Security Affairs

NOVEMBER 12, 2021

Google revealed that threat actors recently exploited a zero-day vulnerability in macOS to deliver malware to users in Hong Kong. Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong. The attackers exploited a XNU privilege escalation vulnerability ( CVE-2021-30869 ) unpatched in macOS Catalina.

Encryption 125

Encryption IT Security Information Security 125

Schneier on Security

NOVEMBER 12, 2021

Google researchers discovered a MacOS zero-day exploit being used against Hong Kong activists. It was a “watering hole” attack, which means the malware was hidden in a legitimate website. Users visiting that website would get infected. From an article : Google’s researchers were able to trigger the exploits and study them by visiting the websites compromised by the hackers.

Cybersecurity 115

Cybersecurity Security IT 115

Threatpost

NOVEMBER 12, 2021

Immutable storage and more: Sonya Duffin, data protection expert at Veritas Technologies, offers the Top 10 steps for building a multi-layer resilience profile.

Cybersecurity 120

Cybersecurity Ransomware Cloud Security 120

Hunton Privacy

NOVEMBER 12, 2021

On November 5, 2021, the Federal Trade Commission suggested two preventative steps small businesses can take to protect against ransomware risks: Step #1: Make sure your tech team is following best practices to fend off a ransomware attack. Be prepared by backing up data. Set up off-line, off-site encrypted backups of information essential to the business.

Ransomware 108

Ransomware Authentication Passwords Education 108

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Threatpost

NOVEMBER 12, 2021

Europol reports that criminal groups are undermining the EU’s economy and its society, offering everything from murder-for-hire to kidnapping, torture and mutilation.

IT 116

IT 116

Security Affairs

NOVEMBER 12, 2021

Wiz Research Team disclosed technical details about the discovery of the ChaosDB vulnerability in Azure Cosmos DB database solution. In August, 2021 the Wiz Research Team disclosed ChaosDB – a severe vulnerability in the popular Azure Cosmos DB database solution that allowed for complete, unrestricted access to the accounts and databases of several thousand Microsoft Azure customers, including many Fortune 500 companies.

Cloud 106

Cloud Access Authentication Security 106

Threatpost

NOVEMBER 12, 2021

Big-box behemoth retailer Costco is offering victims 12 months of credit monitoring, a $1 million insurance reimbursement policy and ID theft recovery services.

Retail 109

Retail Insurance 109

Micro Focus

NOVEMBER 12, 2021

The final INSPIRE 20 podcast looks back at a number of the ways that individuals are promoting inclusion and diversity in their own lives and how organizations can do so at the highest levels of their businesses. The series, which showcased 20 executives from around the world making a difference in terms of inclusion and. View Article.

103

103

Threatpost

NOVEMBER 12, 2021

BotenaGo, written in Google’s Golang programming language, can exploit more than 30 different vulnerabilities.

IoT 131

IoT Risk 131

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Data Matters

NOVEMBER 12, 2021

On November 9, 2021, the U.S. Securities and Exchange Commission (SEC) Division of Examinations (EXAMS) released a risk alert (Risk Alert) concerning deficiencies it observed in its examinations of advisers providing electronic advisory services, including advisers known as “robo-advisers.” 1 Those deficiencies were in the areas of the robo-advisers’ compliance programs, portfolio management practices (including advisers’ fiduciary obligations), and marketing/performance advertising.

IT 88

IT Compliance Marketing Risk 88

Security Affairs

NOVEMBER 12, 2021

Threat actors are increasingly using the HTML smuggling technique in phishing campaigns, Microsoft researchers warn. Microsoft experts warn that threat actors are increasingly using the HTML smuggling technique in phishing campaigns to stealthily deliver threats. Attackers increasingly use HTML smuggling in phishing and other email campaigns to stealthily deliver threats, but Microsoft Defender Office 365’s detonation technology provides durable protection against this evasive delivery technique

Phishing 93

Phishing Passwords Security IT 93

Threatpost

NOVEMBER 12, 2021

Google researchers have detailed a widespread watering-hole attack that installed a backdoor on Apple devices that visited Hong Kong-based media and pro-democracy sites.

Security 84

Security 84

Security Affairs

NOVEMBER 12, 2021

Costco Wholesale Corporation discloses a data breach, threat actors had access to customers’ payment card information. Retail giant Costco Wholesale Corporation notified its customers of a data breach that might have exposed their payment card information. Data was allegedly exposed while customers were shopping at one of its stores. Costco discovered the security breach after its staff spotted a card skimming device in one of its warehouses as part of a routine check.

Retail 90

Retail Data breaches Security IT 90

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Dark Reading

NOVEMBER 12, 2021

The machine learning classifier from Adobe can determine whether system commands are malicious and classify them using a variety of tags useful for security analysts.

Security 118

Security 118

Threatpost

NOVEMBER 12, 2021

Researchers warn that CVE-2021-34484 can be exploited with a patch bypass for a bug originally addressed in August by Microsoft.

86

86

Dark Reading

NOVEMBER 12, 2021

Organizations can study software security leaders and emulate their habits and initiatives in order to build a successful software security program of their own.

Security 91

Security 91

OpenText Information Management

NOVEMBER 12, 2021

Dear Reader, If you’re here then you are at least marginally associated with some aspect of your company’s supply chain, and if you are associated with any aspect of your company’s supply chain then it comes as no surprise that supply chain integration has never been more pertinent. It’s all over the news: supply chain disruption is impacting all corners of … The post An open letter to anyone switching their supply chain integration services appeared first on OpenText Blogs.

IT 64

IT B2B 64

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Dark Reading

NOVEMBER 12, 2021

MSP supply chain threats will be mitigated through transparency, education, business continuity planning, and managed services channel certification.

Education 79

Education Risk 79

OpenText Information Management

NOVEMBER 12, 2021

Businesses can quickly adapt innovative technology to remain resilient and optimize internal resources by leveraging public cloud marketplaces. Digital procurement through public cloud marketplaces is a low-touch way to discover, try, and purchase software needed for immediate access. Organizations can buy through standard contracts and pre-allocated budgets, streamlining procurement and simplifying vendor management, bringing company-wide benefits.

Cloud 64

Cloud Access 64

Dark Reading

NOVEMBER 12, 2021

Key characteristics that should be evaluated include curiosity, disposition, and fit with the culture.

94

94

IG Guru

NOVEMBER 12, 2021

Check out the article here. The post The Definitive Guide to Schrems II via Dataguidance.com appeared first on IG GURU.

Information governance 77

Information governance Government Privacy 77

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Dark Reading

NOVEMBER 12, 2021

New security tools are proactively protecting APIs built with GraphQL, before attacks against them become more commonplace.

Security 83

Security 83

WIRED Threat Level

NOVEMBER 12, 2021

The social network got huge by ignoring who you know. That's increasingly no longer the case.

Privacy 78

Privacy Security 78

Dark Reading

NOVEMBER 12, 2021

Using the spread of viruses in human populations as a model to inform its AI, Inflame is a key component in BT’s recently-announced Eagle-i platform.

IT 65

IT 65

eSecurity Planet

NOVEMBER 12, 2021

Remote work and home offices were an afterthought until the COVID-19 pandemic. They were then vaulted to the forefront of security concerns so quickly that security and IT teams were caught off guard. Now, remote work is likely here to stay even after the pandemic is gone. That means that the temporary solutions put in place over the last 18 months will need to give way to more permanent solutions.

Security 133

Security Marketing IT Access 133

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Dark Reading

NOVEMBER 12, 2021

New initiative addresses shortage of professionals and lack of diversity in cybersecurity by recruiting, training and retaining diverse talent from underrepresented backgrounds.

Cybersecurity 58

Cybersecurity 58

Schneier on Security

NOVEMBER 12, 2021

Images of giant squid (and octopi) attacking. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.

Security 86

Security 86

Dark Reading

NOVEMBER 12, 2021

Alan Paller, founder of the famed SANS Institute, passed away on Nov. 9.

62

62