Tue.Nov 23, 2021

European General Court Judgment in Google Shopping: Key Takeaways

Data Matters

On November 10, 2021, the European General Court (Court) issued its judgment in Case T-612/17 Google and Alphabet v Commission (Google Shopping).

How Sun Tzu's Wisdom Can Rewrite the Rules of Cybersecurity

Dark Reading

The ancient Chinese military strategist Sun Tzu would agree: The best defense is to avoid an attack in the first place

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The McDonald’s Ice Cream Machine Hacking Saga Has a New Twist

WIRED Threat Level

The cold war between a startup and a soft-serve machine manufacturer is heating up, thanks to a newly released trove of internal emails. Security Security / Security News

Holiday Scams Drive SMS Phishing Attacks

Dark Reading

Attackers typically target consumers with malicious text messages containing obfuscated links, but experts say businesses are threatened as well

Your Guide to Using Conversational Marketing to Drive Demand Generation

What is conversational marketing really about? This guide will examine the market forces at play, shifting buyer trends, how to leverage conversation marketing, and the tactics involved in adopting it for a B2B demand generation strategy.

Android.Cynos.7.origin trojan infected +9 million Android devices

Security Affairs

Researchers spotted dozens of games on Huawei’s AppGallery catalog containing the Android.Cynos.7.origin trojan. Researchers from Dr. Web AV discovered 190 games on Huawei’s AppGallery catalog (i.e.

More Trending

Expert released PoC exploit code for Microsoft Exchange CVE-2021-42321 RCE bug

Security Affairs

A researcher has released a proof-of-concept exploit code for an actively exploited vulnerability affecting Microsoft Exchange servers.

Baffle's Data Privacy Cloud Protects Data for Amazon Redshift Customers

Dark Reading

Amazon Redshift customers can use Baffle’s Data Privacy Cloud to secure the data pipeline as source data is migrated to Redshift and used for data analytics

Expert disclosed an exploit for a new Windows zero-day local privilege elevation issue

Security Affairs

A researcher publicly disclosed an exploit for a new Windows zero-day local privilege elevation that can allow gaining admin privileges.

Apple Sues NSO Group for Spyware Use

Dark Reading

The company seeks to hold Israeli firm NSO Group liable for the targeting of Apple users and requests a permanent injunction to ban its use of Apple products and services

IT 74

The Modern Software Checklist: The Secret to Understanding Your Data Security Needs

Understanding your data security needs is tough enough, but what can be even more difficult is choosing the right software to fit your company. This checklist will help you evaluate the scope of services offered by various encryption solutions on the market.

Malware are already attempting to exploit new Windows Installer zero-day

Security Affairs

Vxers are already attempting to use the proof-of-concept exploit code targeting a new Microsoft Windows Installer zero-day publicly disclosed on Sunday.

IT 80

New Android Spyware Variants Linked to Middle Eastern APT

Dark Reading

The new variants, improved for stealth and persistence, share code with other malware samples attributed to the C-23 APT

73

HONG KONG: New anti-doxxing provisions now in force

DLA Piper Privacy Matters

With the coming into effect of the Personal Data (Privacy) (Amendment) Ordinance 2021 (“ Amendment Ordinance ”) on 8 October 2021, a new anti-doxxing law is now in force in Hong Kong. The below sets out a summary of the key aspects of the anti-doxxing law: New offences of doxxing; new penalties.

Experts warn of RCE flaw in Imunify360 security platform

Security Affairs

A flaw in CloudLinux’s Imunify360 security product could have been exploited by an attacker for remote code execution. Cisco’s Talos researchers discovered a remote code execution vulnerability, tracked as CVE-2021-21956, in CloudLinux’s Imunify360 security product.

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

GovQA Launches 2022 Annual Peers in Public Records Survey: Tasked with Identifying Public Records Priorities

IG Guru

GovQA has launched the largest survey of public records managers in the U.S., capturing data on emerging trends in the public records space. The annual survey helps state and local prioritize key decisions across governments in 2022.

Common Cloud Misconfigurations Exploited in Minutes, Report

Threatpost

Opportunistic attackers instantly exploited insecurely exposed services deployed in honeypots by Unit 42 researchers, demonstrating the immediate danger of these typical mistakes.

The EDPB Issues Guidelines Clarifying What Constitutes an International Data Transfer Under the GDPR

Hunton Privacy

On November 19, 2021, the European Data Protection Board (“EDPB”) published its draft Guidelines 05/2021 (the “Guidelines”) on the interplay between the application of Article 3 of the EU General Data Protection Regulation (“GDPR”), which sets forth the GDPR’s territorial scope, and the GDPR’s provisions on international data transfers.

GDPR 91

The Future of Work and the Distributed Organization

OpenText Information Management

The future of work will be a combination of where you work and how you work. Organizations are struggling with the Great Attrition. Workers are rethinking their priorities and leaving their jobs in record numbers and for new reasons.

Paper 63

LinkedIn + ZoomInfo Recruiter: Better Data for Better Candidates

Check out our latest ebook for a guide to the in-depth, wide-ranging candidate and company data offered by ZoomInfo Recruiter — and make your next round of candidate searches faster, more efficient, and ultimately more successful.

Attackers Will Flock to Crypto Wallets, Linux in 2022: Podcast

Threatpost

That’s just the start of what cyberattackers will zero in on as they pick up APT techniques to hurl more destructive ransomware & supply-chain attacks, says Fortinet’s Derek Manky. Podcasts Sponsored Vulnerabilities Web Security

And the category is … seamless digital experience

OpenText Information Management

As the new Industry Strategist for the U.S. Public Sector at OpenText™, I want to bring you some insights that I think really define how I view the market. And a lot of these thoughts come from being a citizen, just like you.

How to Get Executive Support for Your Next Information Governance Initiative

AIIM

Back in 2017, I called up a few of the information governance friends I’d made through the AIIM Community to better understand the challenges they were up against.

Additional roles in connected engineering

OpenText Information Management

The partnership between OpenText™ and Dassault Systemes is bringing connected engineering solutions to you like never before, built on Dassault’s CATIA computer-aided design products and supporting by OpenText’s cloud-based managed services.

Cloud 60

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

AI and ML fight security threats in retail industry as holiday shopping ramps up

DXC

Online retailers are once again getting ready for the annual Black Friday to Cyber Monday surge in shopping traffic. Every year they prepare to combat the cybersecurity threats that go into overdrive during the holiday season.

Introducing OpenText EnCase Incident Response

OpenText Information Management

Corporations are facing constant cybersecurity threats. They need to be able to respond by quickly and proactively conducting investigations that can identify a potential threat.

Giving Thanks, It's The Small Things

Hanzo Learning Center

Life has changed significantly since the pandemic, and this Thursday will mark the second Thanksgiving we'll celebrate with things not being quite normal. Yet, the team at Hanzo realizes that we are very blessed. Hanzo Hanzo Helps philanthropy Thanksgiving

IT 52

EDPB Releases Statement on the Digital Services Package and Data Strategy; Calls for Ban on Targeted Ads

Hunton Privacy

On November 18, 2021, the European Data Protection Board (“EDPB”) released a statement on the Digital Services Package and Data Strategy (the “Statement”).

A Recruiter’s Guide To Hiring In 2021

With vaccination rates rising, consumers spending more money, and people returning to offices, the job market is going through a period of unprecedented adjustment. As the New York Times observed, “It’s a weird moment for the American economy.” And recruiting professionals are caught in the middle. To make the most of this disruption, you need to understand the economic drivers, develop a strong strategy for unearthing valuable talent, and use the latest tech tools to get the job done. Read this guide to get your recruiting practice ready to thrive in the new normal.

How to Defend Against Mobile App Impersonation

Threatpost

Despite tight security measures by Google/Apple, cybercriminals still find ways to bypass fake app checks to plant malware on mobile devices. Dave Stewart, CEO of Approov, discusses technical approaches to defense against this. Cloud Security InfoSec Insider Malware Mobile Security Privacy

Cloud 67

Federal Regulators Issue New Cyber Incident Reporting Rule for Banks

Hunton Privacy

On November 18, 2021, the Federal Reserve, Federal Deposit Insurance Corporation, and Office of the Comptroller of the Currency issued a new rule regarding cyber incident reporting obligations for U.S. banks and service providers. The final rule requires a banking organization to notify its primary federal regulator “as soon as possible and no later than 36 hours after the banking organization determines that a notification incident has occurred.”

US banking regulators promulgate a final rule for 36-hour notice of breach

Data Protection Report

On November 18, 2021, the US federal banking regulators Office of the Comptroller of the Currency, Federal Reserve Board and Federal Deposit Insurance Corporation jointly announced a final rule that will require banking organizations (which includes the U.S.

FOIA 60