Thu.Jan 13, 2022

GUEST ESSAY: JPMorgan’s $200 million in fines stems from all-too-common compliance failures

The Last Watchdog

Last month’s $125 million Security and Exchange Commission (SEC) fine combined with the $75 million U.S. Commodity Futures Trading Commission (CFTC) fine against JPMorgan sent shockwaves through financial and other regulated customer-facing industries. Related: Why third-party risks are on the rise.

Redefining the CISO-CIO Relationship

Dark Reading

While these roles have different needs, drivers, and objectives, they should complement each other rather than compete with one another

114
114
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Threat actors abuse public cloud services to spread multiple RATs

Security Affairs

Threat actors are actively abusing cloud services from Amazon and Microsoft to deliver RATs such as Nanocore , Netwire , and AsyncRAT.

Cloud 102

Fighting Back Against Pegasus, Other Advanced Mobile Malware

Dark Reading

Detecting infection traces from Pegasus and other APTs can be tricky, complicated by iOS and Android security features

Modernizing Workloads with the Cloud: How to Improve Performance & Reduce Costs

In this eBook, you’ll learn how to migrate workloads to Azure and optimize performance for your serverless and containerized applications in Azure.

Cisco fixes a critical flaw in Unified CCMP and Unified CCDM

Security Affairs

Cisco fixed a critical privilege escalation vulnerability, tracked as CVE-2022-20658, in Unified CCMP and Unified CCDM.

Access 100

More Trending

Open Source Sabotage Incident Hits Software Supply Chain

eSecurity Planet

An astonishing incident in recent days highlights the risks of widespread dependence on open source software – while also highlighting the free labor corporations benefit from by using open source software.

How to Protect Your Phone from Pegasus and Other APTs

Dark Reading

The good news is that you can take steps to avoid advanced persistent threats. The bad news is that it might cost you iMessage. And FaceTime

IT 113

Using Foreign Nationals to Bypass US Surveillance Restrictions

Schneier on Security

Remember when the US and Australian police surreptitiously owned and operated the encrypted cell phone app ANOM? They arrested 800 people in 2021 based on that operation.

New Vulnerabilities Highlight Risks of Trust in Public Cloud

Dark Reading

Major cloud providers are vulnerable to exploitation because a single flaw can be turned into a global attack using trusted core services

Risk 113

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

USCYBERCOM: MuddyWater APT is linked to Iran’s MOIS intelligence

Security Affairs

US Cyber Command (USCYBERCOM) has officially linked the Iran-linked MuddyWater APT group to Iran’s Ministry of Intelligence and Security (MOIS).

How Cybercriminals Are Cashing in on the Culture of 'Yes'

Dark Reading

The reward is always front of mind, while the potential harm of giving out a phone number doesn't immediately reveal itself

111
111

Mozilla addresses High-Risk Firefox, Thunderbird vulnerabilities

Security Affairs

Mozilla addressed18 security vulnerabilities affecting the popular Firefox web browser and the Thunderbird mail program. Mozilla released Firefox 96 that addressed 18 security vulnerabilities in its web browser and the Thunderbird mail program.

Risk 94

Iran-Based APT35 Group Exploits Log4J Flaw

eSecurity Planet

Security researchers are continuing to see state-supported hacking groups developing tools to leverage the high-profile Log4j vulnerability that exploded onto the scene last month even as the White House and other parts of the federal government look for ways to get ahead of the threat.

Prioritizing Customer Experience Using SLIs & SLOs: A Case Study from The Telegraph

Service Level Indicators (SLIs) and Service Level Objectives (SLOs) are a key pillar of Site Reliability Engineering (SRE) and are the principal tool for eliminating needless alerts and focusing on what really matters to the business.

North Korean Hackers Stole Nearly $400M in Crypto Last Year

WIRED Threat Level

The regime had a “banner year,” thanks to skyrocketing cryptocurrency values and a new generation of vulnerable startups. Security Security / Cyberattacks and Hacks

BlueNoroff Threat Group Targets Cryptocurrency Startups

Dark Reading

A series of attacks against small and medium-sized businesses has led to major cryptocurrency losses for the victims

87

European Commission Defends Irish Data Protection Commissioner

Hunton Privacy

In a letter addressed to certain members of the European Parliament (“MEPs”), European Commissioner for Justice Reynders refuted some of the criticism that has been raised against the Irish Data Protection Commissioner (“DPC”). Background.

Catches of the Month: Phishing Scams for January 2022

IT Governance

Welcome to the first review of phishing attacks for 2022, in which we explore the latest scams and the tactics that cyber criminals use to trick people into handing over their personal information.

IT 72

The Ultimate Guide to Executive Recruiting

Sourcing the right executive candidates and filling key managerial roles in an organization can be difficult, even in the best of times. Download this eBook to level up your discovery process, talent sourcing, and strategies for reaching your best-fit candidates.

New HIPAA Regulations in 2022 via the HIPAA Journal

IG Guru

Check out the article here. The post New HIPAA Regulations in 2022 via the HIPAA Journal appeared first on IG GURU. Compliance Education HIPAA information privacy Risk News 2022 HIPAA Journal

Adobe Cloud Abused to Steal Office 365, Gmail Credentials

Threatpost

Threat actors are creating accounts within the Adobe Cloud suite and sending images and PDFs that appear legitimate to target Office 365 and Gmail users, researchers from Avanan discovered. Hacks Malware Web Security

Cloud 97

Top four trends for the U.S. Public Sector in 2022

OpenText Information Management

There are many shifts happening in government in the year ahead, such as moving from a project-based to customer-oriented focus, the emergence of work-anywhere environments and actively addressing organizational infrastructure and design debts.

Cloud 67

Microsoft Yanks Buggy Windows Server Updates

Threatpost

Since their release on Patch Tuesday, the updates have been breaking Windows, causing spontaneous boot loops on Windows domain controller servers, breaking Hyper-V and making ReFS volume systems unavailable. Vulnerabilities Web Security

12 Plays to Kickstart Your Recruitment Process

To stay ahead in this race, every recruiter needs a good playbook. In this eBook, we lay out 12 recruiting plays that can automate key steps in your recruitment process, helping you reduce both the cost and the time it takes to hire the best candidates.

Meta sued for £2.3bn over claim Facebook users in UK were exploited

The Guardian Data Protection

Lawsuit claims company set ‘unfair price’ by taking users’ personal data without proper compensation Mark Zuckerberg’s Meta is being sued for £2.3bn in a class action lawsuit that claims 44 million Facebook users in the UK had their data exploited after signing up to the social network.

North Korean APTs Stole ~$400M in Crypto in 2021

Threatpost

Meanwhile, EtherumMax got sued over an alleged pump-and-dump scam after using celebs like Floyd Mayweather Jr. & & Kim Kardashian to promote EMAX Tokens. Hacks Web Security

Getting the Most out of Your Keyword Searches

eDiscovery Daily

Though a more basic searching technique, keyword searches allow professionals to identify one or two specific words from multiple documents. Nowadays, keyword searches are considered inferior to the successor, predictive coding (TAR).

CNIL Fines Big Tech Companies 210 Million Euros for Cookie Violations

Hunton Privacy

On December 31, 2021, the French Data Protection Authority (the “CNIL”) imposed a €150,000,000 fine on Google and a €60,000,000 fine on Facebook (now Meta) for violations of French rules on the use of cookies. Background.

Understanding Cadence Workflow for Developers and Architects

Explore the basics of Cadence and understand the benefits it can provide to your organization. This whitepaper will dive into a brief history of Cadence, how workflows can be put into practice, and how you can apply Cadence to your data infrastructure.

2022 Will Be the Year of Hybrid Everything

Rocket Software

There may be several different associations that come to mind when we hear the word hybrid, but essentially, they all refer to a combination of multiple elements coming together to create something with the best possible capabilities. .

Managing Change, Improving Adoption: How IT Can Better Support the Legal Department

Hanzo Learning Center

Lawyers have a reputation—sometimes deserved, sometimes not—of being technophobic Luddites. While there are certainly exceptions, many lawyers resist change and avoid new technology.

Paper 56

One size does not fit all

OpenText Information Management

The industry you work in has its own identity. While some may share characteristics with others, each vertical has a set of business challenges unique to it. Increasing customer engagement looks different at a utilities company than it does at a retail bank.