Blog - Information Management Today

Data Breaches and Cyber Attacks in November 2023 – 519,111,354 Records Breached

IT Governance

DECEMBER 5, 2023

Data Breach Dashboard For a quick, one-page overview of this month’s findings, please use our Data Breach Dashboard: Note: From this month, zero-day vulnerabilities are excluded from the ‘unpatched or misconfigured’ category. This is part of the reason this category is lower than last month (24% vs 32%).

Data breaches

Data breaches Ransomware Access Security

Accelerating scope 3 emissions accounting: LLMs to the rescue

IBM Big Data Hub

MARCH 27, 2024

This article explores an innovative way to streamline the estimation of Scope 3 GHG emissions leveraging AI and Large Language Models (LLMs) to help categorize financial transaction data to align with spend-based emissions factors. Why are Scope 3 emissions difficult to calculate?

Mining

Mining Data collection IT

How Machine Learning Can Accelerate and Improve the Accuracy of Sensitive Data Classification

Thales Cloud Protection & Licensing

DECEMBER 11, 2023

How Machine Learning Can Accelerate and Improve the Accuracy of Sensitive Data Classification madhav Tue, 12/12/2023 - 05:21 Given the pace of data growth and the complexity of hybrid IT environments, the discovery and classification of sensitive data is no simple task.

Unstructured data

Unstructured data Cloud Data Privacy GDPR

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

GUEST ESSAY: A breakout of how Google, Facebook, Instagram enable third-party snooping

The Last Watchdog

OCTOBER 17, 2022

This increased demand for apps also raises the need for improved data protection measures, which Google took steps to address with the new data safety section they launched in July 2022. percent) of the apps share user data with third parties. In fact, the data trade industry is worth over $257 billion and growing yearly.

Privacy

Privacy Data Privacy Personal data Data collection

REMnux Tools List for Malware Analysis

Lenny Zeltser

OCTOBER 13, 2020

To guide you through the process of examining malware, REMnux documentation lists the installed tools by category. In addition to providing numerous tools as part of the REMnux distro, the project also offers several malware analysis tools as Docker images.

Information Security

Information Security Security

GitHub: Nearly 100,000 NPM Users’ credentials stolen in the April OAuth token attack

Security Affairs

MAY 28, 2022

In April, GitHub uncovered threat actors using stolen OAuth user tokens to gain access to their repositories and download private data from several organizations. The attackers abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm.

Metadata

Metadata Passwords Archiving Access

Global Data Breaches and Cyber Attacks in March 2024 – 299,368,075 Records Breached

IT Governance

APRIL 4, 2024

To minimise data skewing, we’ve accounted for this by providing two Data Breach Dashboards this month: one including and one excluding the above events. This blog provides further analysis of the data we’ve collected. Data breached: 124,605,664 records. The number of affected records is unknown.

Data breaches

Data breaches Passwords Security Cloud

Note to Self: Create Non-Exhaustive List of Competitors

Krebs on Security

APRIL 20, 2021

As the largest organization dedicated to the analysis of software, Gartner’s network of analysts are well connected to the technology and software industries. ” They also break companies out into categories such as “challengers,” “leaders,” “visionaries” and “niche players.”

Marketing

Marketing Mining Cloud Cybersecurity

Alert! Unpatched critical Atlassian Confluence Zero-Day RCE flaw actively exploited

Security Affairs

JUNE 3, 2022

Atlassian warned of an actively exploited critical unpatched remote code execution flaw (CVE-2022-26134) in Confluence Server and Data Center products. “Atlassian has been made aware of current active exploitation of a critical severity unauthenticated remote code execution vulnerability in Confluence Data Center and Server.

Mining

Mining Authentication Security Cybersecurity

SHARED INTEL: VCs pumped $21.8 billion into cybersecurity in 2021 — why there’s more to come

The Last Watchdog

JUNE 13, 2022

The top drivers of the continued growth of cybersecurity are: the growing need to protect the API supply chain, the inadequacy of existing identity management systems, and the unfulfilled promise of data-driven AI-powered cybersecurity systems. Leveraging data science. Securing APIs.

Cybersecurity

Cybersecurity Data science Artificial Intelligence Marketing

Experts warn of a new malvertising campaign spreading the ChromeLoader

Security Affairs

MAY 26, 2022

If applied to a higher-impact threat—such as a credential harvester or spyware—this PowerShell behavior could help malware gain an initial foothold and go undetected before performing more overtly malicious activity, like exfiltrating data from a user’s browser sessions.” ” reads the analysis published by the experts.

Search queries

Search queries Cybersecurity Security IT

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Security Affairs

JUNE 11, 2022

” reads the analysis published ZScaler. ” The backdoor supports multiple functionalities, including Upload/Download Files and execution of system commands on the infected machine by abusing DNS records, including TXT records for incoming commands and A records for data exfiltration. . .” ” continues the report.

IT

IT Military Communications Phishing

Russia-linked Fronton botnet could run disinformation campaigns

Security Affairs

MAY 23, 2022

The botnet was developed to conduct DDoS attacks, but further analysis revealed that it could be used to coordinate large-scale disinformation campaigns, mimiking the behavior of a large audience online. Nisos analyzed the data and determined that Fronton is a system developed for coordinated inauthentic behavior on a massive scale.”

IoT

IoT Sales Security Cybersecurity

Next Generation Charting & Data Analysis

Enterprise Software Blog

JUNE 27, 2023

as a Preview component, is a companion container for UI actions that may be used independently or in conjunction with the Data Chart and Category Chart components. This allows you to simply select from a predefined set of properties on the chart to perform deeper data analysis on the data displayed in the chart.

Analytics

Analytics IT

Evil Corp gang starts using LockBit Ransomware to evade sanctions

Security Affairs

JUNE 7, 2022

” reads the analysis published by Mandiant. The data reported in ProDaft’s report confirms that the analyzed malware administration panel was used to manage FAKEUPDATES infections and to distribute secondary payloads, including BEACON. Treasury in December 2019. Follow me on Twitter: @securityaffairs and Facebook.

Ransomware

Ransomware Access Security Cybersecurity

Black Basta ransomware operators leverage QBot for lateral movements

Security Affairs

JUNE 7, 2022

QBot, aka Qakbot and Pinkslipbot , has been active since 2008, it is used by threat actors for collecting browsing data and banking credentials and other financial information from the victims. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. exe: regsvr32.exe Pierluigi Paganini.

Ransomware

Ransomware Cybersecurity Security IT

Experts spotted a new variant of the Cuba Ransomware with optimized infection techniques

Security Affairs

JUNE 10, 2022

Its operators have a data leak site, where they post exfiltrated data from their victims who refused to pay the ransom. ” reads the analysis published by Trend Micro. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. cuba” extension. Pierluigi Paganini.

Ransomware

Ransomware Encryption Communications Cybersecurity

GoodWill Ransomware victims have to perform socially driven activities to decryption their data

Security Affairs

MAY 30, 2022

” reads the analysis published by CloudSEK. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). seconds before starting its activity.

Ransomware

Ransomware Cybersecurity Security IT

Microsoft shared workarounds for the Microsoft Office zero-day dubbed Follina

Security Affairs

MAY 31, 2022

The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.” The popular cybersecurity expert Kevin Beaumont, who named the bug Follina , published an analysis of the flaw. reads the analysis published by Beaumont. To nominate, please visit:?.

Cybersecurity

Cybersecurity Security IT Access

Atlassian rolled out fixes for Confluence zero-day actively exploited in the wild

Security Affairs

JUNE 5, 2022

Atlassian has addressed on Friday an actively exploited critical remote code execution flaw (CVE-2022-26134) in Confluence Server and Data Center products. Atlassian has been made aware of current active exploitation of a critical severity unauthenticated remote code execution vulnerability in Confluence Data Center and Server.

IoT

IoT Cybersecurity Security IT

The evolution of Africa’s printing industry in 2024 and beyond

Info Source

FEBRUARY 12, 2024

This category will pick up some slack for office automation vendors and resellers as paper volumes decline in the years ahead. In general, while there are nuances between different countries and product categories, vendors have much to look forward to in 2024 and beyond.

Financial Services

Financial Services Marketing Digital transformation Sales

ERMAC 2.0 Android Banking Trojan targets over 400 apps

Security Affairs

MAY 27, 2022

Researchers from Cyble published a technical analysis of the malware after the initial discovery made by ESET. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”).

Phishing

Phishing Security Cybersecurity IT

Another nation-state actor exploits Microsoft Follina to attack European and US entities

Security Affairs

JUNE 6, 2022

The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.”. The popular cybersecurity expert Kevin Beaumont, who named the bug Follina , published an analysis of the flaw. reads the analysis published by Beaumont. “The Pierluigi Paganini.

Phishing

Phishing Archiving Cybersecurity Government

Trend Micro addressed a flaw exploited by China-linked Moshen Dragon APT

Security Affairs

MAY 24, 2022

The Moshen Dragon’s activity analysis led to the discovery of several payloads uploaded to VirusTotal, some of which were the ‘PlugX Talisman variant’. SentinelOne detailed lateral movements, credential harvesting, and data exfiltration performed by the threat actors by exploiting the flaw in the popular security solutions.

Security

Security Cybersecurity IT Information Security

Key Steps to GDPR Compliance – Part 2

IT Governance

DECEMBER 14, 2017

There are less than six months to go until the General Data Protection Regulation (GDPR) comes into effect but some businesses are not even thinking about it yet, or are only just starting to. Read the first blog in the series here. 4) Build a data inventory. Read the first blog in the series here.

GDPR

GDPR Compliance Personal data Risk

PoC exploits for Atlassian CVE-2022-26134 RCE flaw released online

Security Affairs

JUNE 5, 2022

Proof-of-concept exploits for the critical CVE-2022-26134 vulnerability in Atlassian Confluence and Data Center servers are available online. Proof-of-concept exploits for the critical CVE-2022-26134 flaw, affecting Atlassian Confluence and Data Center servers, have been released. reads the analysis published by Volexity.

Cybersecurity

Cybersecurity IoT Security IT

BlackCat Ransomware affiliates target unpatched Microsoft Exchange servers

Security Affairs

JUNE 16, 2022

” continues the analysis. ” BlackCat ransomware operators used both MEGAsync and Rclone for data exfiltration, they renamed them as legitimate Windows process names (for example, winlogon.exe , mstsc.exe ) to avoid raising suspicion. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Ransomware

Ransomware Archiving Access Encryption

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Yet many organizations still struggle to meet compliance requirements, and EU data protection authorities do not hesitate to hand out penalties. Irish regulators hit Meta with a EUR 1.2 billion fine in 2023.

GDPR

GDPR Compliance Personal data Privacy

Revolutionizing the consumer goods industry with integrated business planning

IBM Big Data Hub

APRIL 14, 2023

However, their manual planning and budgeting process in spreadsheets posed several challenges, including lack of control, delayed data, poor execution, and the need for continuous follow-up with IT for actual data. For Al Rabie —a prominent juice manufacturing company in the Middle East—their reality was no different.

Analytics

Analytics Sales Marketing Manufacturing

Insights about the first five years of Right to be Forgotten requests at Google

Elie

DECEMBER 12, 2019

So in January 2016, as a preparation to providing better statistical analysis, our RTBF reviewers started manually annotating each requested URL with additional data, including the site category, the type of page content, and the requesting entity. This new data enabled us to conduct a longitudinal analysis of how.

Privacy

Privacy Paper Government GDPR

Business disaster recovery use cases: How to prepare your business to face real-world threats

IBM Big Data Hub

JANUARY 11, 2024

Last year, companies around the world spent close to USD 219 billion on cybersecurity and security solutions, a 12% increase from the previous year according to the International Data Corporation (IDC) (link resides outside ibm.com.) Establishing your RTO and RPO are critical steps in your recovery process.

Cloud

Cloud Risk Data breaches Communications

Researchers disclosed a remote code execution flaw in Fastjson Library

Security Affairs

JUNE 16, 2022

The flaw, tracked as CVE-2022-25845 (CVSS score: 8.1), resides in a feature called “AutoType” and is related to the deserialization of untrusted data. ” reads the analysis published by JFrog’s Uriya Yavnieli. .” ” reads the analysis published by JFrog’s Uriya Yavnieli.

Libraries

Libraries Cybersecurity Security IT

Chinese DriftingCloud APT exploited Sophos Firewall Zero-Day before it was fixed

Security Affairs

JUNE 17, 2022

This blog post serves to share what highly targeted organizations are up against and ways to defend against attacks of this nature.” The analysis of the logs revealed significant and repeated suspicious access aimed at a valid JSP file (login.jsp). . “This type of attack is rare and difficult to detect. Pierluigi Paganini.

CMS

CMS IT Authentication Access

Exclusive: Pro-Russia group ‘Cyber Spetsnaz’ is attacking government agencies

Security Affairs

JUNE 6, 2022

The actors are positioning themselves as an elite cyber offensive group targeting NATO infrastructure and performing cyberespionage to steal sensitive data. The responsibility of the new division includes “cyber sabotage”, disruption of Internet resources, data theft and financial intelligence focused on NATO, their members and allies.

Government

Government Cybersecurity IoT Security

We Care About Your Feedback: erwin by Quest Partners with Gartner Peer Insights

erwin

JUNE 16, 2021

As a participant in the Customer First program, erwin by Quest invites customers to share their experiences with our products in categories including: Data and Analytics. Enterprise Business Process Analysis. Enterprise Architecture Tools. Metadata Management Solutions.

Metadata

Metadata Analytics Marketing

Let’s give a look at the Dark Web Price Index 2022

Security Affairs

JUNE 15, 2022

Privacy Affairs published the Dark Web Index, an analysis of prices for illegal services/products available in the black marketplaces and related to the period between February 2021 and June 2022. The price varies between $100 up to $120 depending on the volume of data and the source of the data. To nominate, please visit:?.

Privacy

Privacy Cybersecurity Security IT

Conti leaked chats confirm that the gang’s ability to conduct firmware-based attacks

Security Affairs

JUNE 2, 2022

The analysis of the internal chats of the Conti ransomware group revealed the gang was working on firmware attack techniques. The analysis of Conti group’s chats , which were leaked earlier this year, revealed that the ransomware gang has been working on firmware attack techniques. ” reads the post published by Eclypsium.

Ransomware

Ransomware Access Security IT

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

Some requirements also apply specifically to larger covered entities falling under the “Class A companies” category. The amended rules (“Amendment”) contain the provisions we had initially described in the original NYDFS proposal a year ago (see our blog post here ), but include some notable changes.

Financial Services

Financial Services Cybersecurity Compliance Government

The Week in Cyber Security and Data Privacy: 20 – 26 November 2023

IT Governance

NOVEMBER 28, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. The ‘enforcement’ and ‘other news’ categories remain unchanged. The data contains more than 56 million records, some of which are duplicates.

Data Privacy

Data Privacy Privacy Energy and Utilities Data breaches

Leveraging user-generated social media content with text-mining examples

IBM Big Data Hub

AUGUST 28, 2023

With nearly 5 billion users worldwide—more than 60% of the global population —social media platforms have become a vast source of data that businesses can leverage for improved customer satisfaction, better marketing strategies and faster overall business growth. How does text mining work?

Mining

Mining Marketing Artificial Intelligence Customer Experience

The risks and limitations of AI in insurance

IBM Big Data Hub

MAY 8, 2023

This blog continues the discussion, now investigating the risks of adopting AI and proposes measures for a safe and judicious response to adopting AI. Risk and limitations of AI The risk associated with the adoption of AI in insurance can be separated broadly into two categories—technological and usage.

Insurance

Insurance Risk Artificial Intelligence Government

What is zero-based budgeting?

IBM Big Data Hub

JULY 26, 2023

In this blog post, we will delve into the concept of zero-based budgeting, exploring its definition, advantages, disadvantages, implementation steps, and tools needed. Flexibility and Adaptability: Traditional budgeting systems often rely on historical data and incremental adjustments. How to implement Zero-Based Budgeting?

Analytics

Analytics Communications Data collection Artificial Intelligence

Microsoft warns of new highly evasive web skimming campaigns

Security Affairs

MAY 24, 2022

” reads the analysis published by Microsoft. business/data[.]php?p=form. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”) To nominate, please visit:?

Analytics

Analytics Security Cybersecurity IT

Data Breaches and Cyber Attacks in November 2023 – 519,111,354 Records Breached

Accelerating scope 3 emissions accounting: LLMs to the rescue

Webinars

Trending Sources

How Machine Learning Can Accelerate and Improve the Accuracy of Sensitive Data Classification

Webinars

GUEST ESSAY: A breakout of how Google, Facebook, Instagram enable third-party snooping

REMnux Tools List for Malware Analysis

GitHub: Nearly 100,000 NPM Users’ credentials stolen in the April OAuth token attack

Global Data Breaches and Cyber Attacks in March 2024 – 299,368,075 Records Breached

Note to Self: Create Non-Exhaustive List of Competitors

Alert! Unpatched critical Atlassian Confluence Zero-Day RCE flaw actively exploited

SHARED INTEL: VCs pumped $21.8 billion into cybersecurity in 2021 — why there’s more to come

Experts warn of a new malvertising campaign spreading the ChromeLoader

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Russia-linked Fronton botnet could run disinformation campaigns

Next Generation Charting & Data Analysis

Evil Corp gang starts using LockBit Ransomware to evade sanctions

Top 7 Data Governance Blog Posts of 2018

Black Basta ransomware operators leverage QBot for lateral movements

Experts spotted a new variant of the Cuba Ransomware with optimized infection techniques

GoodWill Ransomware victims have to perform socially driven activities to decryption their data

Microsoft shared workarounds for the Microsoft Office zero-day dubbed Follina

Atlassian rolled out fixes for Confluence zero-day actively exploited in the wild

The evolution of Africa’s printing industry in 2024 and beyond

ERMAC 2.0 Android Banking Trojan targets over 400 apps

Another nation-state actor exploits Microsoft Follina to attack European and US entities

Trend Micro addressed a flaw exploited by China-linked Moshen Dragon APT

Key Steps to GDPR Compliance – Part 2

PoC exploits for Atlassian CVE-2022-26134 RCE flaw released online

BlackCat Ransomware affiliates target unpatched Microsoft Exchange servers

How to implement the General Data Protection Regulation (GDPR)

Revolutionizing the consumer goods industry with integrated business planning

Insights about the first five years of Right to be Forgotten requests at Google

Business disaster recovery use cases: How to prepare your business to face real-world threats

Researchers disclosed a remote code execution flaw in Fastjson Library

Chinese DriftingCloud APT exploited Sophos Firewall Zero-Day before it was fixed

Exclusive: Pro-Russia group ‘Cyber Spetsnaz’ is attacking government agencies

We Care About Your Feedback: erwin by Quest Partners with Gartner Peer Insights

Let’s give a look at the Dark Web Price Index 2022

Conti leaked chats confirm that the gang’s ability to conduct firmware-based attacks

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

The Week in Cyber Security and Data Privacy: 20 – 26 November 2023

Leveraging user-generated social media content with text-mining examples

The risks and limitations of AI in insurance

What is zero-based budgeting?

Microsoft warns of new highly evasive web skimming campaigns

Stay Connected