Data Matters

MARCH 9, 2022

Yesterday DOJ announced its first settlement under the Department’s new “Cyber-Fraud Initiative.” This initiative, announced in October 2021 , aims to “utilize the False Claims Act to pursue cybersecurity related fraud by government contractors and grant recipients.” However, as discussed further here , in addition to targeting traditional government contractors, the initiative presents broader opportunities for DOJ to use the FCA to address data protection practices by healthcare providers.

Cybersecurity 158

Cybersecurity Government Privacy IT 158

eSecurity Planet

MARCH 9, 2022

A major Linux vulnerability dubbed “Dirty Pipe” could allow even the least privileged users to perform malicious actions. Researcher Max Kellermann of Ionos revealed the new vulnerability earlier this week. The name is reminiscent of the “Dirty Cow” vulnerability discovered in 2016 that allowed attackers to gain root access on any Android Phone regardless of the OS version, but Dirty Pipe could be even easier to exploit than its predecessor.

Access 117

Access Libraries Passwords IT 117

Security Affairs

MARCH 9, 2022

The collective Anonymous has hacked public cameras in Russia and transmitted their live feed on a website, it also announced a clamorous leak. Anonymous and other hacker groups continue to target Russia, in a recent attack the collective has taken over more than 400 Russian cameras in support of Ukraine. The hacktivist shared the live feed of the hacked cameras on the website behindenemylines.live , the hacked cams are grouped in various categories based on their location (Businesses, Outdoor, I

Security 106

Security IT Information Security 106

Schneier on Security

MARCH 9, 2022

Zelle is rife with fraud : Zelle’s immediacy has also made it a favorite of fraudsters. Other types of bank transfers or transactions involving payment cards typically take at least a day to clear. But once crooks scare or trick victims into handing over money via Zelle, they can siphon away thousands of dollars in seconds. There’s no way for customers — and in many cases, the banks themselves — to retrieve the money. […].

Security 97

Security IT 97

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

Security Affairs

MARCH 9, 2022

Three flaws in APC Smart-UPS devices, tracked as TLStorm, could be exploited by remote attackers to hack and destroy them. Researchers from IoT security company Armis have discovered three high-impact security flaws, collectively tracked as TLStorm, affecting APC Smart-UPS devices. The flaws can allow remote attackers to manipulate the power of millions of enterprise devices carrying out extreme cyber-physical attacks.

IoT 99

IoT Authentication Cloud Security 99

Security Affairs

MARCH 9, 2022

Threat actors hacked Russian federal agencies’ websites in a supply chain attack involving the compromise of a stats widget. Some Russian federal agencies’ websites were compromised in a supply chain attack, threat actors compromised the stats widget used to track the number of visitors by several government agencies. Threat actors were able to deface the websites and block access to them. “Disruptions in the operation of the federal agencies’ websites occurred on Tuesday

Government 98

Government Communications Access Cybersecurity 98

IG Guru

MARCH 9, 2022

Check out the post here. The post Statement of solidarity with librarians, archivists and information professionals in Ukraine via CILIP appeared first on IG GURU.

Archiving 71

Archiving 71

Security Affairs

MARCH 9, 2022

Google has blocked a phishing campaign conducted by China-linked group APT31 aimed at Gmail users associated with the U.S. government. Google announced to have blocked a phishing campaign originating conducted by China-linked cybereaspionage group APT31 (aka Zirconium , Judgment Panda, and Red Keres) and aimed at Gmail users associated with the U.S. government.

Government 97

Government Phishing Military IT 97

Threatpost

MARCH 9, 2022

The China-affiliated state-sponsored threat actor used Log4j and zero-day bugs in the USAHerds animal-tracking software to hack into multiple government networks.

Government 72

Government Security 72

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Security Affairs

MARCH 9, 2022

Researchers disclosed 16 high-severity flaws in different implementations of Unified Extensible Firmware Interface (UEFI) firmware impacting multiple HP enterprise devices. Researchers from cybersecurity firm Binarly discovered 16 high-severity vulnerabilities in various implementations of Unified Extensible Firmware Interface (UEFI) firmware impacting multiple HP enterprise devices.

Sales 88

Sales Security Cybersecurity Information Security 88

OpenText Information Management

MARCH 9, 2022

Situation overview Russia’s invasion of Ukraine is a prime example of one nation employing a combination of traditional weaponry and cyberattacks against another to disrupt business and government. As outlined by the US Cybersecurity & Infrastructure Security Agency (CISA) in its alert: “Further disruptive cyberattacks against organizations in Ukraine are likely to occur and may … The post Maintaining heightened cyber safety during uncertain times appeared first on OpenText Blogs.

Cybersecurity 67

Cybersecurity Government Security IT 67

Dark Reading

MARCH 9, 2022

Weak leadership can demotivate and demoralize the security workforce. Here's what to look out for.

Security 92

Security 92

OpenText Information Management

MARCH 9, 2022

SWIFT has been a hot topic in the news lately but there seems to be an overwhelming amount of confusion about what SWIFT does and how they impact the global financial ecosystem. First, let’s uncover what SWIFT stands for, the Society for Worldwide Interbank Financial Telecommunication. As the name implies, SWIFT serves a communication network … The post Understanding SWIFT appeared first on OpenText Blogs.

Communications 62

Communications Insurance 62

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Threatpost

MARCH 9, 2022

Also on the rise: DDoS attacks against Ukrainian sites and phishing activity capitalizing on the conflict, with China's Mustang Panda targeting Europe.

Phishing 69

Phishing Security 69

Dark Reading

MARCH 9, 2022

Simplifies the creation and management of secure passwords for all online accounts across multiple platforms including mobile.

Passwords 74

Passwords Security 74

Role Model Software

MARCH 9, 2022

Learning and innovation go hand in hand. The arrogance of success is to think that what you did yesterday will be sufficient for tomorrow. - William Pollard If we were to turn back the clock even just five years, the software stack we were using at RoleModel Software would look a lot different than it does today. Many of the top languages still are used regularly but new libraries, plugins, and features are always being added.

Libraries 52

Libraries IT Access Communications 52

Dark Reading

MARCH 9, 2022

The federal government must step in to help local and state governments implement zero trust.

Government 85

Government 85

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Collibra

MARCH 9, 2022

Collibra Data Intelligence Cloud unifies data catalog, governance, data lineage, data quality and data privacy capabilities in one complete, flexible and easy-to-use platform. The latest release of Collibra Data Intelligence Cloud delivers new capabilities that deepen the context about data and boost productivity, helping fuel data-driven decisions and innovation.

Cloud 52

Cloud Metadata Data Privacy Access 52

Dark Reading

MARCH 9, 2022

Cloud workload protection delivers on the promise of zero trust for virtual machines, containers, and serverless architectures across the application life cycle.

Cloud 59

Cloud 59

Krebs on Security

MARCH 9, 2022

Microsoft on Tuesday released software updates to plug at least 70 security holes in its Windows operating systems and related software. For the second month running, there are no scary zero-day threats looming for Windows users, and relatively few “critical” fixes. And yet we know from experience that attackers are already trying to work out how to turn these patches into a roadmap for exploiting the flaws they fix.

Authentication 36

Authentication Ransomware Phishing Passwords 36

Dark Reading

MARCH 9, 2022

Threat modeling visualization, code repository scanning, and pipeline configuration analysis help prioritize vulnerabilities.

Cloud 58

Cloud Security 58

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Synergis Software

MARCH 9, 2022

52

52

Troy Hunt

MARCH 9, 2022

I have lots of little ideas for various pet projects, most of which go nowhere ( Have I Been Pwned being the exception), so I'm always looking for the fastest, cheapest way to get up and running. Last month as part of my blog post on How Everything We're Told About Website Identity Assurance is Wrong , I spun up a Cloudflare Pages website for the first time and hosted digicert-secured.com there (the page has a seal on it so you know you can trust it).

Passwords 139

Passwords Access IT Cybersecurity 139

Robert's Db2

MARCH 9, 2022

In part 1 of this two-part blog entry on thoroughly assessing data security in a Db2 for z/OS environment, I covered four aspects of Db2 data protection: privilege management, client authentication, data encryption and column masks/row permissions. In this part 2 entry we'll take a look at auditing, application architecture, test data management and RACF (or equivalent) management of Db2-internal security.

Security 62

Security Access Systems administration IT 62