Dark Reading
DECEMBER 20, 2021
Security experts in Germany discover similar attacks that lock building engineering management firms out of the BASes they built and manage — by turning a security feature against them.
Security Affairs
DECEMBER 21, 2021
Microsoft warns of a couple of Active Directory flaws fixed with the November 2021 Patch Tuesday updates that could allow takeover of Windows domains. Microsoft released an alert on a couple of Active Directory vulnerabilities, that have been fixed with the November 2021 Patch Tuesday security updates, that could allow threat actors to takeover Windows domains.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
OpenText Information Management
DECEMBER 22, 2021
On December 10th, warnings of the zero-day vulnerability found in the Java logging library, Apache Log4j 2.x, began to emerge. Today, we know that it is currently being exploited by attackers to exfiltrate data or execute arbitrary code. Log4j is very broadly used in a variety of consumer and enterprise services, websites, and applications for … The post Log4j vulnerability explained and how to respond appeared first on OpenText Blogs.
The Last Watchdog
DECEMBER 20, 2021
Within the past year, we have seen a glut of ransomware attacks that made global news as they stymied the operations of many. In May, the infamous Colonial Pipeline ransomware attack disrupted nationwide fuel supply to most of the U.S. East Coast for six days. Related: Using mobile apps to radicalize youth. But the danger has moved up a notch with a new, grave threat: killware.
Advertisement
Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.
IT Governance
DECEMBER 21, 2021
If your business handles debit or credit card data, you’ve probably heard of the PCI DSS (Payment Card Industry Data Security Standard). It’s an information security framework designed to reduce payment card fraud by requiring organisations to implement technical and organisational defence measures. We explain everything you need to know about the PCI DSS in this blog, including who it applies to, the benefits of compliance and what happens if you fail to meet its requirements.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
AIIM
DECEMBER 21, 2021
Two new directors elected by members of the association. The Association for Intelligent Information Management ( AIIM ), announces the election of two new board members following its Annual Meeting held in early December. The following directors will serve on the AIIM Board of Directors beginning January 1, 2022 through December 31, 2024: Jason Cassidy, Shinydocs.
The Last Watchdog
DECEMBER 21, 2021
Cloud hosted email services have come into wide use as the go-to communication and collaboration work tools for businesses far and wide. Related: Weaponized email endures as top threat. Digital native companies start from day one relying entirely on Microsoft Office 365 or Google’s G Suite and most established companies are in some stage of migrating to, or adjusting for, Office 365 or G Suite.
eSecurity Planet
DECEMBER 22, 2021
When it comes to managing cybersecurity risk , approximately 35 percent of organizations say they only take an active interest if something bad happens. But in order for businesses to maintain compliance with major privacy laws , they have to have security measures in place before an attack. The regulations from GDPR, PIPL, and CCPA are especially prevalent to MSPs and software vendors because they get access to data from so many organizations, but all businesses need to comply with them.
Security Affairs
DECEMBER 21, 2021
Google found more than 35,000 Java packages in the Maven Central repository that are impacted by flaws in the Apache Log4j library. The Google Open Source Team scanned the Maven Central Java package repository and found that 35,863 packages (8% of the total) were using versions of the Apache Log4j library vulnerable to Log4Shell exploit and to the CVE-2021-45046 RCE. “More than 35,000 Java packages, amounting to over 8% of the Maven Central repository (the most significant Java package
Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage
Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.
Threatpost
DECEMBER 23, 2021
Attackers use the Telegram handle “Smokes Night” to spread the malicious Echelon infostealer, which steals credentials for cryptocurrency and other user accounts, researchers said.
Schneier on Security
DECEMBER 20, 2021
Citizen Lab published another report on the spyware used against two Egyptian nationals. One was hacked by NSO Group’s Pegasus spyware. The other was hacked both by Pegasus and by the spyware from another cyberweapons arms manufacturer: Cytrox. We haven’t heard a lot about Cytrox and its Predator spyware. According to Citzen Lab: We conducted Internet scanning for Predator spyware servers and found likely Predator customers in Armenia, Egypt, Greece, Indonesia, Madagascar, Oman, Saud
eSecurity Planet
DECEMBER 21, 2021
There are few guarantees in the IT industry, but one certainty is that as the world steps into 2022, ransomware will continue to be a primary cyberthreat. The dangers from ransomware have risen sharply since WannaCry and NotPetya hit the scene in 2017, and this year has been no different. A pair of recent reports underscores just how big that threat is.
Security Affairs
DECEMBER 23, 2021
Crooks discovered how to bypass the patch for a recent Microsoft Office vulnerability (CVE-2021-40444) and are using it to distribute Formbook malware. Cybercriminals have found a way to bypass the patch for a recent Microsoft Office vulnerability tracked as CVE-2021-40444 (CVSS score of 8.8). The bad news is that threat actors are using it to distribute the Formbook malware.
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
Threatpost
DECEMBER 22, 2021
Don't freak: It's got nothing to do with Log4Shell, except it may be just as far-reaching as Log4j, given HTTPD's tendency to tiptoe into software projects.
Dark Reading
DECEMBER 22, 2021
Once the dust settles on Log4j, many IT teams will brush aside the need for the fundamental, not-exciting need for better asset and application management.
Micro Focus
DECEMBER 20, 2021
In the rush towards digital transformation, even the heroic CIO needs someone they can turn to, says Derek Britton. Who is in your corner to help you solve your digital dilemma? Today’s technology landscape – a bleak dystopian vista? Digital transformation has been at the top of virtually every organisation’s list of objectives for several. View Article.
Security Affairs
DECEMBER 21, 2021
Researchers spotted a new botnet named Abcbot hat that mainly targeted Chinese cloud hosting providers over the past months. Security researchers discovered a new botnet, named Abcbot , that focused on Chinese cloud hosting providers over the past months. The list of targeted providers includes Alibaba Cloud, Baidu, Tencent, and Huawei Cloud. In November, researchers from Qihoo 360’s Netlab security team spotted the Abcbot botnet that was targeting Linux systems to launch distributed denial-of-s
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
Threatpost
DECEMBER 21, 2021
Microsoft is urging customers to patch two Active Directory domain controller bugs after a PoC tool was publicly released on Dec. 12.
Dark Reading
DECEMBER 21, 2021
The Facebook parent company seeks court's help in identifying the individuals behind some 39,000 websites impersonating its brands to collect login credentials.
Record Nations
DECEMBER 20, 2021
As the holiday season approaches, it’s likely that many of us will be receiving smart devices as gifts. Smart devices are becoming more and more common, and many of our appliances even have “smart features”. In fact, you may be in possession of some of these items, and not even know it. Smart devices can […]. The post How Secure are Smart Devices?
Security Affairs
DECEMBER 19, 2021
Clop ransomware gang stolen confidential data from the UK police and leaked it in the dark web because the victim refused to pay the ransom. Clop ransomware operators have stolen confidential information held by some British police, according to the media the cybercriminal gang targeted the IT firm Dacoll. According to the media, the cybercriminals compromised the systems at the company, which has access to the police national computer, using a phishing attack.
Advertisement
Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.
Threatpost
DECEMBER 22, 2021
Attackers exploiting bugs in the “link preview” feature in Microsoft Teams could abuse the flaws to spoof links, leak an Android user’s IP address and launch a DoS attack.
Dark Reading
DECEMBER 21, 2021
Focusing on basic security controls and executing them well is the best way to harden your systems against an attack.
Hunton Privacy
DECEMBER 23, 2021
On December 15, 2021, the European Parliament adopted its position on the proposal for a Digital Markets Act (“DMA”), ahead of negotiations with the Council of the European Union. The DMA introduces new rules for certain core platforms services acting as “gatekeepers,” (including search engines, social networks, online advertising services, cloud computing, video-sharing services, messaging services, operating systems and online intermediation services) in the digital sector and aims to prevent
Security Affairs
DECEMBER 19, 2021
The TellYouThePass ransomware resurged and exploits the Apache Log4j flaw (Log4Shell) to target both Linux and Windows systems. Researchers from KnownSec 404 Team and Sangfor Threat Intelligence Team reported that the TellYouThePass ransomware resurged and is exploiting the Apache Log4j CVE-2021-44228 flaw to target both Linux and Windows systems. “On December 13, Sangfor’s terminal security team and Anfu’s emergency response center jointly monitored a ransomware called Tellyou
Advertisement
“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.
Threatpost
DECEMBER 23, 2021
The security vulnerability could expose passwords and access tokens, along with blueprints for internal infrastructure and finding software vulnerabilities.
Dark Reading
DECEMBER 20, 2021
Some think zero trust means you cannot or should not trust employees, an approach that misses the mark and sets up everyone for failure.
Hunton Privacy
DECEMBER 20, 2021
On December 17, 2021, the European Commission announced that it had adopted its adequacy decision on the Republic of Korea. The adequacy decision allows for the free flow of personal data between the EU and Korea, without any further need for authorization or additional transfer tool. The adequacy decision also covers transfers of personal data between public authorities.
Expert insights. Personalized for you.
144 
Let's personalize your content