Data Protection Report

NOVEMBER 7, 2022

On October 27, 2022, the Cybersecurity & Infrastructure Security Agency (“CISA”), in partnership with the National Institute of Standards and Technology (“NIST”) and the interagency community, published the first iteration of its cross-sector Cybersecurity Performance Goals (“CPGs”). Drafted in response to President Joe Biden’s July 2021 National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems, the CPGs are voluntary measures that organizations with

Cybersecurity 67

Cybersecurity Risk Government Security 67

Data Breach Today

NOVEMBER 7, 2022

Ransomware Remains Biggest Online Threat, Warns NCSC CEO Lindy Cameron Cybersecurity basics are still an overlooked ransomware defense, Lindy Cameron, CEO of the National Cyber Security Center, told the CyberScotland Summit in Scotland. "We still think that 90% of incidents in the U.K. could have been prevented if people had followed the basics," she said.

Ransomware 233

Ransomware Cybersecurity Security 233

The Last Watchdog

NOVEMBER 7, 2022

Cybercriminals are becoming more creative as cybersecurity analysts adapt quickly to new ransomware strategies. Related: How training can mitigate targeted attacks. Ransomware has evolved from classic attacks to more innovative approaches to navigate reinforced security infrastructure. Here’s how hackers crafting new ransomware extortion tactics to keep analysts on their toes: Data exfiltration is no more.

Ransomware 124

Ransomware Cybersecurity Analytics Education 124

Data Breach Today

NOVEMBER 7, 2022

A Real Estate Developer Stole 50,000 Bitcoins from the Dark Web Emporium a Decade Ago Federal agents seized more than 50,000 in Bitcoin stolen from Silk Road a decade ago by a man who until recently owned a Tennessee real estate development firm. James Zhong, 32, pled guilty Friday to one count of wire fraud while prosecutors seek to formally claim the cryptocurrency.

162

162

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

eSecurity Planet

NOVEMBER 7, 2022

REMnux is a free community distribution that ethical hackers, security researchers, and many other security pros can leverage to build their own labs and speed up malware analysis. Whether you’re new to these specialties or an experienced investigator, REMnux contains many helpful Debian packages and configurations to perform advanced tasks, such as: Extracting IoCs (Indicators of Compromise) Disassembling/decompiling binaries or windows executables (such as PE files) Decoding, deobfuscating, de

Ransomware 126

Ransomware Security IT Cybersecurity 126

eSecurity Planet

NOVEMBER 7, 2022

Kaspersky researchers recently found evidence of an advanced threat group continuously updating its malware to evade security products, similar to a release cycle for developers. Kaspersky revealed that APT10, also known as the Cicada hacking group, has successfully deployed the LODEINFO malware in government, media, public sector, and diplomatic organizations in Japan.

Security awareness 111

Security awareness Phishing Passwords Risk 111

Data Breach Today

NOVEMBER 7, 2022

Group Claiming Affiliation With REvil Threatens to Release Data Embattled Australian private health insurer Medibank says it won't pay hackers' extortion demand, saying it can't trust cybercriminals to delete personal data. A ransomware gang claiming affiliation with REvil is threatening to publish the data, which Medibank says affects 9.7 million individuals.

Insurance 130

Insurance Personal data Ransomware IT 130

Hunton Privacy

NOVEMBER 7, 2022

On November 2, 2022, the ICO issued to the UK Department for Education (“ DfE ”) a formal reprimand following an investigation into the sharing of personal data stored on the Learning Records Service (“ LRS ”), a database which provides a record of pupils’ qualifications that the DfE has overall responsibility for. The investigation found that the DfE’s poor due diligence meant the LRS database was being used by Trust Systems Software UK Ltd (trading as Trustopia), a third party screening firm,

Education 102

Education Personal data Access IT 102

Data Breach Today

NOVEMBER 7, 2022

Office Reprimands Department, Says Fine Would Have Been Over 10 Million Pounds The British data watchdog says the U.K. Department for Education shouldn't have allowed a private company to use student records to check whether new users of gambling apps were underage. A departmental spokesperson said it will ensure such misuse of the database doesn't reoccur.

Education 130

Education IT 130

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

KnowBe4

NOVEMBER 7, 2022

We are thrilled to announce a brand-new product designed to help you develop a strong security culture. SecurityCoach enables real-time security coaching of your users in response to their risky security behavior.

Security 99

Security 99

Data Breach Today

NOVEMBER 7, 2022

Derek Manky on How Cybercrime as a Service Will Enable More Destructive Attacks Convergence of the threat landscape looms large for defenders, and Cybercrime as a Service potentially will enable more destructive attacks at scale. These are among the 2023 threat landscape predictions of Derek Manky of Fortinet's FortiGuard Labs. He shares these and other insights.

130

130

WIRED Threat Level

NOVEMBER 7, 2022

Edward Perez says that “manufactured chaos” by bad actors will be even riskier thanks to Elon Musk’s own mayhem.

Manufacturing 122

Manufacturing Security 122

KnowBe4

NOVEMBER 7, 2022

A criminal gang is launching business email compromise (BEC) attacks by posing as “real attorneys, law firms, and debt recovery services.” The attackers send legitimate-looking invoices tailored to the targeted organization, asking for a payment of tens of thousands of dollars.

91

91

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Security Affairs

NOVEMBER 7, 2022

Threats actors calling themselves “Justice Blade” published leaked data from an outsourcing IT vendor. The group of threat actors calling themselves ‘Justice Blade’ published leaked data from Smart Link BPO Solutions, an outsourcing IT vendor working with major enterprises and government agencies in the Kingdom of Saudi Arabia and other countries in the GCC.

Communications 92

Communications Government Data breaches Education 92

KnowBe4

NOVEMBER 7, 2022

Steven Lee Myers at the NYT had the scoop on this typical Russian influence operation which really is social engineering at scale: "The user on Gab who identifies as Nora Berka resurfaced in August after a yearlong silence on the social media platform, reposting a handful of messages with sharply conservative political themes before writing a stream of original vitriol.

90

90

WIRED Threat Level

NOVEMBER 7, 2022

A year after a billion-dollar seizure of the dark web market's crypto, the same agency found a giant trove hidden under a different hacker's floorboards.

Marketing 94

Marketing Security 94

KnowBe4

NOVEMBER 7, 2022

Australia is the new hot spot for cyber attacks. The Australian Cyber Security Centre (ACSC) recently reported that Australia has been targeted by cybercriminals every 7 minutes, and the Australian Competition and Consumer Commission are stating that this year alone could lead to almost $2 billion of losses due to scams.

Security 87

Security Security awareness Phishing 87

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Jamf

NOVEMBER 7, 2022

When searching for the best mobile device management (MDM) solution for your school or organization, see how Jamf compares to other vendors.

MDM 98

MDM 98

Schneier on Security

NOVEMBER 7, 2022

I have been meaning to write about Joe Sullivan, Uber’s former Chief Security Officer. He was convicted of crimes related to covering up a cyberattack against Uber. It’s a complicated case, and I’m not convinced that he deserved a guilty ruling or that it’s a good thing for the industry. I may still write something, but until then, this essay on the topic is worth reading.

Security 84

Security IT Data breaches Cybersecurity 84

IG Guru

NOVEMBER 7, 2022

Join ARMA NJ on November 9th for a webinar on developing and implementing retention schedules for your RM program. Led by Laurie Sletten, Records Manager for the University of California Office of the President, you will gain valuable knowledge on how to deliver effective retention schedules that will lead to the success of your program. […].

Records Management 77

Records Management Information governance Government 77

Dark Reading

NOVEMBER 7, 2022

In the nearly two years since the company discovered the cyber intrusion, SolarWinds has fundamentally rearchitected its development environment to make it much harder to compromise, CISO Tim Brown tells Dark Reading.

IT 73

IT 73

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Hunton Privacy

NOVEMBER 7, 2022

On November 3, 2022, the California Privacy Protection Agency (“CPPA”) released new modified proposed California Privacy Rights Act (“CPRA”) regulations , which make updates to the draft CPRA regulations released on October 17, 2022. The CPPA also released an updated list of documents and other information relied upon for this most recent rulemaking.

Sales 67

Sales Privacy Risk IT 67

Dark Reading

NOVEMBER 7, 2022

An analysis by RSA Conference's security operations center found 20% of data over its network was unencrypted and more than 55,000 passwords were sent in the clear.

Security 76

Security Passwords IT 76

WIRED Threat Level

NOVEMBER 7, 2022

Voter intimidation has cropped up in places across the nation, but the voting booth remains the one place where nobody can get to you.

Privacy 77

Privacy Security 77

Dark Reading

NOVEMBER 7, 2022

Microsoft added certificate-based authentication (CBA) to the Azure Active Directory to help organizations enable phishing-resistant MFA that complies with US federal requirements. The change paves the way for enterprises to migrate their Active Directory implementations to the cloud.

Authentication 69

Authentication Phishing Cloud 69

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

The Guardian Data Protection

NOVEMBER 7, 2022

‘Data will publish within 24 hours’ post to darknet blog says, after Australian health insurer refused to pay ransom Follow today’s news, live Get our morning and afternoon news emails , free app or daily news podcast A ransomware group has threatened to release Medibank customer data as Australia’s largest health insurer faces a possible class action after the data of 9.7 million current and former customers was hacked.

Ransomware 61

Ransomware Insurance Access IT 61

Dark Reading

NOVEMBER 7, 2022

Fourteen states, including Arizona, Iowa, and Pennsylvania, have called in the Guard to help with election network risk assessments and threat mitigation.

Risk 72

Risk 72

The Guardian Data Protection

NOVEMBER 7, 2022

Harvesting data is the norm for social media apps, but the question that many have is where it goes and who has access to it Read the new Guardian series exploring the increasing power and reach of TikTok In 2021 Android phone users around the world spent 16.2tn minutes on TikTok. And while those millions and millions of users no doubt had an enjoyable time watching clips on the addictive social video app, they also generated a colossal amount of data.

Access 62

Access IT Privacy 62