Krebs on Security

JANUARY 8, 2022

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. But Norton 360 isn’t alone in this dubious endeavor: Avira antivirus — which has built a base of 500 million users worldwide largely by making the product free — was recently bought by the same company that owns Norton 360 and is introducing its customers to a service called Avira Crypto.

Mining 346

Mining Privacy IT Security 346

The Last Watchdog

JANUARY 11, 2022

Might it be possible to direct cool digital services at holistically improving the wellbeing of each citizen of planet Earth? Related: Pursuing a biological digital twin. A movement aspiring to do just that is underway — and it’s not being led by a covey of tech-savvy Tibetan monks. This push is coming from the corporate sector. Last August, NTT , the Tokyo-based technology giant, unveiled its Health and Wellbeing initiative – an ambitious effort to guide corporate, political and community

Big data 276

Big data Analytics Personal data Government 276

Dark Reading

JANUARY 11, 2022

Nine of the Microsoft patches released today are classified as critical, 89 are Important, and six are publicly known.

Security 145

Security 145

Security Affairs

JANUARY 14, 2022

A weakness in the Microsoft Defender antivirus can allow attackers to retrieve information to use to avoid detection. Threat actors can leverage a weakness in Microsoft Defender antivirus to determine in which folders plant malware to avoid the AV scanning. Microsoft Defender allows users to exclude locations on their machines that should be excluded from scanning by the security solution.

Access 143

Access Security IT Information Security 143

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

Krebs on Security

JANUARY 11, 2022

Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems. More concerning, Microsoft warns that one of the flaws fixed this month is “wormable,” meaning no human interaction would be required for an attack to spread from one vulnerable Windows box to another.

Libraries 233

Libraries Security Access IT 233

Dark Reading

JANUARY 11, 2022

Two-thirds of all malware distributed to enterprise networks last year originated from cloud apps such as Google Drive, OneDrive, and numerous other cloud apps, new research shows.

Cloud 135

Cloud 135

Security Affairs

JANUARY 8, 2022

Researchers disclosed a critical RCE flaw in the H2 open-source Java SQL database which is similar to the Log4J vulnerability. Jfrog researchers discovered a critical vulnerability in the H2 open-source Java SQL database related to the Log4Shell Log4J vulnerability. The flaw, tracked as CVE-2021-42392 , could allow attackers to execute remote code on vulnerable systems, the good news is that unlike the Log4J issue it should not be as widespread.

IoT 143

IoT Passwords IT Access 143

eSecurity Planet

JANUARY 11, 2022

As we enter 2022, the shortage of cybersecurity pros hasn’t gotten better. In fact, it’s gotten worse. There are currently about 435,000 cybersecurity job openings available in the United States, up from approximately 314,000 in 2019. The move to remote work in response to the COVID-19 pandemic increased the workloads for skilled IT professionals, and combined with the rising rate of ransomware attacks , many security pros are suffering from burnout.

Cybersecurity 135

Cybersecurity Government Digital transformation Communications 135

Hunton Privacy

JANUARY 13, 2022

In a letter addressed to certain members of the European Parliament (“MEPs”), European Commissioner for Justice Reynders refuted some of the criticism that has been raised against the Irish Data Protection Commissioner (“DPC”). Background. On December 6, 2021, the concerned MEPs sent a letter to Commissioner Reynders to raise concerns about how the DPC enforces the EU General Data Protection (“GDPR”) and applies the GDPR’s cooperation mechanism.

GDPR 133

GDPR IT 133

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Thales Cloud Protection & Licensing

JANUARY 10, 2022

How Can We Secure The Future of Digital Payments? divya. Tue, 01/11/2022 - 06:35. The financial services ecosystem has evolved tremendously over the past few years driven by a surge in the adoption of digital payments. This raises the question of where digital payment technologies will take us in the future, and how will this affect consumers? In the latest episode of Thales Security Sessions podcast , I was asked by Neira Jones to join Simon Keates, Head of Strategy and Payment Security at Thal

Retail 126

Retail Security Financial Services Authentication 126

Security Affairs

JANUARY 10, 2022

A malware campaign spreads ZLoader malware by exploiting a Windows vulnerability that was fixed in 2013 but in 2014 Microsoft revised the fix. Experts from Check Point Research uncovered a new ZLoader malware campaign in early November 2021. The malware campaign is still active and threat actors have already stolen data and credentials of more than 2000 victims across 111 countries as of 2 Jan 2022.

Access 140

Access IT Security Cybersecurity 140

eSecurity Planet

JANUARY 13, 2022

An astonishing incident in recent days highlights the risks of widespread dependence on open source software – while also highlighting the free labor corporations benefit from by using open source software. Marak Squires, an open source coder and maintainer, sabotaged his repository to protest against unpaid work and his failed attempts to monetize faker.js and color.js , two major NPM packages used by a huge range of other packages and projects.

Libraries 129

Libraries Access Cloud IT 129

Dark Reading

JANUARY 14, 2022

Companies look to multifactor authentication and identity and access management to block attacks, but hedge their bets with disaster recovery.

Cybersecurity 145

Cybersecurity Authentication Access 145

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

OpenText Information Management

JANUARY 10, 2022

As we head into 2022, it’s clear that the Financial Services industry overall has responded well to the impact of COVID-19 — but it hasn’t emerged unscathed. In fact, McKinsey’s Global Banking Review states that half of banks are not covering their cost of equity. The future remains uncertain apart from one thing: Financial Services … The post Key trends for the Financial Services industry in 2022 appeared first on OpenText Blogs.

Financial Services 124

Financial Services IT Insurance 124

Security Affairs

JANUARY 12, 2022

Experts warn of a new variant of the RedLine malware that is distributed via emails as fake COVID-19 Omicron stat counter app as a lure. Fortinet researchers have spotted a new version of the RedLine info-stealer that is spreading via emails using a fake COVID-19 Omicron stat counter app as a lure. The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials st

Manufacturing 139

Manufacturing File names Archiving Encryption 139

Schneier on Security

JANUARY 12, 2022

Researchers have figured how how to intercept and fake an iPhone reboot: We’ll dissect the iOS system and show how it’s possible to alter a shutdown event, tricking a user that got infected into thinking that the phone has been powered off, but in fact, it’s still running. The “NoReboot” approach simulates a real shutdown.

IT 123

IT Security 123

Dark Reading

JANUARY 13, 2022

While these roles have different needs, drivers, and objectives, they should complement each other rather than compete with one another.

141

141

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Hunton Privacy

JANUARY 12, 2022

On January 6, 2022, the Federal Trade Commission reached a $1.5 million settlement with loan application company ITMedia Solutions LLC (“ITMedia”) over alleged violations of the FTC Act and Fair Credit Reporting Act (“FCRA”). The FTC alleged that ITMedia deceptively acquired and indiscriminately shared consumers’ sensitive personal information under the guise of connecting them with lenders.

Marketing 118

Marketing Compliance IT Security 118

Security Affairs

JANUARY 9, 2022

Russian submarines threatening undersea network of undersea cables, says UK defence chief Sir Tony Radakin. UK defence chief Sir Tony Radakin warns of Russian submarines threatening the undersea network of internet cables, which are critical infrastructure of our society. Multiple activities heavily depend on the global network of undersea cables, including financial transactions and communications. “In the financial sector alone, undersea cables carry some $10 trillion of financial transf

Manufacturing 138

Manufacturing Risk Communications Security 138

Schneier on Security

JANUARY 13, 2022

Remember when the US and Australian police surreptitiously owned and operated the encrypted cell phone app ANOM? They arrested 800 people in 2021 based on that operation. New documents received by Motherboard show that over 100 of those phones were shipped to users in the US, far more than previously believed. What’s most interesting to me about this new information is how the US used the Australians to get around domestic spying laws: For legal reasons, the FBI did not monitor outgoing me

Communications 121

Communications Encryption Government IT 121

Dark Reading

JANUARY 11, 2022

On a recent Friday night, three security experts got together to play custom games that explore attack risks in an engaging way.

Risk 144

Risk Security 144

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

The Guardian Data Protection

JANUARY 10, 2022

EU police body accused of unlawfully holding information and aspiring to become an NSA-style mass surveillance agency The EU’s police agency, Europol, will be forced to delete much of a vast store of personal data that it has been found to have amassed unlawfully by the bloc’s data protection watchdog. The unprecedented finding from the European Data Protection Supervisor (EDPS) targets what privacy experts are calling a “big data ark” containing billions of points of information.

Personal data 117

Personal data Big data Libraries Encryption 117

Security Affairs

JANUARY 12, 2022

US authorities warn critical infrastructure operators of the threat of cyberattacks orchestrated by Russia-linked threat actors. US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) issued a joint alert to warn critical infrastructure operators about threats from Russian state-sponsored hackers. “This joint Cybersecurity Advisory (CSA)—authored by the Cybersecurity and Infrastructure Security Agency (C

Cybersecurity 125

Cybersecurity Risk Phishing Government 125

Schneier on Security

JANUARY 14, 2022

I don’t even know what I think about this. Researchers have developed a malware detection system that uses EM waves: “ Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification.” Abstract : The Internet of Things (IoT) is constituted of devices that are exponentially growing in number and in complexity.

IoT 117

IoT IT Security Paper 117

Dark Reading

JANUARY 13, 2022

The good news is that you can take steps to avoid advanced persistent threats. The bad news is that it might cost you iMessage. And FaceTime.

IT 136

IT 136

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

IT Governance

JANUARY 10, 2022

For many, 2021 was a year to forget. COVID-19 again dominated the news, with initial optimism over vaccine rollouts and the potential end of the pandemic making way for new variants and the return of social restrictions. The cyber security landscape offered similarly familiar topics: there were huge data breaches at Facebook and LinkedIn, while the threat of ransomware reached catastrophic levels.

Security 115

Security Data breaches Ransomware Phishing 115

Security Affairs

JANUARY 14, 2022

German multinational defense contractor Hensoldt confirmed to that some of its systems were infected by Lorenz ransomware. Hensoldt, a multinational defense contractor, confirmed that some of its UK subsidiary’s systems were infected with Lorenz ransomware. This week a Hensholdt spokesperson confirmed the security breach to BleepingComputer explaining that a small number of mobile devices in its UK subsidiary has been affected.

Ransomware 124

Ransomware Archiving Encryption Cybersecurity 124

Threatpost

JANUARY 13, 2022

Threat actors are creating accounts within the Adobe Cloud suite and sending images and PDFs that appear legitimate to target Office 365 and Gmail users, researchers from Avanan discovered.

Cloud 114

Cloud Security 114