Krebs on Security

DECEMBER 13, 2022

InfraGard , a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO tha

Sales 363

Sales Energy and Utilities Communications Data breaches 363

Hunton Privacy

OCTOBER 12, 2022

On October 3, 2022, Google LLC (“Google”) agreed to pay the State of Arizona $85 million to settle a consumer privacy lawsuit that alleged the company surreptitiously collected consumers’ geolocation data on smartphones even after users disabled location tracking. . Arizona’s lawsuit followed a 2018 Associated Press article that alleged Google continued to track the location of Android devices even after users disabled the Location History setting on the device.

Privacy 145

Privacy Data Privacy Access 145

Data Breach Today

MAY 28, 2022

Agency Spotted Compromised Credentials On Various Dark Web Forums The FBI is warning the U.S. higher education sector about compromised sensitive credentials and network access information advertised for sale across various public and Dark Web forums. The agency states that this access to credentials could potentially lead to a cyberattack.

Education 363

Education Sales Access 363

Security Affairs

DECEMBER 2, 2022

Qualys researchers demonstrated how to chain a new Linux flaw with two other two issues to gain full root privileges on an impacted system. Researchers at the Qualys’ Threat Research Unit demonstrated how to chain a new Linux vulnerability, tracked as CVE-2022-3328 , with two other flaws to gain full root privileges on an affected system. The vulnerability resides in the snap-confine function on Linux operating systems, a SUID-root program installed by default on Ubuntu.

Access 145

Access Security IT Information Security 145

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

eSecurity Planet

DECEMBER 15, 2022

Released on November 30, ChatGPT has instantly become a viral online sensation. In a week, the app gained more than one million users. Unlike most other AI research projects, ChatGPT has captivated the interest of ordinary people who do not have PhDs in data science. They can type in queries and get human-like responses. The answers are often succinct.

Cybersecurity 145

Cybersecurity Phishing Data science Blockchain 145

Troy Hunt

AUGUST 3, 2022

How best to punish spammers? I give this topic a lot of thought because I spend a lot of time sifting through the endless rubbish they send me. And that's when it dawned on me: the punishment should fit the crime - robbing me of my time - which means that I, in turn, need to rob them of their time. With the smallest possible overhead on my time, of course.

Passwords 145

Passwords IT 145

Jamf

MAY 16, 2022

The Jamf Threat Labs team has recently identified changes to the UpdateAgent malware dropper. These changes primarily focus on new executables written in Swift that reach out to a registration server to pull down a new set of instructions in the form of a bash script. Perhaps one of the most identifiable features of the malware is that it relies on the AWS infrastructure to host its various payloads and perform its infection status updates to the server.

IT 145

IT 145

Data Protection Report

JUNE 22, 2022

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill. The Department for Culture, Media and Sport (DCMS) has finally published the UK government’s long-awaited response to the consultation on the future of the UK data protection regime. The government set out very high level principles for a Data Reform Bill in the Queen’s Speech in May.

GDPR 144

GDPR Government Personal data Risk 144

ARMA International

MARCH 22, 2022

For as long as there has been communication and work, there has been a means of documenting and tracking it. Sales receipts, pay stubs, tax documents, letters, memoranda, and beyond all have value at one time or another. Sometimes, those records need to be revisited or referenced later down the road in connection with, for example, taxes, audits, or other reviews.

Information governance 144

Information governance Government Compliance Archiving 144

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Dark Reading

JULY 14, 2022

Vulnerability will remain a "significant" threat for years to come and highlighted the need for more public and private sector support for open source software ecosystem, Cyber Safety Review Board says.

143

143

Krebs on Security

APRIL 29, 2022

Google said this week it is expanding the types of data people can ask to have removed from search results, to include personal contact information like your phone number, email address or physical address. The move comes just months after Google rolled out a new policy enabling people under the age of 18 (or a parent/guardian) to request removal of their images from Google search results.

Search queries 363

Search queries Retail Government Marketing 363

Hunton Privacy

APRIL 7, 2022

On February 28, 2022, the Emirate of Dubai enacted Law No. 4 of 2022 on the Regulation of Virtual Assets (“ VAL ”) and established the Dubai Virtual Assets Regulatory Authority (“ VARA ”). By establishing a legal framework for businesses related to virtual assets, including crypto assets and non-fungible tokens ( NFTs ), this landmark law reflects Dubai’s vision to become one of the leading jurisdictions for entrepreneurs and investors of blockchain technology.

IT 145

IT Blockchain Financial Services Personal data 145

IT Governance

JUNE 15, 2022

In an increasingly digital world, there are an escalating number of cyber security risks for business to address. Criminal hackers are adept at spotting weaknesses, while organisations do themselves no favours when they fail to adequately protect their systems. IT Governance identified more than 1,200 publicly disclosed data breaches in 2021 , while another report found that security incidents cost almost £3 million on average.

Risk 142

Risk Security Passwords Phishing 142

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Security Affairs

OCTOBER 15, 2022

Palo Alto Networks addressed a high-severity authentication bypass vulnerability affecting the PAN-OS 8.1 software. Palo Alto Networks released security patches to address a high-severity authentication bypass flaw, tracked as CVE-2022-0030 (CVSS score 8.1), impacting the PAN-OS 8.1 software. “An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to imper

Authentication 145

Authentication Cloud Security Access 145

eSecurity Planet

NOVEMBER 18, 2022

Every IT environment and cybersecurity strategy has vulnerabilities. To avoid damage or loss, organizations need to find and eliminate those vulnerabilities before attackers can exploit them. Some of those vulnerabilities will be found and fixed by vendors, who will provide patches and updates for their products. Other vulnerabilities cannot be patched and will require coordination between IT, cybersecurity, and app developers to protect those exposed vulnerabilities with additional resources th

Passwords 145

Passwords Risk Access Cloud 145

Schneier on Security

JULY 18, 2022

Some sites, including Facebook, add parameters to the web address for tracking purposes. These parameters have no functionality that is relevant to the user, but sites rely on them to track users across pages and properties. Mozilla introduced support for URL stripping in Firefox 102 , which it launched in June 2022. Firefox removes tracking parameters from web addresses automatically, but only in private browsing mode or when the browser’s Tracking Protection feature is set to strict.

Encryption 145

Encryption IT 145

Troy Hunt

MARCH 28, 2022

Data breaches impact us all as individuals, companies and as governments. Over the last 4 years, I've been providing additional access to data breach information in Have I Been Pwned for government agencies responsible for protecting their citizens. The access is totally free and amounts to APIs designed to search and monitor government owned domains and TLDs.

Government 145

Government Data breaches Access 145

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Jamf

FEBRUARY 11, 2022

The remediation for a serious security vulnerability in Microsoft Active Directory (AD) prevents Apple macOS from binding. Affected machines will lose the ability to communicate with AD domain controllers, resulting in user lockout and potential data loss.

Communications 145

Communications Security 145

OpenText Information Management

OCTOBER 27, 2022

Information is at the core of being human, the universe and evolution itself. Information creation is accelerating, and its use is transformative in nature. Machines generate more information than humans today. Machines share their knowledge instantly and understand the nuances of language. One day, machines will directly enhance the human mind, and allow each human … The post The Future of Human Intelligence: A Conversation with Ray Kurzweil appeared first on OpenText Blogs.

IT 140

IT Artificial Intelligence 140

WIRED Threat Level

NOVEMBER 28, 2022

Google provided investigators with location data for more than 5,000 devices as part of the federal investigation into the attack on the US Capitol.

Security 145

Security 145

Dark Reading

MAY 26, 2022

Let the threat landscape guide your company's timeline for complying with new data security standards for credit cards. Use the phase-in time to improve security overall — security as a process — not just comply with new standards.

Compliance 143

Compliance Security 143

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

Krebs on Security

JANUARY 19, 2022

If you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year. The agency says that by the summer of 2022, the only way to log in to irs.gov will be through ID.me , an online identity verification service that requires applicants to submit copies of bills and identity documents, as well as a live video feed of their faces via a mobile device.

Access 363

Access Insurance Authentication Government 363

Hunton Privacy

JUNE 1, 2022

On June 1, 2022, Thailand’s Personal Data Protection Act (“PDPA”) entered into force after three years of delays. The PDPA, originally enacted in May 2019, provides for a one-year grace period, with the main operative provisions of the law originally set to come into force in 2020. Due to the COVID-19 pandemic, however, the Thai government issued royal decrees to extend the compliance deadline to June 1, 2022. .

Personal data 143

Personal data GDPR Compliance Government 143

IT Governance

OCTOBER 3, 2022

Welcome to our September 2022 list of data breaches and cyber attacks. Compared to August, it was a comparatively quiet month, as we identified 88 publicly disclosed security incidents and 35,566,046 compromised records. As always, you can find the full list below – although, perhaps for the last time, they are broken down into their respective categories.

Data breaches 140

Data breaches Ransomware Education Phishing 140

Security Affairs

OCTOBER 14, 2022

Researchers disclosed details of a now-patched flaw, tracked as CVE-2022-37969, in Windows Common Log File System (CLFS). The CVE-2022-37969 (CVSS score: 7.8) flaw is a Windows Common Log File System Driver Elevation of Privilege Vulnerability. The Common Log File System (CLFS) is a general-purpose logging subsystem that can be used by applications running in both kernel mode and user mode for building high-performance transaction logs, and is implemented in the driver CLFS.sys.

Metadata 145

Metadata Security IT Access 145

Advertisement

Gearing up for 2025 annual planning? Our latest eBook from the Operators Guild is your ultimate guide. Discover real-world solutions and best practices shared by top CFOs, drawn directly from discussions within OG’s vibrant online community. Learn from senior executives at high-growth tech startups as they outline financial planning strategies, align CEO and board goals, and coordinate budgets across departments.

Education

eSecurity Planet

DECEMBER 7, 2022

It has certainly been a rough year for the tech industry. There have been many layoffs, the IPO market has gone mostly dark, and venture funding has decelerated. Despite all this, there is one tech category that has held up fairly well: Cybersecurity. Just look at a report from M&A advisory firm Houlihan Lokey , which found that private cybersecurity company funding grew by 9.4% to $26.9 billion between September 2021 and September 2022.

Cybersecurity 145

Cybersecurity Compliance Risk Ransomware 145

Schneier on Security

JUNE 24, 2022

Earlier this month, I and others wrote a letter to Congress, basically saying that cryptocurrencies are an complete and total disaster, and urging them to regulate the space. Nothing in that letter is out of the ordinary, and is in line with what I wrote about blockchain in 2019. In response, Matthew Green has written —not really a rebuttal—but a “a general response to some of the more common spurious objections …people make to public blockchain systems.” In it, he

Blockchain 145

Blockchain Government Retail IT 145

Troy Hunt

JANUARY 23, 2022

I have been, and still remain, a massive proponent of "the cloud" I built Have I Been Pwned (HIBP) as a cloud-first service that took advantage of modern cloud paradigms such as Azure Table Storage to massively drive down costs at crazy levels of performance I never could have achieved before. I wrote many blog posts about doing big things for small dollars and did talks all over the world about the great success I'd had with these approaches.

Cloud 145

Cloud Passwords IT Risk 145