The Last Watchdog

FEBRUARY 17, 2022

Data helps digital businesses make meaningful decisions and fast-track their growth in a global market so that companies that are skilled at harvesting data regularly and consistently tend to grow faster than those that only involve data scantily in making decisions. Related: Kaseya hack highlight supply-chain risks. This has made data extraction one of the most crucial aspects of what makes a company strive in today’s economy.

Access 194

Access Marketing Compliance Security 194

WIRED Threat Level

FEBRUARY 16, 2022

Mozilla’s privacy-heavy browser is flatlining. What it does next is crucial for the future of the web.

Privacy 99

Privacy IT Security 99

Dark Reading

FEBRUARY 16, 2022

Sensitive data stolen on US weapons development and deployment, product development, foreign partnerships, contracts, and more.

89

89

Krebs on Security

FEBRUARY 16, 2022

A network intrusion at the International Committee for the Red Cross (ICRC) in January led to the theft of personal information on more than 500,000 people receiving assistance from the group. KrebsOnSecurity has learned that the email address used by a cybercriminal actor who offered to sell the stolen ICRC data also was used to register multiple domain names the FBI says are tied to a sprawling media influence operation originating from Iran.

Ransomware 229

Ransomware Sales Access Data breaches 229

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

Security Affairs

FEBRUARY 17, 2022

Attackers compromise Microsoft Teams accounts to attach malicious executables to chat and spread them to participants in the conversation. While the popularity of Microsoft Teams continues to grow, with roughly 270 million monthly active users , threat actors started using it as an attack vector. Starting in January 2022, security researchers from Avanan observed attackers compromising Microsoft Teams accounts attach malicious executables to chat and infect participants in the conversation.

File names 143

File names Phishing Data breaches Access 143

IT Governance

FEBRUARY 15, 2022

Everybody wants to know what the future holds. Those who are a step ahead of the rest can foresee challenges and avoid falling into pitfalls, or they can spot opportunities and ride to success. This is as true in the cyber security landscape as it is in any other. But predictions are difficult. After all, who at the start of 2020 could have foreseen what the next two years would be like?

Security 142

Security Insurance Authentication Passwords 142

Krebs on Security

FEBRUARY 14, 2022

In January, KrebsOnSecurity examined clues left behind by “ Wazawaka ,” the hacker handle chosen by a major ransomware criminal in the Russian-speaking cybercrime scene. Wazawaka has since “lost his mind” according to his erstwhile colleagues, creating a Twitter account to drop exploit code for a widely-used virtual private networking (VPN) appliance, and publishing bizarre selfie videos taunting security researchers and journalists.

Ransomware 192

Ransomware Data breaches Encryption Passwords 192

Hunton Privacy

FEBRUARY 16, 2022

On February 14, 2022, Texas Attorney General Ken Paxton brought suit against Meta, the parent company of Facebook and Instagram, over the company’s collection and use of biometric data. The suit alleges that Meta collected and used Texans’ facial geometry data in violation of the Texas Capture or Use of Biometric Identifier Act (“CUBI”) and the Texas Deceptive Trade Practices Act (“DTPA”).

Privacy 132

Privacy IT Information Security Security 132

Data Protection Report

FEBRUARY 14, 2022

Recent decisions out of the EU will impact the use of Google Analytics and similar non-European analytics services when targeting EU individuals, with the potential to put many organizations at risk of receiving GDPR fines. At issue was the transfer of personal data from the EU to the US through the use of Google Analytics. These decisions, like the Schrems decisions, make it clear that organizations must have a technical understanding of their data flows, with an emphasis on: (1) where the data

Analytics 127

Analytics GDPR Personal data IT 127

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Troy Hunt

FEBRUARY 16, 2022

Continuing the march forward to provide governments with better access to their departments' data exposed in breaches , I'm very pleased to welcome the 28th national government onto Have I Been Pwned - New Zealand! They'll join the other govs around the world that have complete free access to breach information impacting their gov domains and TLDs.

Government 123

Government Access Security IT 123

Security Affairs

FEBRUARY 18, 2022

Iran-linked TunnelVision APT group is actively exploiting the Log4j vulnerability to deploy ransomware on unpatched VMware Horizon servers. Researchers from SentinelOne have observed the potentially destructive Iran-linked APT group TunnelVision is actively exploiting the Log4j vulnerability to deploy ransomware on unpatched VMware Horizon servers. TunnelVision’s TTPs overlap with the ones associated with Iran-linked nation-state actors Phosphorus , Charming Kitten and Nemesis Kitten.

Ransomware 119

Ransomware Security IT Information Security 119

eSecurity Planet

FEBRUARY 15, 2022

Ransomware attacks on critical infrastructure and a surge in exploited vulnerabilities are getting the attention of U.S. cybersecurity agencies, which highlighted the threats in a pair of warnings issued in recent days. The FBI and U.S. Secret Service issued a detailed advisory on the BlackByte Ransomware as a Service (RaaS) group, which has attacked critical infrastructure industries in recent months, among them government, financial and food and agriculture targets.

Ransomware 111

Ransomware Encryption Agriculture Cybersecurity 111

Data Protection Report

FEBRUARY 14, 2022

The French Data Protection Authority (the “ CNIL ”) continues its campaign against companies that do not respect the rules relating to cookies and other trackers, which the CNIL has previously reminded the market about in multiple communications and decisions. The CNIL has already issued four sets of formal notices to over 90 organizations of various sizes for non-compliance with the rules.

GDPR 113

GDPR Compliance Communications Personal data 113

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

IT Governance

FEBRUARY 17, 2022

If you’re serious about information security, you should consider gaining a Microsoft qualification. ISO 27001 is often considered the go-to qualification for information security professionals. But the changing way organisations operate means it’s becoming increasingly valuable to pair a strong understanding of the Standard with a Microsoft certification.

Cloud 109

Cloud Systems administration Information Security Security 109

Security Affairs

FEBRUARY 18, 2022

Qualys experts found a new Linux privilege escalation vulnerability, tracked as CVE-2021-44731, in Canonical’s Snap Package Manager. Canonical’s Snap software packaging and deployment system are affected by multiple vulnerabilities, including a privilege escalation flaw tracked as CVE-2021-44731 (CVSS score 7.8). Snap is a software packaging and deployment system developed by Canonical for operating systems that use the Linux kernel.

Security 116

Security Information Security IT 116

Schneier on Security

FEBRUARY 17, 2022

A reporter interviews a Uyghur human-rights advocate, and uses the Otter.ai transcription app. The next day, I received an odd note from Otter.ai, the automated transcription app that I had used to record the interview. It read: “Hey Phelim, to help us improve your Otter’s experience, what was the purpose of this particular recording with titled ‘Mustafa Aksu’ created at ‘2021-11-08 11:02:41’?”.

Government 108

Government IT 108

Hunton Privacy

FEBRUARY 18, 2022

On February 15, 2022, the French Data Protection Authority (the “CNIL”) published its enforcement priority topics for 2022. Each year, the CNIL conducts numerous investigations in response to complaints, data breach notifications and ongoing events, or based on previously established enforcement priorities. For 2022, the CNIL indicated that it will focus on three major strategic priorities: Direct Marketing.

Cloud 108

Cloud Data breaches GDPR Marketing 108

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Threatpost

FEBRUARY 17, 2022

On Tuesday, institutions central to Ukraine’s military and economy were hit with denial-of-service (DoS) attacks. Impact was limited, but the ramifications are not.

Military 110

Military Government Security 110

Security Affairs

FEBRUARY 18, 2022

Google introduces Privacy Sandbox on Android aimed at leading to more private advertising solutions for mobile users. Google announced Privacy Sandbox on Android to limit user data sharing and prevent the use of cross-app identifiers. The company states that the Privacy Sandbox technologies are still in development. “Privacy Sandbox on Android will strengthen privacy, while providing tools app developers need to support and grow their businesses.

Privacy 103

Privacy Data collection Security IT 103

Schneier on Security

FEBRUARY 15, 2022

Two US Senators claim that the CIA has been running an unregulated — and almost certainly illegal — mass surveillance program on Americans. The senator’s statement. Some declassified information from the CIA. No real details yet.

Data collection 106

Data collection 106

Micro Focus

FEBRUARY 16, 2022

Derek Britton, Director of Communications and Brand Strategy, discusses how to balance making the critical decisions about digital transformation in today’s economy. Few organizations of any size have ignored the importance of digital transformation. Many were forced to quickly implement fundamental digital transformation activities in order to survive the first waves of COVID-19.

Digital transformation 102

Digital transformation Communications 102

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Data Matters

FEBRUARY 15, 2022

WEBINAR. REGISTER HERE. 12:00 p.m. PT / 3:00 p.m. ET. Sidley Senior Managing Associate Sheri Porath Rockwell (Chair, California Lawyers Association Privacy Law Section) and Stacey Gray, Director of Legislative Research & Analysis at the Future of Privacy Forum, will be leading a multi-session webinar series, CPRA Law + Tech , that focuses on the technologies and data practices at the heart of emerging state privacy legislation, including the California Privacy Rights Act (CPRA).

Data Privacy 88

Data Privacy Privacy Compliance 88

Security Affairs

FEBRUARY 17, 2022

Cisco warns of a DoS issue affecting its Email Security Appliance (ESA) product that could be exploited using specially crafted emails. Cisco ESA products are affected by a DoS vulnerability, tracked as CVE-2022-20653 , that resides in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for ESA.

Authentication 102

Authentication Security IT Information Security 102

Daymark

FEBRUARY 15, 2022

On February 9, 2020, Infinidat rolled out some major enhancements to its InfiniGuard enterprise data protection platform. The announcement themes revolved around enhanced data protection, faster recovery and overall cyber resilience.

IT 101

IT Security 101

Threatpost

FEBRUARY 16, 2022

A group of five security vulnerabilities could lead to a range of bad outcomes for virtual-machine enthusiasts, including command execution and DoS.

Security 111

Security Cloud 111

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Data Matters

FEBRUARY 14, 2022

Data is the fuel for software development, and developers use historical data from existing products to train algorithms and build AI and machine learning models. Companies are well aware of privacy and regulatory restrictions on data use, but often do not consider the potential impact of data use restrictions on intellectual property ownership and use rights.

Privacy 88

Privacy 88

Security Affairs

FEBRUARY 18, 2022

Researchers developed an exploit code for CVE-2022-24086 vulnerability affecting Adobe?Commerce and?Magento Open Source. Positive Technologies researchers have created a working PoC exploit for the recently patched CVE-2022-24086 vulnerability affecting its Commerce and Magento Open Source products. An attacker could use the exploit to achieve remote code execution from an unauthenticated user.

Authentication 101

Authentication Cybersecurity Security IT 101

Jamf

FEBRUARY 17, 2022

Detect and remediate a broad range of security threats including vulnerabilities, malware and questionable applications while continually assessing mobile endpoint and network risks. By combining security policies and sophisticated network protection with the detection of risky configurations, you can enforce comprehensive protection of your devices, users and apps, keeping them all safe in real-time.

Risk 98

Risk Security 98