Krebs on Security
OCTOBER 11, 2022
Microsoft today released updates to fix at least 85 security holes in its Windows operating systems and related software, including a new zero-day vulnerability in all supported versions of Windows that is being actively exploited. However, noticeably absent from this month’s Patch Tuesday are any updates to address a pair of zero-day flaws being exploited this past month in Microsoft Exchange Server.
The Last Watchdog
OCTOBER 10, 2022
As digital technologies become more immersive and tightly integrated with our daily lives, so too do the corresponding intrusive attacks on user privacy. Related: The case for regulating facial recognition. Virtual reality (VR) is well positioned to become a natural continuation of this trend. While VR devices have been around in some form since well before the internet, the true ambition of major corporations to turn these devices into massively-connected social “metaverse” platforms has only r
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
KnowBe4
OCTOBER 12, 2022
Security researchers at Akamai identify an average of 13 million newly observed domains (NOD) each month this year, representing about 20% of the NODs resolved in the same timeframe.
WIRED Threat Level
OCTOBER 10, 2022
Colleges and K-12 campuses increasingly monitor student emails, social media, and more. Here’s how to secure your (or your child’s) privacy.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
OCTOBER 12, 2022
Researchers have used thermal cameras and ML guessing techniques to recover passwords from measuring the residual heat left by fingers on keyboards. From the abstract: We detail the implementation of ThermoSecure and make a dataset of 1,500 thermal images of keyboards with heat traces resulting from input publicly available. Our first study shows that ThermoSecure successfully attacks 6-symbol, 8-symbol, 12-symbol, and 16-symbol passwords with an average accuracy of 92%, 80%, 71%, and 55% respec
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Data Matters
OCTOBER 13, 2022
On October 5, 2022, a federal jury in the Northern District of California convicted former Uber Chief Security Officer Joseph Sullivan of obstructing a federal proceeding and misprision of a felony for his role in deceiving management and the federal government to cover up a 2016 data breach that exposed personally identifiable information (“PII”) of approximately 57 million users, including approximately 600,000 drivers’ license numbers, of the ride-hailing service.
Security Affairs
OCTOBER 14, 2022
Researchers disclosed details of a now-patched flaw, tracked as CVE-2022-37969, in Windows Common Log File System (CLFS). The CVE-2022-37969 (CVSS score: 7.8) flaw is a Windows Common Log File System Driver Elevation of Privilege Vulnerability. The Common Log File System (CLFS) is a general-purpose logging subsystem that can be used by applications running in both kernel mode and user mode for building high-performance transaction logs, and is implemented in the driver CLFS.sys.
Hunton Privacy
OCTOBER 12, 2022
On October 3, 2022, Google LLC (“Google”) agreed to pay the State of Arizona $85 million to settle a consumer privacy lawsuit that alleged the company surreptitiously collected consumers’ geolocation data on smartphones even after users disabled location tracking. . Arizona’s lawsuit followed a 2018 Associated Press article that alleged Google continued to track the location of Android devices even after users disabled the Location History setting on the device.
Data Breach Today
OCTOBER 8, 2022
Phishing Incident Caused Service Disruptions and Delays Australian fruit and vegetable supplier Costa Group says it was subjected to a malicious and sophisticated phishing attack in August that resulted in unauthorized access to its servers. The company, listed on the Australian Securities Exchange, says that the attack occurred on August 21.
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
Schneier on Security
OCTOBER 11, 2022
Interesting research: “ ImpNet: Imperceptible and blackbox-undetectable backdoors in compiled neural networks , by Tim Clifford, Ilia Shumailov, Yiren Zhao, Ross Anderson, and Robert Mullins: Abstract : Early backdoor attacks against machine learning set off an arms race in attack and defence development. Defences have since appeared demonstrating some ability to detect backdoors in models or even remove them.
Dark Reading
OCTOBER 11, 2022
The computing giant didn't fix ProxyNotLogon in October's Patch Tuesday, but it disclosed a rare 10-out-of-10 bug and patched two other zero-days, including one being exploited.
Security Affairs
OCTOBER 11, 2022
VMware has yet to address the CVE-2021-22048 privilege escalation vulnerability in vCenter Server disclosed in November 2021. VMware warns customers that it has yet to address a high-severity privilege escalation vulnerability, tracked as CVE-2021-22048 , in the vCenter Server. The flaw was disclosed in November 2021, it resides in the vCenter Server ‘s IWA (Integrated Windows Authentication) mechanism.
Data Breach Today
OCTOBER 14, 2022
39 Million Shoppers of Shein and Romwe Weren't Notified of Personal Data Exposure Fast-fashion clothing giant Shein has been fined $1.9 million by the New York state attorney general for multiple failings tied to a massive 2018 data breach, including substandard password security as well as failing to alert users or force password resets in a timely manner.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Data Matters
OCTOBER 14, 2022
*This article first appeared on Law360 on October 14, 2022. A series of coordinated announcements on Oct. 7 lifted the veil on a new trans-Atlantic data transfer mechanism. This announcement has been hotly anticipated since a joint declaration from the U.S. and European Union governments on March 25, that there was an agreement in principle for a new EU-U.S.
Dark Reading
OCTOBER 10, 2022
A CISO's responsibilities have evolved immensely in recent years, so their first three months on the job should look a different today than they might have several years ago.
Security Affairs
OCTOBER 10, 2022
The pro-Russia hacktivist group ‘KillNet’ is behind massive DDoS attacks that hit websites of several major airports in the US. The pro-Russia hacktivist group ‘ KillNet ‘ is claiming responsibility for massive distributed denial-of-service (DDoS) attacks against the websites of several major airports in the US. The DDoS attacks have taken the websites offline, users were not able to access it during the offensive.
Data Breach Today
OCTOBER 12, 2022
October's Patch Tuesday Includes Fixes for 84 Bugs One zero-day down but two Microsoft Exchange zero-days to go in this month's dose of patches from the Redmond, Washington computing giant. Microsoft fixed a COM+ flaw being exploited in the wild but for now is relying on workarounds for two known email server bugs.
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
Thales Cloud Protection & Licensing
OCTOBER 13, 2022
Thales and Microsoft partner to provide Azure customers with FIDO and CBA phishing-resistant authentication. divya. Thu, 10/13/2022 - 10:27. The accelerating digital transformation of organizations around the world and the adoption of a hybrid workforce have exposed essential systems and sensitive data to rising cyber threats. The impact and cost of cyber-attacks have skyrocketed, driving the need for better identity protection with phishing-resistant Multi-Factor Authentication (MFA).
John Battelle's Searchblog
OCTOBER 10, 2022
Over at LinkedIn I’ve published a short piece on Web3 – a primer of sorts for the many marketing pals who’ve asked me “does this s**t matter!?” As I do with everything I pen, I’ve posted it here as well. (image credit). In the more than 30 years since the digital revolution swept through marketing, most of us have adapted to the ever-present change inherent in what has become a technology-driven profession.
Security Affairs
OCTOBER 11, 2022
Lockbit ransomware affiliates are compromising Microsoft Exchange servers to deploy their ransomware, experts warn. South-Korean cybersecurity firm AhnLab reported that Lockbit ransomware affiliates are distributing their malware via compromised Microsoft Exchange servers. In July 2022, two servers operated by a customer of the security firm were infected with LockBit 3.0 ransomware. .
Data Breach Today
OCTOBER 14, 2022
39 Million Shoppers of Shein and Romwe Weren't Notified of Personal Data Exposure Fast-fashion clothing giant Shein has been fined $1.9 million by New York state's attorney general for multiple failings tied to a massive 2018 data breach, including substandard password security, as well as failing to alert users or force password resets in a timely manner.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
eSecurity Planet
OCTOBER 13, 2022
Distributed denial-of-service (DDoS) attacks occur when attackers use a large number of devices to attempt to overwhelm a resource and deny access to that resource for legitimate use. Most commonly, we see DDoS attacks used against websites, applications, or services exposed to the internet, but DDoS attacks can also be applied against specific computers, gateways, or internal network resources.
Dark Reading
OCTOBER 13, 2022
The comprehensive, multiplatform framework comes loaded with weapons, and it is likely another effort by a China-based threat group to develop an alternative to Cobalt Strike and Sliver.
Security Affairs
OCTOBER 14, 2022
Chinese-speaking threat actor, tracked as WIP19, is targeting telecommunications and IT service providers in the Middle East and Asia. SentinelOne researchers uncovered a new threat cluster, tracked as WIP19, which has been targeting telecommunications and IT service providers in the Middle East and Asia. The experts believe the group operated for cyber espionage purposes and is a Chinese-speaking threat group.
Data Breach Today
OCTOBER 13, 2022
Hardenize to Help Red Sift Customers Assess Security of Domains and Certificates A phishing and fraud prevention vendor has bought a startup founded by Qualys' longtime engineering leader to help organizations more effectively discover and monitor assets. Red Sift says its purchase of Hardenize will help customers assess the security of their digital asset inventory.
Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL
Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.
eSecurity Planet
OCTOBER 12, 2022
Aqua Nautilus security researchers have revealed that threat actors could perform a timing attack on npm’s API to uncover private packages. The timing attack on the JavaScript package manager can work even if npm returns a 404 error to unauthorized or unauthenticated users who try to request the following endpoint (generic pattern): [link]. A malicious attacker can send multiple consecutive requests to determine if the package exists or has been removed.
Dark Reading
OCTOBER 12, 2022
The platform lets network connectivity data escape outside of the secure tunnel when connected to a public network, posing a "privacy concern" for users with "certain threat models," researchers said.
Security Affairs
OCTOBER 13, 2022
The Budworm espionage group resurfaced targeting a U.S.-based organization for the first time, Symantec Threat Hunter team reported. The Budworm cyber espionage group (aka APT27 , Bronze Union , Emissary Panda , Lucky Mouse , TG-3390 , and Red Phoenix) is behind a series attacks conducted over the past six months against a number of high-profile targets, including the government of a Middle Eastern country, a multinational electronics manufacturer, and a U.S. state legislature.
Expert insights. Personalized for you.
297 
Let's personalize your content