Krebs on Security
FEBRUARY 7, 2022
The Internal Revenue Service (IRS) said today it will be transitioning away from requiring biometric data from taxpayers who wish to access their records at the agency’s website. The reversal comes as privacy experts and lawmakers have been pushing the IRS and other federal agencies to find less intrusive methods for validating one’s identity with the U.S. government online.
Dark Reading
FEBRUARY 9, 2022
Ransomware, cryptojacking, and a cracked version of the penetration-testing tool Cobalt Strike have increasingly targeted Linux in multicloud infrastructure, report states.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
FEBRUARY 9, 2022
The master decryption keys for the Maze, Egregor, and Sekhmet ransomware operations were released last night on the BleepingComputer forums. The master decryption keys for the Maze , Egregor, and Sekhmet ransomware families were released on the BleepingComputer forums by the alleged malware developer. The Maze group was considered one of the most prominent ransomware operations since it began operating in May 2019.
The Last Watchdog
FEBRUARY 8, 2022
Today’s operating system battleground has long been defined by the warfare between the top three players—Microsoft’s Windows, Google’s Android, and Apple’s iOS. Related: Co ok vs. Zuckerberg on privacy. While each of them has its distinguishing features, Apple’s privacy and security are what makes it the typical enterprise’s pick.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Krebs on Security
FEBRUARY 8, 2022
Microsoft today released software updates to plug security holes in its Windows operating systems and related software. This month’s relatively light patch batch is refreshingly bereft of any zero-day threats, or even scary critical vulnerabilities. But it does fix four dozen flaws, including several that Microsoft says will likely soon be exploited by malware or malcontents.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Schneier on Security
FEBRUARY 9, 2022
Researchers have calculated the quantum computer size necessary to break 256-bit elliptic curve public-key cryptography: Finally, we calculate the number of physical qubits required to break the 256-bit elliptic curve encryption of keys in the Bitcoin network within the small available time frame in which it would actually pose a threat to do so. It would require 317 × 10 6 physical qubits to break the encryption within one hour using the surface code, a code cycle time of 1 μ s, a reaction
The Last Watchdog
FEBRUARY 7, 2022
When new vulnerabilities re announced or flaws are discovered in public or “off the shelf” applications, several things happen. News spreads of the risks while attackers and security professionals alike begin searching for potential attack targets for the purpose of exploiting or protecting them. Related: How GraphQLs expanded the attack surface. When Log4Shell first hit the street, we immediately saw attacks against almost every one of our customers.
Security Affairs
FEBRUARY 11, 2022
The U.S. CISA has added to the catalog of vulnerabilities another 15 security vulnerabilities actively exploited in the wild. The US Cybersecurity & Infrastructure Security Agency (CISA) has added fifteen more flaws to the Known Exploited Vulnerabilities Catalog. The ‘ Known Exploited Vulnerabilities Catalog ‘ is a list of known vulnerabilities that threat actors have abused in attacks and that are required to be addressed by Federal Civilian Executive Branch (FCEB) agencies.
eSecurity Planet
FEBRUARY 11, 2022
Machine learning (ML) and artificial intelligence (AI) have emerged as critical tools for dealing with the ever-growing volume and complexity of cybersecurity threats. Machines can recognize patterns to detect malware and unusual activity better than humans and classic software. The technology also predicts potential attacks and automatically responds to threats by identifying specific trends and cycles.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
WIRED Threat Level
FEBRUARY 9, 2022
A couple allegedly used a “laundry list” of technical measures to cover their tracks. They didn’t work.
IT Governance
FEBRUARY 8, 2022
Welcome to our February 2022 review of phishing attacks, in which we explore the latest scams and the tactics that cyber criminals use to trick people into handing over their personal information. This month, we look at a bogus online contest designed to capture your Facebook login details, the latest Microsoft scam and whether ‘passwordless’ security can mitigate the threat of scams.
Hunton Privacy
FEBRUARY 7, 2022
On January 24, 2022, a group of state attorneys general (Indiana, Texas, D.C. and Washington) (the “State AGs”) announced their commitment to ramp up enforcement work on “dark patterns” that are used to ascertain consumers’ location data. The State AGs created a plan to initiate lawsuits alleging that consumers of certain online services are falsely led to believe that they can prevent the collection of their location data by changing their account and device settings, when the online services d
eSecurity Planet
FEBRUARY 9, 2022
The next few years will see a surge in channel spending. According to Jay McBain, an analyst at Forrester Research, spending on IT and telecommunications will be worth about $7 trillion by 2030. The channel is destined to land at least a third of that. Competition is fierce. With about half a million VARs currently operating and roughly 75,000 MSPs, what opportunities exist for expansion?
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
Security Affairs
FEBRUARY 10, 2022
Spanish National Police arrested eight alleged members of a crime ring specialized in SIM swapping attacks. Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims through SIM swapping attacks. Crooks conduct SIM swapping attacks to take control of victims’ phone numbers tricking the mobile operator employees into porting them to SIMs under the control of the fraudsters.
Schneier on Security
FEBRUARY 11, 2022
A detailed report of the 2021 ransomware attack against Ireland’s Health Services Executive lists some really bad security practices : The report notes that: The HSE did not have a Chief Information Security Officer (CISO) or a “single responsible owner for cybersecurity at either senior executive or management level to provide leadership and direction.
Dark Reading
FEBRUARY 8, 2022
Companies are scanning more applications for vulnerabilities — and more often.
eSecurity Planet
FEBRUARY 11, 2022
Risk management is a concept that has been around as long as companies have had assets to protect. The simplest example may be insurance. Life, health, auto, and other insurance are all designed to help a person protect against losses. Risk management also extends to physical devices, such as doors and locks to protect homes and vehicles, vaults to protect money and precious jewels, and police, fire, and CCTV to protect against other physical risks.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Troy Hunt
FEBRUARY 5, 2022
I feel like perfect audio remains an unsolved problem for me. Somehow, a low "hiss" has slipped in over the last couple of weeks and messing around trying to solve it before recording this video only served to leave me without any audio at all on the first attempt, and the status quo remaining on the second attempt. And I still can't use my Apollo Twin DAC as an input device almost a year on from when I bought it.
Security Affairs
FEBRUARY 11, 2022
Apple addressed a new WebKit zero-day affecting iOS, iPadOS, macOS, and Safari that may have been actively exploited in the wild. Apple has addressed a zero-day vulnerability, tracked as CVE-2022-22620, in the WebKit affecting iOS, iPadOS , macOS , and Safari that may have been actively exploited in the wild. This is the third zero-day vulnerability fixed by the IT giant this year.
Hunton Privacy
FEBRUARY 10, 2022
On February 10, 2022, the French Data Protection Authority (the “CNIL”) ruled the transfer of EU personal data from the EU to the U.S. through the use of the Google Analytics cookie to be unlawful. In its decision, the CNIL held that an organization using Google Analytics was in violation of the GDPR’s data transfer requirements. The CNIL ordered the organization to comply with the GDPR, and to stop using Google Analytics, if necessary.
eSecurity Planet
FEBRUARY 11, 2022
Malwarebytes and Bitdefender are two of the most recognized names in the cybersecurity market for the latest antivirus software, endpoint detection and response (EDR), and endpoint protection platforms ( EPP ). Both vendors share a number of the same solution capabilities for potential clients, meaning there’s plenty to compare in terms of malware detection and analysis, supported endpoints, and incident response.
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
WIRED Threat Level
FEBRUARY 8, 2022
As Russia continues to amass troops at the border, resistance groups have seen a surge in crypto donations.
Security Affairs
FEBRUARY 10, 2022
The Uptycs threat research team has been observing an increase in utilization of regsvr32.exe heavily via various types of Microsoft Office documents. The full report that includes Indicators of Compromise (IOCs) is available here: [link]. During our analysis of these malware samples, we have identified that some of the malware samples belonged to Qbot and Lokibot attempting to execute.ocx files.
Dark Reading
FEBRUARY 11, 2022
Company's Chrome and Android technologies continued to be target-rich environments for security researchers from around the world.
eSecurity Planet
FEBRUARY 10, 2022
Security information and event management (SIEM) technology provides foundational support for threat detection. The high costs of SIEMs once made them feasible only for larger enterprise clients, but they have become more reasonable solutions for smaller organizations over time. While a properly configured SIEM can provide effective threat protection, misuse of SIEM technology can increase costs and undermine security.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
WIRED Threat Level
FEBRUARY 10, 2022
Word and Excel files you download from the internet just got a whole lot safer.
Security Affairs
FEBRUARY 10, 2022
WordPress plugin PHP Everywhere is affected by three critical issues that can be exploited to execute arbitrary code on affected systems. Wordfence experts found three critical remote code execution vulnerabilities in the PHP Everywhere WordPress plugin, all the issues have received a CVSS score of 9.9. The plugin that allows WordPress admins to insert PHP code in pages, posts, the sidebar, or any Gutenberg block, to display dynamic content based on evaluated PHP expressions. “On January 4
AIIM
FEBRUARY 11, 2022
At a recent holiday gathering (of triple-vaxxed friends/family), I was reminded of advice from my very elegant and wise grandmother: “Always leave a party when you’re having fun.” Since I’m still having a blast at the AIIM party, now is the ideal time for me to make my way to the exit, passing the presidential baton enroute. That’s right. I promised myself that I would serve only two, 3-year terms in the CEO role, yet here I am, happily beginning the third.
Expert insights. Personalized for you.
234 
Let's personalize your content