Thu.Sep 16, 2021

Data governance council: What is it and why do you need one?

Collibra

A data governance council is a governing body for strategizing data governance programs, raising awareness of its importance, approving enterprise data policies and standards, prioritizing related projects, and enabling ongoing support.

FTC: Health App, Device Makers Must Report Breaches

Data Breach Today

But Does the 'Policy Statement' Warning Overstep the Intention of the Rule?

282
282
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Trial Ends in Guilty Verdict for DDoS-for-Hire Boss

Krebs on Security

A jury in California today reached a guilty verdict in the trial of Matthew Gatrel , a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites.

Is Grief's Threat to Wipe Decryption Key Believable?

Data Breach Today

Analysts Say the Gang Is Escalating Rhetoric to Scare Victims Regarding the recent tactical innovation by the Grief ransomware gang that is threatening to wipe a victim's data and decryption key if the victim engages a ransom negotiator, analysts are calling this a desperate ploy to scare a target into paying the ransom demand.

Monitoring AWS Container Environments at Scale

In this eBook, learn how to monitor AWS container environments at scale with Datadog and which key metrics to monitor when leveraging two container orchestration systems (ECS and EKS).

McAfee Finds Years-Long Attack by Chinese-Linked APT Groups

eSecurity Planet

An investigation by McAfee researchers into a case of a suspected malware infection uncovered a cyber attack that had been sitting in the victim organization’s network for years stealing data.

More Trending

OWASP Names a New Top Vulnerability for First Time in Years

eSecurity Planet

OWASP security researchers have updated the organization’s list of the ten most dangerous vulnerabilities – and the list has a new number one threat for the first time since 2007. The last update was in November 2017, and the latest draft is available for peer review until the end of the year.

Microsoft warns of attacks exploiting recently patched Windows MSHTML CVE-2021-40444 bug

Security Affairs

Microsoft revealed that multiple threat actors are exploiting the recently patched Windows MSHTML remote code execution security flaw (CVE-2021-40444 ).

Release of Standard Data Elements for Electronic Records Management

National Archives Records Express

We are pleased to announce the posting of the Standard Data Elements for Electronic Records Management ! We first shared drafts of the data elements on Records Express in January 2021. Thank you for all of your feedback. .

Bitdefender released free REvil ransomware decryptor that works for past victims

Security Affairs

Researchers from Bitdefender released a free master decryptor for the REvil ransomware operation that allows past victims to recover their files for free.

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

ARMA Greater Columbus September 2021 Chapter Meeting – Tour of The Supreme Court of Ohio

IG Guru

Location: The Supreme Court of Ohio – Moyer Judicial Center Enter at 65 S. Front Street, Columbus, OH 43215 Date: September 23rd, 2021 Time: 2:40-4:00 pm. We will then be able to explore the Visitor Education Center’s interactive exhibits until 5:00 pm. Note: The tour begins at 3:00 PM.

FBI, CISA, CGCYBER Warn of APTs Targeting CVE-2021-40539

Dark Reading

The critical authentication bypass vulnerability exists in Zoho ManageEngine ADSelfService Plus, officials report

U.S. House Committee Votes to Create New FTC Privacy Bureau and Appropriate $1 Billion to the Agency

Hunton Privacy

On September 14, 2021, the U.S. House Committee on Energy and Commerce (“E&C Committee”) voted in favor of a legislative recommendation that would create a new Federal Trade Commission privacy bureau as part of the proposed $3.5 trillion federal budget reconciliation package.

Under Pressure: COVID-19 Forced Many Execs to Sideline Cybersecurity

Dark Reading

CISOs are more stressed, and the fallout is increased cyber-risk. Also, budget restrictions lead to a yawning chasm between need and funding

Risk 69

Assess and Advance Your Organization’s DevSecOps Practices

In this white paper, a DevSecOps maturity model is laid out for technical leaders to use to enable their organizations to stay competitive in the digital economy.

CISA, FBI: State-Backed APTs May Be Exploiting Critical Zoho Bug

Threatpost

The newly identified bug in a Zoho single sign-on and password management tool has been under active attack since early August. Vulnerabilities Web Security

Grappling With Growth, Employee Needs, and Security Amid a Return to Offices

Dark Reading

As organizations strive for a new version of business-as-usual, executives must prepare for challenges around infrastructure, varying guidelines, and balancing employee flexibility with office collaboration

Azure Zero-Day Flaws Highlight Lurking Supply-Chain Risk

Threatpost

Dubbed OMIGOD, a series of vulnerabilities in the Open Management Infrastructure used in Azure on Linux demonstrate hidden security threats, researchers said. Cloud Security Vulnerabilities

Risk 89

TransUnion to Buy Neustar for $3.1B

Dark Reading

TransUnion, primarily known for credit ratings, hopes to expand into digital marketing and fraud mitigation capabilities with the deal

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

Airline Credential-Theft Takes Off in Widening Campaign

Threatpost

A spyware effort bent on stealing cookies and logins is being driven by unsophisticated attackers cashing in on the initial-access-broker boom. Breach Hacks Malware Web Security

Microsoft Warns of Uptick in MSHTML Attacks

Dark Reading

Attackers leveraging the flaw are using infrastructure associated with other criminal groups, including ransomware-as-a-service operators, the company says

DDoS Attacks: A Flourishing Business for Cybercrooks – Podcast

Threatpost

Imperva’s Peter Klimek on how DDoS attacks started out as inconveniences but evolved to the point where attackers can disrupt businesses for as little as the price of a cup of coffee, Podcasts Sponsored Web Security

HPE Survey Finds 76% of Doctors and Nurses Believe Telehealth Will Dominate Patient Care in Near Future

Dark Reading

Findings are presented in HPE's "Future of Healthcare" Report, which surveyed healthcare clinicians and IT Decision Makers (ITDMs) in the United States and United Kingdom

IT 47

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

REvil/Sodinokibi Ransomware Universal Decryptor Key Is Out

Threatpost

Bitdefender worked with law enforcement to create a key to unlock victims encrypted in ransomware attacks before REvil's servers went belly-up on July 13. Malware Web Security

15% of the Nasdaq 100 Is Highly Susceptible to a Ransomware Attack, New Black Kite Research Finds

Dark Reading

Black Kite’s Ransomware Susceptibility Index (RSI) determined that 1-in-7 Nasdaq-100 companies ranked as highly susceptible to a ransomware attack

HP Omen Hub Exposes Millions of Gamers to Cyberattack

Threatpost

A driver privilege-escalation bug gives attackers kernel-mode access to millions of PCs used for gaming. IoT Vulnerabilities Web Security

Essential guidance for employers implementing COVID-19 measures at the workplace

Data Protection Report

As Singapore moves towards living with COVID-19 as an endemic disease, the Government has issued guidance for employers on the COVID-19 measures to be implemented at the workplace.

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Financial Cybercrime: Following Cryptocurrency via Public Ledgers

Threatpost

John Hammond, security researcher with Huntress, discusses a wallet-hijacking RAT, and how law enforcement recovered millions in Bitcoin after the Colonial Pipeline attack. Cryptography InfoSec Insider Malware

Jamf Parent App: New workflows for pediatric care.

Jamf

With the release of Jamf Pro 10.32, Jamf Parent app is now available to support families with patients who are admitted to the hospital

52

Republican Governors Association Targeted in Exchange Attacks

Data Breach Today

Breach Notification Report Reveals Some PII Could Have Been Exposed The Republican Governors Association was one of several U.S.

IT 30