Tue.Nov 30, 2021

How to write an ISO 27001 remote access policy

IT Governance

Remote access is the future of business. Despite travel restrictions easing amid the pandemic, employees continue to work from home in their droves.

SHARING INTEL: Here’s why it has become so vital to prioritize the security-proofing of APIs

The Last Watchdog

Application Programming Interface. Where would we be without them? Related: Supply-chain exposures on the rise. APIs are the snippets of code that interconnect the underlying components of all the digital services we can’t seem to live without. Indeed, APIs have opened new horizons of cloud services, mobile computing and IoT infrastructure, with much more to come. Yet, in bringing us here, APIs have also spawned a vast new tier of security holes.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Finding Your Niche in Cybersecurity

Dark Reading

With a little patience and research, you can discover a role you love that also protects those around you

New EwDoor Botnet is targeting AT&T customers

Security Affairs

360 Netlab experts spotted a new botnet dubbed EwDoor that infects unpatched AT&T enterprise network edge devices.

Build Your Open Data Lakehouse on Apache Iceberg

Speaker: Veena Vasudevan and Jason Hughes

In this webinar, Dremio and AWS will discuss the most common challenges in data architecture and how to overcome them with an open data lakehouse architecture on AWS. Sign up now!

What’s the Difference Between SASE and SD-WAN?

Dark Reading

While SD-WAN is a key part of a hybrid workplace and multicloud operation, it should be treated as a stepping stone to SASE, not an alternative

IT 100

More Trending

Legal Cases and Privacy Rulings Aim to Curtail Facial Biometrics

Dark Reading

Decisions in the UK and Australia, and lawsuits in the United States, could force facial-recognition providers to remove data from their machine-learning models

Sabbath Ransomware target critical infrastructure in the US and Canada

Security Affairs

Sabbath ransomware is a new threat that has been targeting critical infrastructure in the United States and Canada since June 2021. A new ransomware group called Sabbath (aka UNC2190) has been targeting critical infrastructure in the United States and Canada since June 2021.

Government-Industry Cooperation May Be the Most Potent Ransomware Antidote

Dark Reading

The side that's better at collaborating with allies will have the upper hand, and until now, that distinction has gone to the cybercriminals

Critical Printing Shellz flaws impact 150 HP multifunction printer models

Security Affairs

Researchers discovered a critical wormable buffer overflow vulnerability that affects 150 different HP multifunction printer models (MFPs).

The Ultimate Guide to Hardening Windows Servers

IT Professional looking to harden your servers? ThreatLocker’s got you covered. The Ultimate Guide to Hardening Windows Servers offers tips and best practices to help mitigate cyber threats, better protect your servers, and secure your endpoints. Download today!

Best Privileged Access Management (PAM) Software for 2022

eSecurity Planet

Privileged accounts are among an organization’s biggest cybersecurity concerns. These accounts give admins control over data, applications, infrastructure and other critical assets that average system users don’t have permission to access or change.

Ransomware vs. Cities: A Cyber War

Dark Reading

As smart cities become the new normal for urban living, they must be resilient against the speed and sophistication of modern cyber threats

Rethink finance business processes for the digital world

DXC

Many companies experience significant challenges with their accounts payable (AP) functions. These tend to be manual, drawn-out and fragmented finance business processes surrounded by legacy technology.

Risk 82

WIRTE APT group targets the Middle East since at least 2019

Security Affairs

A threat actor named WIRTE targets government, diplomatic entities, military organizations, law firms, and financial institutions in Middle East.

Data Value Scorecard Report

This report examines the quantitative research of data leaders on data value and return on investment.

HP Issues Firmware Updates for Printer Product Vulnerabilities

Dark Reading

More than 150 HP printer models have bugs that could enable attackers to steal data and gain an initial foothold on enterprise networks

81

Play the Opera Please – Opera patches a flaw in their turbo servers

Security Affairs

Opera released a mini patch for a vulnerability in their turbo servers that dates back to 2018. Prior approval are taken from Opera security team before disclosing this issue!

Payment Card Security Is Key During the Holiday Shopping Season

Rocket Software

The holiday season is officially here, and for many that means more spending, whether it’s on gifts, food or special events. This increased volume of transactions also makes it the peak time of year for credit card fraud, according to FICO’s VP of fraud and financial crimes.

Mainframe Modernization has gone Mainstream: Modernizing Mainframe Workloads with AWS and Micro Focus

Micro Focus

Micro Focus’ innovation in the modernization space continues to gather pace. Eddie Houghton, Enterprise Product Director explains the latest developments in mainframe workload modernization with AWS and Micro Focus.

111
111

TCO Considerations of Using a Cloud Data Warehouse for BI and Analytics

Enterprises poured $73 billion into data management software in 2020 – but are seeing very little return on their data investments. 22% of data leaders surveyed have fully realized ROI in the past two years, with 56% having no consistent way of measuring it.

How Decryption of Network Traffic Can Improve Security

Threatpost

Most industry analyst firms conclude that between 80-90 percent of network traffic is encrypted today. Jeff Costlow, CISO at ExtraHop, explains why this might not be a good thing. InfoSec Insider Vulnerabilities Web Security

Attacker Sentenced in Multimillion-Dollar SIM Hijacking Scheme

Dark Reading

A sixth member of international hacking group The Community was sentenced to 10 months in prison and ordered to pay $121,549.37 in restitution

75

Lloyd’s Carves Out Cyber-Insurance Exclusions for State-Sponsored Attacks

Threatpost

The insurer won’t pay for 'acts of cyber-war' or nation-state retaliation attacks. . Breach Cloud Security Government Hacks Malware Vulnerabilities Web Security

How to Maintain eDiscovery Data Integrity

eDiscovery Daily

Emails, text messages, legal documents, written letters, faxes, and more: your eDiscovery team sorts, reviews, and analyzes all of these documents and more during the span of a legal case. When handling these confidential documents, it is important to keep these documents safe and secure. .

12 Considerations When Evaluating Data Lake Engine Vendors for Analytics and BI

Businesses today compete on their ability to turn big data into essential business insights. Modern enterprises leverage cloud data lakes as the platform used to store data. 57% of the enterprises currently using a data lake cite improved business agility as a benefit.

Yanluowang Ransomware Tied to Thieflock Threat Actor

Threatpost

Links between the tactics and tools demonstrated in attacks suggest a former affiliate has switched loyalties, according to new research. Malware Web Security

ARMA Houston promotes Virtual 3rd Annual Official Cyber Security Summit on December 2nd, 2021

IG Guru

You are invited to the Virtual 3rd Annual Official Cyber Security Summit: Houston/San Antonio on December 2nd from 8:00AM – 6:35PM CST.

Panasonic’s Data Breach Leaves Open Questions

Threatpost

Cyberattackers had unfettered access to the technology giant's file server for four months. Breach Cloud Security Hacks Privacy

A Software Primer For Attorneys After Cyber Executive Order

Data Matters

When President Joe Biden issued his major cybersecurity executive order on May 12, a White House press briefing said the order would invoke: “the power of federal procurement to say, “If you’re doing business with us, we need you to practice really good — really good cybersecurity.

Checklist Report: Preparing for the Next-Generation Cloud Data Architecture

Data architectures have evolved dramatically. It is time to reconsider the fundamental ways that information is accumulated, managed, and then provisioned to the different downstream data consumers.

Finland Faces Blizzard of Flubot-Spreading Text Messages

Threatpost

Millions of texts leading to the Flubot spyware/banking trojan are targeting everyone who uses Androids in the country, in an "exceptional" attack. Malware Web Security

2022 Cybersecurity Predictions

Pwnie Express

2022 Cybersecurity Predictions. 03.Dec.2021. Florian Barre. Tue, 11/30/2021 - 10:10. Full-Stack Security. Teaser. 2021 was the year businesses continued to adapt to new working patterns, digital transformation and battle the increasing threats from ransomware attacks.

UK spy chief suggests Beijing risks ‘miscalculation’ over west’s resolve

The Guardian Data Protection

Island’s status and surveillance technology making China ‘single greatest priority’ for MI6 China is at risk of “miscalculating through over-confidence” over Taiwan, said the MI6 head, Richard Moore, in a statement clearly intended to warn Beijing to back off any attempt to seize control of the island.

Risk 64