Krebs on Security

OCTOBER 1, 2021

The U.S. Federal Communications Commission (FCC) is asking for feedback on new proposed rules to crack down on SIM swapping and number port-out fraud, increasingly prevalent scams in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s online identity. In a long-overdue notice issued Sept. 30 , the FCC said it plans to move quickly on requiring the mobile companies to adopt more secure methods of authenticating customers before

Passwords 276

Passwords Authentication Communications Retail 276

Data Breach Today

OCTOBER 1, 2021

The latest edition of the ISMG Security Report features an analysis of how a cryptocurrency exchange bug has revealed North Korean Monero laundering. Also featured are cyber insurance trends and cybercrime innovation.

Insurance 274

Insurance Security 274

Dark Reading

OCTOBER 1, 2021

The concept of identity has been around for decades, yet authentication has not caught up to its advanced threats until now. Here are four ways to begin thinking differently about identity and authentication.

Authentication 125

Authentication IT 125

Data Breach Today

OCTOBER 1, 2021

Cites Need to Secure Privately Owned Critical Infrastructure, Signs Proclamation As Cybersecurity Awareness Month kicks off this week, U.S. President Joe Biden has weighed in on his administration's efforts to curb cyberattacks and bolster the federal government's security posture.

Cybersecurity 271

Cybersecurity Government Security 271

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

eSecurity Planet

OCTOBER 1, 2021

A previously unknown but highly skilled Chinese-speaking cyberespionage group is using sophisticated malware to attack government and private entities in Southeast Asia through a long-running campaign that targets systems running the latest versions of Microsoft’s Windows 10. The group – which researchers with Kaspersky Lab are calling GhostEmporer – uses a multi-stage malware framework designed to give the attackers remote control over the targeted servers.

Government 110

Government IT Security 110

Hunton Privacy

OCTOBER 1, 2021

On September 27, 2021, the European Data Protection Board (the “EDPB”) announced that it established a taskforce to coordinate the response to complaints filed with several EU data protection authorities (“DPAs”) by the non-governmental organization None of Your Business (“NOYB”) in relation to cookie banners. In May 2021, NOYB sent over 500 draft complaints to companies regarding their use of cookie banners.

IT 108

IT Privacy 108

Data Breach Today

OCTOBER 1, 2021

Discussion Also Addresses Fraudsters' Evolving Tactics In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including why enterprises need a multilayered approach to securing identity, how fraud will evolve in 2022 and the need to secure backdoors to prevent ransomware attacks.

Ransomware 256

Ransomware Information Security Cybersecurity Security 256

Security Affairs

OCTOBER 1, 2021

Experts warn of a new Hydra banking trojan campaign targeting European e-banking platform users, including the customers of Commerzbank. . Experts warn of a malware campaign targeting European e-banking platform users with the Hydra banking trojan. According to malware researchers from the MalwareHunterTeam and Cyble, the new campaign mainly impacted the customers of Commerzbank, Germany’s second-largest bank.

Communications 108

Communications Access Encryption Security 108

Data Breach Today

OCTOBER 1, 2021

Suit Alleges Inability to Access Critical Fetal Monitoring Data Was Malpractice The death of a baby born with complications during a 2019 ransomware attack on an Alabama hospital – one that left clinicians unable to access electronic health records and patient monitoring systems - is intensifying the spotlight on the potentially fatal consequences of such cyber incidents.

Ransomware 252

Ransomware Access 252

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Threatpost

OCTOBER 1, 2021

The banking trojan keeps switching up its lies, trying to fool Android users into clicking on a fake Flubot-deleting app or supposedly uploaded photos of recipients.

Security 109

Security IT 109

Security Affairs

OCTOBER 1, 2021

Threat actors could exploit a stored cross-site scripting (XSS) vulnerability in Apple AirTag product to lure users to malicious websites. Security researcher Bobby Rauch discovered a stored cross-site scripting (XSS) vulnerability in the Apple AirTag product that can be exploited by attackers to lure users to malicious websites. Apple AirTag is a tracking device designed to act as a key finder, it allows users to find personal objects (e.g. keys, bags, apparel, small electronic devices, vehicle

Phishing 105

Phishing Authentication IT Access 105

Threatpost

OCTOBER 1, 2021

First appearing in March, the group has been leveraging ProxyShell against targets in 10 countries and employs a variety of malware to steal data from compromised networks.

Security 103

Security 103

Hunton Privacy

OCTOBER 1, 2021

On September 27, 2021, the European Data Protection Board (“EDPB”) announced that it had adopted an opinion on the European Commission’s draft adequacy decision for the Republic of Korea (the “Opinion”). Background. In March 2021, the European Commission announced the successful conclusion of adequacy talks with the Republic of Korea, thereby launching the formal adoption process of the adequacy decision.

Personal data 101

Personal data GDPR Archiving Security 101

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Threatpost

OCTOBER 1, 2021

Coinbase suspects phishing led to attackers getting personal details needed to access wallets but also blamed a flaw in its SMS-based 2FA.

Phishing 116

Phishing Access IT Security 116

Jamf

OCTOBER 1, 2021

As part of National Cybersecurity Awareness Month , we are going back to basics to raise awareness around the various threats that affect mobile devices.

Security 105

Security Cybersecurity 105

eSecurity Planet

OCTOBER 1, 2021

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released guidance and best practices for securing virtual private network (VPN) solutions. VPNs, an important security tool in an era of widespread remote work , are entry points into secured networks that bad attackers frequently try to use in malicious assaults.

Authentication 90

Authentication Access Passwords Risk 90

Security Affairs

OCTOBER 1, 2021

Luxury retail company Neiman Marcus Group has announced this week that it has suffered a data breach that impacted customer information. The attack against Neiman Marcus Group took place in May 2020, as a result of the attack, threat actors had access to customers’ information, including payment card data. Exposed personal information includes names and contact information, usernames, passwords, and answers to security questions associated with online accounts.

Data breaches 91

Data breaches Retail Passwords Access 91

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Dark Reading

OCTOBER 1, 2021

Despite countless vulnerabilities and exploits, the legacy Windows printing process service continues to be an attack surface in constant need of repair and maintenance, security experts say.

Security 95

Security 95

eSecurity Planet

OCTOBER 1, 2021

Private equity firm Symphony Technology Group (STG) has been on a cybersecurity buying spree the last two years, acquiring RSA Security, McAfee’s enterprise business and Mandiant’s FireEye products business (see FireEye, Mandiant to Split in $1.2 Billion Deal ). Industry analysts have speculated that STG might merge at least some of its security holdings.

Artificial Intelligence 86

Artificial Intelligence Cybersecurity Marketing Cloud 86

Security Affairs

OCTOBER 1, 2021

A baby allegedly received inadequate childbirth health care, and later died, at an Alabama Springhill Medical Center due to a ransomware attack. An Alabama woman named Teiranni Kidd has filed suit after the death of her baby, she claims that the Springhill Medical Center was not able to respond to a cyberattack that crippled its systems causing the death of the infant daughter, reported The Wall Street Journal.

Ransomware 85

Ransomware Access IT Security 85

Dark Reading

OCTOBER 1, 2021

Experts warn devices will be affected after major HTTPS certificate provider Let's Encrypt saw its root certificate expire this week.

Encryption 101

Encryption IT 101

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Security Affairs

OCTOBER 1, 2021

Google rolled out urgent security updates to address two new actively exploited zero-day vulnerabilities in its Chrome browser. Google this week rolled out urgent security updates for the Chrome browser to address four security flaws, including two new zero-day vulnerabilities that are being exploited in the wild. Google has addressed a total of five zero-day flaws this month, while the total number of zero-days fixed since the start of the year is 14.

Security 81

Security Government IT Information Security 81

Threatpost

OCTOBER 1, 2021

Experts say the detection delay of 17 months is a colossal security blunder by the retailer. .

Retail 111

Retail Security 111

Hunton Privacy

OCTOBER 1, 2021

On October 1, 2021, Connecticut’s two new data security laws become effective. As we previously reported , the new laws modify Connecticut’s existing breach notification requirements and establish a safe harbor from certain Connecticut Superior Court assessed damages for businesses that create and maintain a written cybersecurity program. With the breach law amendments, Connecticut joins a number of other states in expanding the definition of “personal information” in its data breach notificatio

Cybersecurity 73

Cybersecurity Data breaches Security IT 73

Dark Reading

OCTOBER 1, 2021

With the easing of pandemic-related restrictions, enterprise defenders report they are investigating security operations technology to manage new risks that emerged over the past year.

Risk 66

Risk Security 66

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

IG Guru

OCTOBER 1, 2021

CALL FOR PRESENTERS Now accepting speaking proposals on topics related tothe Legal, Technical, and Operational components ofInformation Governance. Whether face-to-face or virtual, the MER Conference mission hasn’t changed: Equipping information governance professionalsto more meaningfully impact their organization’s business objectives. MER Conference participants attend for that reason.

Information governance 63

Information governance Government Records Management Education 63

Dark Reading

OCTOBER 1, 2021

Through this partnership, CISA and Girls Who Code will establish collaborative opportunities to provide awareness, training, and pathways into cybersecurity careers for girls, women, and those who identify as nonbinary.

Cybersecurity 61

Cybersecurity 61

Jamf

OCTOBER 1, 2021

New updates to Jamf Protect's Alert API are introduced to provide admins more information, greater efficiency and better performance to create prowerful workflows that leverage the API framework.

52

52