Data Matters

MARCH 4, 2022

On February 9, 2022, the U.S. Securities and Exchange Commission (SEC) proposed comprehensive rules for registered advisers and funds. Among other things, these rules will require advisers and funds to implement written policies and procedures designed to address cybersecurity risks, report significant cybersecurity incidents to the SEC within 48 hours using a proposed form, and keep enumerated cybersecurity-related books and records.

Cybersecurity 158

Cybersecurity Risk Privacy Security 158

eSecurity Planet

MARCH 4, 2022

The U.S. National Security Agency (NSA) released comprehensive network security guidance on March 3, on the same day that the Cybersecurity and Infrastructure Security Agency (CISA) released its longest-ever list of exploited vulnerabilities. With organizations around the world on heightened alert in the wake of Russia’s unprovoked war against Ukraine, government agencies have stepped up efforts too.

Security 130

Security Authentication Cybersecurity Encryption 130

Schneier on Security

MARCH 4, 2022

Researchers have found a major encryption flaw in 100 million Samsung Galaxy phones. From the abstract: In this work, we expose the cryptographic design and implementation of Android’s Hardware-Backed Keystore in Samsung’s Galaxy S8, S9, S10, S20, and S21 flagship devices. We reversed-engineered and provide a detailed description of the cryptographic design and code structure, and we unveil severe design flaws.

Encryption 116

Encryption Security IT Paper 116

Dark Reading

MARCH 4, 2022

Nearly 65% of security operations center (SOC) analysts are likely to change jobs in the next year, survey shows.

Security 137

Security 137

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Data Protection Report

MARCH 4, 2022

On February 9, 2022, the U.S. Securities and Exchange Commission (“SEC”) released a proposal aimed at enhancing cybersecurity risk management programs, including cybersecurity preparedness and response, for registered investment advisers (“advisers”), investment companies and business development companies (“funds”). Overall, the proposal addresses the following rule amendments and additions: Cybersecurity Policies and Procedures.

Cybersecurity 104

Cybersecurity Risk Compliance Access 104

Security Affairs

MARCH 4, 2022

Russian government released a list containing IP addresses and domains behind DDoS attacks that hit Russian infrastructure after the invasion. While the conflict on the battlefield continues, hacktivists continue to target Russian infrastructure exposed online. The Russian National Coordinating Center for Computer Incidents (NCCC) released a massive list containing 17,576 IP addresses and 166 domains that were involved in a series of DDoS attacks that targeted its infrastructure.

Data breaches 84

Data breaches Phishing Passwords Government 84

Dark Reading

MARCH 4, 2022

The new EU regulation is a response to the rise of ransomware attacks and other new cyberthreats that have proliferated in the wake of the global pandemic.

Ransomware 88

Ransomware 88

Rocket Software

MARCH 4, 2022

For the first time, we currently have five generations in the workplace. While there are variations on values and approaches to work within each generation, research has shown that people in each have taken on characteristics as a whole. The Silent Generation (born 1925 to 1945) still make up about 3% of the workforce and are known for their strong work ethic and formal nature in the workplace.

Authentication 81

Authentication Communications IT 81

Security Affairs

MARCH 4, 2022

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 95 vulnerabilities to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added 95 vulnerabilities to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their ne

Cybersecurity 79

Cybersecurity Authentication Risk Security 79

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Dark Reading

MARCH 4, 2022

Study shows more than 97% have exposed assets on AWS — among a wide range of other issues.

Risk 101

Risk Cybersecurity IT 101

Security Affairs

MARCH 4, 2022

State communications watchdog Roskomnadzor has ordered to block access to Facebook in Russia amid the ongoing invasion of Ukraine. State communications watchdog Roskomnadzor ordered to block access to Facebook over its decision to ban Russian media and state information resources. The block comes after Facebook recently deactivated or restricted access to accounts belonging to media outlets and news agencies spreading Russian propaganda, including RIA Novosti, Sputnik, and Russia Today.

Communications 76

Communications Access Government Security 76

Dark Reading

MARCH 4, 2022

While attackers and researchers shift their attention to the next new vulnerability, security teams make sure they finish patching vulnerable Log4j versions in their applications and services.

Security 68

Security 68

Security Affairs

MARCH 4, 2022

While Russia is invading Ukraine, multiple forces are joining in the conflict, especially in the cyber space, let’s analyze them. The analysis of the current scenario in cyberspace is not easy due to the presence of multiple threat actors and the difficulty of attributing the attacks. Security group CyberKnow shared an interesting analysis about the group, their operations and the channels they are using to disclose their operations.

Ransomware 73

Ransomware Security IT Cybersecurity 73

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

IG Guru

MARCH 4, 2022

Check out the article here. The post LTO-9 Tape Format Projected to Boost Tape Usage via CIOinsight appeared first on IG GURU.

Archiving 84

Archiving Information governance Risk Government 84

Threatpost

MARCH 4, 2022

Notes threatening to tank targeted companies' stock price were embedded into the DDoS ransomware attacks as a string_of_text directed to CEOs and webops_geeks in the URL.

Ransomware 67

Ransomware IoT Cloud Security 67

Dark Reading

MARCH 4, 2022

The firm continues rapid growth with the addition of industry-recognized experts on cybersecurity, data privacy, and IT risk management talent.

Data Privacy 73

Data Privacy Privacy Cybersecurity Risk 73

Threatpost

MARCH 4, 2022

Cruddy cryptography means victims whose files have been encrypted by the Ukraine-tormenting ransomware can break the chains without paying extortionists.

Ransomware 66

Ransomware Encryption Security 66

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Dark Reading

MARCH 4, 2022

Vade's annual phishing report reveals a sharp rise in Facebook phishing and growing sophistication in Microsoft phishing attacks.

Phishing 71

Phishing 71

Synergis Software

MARCH 4, 2022

March’s spotlight is on Craig Schuler, Solutions Architect for Synergis Software. Craig’s worked at Synergis for six and a half years as accomplice, tactician, and savvy demo master for the sales team.

Sales 52

Sales 52

Gimmal

MARCH 4, 2022

We are pleased to announce the release of the new PortableConnect for Gimmal Physical. With Gimmal Physical’s PortableConnect, wireless scanning of barcodes and RFID tags just got easier. PortableConnect runs on the new TC52 Zebra device, using Android 11. PortableConnect allows clients to collect information about the location of their holdings with a hand-held portable device.

52

52

Docuware

MARCH 4, 2022

When you’re thinking about how to implement digital document management for your company — or how to enhance your existing system — focusing on the fundamentals and defining your goals helps ensure success. Get a head start by putting these best practices for document management in place right away.

Digital transformation 62

Digital transformation 62

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Dark Reading

MARCH 4, 2022

Criminals will keep stealing end-user credentials despite employee awareness, so organizations need high-tech solutions as well.

Security 55

Security 55

Troy Hunt

MARCH 4, 2022

With travel now behind me, I'm back to a stable schedule and doing these on time again. Mind you, I came home to some of the wildest weather I've ever seen here, but it was kinda cool to watch and the kids didn't complain getting days off school. Oh - and I also loaded a bunch of new data breaches this week, the Robinhood one from earlier today being particularly noteworthy with more than 5M unique email addresses.

Data breaches 22

Data breaches IT 22

Rocket Software

MARCH 4, 2022

This week, Rocket unveiled an updated Rocket® Open AppDev for Z solution, which breaks down existing siloes to unify DevOps for all platforms, including the mainframe, in a single pipeline. Open source is the future of software development and production, and with this update, customers are better able to access that future. The enhanced offering gives developers the open software they want with the security and support IBM® Z® customers demand, enabling them to bring applications to market fast

Customer Experience 81

Customer Experience Marketing Risk Security 81

Schneier on Security

MARCH 4, 2022

Squid , of course. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.

Security 77

Security 77

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Krebs on Security

MARCH 4, 2022

Part I of this series examined newly-leaked internal chats from the Conti ransomware group, and how the crime gang dealt with its own internal breaches. Part II explored what it’s like to be an employee of Conti’s sprawling organization. Today’s Part III looks at how Conti abused a panoply of popular commercial security services to undermine the security of their targets, as well as how the team’s leaders strategized for the upper hand in ransom negotiations with victims.

Ransomware 196

Ransomware Insurance Security IT 196

OpenText Information Management

MARCH 4, 2022

We stand with the people of Ukraine. Ukraine is being attacked, an unprovoked war against an independent sovereign nation with a democratically elected government. The attack is both inhumane and unjustified. Like the rest of the world, we are watching the war with horror and condemnation in the strongest possible terms. These acts are war crimes. … The post OpenText Supporting Humanitarian Efforts in Ukraine appeared first on OpenText Blogs.

Government 124

Government 124

Collibra

MARCH 4, 2022

Adaptive data and analytics governance is the foundation for becoming a data-driven company. The business insights available through the analysis of the data a company already owns are invaluable. While the need is clear, a daunting number of obstacles can often cause organizations to hesitate before beginning that journey. Historically, data governance consisted of many manual processes with rigid rules focused on strict control of data.

Analytics 52

Analytics Government Access Compliance 52