new Yashma version finally generates binaries that can encrypt files of all sizes.
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
IT Governance
MAY 24, 2022
Organisations must always look for cost-effective ways to address the cyber security risks they face. With more than 1,200 publicly disclosed data breaches last year , and organisations spending almost £3 million on average responding to security incidents , effective risk management is a top priority. One of the most common ways to mitigate the risk of a cyber security incident is cyber insurance.
Security Affairs
MAY 26, 2022
Security researchers released PoC exploit code for the critical authentication bypass vulnerability CVE-2022-22972 affecting multiple VMware products. Horizon3 security researchers have released a proof-of-concept (PoC) exploit and technical analysis for the critical authentication bypass vulnerability CVE-2022-22972 affecting multiple VMware products.
Data Breach Today
MAY 27, 2022
No Evidence of Data Being Stolen From Affected Systems The City of Quincy, Illinois' administrative systems were hit by a ransomware attack on May 7, confirmed Mayor Mike Troup in a press conference held on Tuesday. Consulting fees and a ransom were paid but critical services continued to operate throughout the incident.
Thales Cloud Protection & Licensing
MAY 23, 2022
Access Management is Essential for Strengthening OT Security. madhav. Tue, 05/24/2022 - 06:11. We have reached the point where highly connected cyber-physical systems are the norm, and the lines between information technology (IT) and operational technology (OT) are blurred. These systems are connected to and managed from the cloud to fine-tune performance, provide data analytics, and ensure the integrity of critical infrastructure across all sectors.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Schneier on Security
MAY 25, 2022
Yet another adversarial ML attack: Most deep neural networks are trained by stochastic gradient descent. Now “stochastic” is a fancy Greek word for “random”; it means that the training data are fed into the model in random order. So what happens if the bad guys can cause the order to be not random? You guessed it— all bets are off. Suppose for example a company or a country wanted to have a credit-scoring system that’s secretly sexist, but still be able to pretend that its training was act
Security Affairs
MAY 26, 2022
Italy announced its National Cybersecurity Strategy for 2022/26, a crucial document to address cyber threats and increase the resilience of the country. Italy presented its National Cybersecurity Strategy for 2022/26 and reinforce the government’s commitment to addressing cyber threats and increasing the resilience of the country to cyber attacks.
Data Breach Today
MAY 26, 2022
Layoffs Designed to Increase Lacework's Cash Runway and Strengthen Balance Sheet High-flying cybersecurity startup Lacework has announced layoffs - affecting 20% of its employees, according to one report - in a bid to strengthen its balance sheet, just six months after raising $1.3 billion. The cloud security vendor says it has restructured its business in response to a seismic shift in the public and private markets.
Dark Reading
MAY 27, 2022
Organizations must ensure their kubelets and related APIs aren’t inadvertently exposed or lack proper access control, offering an easy access point for malicious actors.
Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL
Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.
Schneier on Security
MAY 26, 2022
Brian Krebs has an interesting story of a smart ID card reader with a malware-infested Windows driver, and US government employees who inadvertently buy and use them. But by all accounts, the potential attack surface here is enormous, as many federal employees clearly will purchase these readers from a myriad of online vendors when the need arises. Saicoo’s product listings, for example, are replete with comments from customers who self-state that they work at a federal agency (and several
Security Affairs
MAY 22, 2022
Researchers uncovered a malware campaign targeting the infoSec community with fake Proof Of Concept to deliver a Cobalt Strike beacon. Researchers from threat intelligence firm Cyble uncovered a malware campaign targeting the infoSec community. The expert discovered a post where a researcher were sharing a fake Proof of Concept (POC) exploit code for an RPC Runtime Library Remote Code Execution flaw ( CVE-2022-26809 CVSS 9.8).
Data Breach Today
MAY 24, 2022
Lawsuit by DC AG Alleges Facebook CEO Didn't Protect Users Sufficiently Mark Zuckerberg, CEO of Facebook parent Meta, is being sued for failing to protect users of the social media platform during the Cambridge Analytica privacy scandal. The lawsuit on behalf of the District of Columbia was initiated by Washington, D.C. Attorney General Karl A. Racine.
Expert insights. Personalized for you.
322 
Let's personalize your content