Krebs on Security
FEBRUARY 7, 2022
The Internal Revenue Service (IRS) said today it will be transitioning away from requiring biometric data from taxpayers who wish to access their records at the agency’s website. The reversal comes as privacy experts and lawmakers have been pushing the IRS and other federal agencies to find less intrusive methods for validating one’s identity with the U.S. government online.
Dark Reading
FEBRUARY 9, 2022
Ransomware, cryptojacking, and a cracked version of the penetration-testing tool Cobalt Strike have increasingly targeted Linux in multicloud infrastructure, report states.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
FEBRUARY 9, 2022
The master decryption keys for the Maze, Egregor, and Sekhmet ransomware operations were released last night on the BleepingComputer forums. The master decryption keys for the Maze , Egregor, and Sekhmet ransomware families were released on the BleepingComputer forums by the alleged malware developer. The Maze group was considered one of the most prominent ransomware operations since it began operating in May 2019.
The Last Watchdog
FEBRUARY 8, 2022
Today’s operating system battleground has long been defined by the warfare between the top three players—Microsoft’s Windows, Google’s Android, and Apple’s iOS. Related: Co ok vs. Zuckerberg on privacy. While each of them has its distinguishing features, Apple’s privacy and security are what makes it the typical enterprise’s pick.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Krebs on Security
FEBRUARY 8, 2022
Microsoft today released software updates to plug security holes in its Windows operating systems and related software. This month’s relatively light patch batch is refreshingly bereft of any zero-day threats, or even scary critical vulnerabilities. But it does fix four dozen flaws, including several that Microsoft says will likely soon be exploited by malware or malcontents.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Jamf
FEBRUARY 11, 2022
The remediation for a serious security vulnerability in Microsoft Active Directory (AD) prevents Apple macOS from binding. Affected machines will lose the ability to communicate with AD domain controllers, resulting in user lockout and potential data loss.
The Last Watchdog
FEBRUARY 7, 2022
When new vulnerabilities re announced or flaws are discovered in public or “off the shelf” applications, several things happen. News spreads of the risks while attackers and security professionals alike begin searching for potential attack targets for the purpose of exploiting or protecting them. Related: How GraphQLs expanded the attack surface. When Log4Shell first hit the street, we immediately saw attacks against almost every one of our customers.
Schneier on Security
FEBRUARY 9, 2022
Researchers have calculated the quantum computer size necessary to break 256-bit elliptic curve public-key cryptography: Finally, we calculate the number of physical qubits required to break the 256-bit elliptic curve encryption of keys in the Bitcoin network within the small available time frame in which it would actually pose a threat to do so. It would require 317 × 10 6 physical qubits to break the encryption within one hour using the surface code, a code cycle time of 1 μ s, a reaction
eSecurity Planet
FEBRUARY 11, 2022
Risk management is a concept that has been around as long as companies have had assets to protect. The simplest example may be insurance. Life, health, auto, and other insurance are all designed to help a person protect against losses. Risk management also extends to physical devices, such as doors and locks to protect homes and vehicles, vaults to protect money and precious jewels, and police, fire, and CCTV to protect against other physical risks.
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
IT Governance
FEBRUARY 8, 2022
Welcome to our February 2022 review of phishing attacks, in which we explore the latest scams and the tactics that cyber criminals use to trick people into handing over their personal information. This month, we look at a bogus online contest designed to capture your Facebook login details, the latest Microsoft scam and whether ‘passwordless’ security can mitigate the threat of scams.
Hunton Privacy
FEBRUARY 7, 2022
On January 24, 2022, a group of state attorneys general (Indiana, Texas, D.C. and Washington) (the “State AGs”) announced their commitment to ramp up enforcement work on “dark patterns” that are used to ascertain consumers’ location data. The State AGs created a plan to initiate lawsuits alleging that consumers of certain online services are falsely led to believe that they can prevent the collection of their location data by changing their account and device settings, when the online services d
AIIM
FEBRUARY 11, 2022
At a recent holiday gathering (of triple-vaxxed friends/family), I was reminded of advice from my very elegant and wise grandmother: “Always leave a party when you’re having fun.” Since I’m still having a blast at the AIIM party, now is the ideal time for me to make my way to the exit, passing the presidential baton enroute. That’s right. I promised myself that I would serve only two, 3-year terms in the CEO role, yet here I am, happily beginning the third.
eSecurity Planet
FEBRUARY 9, 2022
The next few years will see a surge in channel spending. According to Jay McBain, an analyst at Forrester Research, spending on IT and telecommunications will be worth about $7 trillion by 2030. The channel is destined to land at least a third of that. Competition is fierce. With about half a million VARs currently operating and roughly 75,000 MSPs, what opportunities exist for expansion?
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
FEBRUARY 11, 2022
The U.S. CISA has added to the catalog of vulnerabilities another 15 security vulnerabilities actively exploited in the wild. The US Cybersecurity & Infrastructure Security Agency (CISA) has added fifteen more flaws to the Known Exploited Vulnerabilities Catalog. The ‘ Known Exploited Vulnerabilities Catalog ‘ is a list of known vulnerabilities that threat actors have abused in attacks and that are required to be addressed by Federal Civilian Executive Branch (FCEB) agencies.
Schneier on Security
FEBRUARY 11, 2022
A detailed report of the 2021 ransomware attack against Ireland’s Health Services Executive lists some really bad security practices : The report notes that: The HSE did not have a Chief Information Security Officer (CISO) or a “single responsible owner for cybersecurity at either senior executive or management level to provide leadership and direction.
Troy Hunt
FEBRUARY 5, 2022
I feel like perfect audio remains an unsolved problem for me. Somehow, a low "hiss" has slipped in over the last couple of weeks and messing around trying to solve it before recording this video only served to leave me without any audio at all on the first attempt, and the status quo remaining on the second attempt. And I still can't use my Apollo Twin DAC as an input device almost a year on from when I bought it.
eSecurity Planet
FEBRUARY 7, 2022
The UK government recently started an open-source GitHub repository to help organizations scan networks for vulnerabilities. The idea behind the Scanning Made Easy project from the National Cyber Security Centre (NCSC) and its i100 industry partnership is to provide a collection of Nmap scripts to users, such as sysadmins, for detecting system vulnerabilities.
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
Security Affairs
FEBRUARY 10, 2022
Spanish National Police arrested eight alleged members of a crime ring specialized in SIM swapping attacks. Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims through SIM swapping attacks. Crooks conduct SIM swapping attacks to take control of victims’ phone numbers tricking the mobile operator employees into porting them to SIMs under the control of the fraudsters.
Hunton Privacy
FEBRUARY 10, 2022
On February 10, 2022, the French Data Protection Authority (the “CNIL”) ruled the transfer of EU personal data from the EU to the U.S. through the use of the Google Analytics cookie to be unlawful. In its decision, the CNIL held that an organization using Google Analytics was in violation of the GDPR’s data transfer requirements. The CNIL ordered the organization to comply with the GDPR, and to stop using Google Analytics, if necessary.
Data Matters
FEBRUARY 11, 2022
Dallas and Washington, D.C. – Sidley is pleased to announce that Sean Royall has joined the firm as a partner in the firm’s Dallas and Washington, D.C. offices. Sean’s practice focuses on antitrust and consumer protection litigation and government investigations. He joins Sidley from Kirkland & Ellis, where he was a partner in their Antitrust and Competition practice.
eSecurity Planet
FEBRUARY 11, 2022
Malwarebytes and Bitdefender are two of the most recognized names in the cybersecurity market for the latest antivirus software, endpoint detection and response (EDR), and endpoint protection platforms ( EPP ). Both vendors share a number of the same solution capabilities for potential clients, meaning there’s plenty to compare in terms of malware detection and analysis, supported endpoints, and incident response.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
FEBRUARY 11, 2022
Apple addressed a new WebKit zero-day affecting iOS, iPadOS, macOS, and Safari that may have been actively exploited in the wild. Apple has addressed a zero-day vulnerability, tracked as CVE-2022-22620, in the WebKit affecting iOS, iPadOS , macOS , and Safari that may have been actively exploited in the wild. This is the third zero-day vulnerability fixed by the IT giant this year.
Hunton Privacy
FEBRUARY 11, 2022
On February 9, 2022, the SEC proposed new cybersecurity compliance and disclosure rules for the investment management industry in a three to one vote. If adopted, the proposed rules would apply to registered investment advisers (“RIAs”), certain registered investment companies (“RICs”) and business development companies (“BDCs,” together with RICs, “registered funds”).
Data Matters
FEBRUARY 10, 2022
On Monday, January 24, 2022, in a speech at the Northwestern University Pritzker School of Law annual Securities Regulation Institute conference, Gary Gensler, Chair of the U.S. Securities and Exchange Commission (SEC), announced that he has asked SEC staff to provide sweeping rulemaking recommendations to modernize and expand the agency’s rules relating to cybersecurity. 1 Stressing that cybersecurity is a matter of national security, Chair Gensler signaled that new guidance or proposed rule
eSecurity Planet
FEBRUARY 10, 2022
Security information and event management (SIEM) technology provides foundational support for threat detection. The high costs of SIEMs once made them feasible only for larger enterprise clients, but they have become more reasonable solutions for smaller organizations over time. While a properly configured SIEM can provide effective threat protection, misuse of SIEM technology can increase costs and undermine security.
Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL
Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.
Security Affairs
FEBRUARY 10, 2022
The Uptycs threat research team has been observing an increase in utilization of regsvr32.exe heavily via various types of Microsoft Office documents. The full report that includes Indicators of Compromise (IOCs) is available here: [link]. During our analysis of these malware samples, we have identified that some of the malware samples belonged to Qbot and Lokibot attempting to execute.ocx files.
Data Protection Report
FEBRUARY 8, 2022
On January 24, 2022, the New York Attorney General (AG) announced a settlement with vision-benefits-provider EyeMed Vision Care, Inc., relating to a 2020 security incident where a threat actor obtained access to an email account that enabled the threat actor to get access to personal information of consumers including, but not limited to, , dates of birth; health insurance accounts and vision insurance accounts ID numbers; Social Security Numbers; Medicaid numbers; Medicare numbers; driver’s lic
IT Governance
FEBRUARY 10, 2022
The UK’s FCDO (Foreign, Commonwealth and Development Office) was recently hit by a “serious cyber security incident”, according to a public tender document. According to the BBC , the attackers were able to breach the FCDO but were detected thanks to the support of third-party cyber security experts, who were called in “with extreme urgency”. It’s not believed that any sensitive information was breached, yet there remain worrying questions over how the incident became public.
Expert insights. Personalized for you.
228 
Let's personalize your content