Security Affairs
DECEMBER 16, 2021
The ImControllerService service of Lenovo laptops is affected by a privilege elevation bug that can allow to execute commands with admin privileges. Lenovo laptops, including ThinkPad and Yoga families, are affected by a privilege elevation issues that resides in the ImControllerService service allowing attackers to execute commands with admin privileges.
Schneier on Security
DECEMBER 16, 2021
Log4j is being exploited by all sorts of attackers, all over the Internet: At that point it was reported that there were over 100 attempts to exploit the vulnerability every minute. “Since we started to implement our protection we prevented over 1,272,000 attempts to allocate the vulnerability, over 46% of those attempts were made by known malicious groups,” said cybersecurity company Check Point.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
DECEMBER 16, 2021
Experts warn that threat actors are actively attempting to exploit a second bug disclosed in the popular Log4j logging library. American web infrastructure and website security company Cloudflare warns that threat actors are actively attempting to exploit a second vulnerability, tracked as CVE-2021-45046 , disclosed in the Log4j library. The CVE-2021-45046 received a CVSS score of 3.7 and affects Log4j versions from 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 (which was released to fix CV
Dark Reading
DECEMBER 16, 2021
The Log4j flaw exists in a component that is not always easy to detect and is widely used beyond an organization's own networks and systems.
Advertisement
Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.
Hunton Privacy
DECEMBER 16, 2021
On December 6, 2021, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP published a white paper on “ Bridging the DMA and the GDPR – Comments by the Centre for Information Policy Leadership on the Data Protection Implications of the Draft Digital Markets Act ” (the “White Paper”). The European Commission’s draft Digital Markets Act (“DMA”) is a proposal for a regulation on “contestable and fair markets” in the digital sector, setting forth obligations for digital
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
IT Governance
DECEMBER 16, 2021
You may have seen people talk this week about Log4Shell and the damage that it’s causing. The zero-day exploit has people worried, with some saying that it’s “ set the Internet on fire ” or that it “ will haunt [us] for years ”? But just how concerned should you be and is there anything you can do to protect yourself? What is Log4Shell? Log4Shell is a remote code execution exploit that’s found in versions of log4j, the popular open-source Java logging library.
Dark Reading
DECEMBER 16, 2021
A look at why this is such a tricky vulnerability and why the industry response has been good, but not great.
Data Matters
DECEMBER 16, 2021
Sidley associate Lauren Kitces was featured on Simplify For Success, a podcast series presented by Meru Data and hosted by Priya Keshav. The discussion covered upcoming U.S. privacy laws and key considerations for organizations as they prepare for these laws. Tune in here. The episode can also be found on various streaming platforms, including Apple Podcasts , Spotify , and Amazon Music.
Threatpost
DECEMBER 16, 2021
It’s similar to Lazarus’s Manuscrypt malware, but the new spyware is splattering itself onto government organizations and ICS in a non-Lazarus-like, untargeted wave of attacks.
Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage
Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.
The Security Ledger
DECEMBER 16, 2021
In this episode of the podcast (#232), Tomislav Peri?in of the firm ReversingLabs joins us to talk about Log4Shell, the vulnerability in the ubiquitous Log4j Apache library. Tomislav tells us why issues related to Log4j won’t be going away anytime soon and how organizations must adapt to deal with the risk it poses. The post Episode 232: Log4j. Read the whole entry. » Click the icon below to listen.
Threatpost
DECEMBER 16, 2021
The new tool manipulates Windows Registry in unique ways to evade security detections and is likely being used by ransomware groups for initial network access.
Security Affairs
DECEMBER 16, 2021
Nation-state actors from China, Iran, North Korea, and Turkey are attempting to exploit the Log4Shell vulnerability to in attacks in the wild. Microsoft researchers reported that Nation-state actors from China, Iran, North Korea, and Turkey are now abusing the Log4Shell (CVE-2021-44228) in the Log4J library in their campaigns. Some of the groups exploiting the vulnerability are China-linked Hafnium and Iran-linked Phosphorus , the former group is using the flaw to attack virtualization infrast
Dark Reading
DECEMBER 16, 2021
As mandatory reporting bills work their way through the halls of Congress, what should businesses do to prepare for this pending legislation?
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
WIRED Threat Level
DECEMBER 16, 2021
So far, Log4Shell has resulted mostly in cryptomining and a little espionage. The really bad stuff is just around the corner.
Rocket Software
DECEMBER 16, 2021
The Rocket team knows that true success with a solution requires more than just the right tools—it requires a network of support to leverage the full capabilities of those tools. To this end, Rocket has built in the value to never let a customer fail into all of our products and services. We strive to create a community that shares experience and knowledge to gain the most value from our solutions and ensure they are meeting customer needs.
Threatpost
DECEMBER 16, 2021
Analysts warn that the attack group, now known as 'Earth Centaur,' is honing its attacks to go after transportation and government agencies.
Dark Reading
DECEMBER 16, 2021
The new API and SDK from Pixalate helps mobile developers avoid getting their apps delisted from app stores by detecting and blocking fraudulent traffic.
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
IG Guru
DECEMBER 16, 2021
Check out the article here. The post Deadly Collapse at Amazon Warehouse Puts Spotlight on Phone Ban via Bloomberg appeared first on IG GURU.
Dark Reading
DECEMBER 16, 2021
A new variant dubbed "Twizt" has hijacked 969 transactions and stolen the equivalent of nearly $500,000 USD.
WIRED Threat Level
DECEMBER 16, 2021
While NSO Group gets most of the attention, the takedowns underscore how insidious the industry has become.
Information Matters
DECEMBER 16, 2021
Zurich Insurance Group has announced it is to acquire AlphaChat, an Estonian provider of conversational AI. The technology will bolster Zurich’s customer service automation efforts and take the firm further Read more. The post Zurich doubles down on digital investments with purchase of AlphaChat appeared first on Information Matters - How Real Companies Are Using AI.
Advertisement
“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.
Record Nations
DECEMBER 16, 2021
As we continue on with our “Who We Are” video series, we’d like to take this opportunity to introduce you to Janet Randolph. Janet is one of the pillars of our business, as she is the director of two departments. She acts as both our head of accounting, as well as our head of human […]. The post Who We Are – Janet Randolph: Director of Accounting & HR appeared first on Record Nations.
Collibra
DECEMBER 16, 2021
For years, leaders in the tech industry have sought to diversify their companies. Diversity is the foundation of agile, dynamic and creative teams. But despite efforts, the tech industry is still lacking holistic diversity in the workplace. A recent study shows that in technology, ethnic communities — the Black and Latinx communities included — make up less than 5% of the workforce in technology.
Hanzo Learning Center
DECEMBER 16, 2021
This month I have the pleasure to interview Parker Morris. She's a fitness and nutrition enthusiast, a global traveler, and a master at seizing the fun. But don't underestimate this cheerful spirit; at her core, she's determined, kind, and relentless in her pursuit to bring value to the team and the enterprise clients she serves.
Zapproved
DECEMBER 16, 2021
Data mapping enables organizations to prepare for the demands of ediscovery data management by locating and characterizing the types of ESI they use.
Advertisement
If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.
Unwritten Record
DECEMBER 16, 2021
After such a tumultuous year, all the staff at the National Archives Special Media Division would like to extend our best holiday wishes to those of you reading this as well as our hopes for a bright new year in 2022. It’s hard to believe that another year has already come and gone and to celebrate, we would like to share some of our holiday themed records with you.
HID Global
DECEMBER 16, 2021
Deep Linking: The Power of One-Step Activation for Your Users. user. Thu, 12/16/2021 - 12:05.
Krebs on Security
DECEMBER 16, 2021
A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud. Nicholas Truglia was part of a group alleged to have stolen more than $100 million from cryptocurrency investors using fraudulent “SIM swaps,” scams in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s online identities.
Expert insights. Personalized for you.
140 
Let's personalize your content