Blog - Information Management Today

Is the SEC Coming for Your Texts? SEC’s New Enforcement Director Telegraphs a Warning to Registrants About Improper Use of Personal Devices for Business-Related Communications

Data Matters

OCTOBER 13, 2021

Securities and Exchange Commission (SEC) Division of Enforcement is stepping up investigative efforts looking at registered firms’ use of personal devices for business communications, which can implicate their recordkeeping obligations and result in failure to retain and produce responsive business-related communications in SEC investigations.

Communications

Communications Marketing Privacy Compliance

GUEST ESSAY: A breakout of how Google, Facebook, Instagram enable third-party snooping

The Last Watchdog

OCTOBER 17, 2022

It makes sense that free apps share the most data: users effectively pay with their personal information. Among the app categories, shopping, business, and food & drink were found to be sharing the most user data. Yet, despite harvesting the most personal data, these apps declare sharing very few data points.

Privacy

Privacy Data Privacy Personal data Data collection

Black Basta ransomware now supports encrypting VMware ESXi servers

Security Affairs

JUNE 8, 2022

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Encryption

Encryption Ransomware Cybersecurity Security

Information Security vs Cyber Security: The Difference

IT Governance

SEPTEMBER 15, 2022

You’ll often see the terms cyber security and information security used interchangeably. In this blog, we explain what information security and cyber security are, the differences between them and how they fit into your data protection practices. What is information security? This is cyber security.

Information Security

Information Security Security Computer and Electronics Encryption

A new WhatsApp OTP scam could allow the hijacking of users’ accounts

Security Affairs

MAY 30, 2022

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Cybersecurity

Cybersecurity Security IT Information Security

Experts believe that Russian Gamaredon APT could fuel a new round of DDoS attacks

Security Affairs

MAY 28, 2022

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Phishing

Phishing Cybersecurity Security IT

CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog

Security Affairs

MAY 25, 2022

US Critical Infrastructure Security Agency (CISA) adds 41 new vulnerabilities to its Known Exploited Vulnerabilities Catalog. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook.

IT

IT Cybersecurity Risk Security

Lockbit ransomware gang claims to have hacked cybersecurity giant Mandiant

Security Affairs

JUNE 6, 2022

LockBit ransomware gang claims to have hacked the cybersecurity firm Mandiant, which is investigating the alleged security breach. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Ransomware

Ransomware Cybersecurity Archiving Security

Multiple Microsoft Office versions impacted by an actively exploited zero-day

Security Affairs

MAY 30, 2022

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Cybersecurity

Cybersecurity Security IT Information Security

GUEST ESSAY: Stolen logons, brute force hacking get used the most to breach web, email servers

The Last Watchdog

AUGUST 29, 2022

Password security may seem like a simple solution for a huge problem, but it may be difficult to successfully implement in practice. Without strong, secure passwords or two-factor authentication ( 2FA ) enabled in an organization or startup, it becomes easy for attackers to access stolen credentials on their web and email servers.

Passwords

Passwords Data breaches Authentication Cybersecurity

GitLab addressed critical account take over via SCIM email change

Security Affairs

JUNE 4, 2022

GitLab addresses a critical security vulnerability, tracked as CVE-2022-1680, that could be exploited by an attacker to take over users’ accounts. GitLab has fixed a critical security flaw in its GitLab Enterprise Edition (EE), tracked as CVE-2022-1680 (CVSS score 9.9), that could be exploited to take over an account.

Cybersecurity

Cybersecurity Security IT Information Security

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

The General Data Protection Regulation (GDPR) is a European Union (EU) law that governs how organizations collect and use personal data. The law outlines a set of data privacy rights for users and a series of principles for the processing of personal data. Everything from email addresses to political opinions counts as personal data.

GDPR

GDPR Compliance Personal data Privacy

US man sentenced to 4 years in prison for his role in Infraud scheme

Security Affairs

MAY 29, 2022

The Infraud Organization used a number of websites to commercialize the data, it implemented a classic and efficient e-commerce for the stolen card and personal data, implementing also a rating and feedback system and an escrow” service for payments in digital currencies like Bitcoin. To nominate, please visit:?. Pierluigi Paganini.

Sales

Sales Personal data Cybersecurity Security

Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers

Security Affairs

JUNE 12, 2022

Researchers from security firm Prodaft first reported that AvosLocker ransomware operators have already started exploiting the Atlassian Confluence bug, BleepingComputer reported. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Pierluigi Paganini.

Ransomware

Ransomware Cybersecurity Encryption Security

How Machine Learning Can Accelerate and Improve the Accuracy of Sensitive Data Classification

Thales Cloud Protection & Licensing

DECEMBER 11, 2023

This blog will explain how Thales is enhancing CipherTrust Data Discovery and Classification (DDC) with ML models that help analyze data, learn from insights, and improve results. CipherTrust DDC uses a ML model for category classification to identify with high probability whether a document is healthcare, finance, legal or HR related.

Unstructured data

Unstructured data Cloud Data Privacy GDPR

Reuters: Russia-linked APT behind Brexit leak website

Security Affairs

MAY 28, 2022

”” Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook.

Cybersecurity

Cybersecurity Authentication Security IT

Clipminer Botnet already allowed operators to make at least $1.7 Million

Security Affairs

JUNE 3, 2022

million, according to a report published by security researchers at Symantec. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. Pierluigi Paganini.

Mining

Mining Archiving Cybersecurity Security

SHARED INTEL: How Russia’s war mongering compromises those holding security clearances

The Last Watchdog

APRIL 19, 2022

While global commerce is an important aspect of the world economy, individuals who hold national security clearances need to be aware that some of the activities they engage in could pose a security risk and may negatively impact their security clearances. national security secrets. national security secrets.

Security

Security Risk Military Government

Pwn2Own Vancouver 2022 D1: MS Teams exploits received $450,000

Security Affairs

MAY 19, 2022

This year, 17 contestants are attempting to exploit 21 targets across multiple categories. The post Pwn2Own Vancouver 2022 D1: MS Teams exploits received $450,000 appeared first on Security Affairs. The remaining exploits received a $40,000. To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook.

Cybersecurity

Cybersecurity Security IT Information Security

Is your organisation ready for the DSP Toolkit compliance deadline?

IT Governance

NOVEMBER 12, 2020

Each year, certain healthcare organisations must complete a self-assessment via the DSP (Data Security and Protection) Toolkit to demonstrate their data security and information governance compliance. The compliance requirements differ depending on which of four categories your organisation falls into.

Compliance

Compliance GDPR Information governance Personal data

Hackers stole over $250,000 in Ethereum from Bored Ape Yacht Club

Security Affairs

JUNE 5, 2022

Hackers have stolen over $250,000 in Ethereum from Bored Ape Yacht Club (BAYC), this is the third security breach it suffered this year. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Phishing

Phishing Blockchain Cybersecurity Authentication

Microsoft seized 41 domains used by Iran-linked Bohrium APT

Security Affairs

JUNE 6, 2022

The APT group created fake social media profiles, often posing as recruiters, then used them to trick targets into providing personal information. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Follow me on Twitter: @securityaffairs and Facebook.

Phishing

Phishing Manufacturing Education Cybersecurity

The Pwn2Own Vancouver 2022: Trend Micro and ZDI awarded $1,155,000

Security Affairs

MAY 22, 2022

nghiadt12 from Viettel Cyber Security demonstrated an exploit for an escalation of privilege via Integer Overflow on Microsoft Windows 11. This year, 17 contestants are attempted to exploit 21 targets across multiple categories and Trend Micro and ZDI awarded $1,155,000! The exploit was awarded $40,000 and 4 Master of Pwn points.

Cybersecurity

Cybersecurity Security Access IT

New DFSCoerce NTLM relay attack allows taking control over Windows domains

Security Affairs

JUNE 21, 2022

The security researcher Filip Dragovic published a proof-of-concept script for the new NTLM relay attack. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Authentication

Authentication Cybersecurity Security IT

Pro-Russian hacker group KillNet plans to attack Italy on May 30

Security Affairs

MAY 29, 2022

Stay tuned … Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook.

Cybersecurity

Cybersecurity Risk Security Government

Chaining Zoom bugs is possible to hack users in a chat by sending them a message

Security Affairs

MAY 25, 2022

Security flaws in Zoom can be exploited to compromise another user over chat by sending specially crafted messages. A set of four security flaws in the popular video conferencing service Zoom could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol ( XMPP ) messages.

Security

Security Cybersecurity IT Information Security

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. I ask you to vote for me again (even if you have already done it), because this vote is for the final.

Sales

Sales Education Phishing Passwords

SEC Encourages Self-Reporting of Recordkeeping Violations Resulting From Employees’ Use of Personal Devices for Business Communications

Data Matters

JANUARY 12, 2022

Securities and Exchange Commission (SEC) announced settled charges against a broker-dealer firm for recordkeeping violations arising from its employees’ use of personal devices for business communications. The rule enumerates many categories of records that are subject to the recordkeeping obligation.

Communications

Communications Marketing Compliance Security

Security Affairs newsletter Round 369 by Pierluigi Paganini

Security Affairs

JUNE 12, 2022

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. To nominate, please visit:?. Pierluigi Paganini.

Security

Security Ransomware Cybersecurity Encryption

LockBit ransomware attack impacted production in a Mexican Foxconn plant

Security Affairs

JUNE 2, 2022

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Ransomware

Ransomware Manufacturing Cybersecurity Security

Russia-linked APT targets Ukraine by exploiting the Follina RCE vulnerability

Security Affairs

JUNE 13, 2022

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Government

Government Cybersecurity Security IT

Three Nigerian men arrested in INTERPOL Operation Killer Bee

Security Affairs

MAY 30, 2022

Through its global police network and constant monitoring of cyberspace, INTERPOL had the globally sourced intelligence needed to alert Nigeria to a serious security threat where millions could have been lost without swift police action,” said INTERPOL’s Director of Cybercrime, Craig Jones. Omorume faces a one-year prison sentence. .

Cybersecurity

Cybersecurity Security Access IT

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The GDPR puts forth a litany of rules for how organizations in and outside of Europe handle the personal data of EU residents. The GDPR applies to any organization that processes the personal data of European residents, regardless of where that organization is based. A natural person is a living human being.

GDPR

GDPR Compliance Personal data Privacy

Security Affairs newsletter Round 368 by Pierluigi Paganini

Security Affairs

JUNE 5, 2022

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Million Alert! Pierluigi Paganini.

Security

Security CMS Ransomware Cybersecurity

Zyxel addresses four flaws affecting APs, AP controllers, and firewalls

Security Affairs

MAY 26, 2022

Zyxel has released security updates to address multiple vulnerabilities affecting multiple products, including firewall, AP, and AP controller products. The vendor has already released security patched to address the flaws for most of the affected models. To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook.

Authentication

Authentication Access Cybersecurity Security

Unknown APT group is targeting Russian government entities

Security Affairs

MAY 25, 2022

” Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Government

Government Phishing Archiving Cybersecurity

Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw

Security Affairs

MAY 26, 2022

Security researchers released PoC exploit code for the critical authentication bypass vulnerability CVE-2022-22972 affecting multiple VMware products. The company acknowledged Bruno López of Innotec Security for the discovery of the flaw. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Authentication

Authentication Cybersecurity Access Education

Alert! Unpatched critical Atlassian Confluence Zero-Day RCE flaw actively exploited

Security Affairs

JUNE 3, 2022

The issue was reported by security firm Volexity, the company announced the availability of the security fixes for supported versions of Confluence within 24 hours (estimated time, by EOD June 3 PDT). Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS.

Mining

Mining Authentication Security Cybersecurity

Italy announced its National Cybersecurity Strategy 2022/26

Security Affairs

MAY 26, 2022

The strategy recognizes the duty of the State in implementing measures to increase the security of the state, organizations, and its citizens in the digital domain. A secure country is a more competitive country. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Cybersecurity

Cybersecurity IT Risk Government

Do not use Tails OS until a flaw in the bundled Tor Browser will be fixed

Security Affairs

MAY 26, 2022

May 31) if you use Tor Browser for sensitive information (passwords, private messages, personal information, etc.).” Tails is a security and privacy-oriented Linux distribution, it is a portable operating system that protects against surveillance and censorship. ” reads the advisory published by project maintainers.

Passwords

Passwords Encryption Access Privacy

Russian APT28 hacker accused of the NATO think tank hack in Germany

Security Affairs

JUNE 20, 2022

“The German investigators were also able to secure the content of the Russian’s email accounts, who are said to have used Apple user accounts, among other things. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. ” continues the post.

Military

Military Access Cybersecurity Security

Android pre-installed apps are affected by high-severity vulnerabilities

Security Affairs

MAY 27, 2022

The researchers discovered the flaws in September 2021 and reported them to mce Systems and affected mobile service providers through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR). Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Access

Access Security Cybersecurity IT

GUEST ESSAY: ‘CyberXchange’ presents a much-needed platform for cybersecurity purchases

The Last Watchdog

OCTOBER 19, 2020

For organizations looking to improve their security posture, this is causing confusion and vendor fatigue, especially for companies that don’t have a full time Chief Information Security Officer. Traditional channels for choosing the right security solutions are proving to be increasingly ineffective.

Cybersecurity

Cybersecurity B2B Sales Compliance

California Privacy Law Overhaul – Proposition 24 Passes

Data Matters

NOVEMBER 4, 2020

Importantly, the CPRA imposes additional obligations on and considerations for businesses subject to the CCPA, including: Providing consumers with the right to prevent businesses from sharing their personal information with third parties for behavioral advertising or advertising based on a consumer’s precise geolocation. Next Steps.

Privacy

Privacy B2B Sales Data breaches

Is the SEC Coming for Your Texts? SEC’s New Enforcement Director Telegraphs a Warning to Registrants About Improper Use of Personal Devices for Business-Related Communications

GUEST ESSAY: A breakout of how Google, Facebook, Instagram enable third-party snooping

Trending Sources

Black Basta ransomware now supports encrypting VMware ESXi servers

Information Security vs Cyber Security: The Difference

A new WhatsApp OTP scam could allow the hijacking of users’ accounts

Experts believe that Russian Gamaredon APT could fuel a new round of DDoS attacks

CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog

Lockbit ransomware gang claims to have hacked cybersecurity giant Mandiant

Multiple Microsoft Office versions impacted by an actively exploited zero-day

GUEST ESSAY: Stolen logons, brute force hacking get used the most to breach web, email servers

GitLab addressed critical account take over via SCIM email change

GDPR compliance checklist

US man sentenced to 4 years in prison for his role in Infraud scheme

Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers

How Machine Learning Can Accelerate and Improve the Accuracy of Sensitive Data Classification

Reuters: Russia-linked APT behind Brexit leak website

Clipminer Botnet already allowed operators to make at least $1.7 Million

SHARED INTEL: How Russia’s war mongering compromises those holding security clearances

Pwn2Own Vancouver 2022 D1: MS Teams exploits received $450,000

Is your organisation ready for the DSP Toolkit compliance deadline?

Hackers stole over $250,000 in Ethereum from Bored Ape Yacht Club

Microsoft seized 41 domains used by Iran-linked Bohrium APT

The Pwn2Own Vancouver 2022: Trend Micro and ZDI awarded $1,155,000

New DFSCoerce NTLM relay attack allows taking control over Windows domains

Pro-Russian hacker group KillNet plans to attack Italy on May 30

Chaining Zoom bugs is possible to hack users in a chat by sending them a message

FBI: Compromised US academic credentials available on various cybercrime forums

SEC Encourages Self-Reporting of Recordkeeping Violations Resulting From Employees’ Use of Personal Devices for Business Communications

Security Affairs newsletter Round 369 by Pierluigi Paganini

LockBit ransomware attack impacted production in a Mexican Foxconn plant

Russia-linked APT targets Ukraine by exploiting the Follina RCE vulnerability

Three Nigerian men arrested in INTERPOL Operation Killer Bee

How to implement the General Data Protection Regulation (GDPR)

Security Affairs newsletter Round 368 by Pierluigi Paganini

Zyxel addresses four flaws affecting APs, AP controllers, and firewalls

Unknown APT group is targeting Russian government entities

Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw

Alert! Unpatched critical Atlassian Confluence Zero-Day RCE flaw actively exploited

Italy announced its National Cybersecurity Strategy 2022/26

Do not use Tails OS until a flaw in the bundled Tor Browser will be fixed

Russian APT28 hacker accused of the NATO think tank hack in Germany

Android pre-installed apps are affected by high-severity vulnerabilities

GUEST ESSAY: ‘CyberXchange’ presents a much-needed platform for cybersecurity purchases

California Privacy Law Overhaul – Proposition 24 Passes

Stay Connected