Schneier on Security

APRIL 13, 2022

A Russian cyberweapon, similar to the one used in 2016, was detected and removed before it could be used. Key points: ESET researchers collaborated with CERT-UA to analyze the attack against the Ukrainian energy company The destructive actions were scheduled for 2022-04-08 but artifacts suggest that the attack had been planned for at least two weeks The attack used ICS-capable malware and regular disk wipers for Windows, Linux and Solaris operating systems We assess with high confidence that the

IT 112

IT 112

Data Breach Today

APRIL 13, 2022

5 Critical Vulnerabilities Could Allow Hackers to Tamper with Certain Gear Researchers say five critical vulnerabilities in certain mobile hospital robots - if exploited - could allow hackers to interfere with delivery of medication and supplies, elevator operation and patient privacy. Some experts say the situation is a reminder of commonly overlooked IoT device risks.

Risk 261

Risk IoT Privacy 261

Krebs on Security

APRIL 13, 2022

Microsoft on Tuesday released updates to fix roughly 120 security vulnerabilities in its Windows operating systems and other software. Two of the flaws have been publicly detailed prior to this week, and one is already seeing active exploitation, according to a report from the U.S. National Security Agency (NSA). Of particular concern this month is CVE-2022-24521 , which is a “privilege escalation” vulnerability in the Windows common log file system driver.

Ransomware 245

Ransomware Security IT Access 245

Data Breach Today

APRIL 13, 2022

Latest Batch of Fixes Includes 10 Critical, 2 Zero-Day Vulnerabilities A week after Microsoft announced the Windows Autopatch feature and declared that, come July, the tradition of Patch Tuesday will end, it's Patch Tuesday again, and the company has issued more than 100 security fixes for software that resolve critical issues, including two zero-day vulnerabilities.

Security 260

Security IT 260

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

The Last Watchdog

APRIL 13, 2022

Cyberattacks preceded Russia’s invasion of Ukraine, and these attacks continue today as the war unfolds. As the United States and other nations condemn Russia’s actions, the odds of Russian cyber actors targeting the U.S., allied countries, and businesses steadily increases. Related: Cyber espionage is in a Golden Age. These Russian cyber actors are government organizations and include other parties who take their orders from the Russian military or intelligence organizations – while not technic

Cybersecurity 188

Cybersecurity Military Passwords Education 188

Security Affairs

APRIL 13, 2022

Apache addressed a critical flaw in Apache Struts RCE that was linked to a previous issue that was not properly fixed. Apache Struts is an open-source web application framework for developing Java EE web applications. The Apache Software Foundation urges organizations to address a vulnerability, tracked as CVE-2021-31805, affecting Struts versions ranging 2.0.0 to 2.5.29.

Cybersecurity 137

Cybersecurity Security IT Information Security 137

Data Breach Today

APRIL 13, 2022

ISACA's Jon Brandt Discusses Workforce Efforts, Resources and Cyber Operations The 2022 ISACA State of Cybersecurity report reveals trends in the cybersecurity workforce and the threat landscape, including understaffing and retention. "The imbalance between supply and talent is unchanged," says Jon Brandt, director of professional practices and innovation at ISACA.

Cybersecurity 245

Cybersecurity 245

WIRED Threat Level

APRIL 13, 2022

Ukraine claims to have doxed Russian troops and spies, while hacktivists are regularly leaking private information from Russian organizations.

Privacy 145

Privacy Security 145

Security Affairs

APRIL 13, 2022

Microsoft’s Digital Crimes Unit (DCU) announced to have shut down dozens C2 servers used by the infamous ZLoader botnet. Microsoft dismantled the C2 infrastructure used by the ZLoader trojan with the help of telecommunications providers around the world and cybersecurity firms. The IT giant obtained a court order that allowed it to sinkhole 65 domains used by the ZLoader operators along with an additional 319 currently registered DGA domains. “Today, we’re announcing that Microsoft’

Ransomware 123

Ransomware Cybersecurity Access Security 123

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Jamf

APRIL 13, 2022

Arguably, the healthcare sector is one of the industries that can least afford a security breach. So why was 2021 the tenth year in a row that the healthcare industry had the highest breach costs of any industry? And why, according to the HIPAA Journal , has the number of healthcare data breaches risen every year for the last decade? And what is the industry planning to do about it?

IT 121

IT Security Data breaches 121

WIRED Threat Level

APRIL 13, 2022

The malware toolkit, known as Pipedream, is perhaps the most versatile tool ever made to target critical infrastructure like power grids and oil refineries.

Security 125

Security 125

Security Affairs

APRIL 13, 2022

China-linked Hafnium APT group started using a new piece of new malware to gain persistence on compromised Windows systems. The China-backed Hafnium cyberespionage group is likely behind a piece of a new malware, dubbed Tarrask, that’s used to maintain persistence on compromised Windows systems, reported Microsoft Threat Intelligence Center (MSTIC) experts.

Metadata 110

Metadata Education Cybersecurity Access 110

Data Matters

APRIL 13, 2022

Amidst severe warnings by the United States government of heightened cyber risks (especially for critical infrastructure), and on the heels of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) being signed into law in March 2022, the Cybersecurity and Infrastructure Security Administration (CISA) published a Cyber Event Information Sharing Fact Sheet , which provides stakeholders with guidance about what to share, who should share, and how to share information about u

Phishing 97

Phishing Cybersecurity Government Ransomware 97

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Threatpost

APRIL 13, 2022

The DoJ is charging its founder, 21-year-old Portuguese citizen Diogo Santos Coelho, on six criminal counts, including conspiracy, access device fraud and aggravated identity theft.

Access 108

Access IT Security 108

KnowBe4

APRIL 13, 2022

As ransomware costs increase, along with the effectiveness and use of extortions, smaller businesses are paying the price, according to new data from Webroot.

Ransomware 113

Ransomware Phishing 113

Security Affairs

APRIL 13, 2022

Researchers discovered five vulnerabilities that can be exploited to remotely hack hospital Aethon’s TUG autonomous mobile robots. Researchers at healthcare IoT security firm Cynerio discovered a collection of five vulnerabilities impacting TUG autonomous mobile robots, collectively named JekyllBot:5 , that could be exploited by remote attackers to hack the devices.

IoT 141

IoT Access Communications Cybersecurity 141

KnowBe4

APRIL 13, 2022

New data from the U.K. Government’s Cyber Security Breaches Survey 2022 report shows that a material portion of businesses and charities are being attacked and feeling the repercussions.

Security 94

Security Phishing 94

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Security Affairs

APRIL 13, 2022

According to a report published by Reuters, an Israeli surveillance software was used to spy on senior officials in the European Commission. One of the officials targeted with the infamous spyware there is Didier Reynders, a senior Belgian statesman who has served as the European Justice Commissioner since 2019. The report did not attribute the attacks to a specific threat actor or did not reveal what information was obtained following the compromise of the victims’ devices.

Cybersecurity 100

Cybersecurity Government Security IT 100

KnowBe4

APRIL 13, 2022

Researchers at Trend Micro have spotted yet another scam taking advantage of the crisis in Ukraine by impersonating a legitimate charity. In this case, the scammers are posing as the relief organization Mercury One, attempting to steal money and personal information. We wrote about a "Help Ukraine" cryptocurrency scam and a Ukranian charity phishing scam last month, this is just the latest variety.

Phishing 88

Phishing 88

Micro Focus

APRIL 13, 2022

Jaguar TCS Racing enjoyed a near-perfect weekend of the ABB FIA Formula E World Championship fortune in the Eternal City – after the chequered flag was waved, we checked in with our technology partners Running and Transforming – in Rome If you didn’t see the double-header in Rome, you missed a treat! After encouraging practice. View Article. The post A Transformational Performance appeared first on Micro Focus Blog.

87

87

Dark Reading

APRIL 13, 2022

A new Intel study finds that while adoption of hardware-assisted security is still low, there is a lot of interest in how it can secure system layers such as the operating system and hypervisor.

Security 84

Security IT 84

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

KnowBe4

APRIL 13, 2022

Impersonating legitimate companies and using a complex mix of fake personas across Facebook, Telegram, and other platforms, these groups used social engineering to gain network access.

Access 83

Access Phishing 83

Dark Reading

APRIL 13, 2022

In this webinar replay, Omdia outlines the ways in which XDR facilitates faster and easier threat detection and response, and key points organizations should consider when evaluating XDR technology.

79

79

The Guardian Data Protection

APRIL 13, 2022

ICO finds insufficient evidence against those suspected of capturing footage of minister with colleague No one will be prosecuted over the leak of CCTV footage showing Matt Hancock engaged in a clinch with a colleague in his office, the Information Commissioner’s Office (ICO) has announced. The footage and stills of the embrace, which prompted his resignation as health secretary, were leaked to the Sun in June last year.

IT 75

IT 75

Dark Reading

APRIL 13, 2022

Firms focus too narrowly on external attackers when it's insiders, third parties, and stolen assets that cause many breaches, new study shows.

IT 113

IT 113

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

IG Guru

APRIL 13, 2022

Check out the link here. The post Microsoft’s New Autopatch Feature to Help Businesses Keep Their Systems Up-to-Date via the Hacker News appeared first on IG GURU.

Information governance 60

Information governance Government Information Security Security 60

Dark Reading

APRIL 13, 2022

The banking Trojan-turned-ransomware-distribution tool has been a potent threat since late 2019.

Ransomware 95

Ransomware 95

Gimmal

APRIL 13, 2022

Carpenter and Gonsowski bring a long history of rapidly scaling prominent legal & regulatory technology companies to Gimmal as it expands its presence in the GRC market. HOUSTON, TEXAS —April 13, 2022 — Gimmal , a leading information governance (IG) software platform, today announced that Craig Carpenter and Dean Gonsowski have been named the company’s CEO and CRO, respectively.

Information governance 52

Information governance Government Marketing Privacy 52