Mon.Jan 10, 2022

The FTC Wants Companies to Find Log4j Fast. It Won't Be Easy

WIRED Threat Level

The critical vulnerability is buried among endless open source code, and many cyber experts are stumped. Security Security / Cyberattacks and Hacks

IT 68

GUEST ESSAY: 5 tips for ‘de-risking’ work scenarios that require accessing personal data

The Last Watchdog

Working with personal data in today’s cyber threat landscape is inherently risky. Related: The dangers of normalizing encryption for government use. It’s possible to de-risk work scenarios involving personal data by carrying out a classic risk assessment of an organization’s internal and external infrastructure. This can include: Security contours.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Breach Response Shift: More Lawyers, Less Cyber-Insurance Coverage

Dark Reading

Companies are more likely to rely on outside attorneys to handle cyber response in order to contain potential lawsuits. Meanwhile, cyber-insurance premiums are rising but covering less

Several EA Sports FIFA 22 players have been hacked

Security Affairs

Several EA Sports FIFA 22 players claim to have been hacked, they say to have lost access to their personal EA and email accounts.

100 Pipeline Plays: The Modern Sales Playbook

For the first time, we’re sharing the winning plays that took us from scrappy startup to a publicly traded company. Use our proven data-driven plays to grow your pipeline and crush your revenue targets.

No Significant Intrusions Related to Log4j Flaw Yet, CISA Says

Dark Reading

But that could change anytime, officials warn, urging organizations to prioritize patching against the critical remote code execution flaw

113
113

More Trending

What Editing Crosswords Can Teach Us About Security Leadership

Dark Reading

When security leaders look for mistakes, they often find them before customers do

Indian-linked Patchwork APT infected its own system revealing its ops

Security Affairs

The India-linked threat actor Patchwork infected one of their own computers with its RAT revealing its operations to researchers.

IT 98

The Evolution of Patch Management: How and When It Got So Complicated

Dark Reading

In the wake of WannaCry and its ilk, the National Vulnerability Database arose to help security organizations track and prioritize vulnerabilities to patch. Part 1 of 3

IT 110

Key trends for the Financial Services industry in 2022

OpenText Information Management

As we head into 2022, it’s clear that the Financial Services industry overall has responded well to the impact of COVID-19 — but it hasn’t emerged unscathed. In fact, McKinsey’s Global Banking Review states that half of banks are not covering their cost of equity.

Optimize the Performance of Your Serverless Functions

Run mission-critical applications on serverless without sacrificing visibility.

Fake QR Codes on Parking Meters

Schneier on Security

The City of Austin is warning about QR codes stuck to parking meters that take people to fraudulent payment sites. Uncategorized fraud phishing

Abcbot and Xanthe botnets have the same origin, experts discovered

Security Affairs

Experts linked the C2 infrastructure behind an the Abcbot botnet to a cryptocurrency-mining botnet attack that was uncovered in December 2020. Experts linked the infrastructure used by the Abcbot DDoS botnet to the operations of a cryptocurrency-mining botnet that was uncovered in December 2020.

FBI Warns FIN7 Campaign Delivers Ransomware via BadUSB

Dark Reading

An FBI warning says the FIN7 cybercrime group has sent packages containing malicious USB drives to US companies in an effort to spread ransomware

URL Parsing Bugs Allow DoS, RCE, Spoofing & More

Threatpost

Dangerous security bugs stemming from widespread inconsistencies among 16 popular third-party URL-parsing libraries could affect a wide swath of web applications. Vulnerabilities Web Security

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

Microsoft: macOS 'Powerdir' Flaw Could Let Attackers Gain Access to User Data

Dark Reading

The vulnerability could allow an attacker to bypass the macOS Transparency, Consent, and Control measures to access a user's protected data

2021 cyber security review of the year

IT Governance

For many, 2021 was a year to forget. COVID-19 again dominated the news, with initial optimism over vaccine rollouts and the potential end of the pandemic making way for new variants and the return of social restrictions.

Microsoft: macOS 'Powerdir' Flaw Could Enable Access to User Data

Dark Reading

The vulnerability could allow an attacker to bypass the macOS Transparency, Consent, and Control measures to access a user's protected data

A data ‘black hole’: Europol ordered to delete vast store of personal data

The Guardian Data Protection

EU police body accused of unlawfully holding information and aspiring to become an NSA-style mass surveillance agency The EU’s police agency, Europol, will be forced to delete much of a vast store of personal data that it has been found to have amassed unlawfully by the bloc’s data protection watchdog.

Your Guide to Using Conversational Marketing to Drive Demand Generation

What is conversational marketing really about? This guide will examine the market forces at play, shifting buyer trends, how to leverage conversation marketing, and the tactics involved in adopting it for a B2B demand generation strategy.

Cyber-Spike: Orgs Suffer 925 Attacks per Week, an All-Time High

Threatpost

Cyberattacks increased 50 percent YoY in 2021 and peaked in December due to a frenzy of Log4j exploits, researchers found. Government IoT Malware Mobile Security Most Recent ThreatLists Vulnerabilities Web Security

IoT 107

NY AG Investigation Highlights Dangers of Credential Stuffing

eSecurity Planet

A report last week by the New York Attorney General’s Office put a spotlight on the ongoing threat of credential stuffing, a common technique used by cybercriminals that continues to spread and is helping to fuel the push for security practices that don’t involve usernames and passwords.

How Can We Secure The Future of Digital Payments?

Thales Cloud Protection & Licensing

How Can We Secure The Future of Digital Payments? divya. Tue, 01/11/2022 - 06:35. The financial services ecosystem has evolved tremendously over the past few years driven by a surge in the adoption of digital payments.

Retail 105

Susan B. Whitmire announces retirement after 45 years in RIM/IG

IG Guru

Check out her post on LinkedIn here. The post Susan B. Whitmire announces retirement after 45 years in RIM/IG appeared first on IG GURU. IG News Retirement Susan B. Whitmire

70

Monitoring AWS Container Environments at Scale

In this eBook, learn how to monitor AWS container environments at scale with Datadog and which key metrics to monitor when leveraging two container orchestration systems (ECS and EKS).

On Building A Better Web: The Marlinspike Threads

John Battelle's Searchblog

If you want to follow the debate about crypto’s impact on society, which I believe is one of the most important topics in tech today, you better sharpen your Twitter skills – most of the interesting thinking is happening across Twitter’s decidedly chaotic platform.

Paper 62

Accelerating user adoption through easily deployed of line of business solutions

OpenText Information Management

Organizations struggle to find quick and easy deployments of content management solutions that address specific departmental needs, and users struggle with content heavy processes for their many projects and daily tasks.

7 Clever Ways to Build a Welcoming Website Homepage

Cllax

According to an adage, the first impression lasts. The same thing goes for your business. That said, you must have a welcoming home page for your business website. For one, The post 7 Clever Ways to Build a Welcoming Website Homepage first appeared on Cllax - Top of IT. Articles

IT 28

How to Secure a Website from Hackers

Cllax

If your website is hacked, the consequences can be severe. Your website can be rendered unusable, and information of yours and anyone else who uses your website may be vulnerable. The post How to Secure a Website from Hackers first appeared on Cllax - Top of IT. Articles

IT 26

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

4 Ecommerce Web Design Trends in 2022

Cllax

Fun fact, up to 95% of all sales are expected to be conducted via ecommerce by 2040. The pandemic was, of course, a huge push toward this number. However, despite. The post 4 Ecommerce Web Design Trends in 2022 first appeared on Cllax - Top of IT. Articles

Sales 26

How the Proper Enterprise Risk Management Solutions Can Help Your Organization

Cllax

No business venture is completely without risk. Indeed, any enterprise can expect to contend with potential threats to its operations, employees, customers, or community from multiple sources at a time.

IT 26

How to Make Your Long-Distance Move Affordable?

Cllax

You need to prepare everything in advance and only preparation is the key for a successful moving process. Also, the moving process is an expensive one so you need some. The post How to Make Your Long-Distance Move Affordable? first appeared on Cllax - Top of IT. Articles

IT 26