Rocket Software

APRIL 7, 2022

Businesses are seeing a sharp increase in data production year over year, while the number of places data is stored grows exponentially. This explosion of data and the ways we protect data comes in combination with constant changes in the market—economic, technological, and shifts in buyer behavior to name a few. Such an unpredictable landscape makes a strong data infrastructure an imperative, so that businesses can maintain uninterrupted focus on their pursuits of goals and ROI.

IT 52

IT Cloud Archiving Compliance 52

Data Breach Today

APRIL 7, 2022

Three Aspects of Governance that Need Consideration If an organization doesn’t know who is accessing what, how can they be trusted to make sure a bad actor isn’t gaining access to data, assets, or systems they shouldn’t?

Access 260

Access Government Cybersecurity 260

Krebs on Security

APRIL 7, 2022

The U.S. Federal Bureau of Investigation (FBI) says it has disrupted a giant botnet built and operated by a Russian government intelligence unit known for launching destructive cyberattacks against energy infrastructure in the United States and Ukraine. Separately, law enforcement agencies in the U.S. and Germany moved to decapitate “ Hydra ,” a billion-dollar Russian darknet drug bazaar that also helped to launder the profits of multiple Russian ransomware groups.

Marketing 232

Marketing Energy and Utilities Ransomware Blockchain 232

Data Breach Today

APRIL 7, 2022

Revised Draft Guidance Lists Security Asks for Premarket Medical Device Submissions The Food and Drug Administration on Thursday issued revamped draft guidance providing updated and detailed recommendations for how medical device makers should address cybersecurity risk in the premarket of their products, especially as the threat landscape continues to evolve.

Cybersecurity 259

Cybersecurity Risk Security 259

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Hunton Privacy

APRIL 7, 2022

On February 28, 2022, the Emirate of Dubai enacted Law No. 4 of 2022 on the Regulation of Virtual Assets (“ VAL ”) and established the Dubai Virtual Assets Regulatory Authority (“ VARA ”). By establishing a legal framework for businesses related to virtual assets, including crypto assets and non-fungible tokens ( NFTs ), this landmark law reflects Dubai’s vision to become one of the leading jurisdictions for entrepreneurs and investors of blockchain technology.

IT 145

IT Blockchain Financial Services Personal data 145

Security Affairs

APRIL 7, 2022

Experts discovered a vulnerability, tracked as CVE-2022-22292, which can be exploited to compromise Android 9, 10, 11, and 12 devices. Researchers from mobile cybersecurity firm Kryptowire discovered a vulnerability, tracked as CVE-2022-22292 , in Android 9, 10, 11, and 12 devices. The vulnerability resides in the pre-installed Phone app that executes with system privileges on Samsung devices.

Cybersecurity 121

Cybersecurity Security Access Information Security 121

Data Breach Today

APRIL 7, 2022

Also: Analyzing the Okta Breach; Fraud Trends With Digital Onboarding In the latest "Proof of Concept," Lisa Sotto, partner and chair of the global privacy and cybersecurity practice at Hunton Andrews Kurth LLP and David Pollino, former CISO at PNC Bank, join Information Security Media Group editors to discuss U.S. regulatory trends and supply chain risk management.

Privacy 243

Privacy Information Security Cybersecurity Risk 243

Troy Hunt

APRIL 7, 2022

Supporting national governments has been a major cornerstone of Have I Been Pwned for the last 4 years. Today, I'm very happy to welcome the 31st government on board, Serbia! The National CERT and the Gov-CERT of the Republic of Serbia now has free and complete access to query their government domains via API. Visibility into the exposure of government departments in data breaches remains a valuable service I'm glad to see continuing to be taken up by national CERTs.

Government 116

Government Data breaches Access 116

Data Breach Today

APRIL 7, 2022

This edition discusses the latest episode of "The Ransomware Files," which covers the REvil ransomware gang's 2021 attack on Kaseya. It also examines how healthcare entities can prepare for potential spillover attacks from the hybrid Russia-Ukraine war and highlights from ISMG's Chicago Summit.

Ransomware 243

Ransomware IT 243

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Data Protection Report

APRIL 7, 2022

A third regulator has recently entered into a proposed consent that includes a $500,000 fine based in part on a company’s over-retention of personal data for longer than it was needed. The first regulator was the French data protection authority, the CNIL, in 2021, which we wrote about here. The second regulator was the New York Attorney General in January of 2022, which we described here.

Privacy 112

Privacy Compliance Insurance Data collection 112

Data Breach Today

APRIL 7, 2022

EDR Vendors Face 'an Existential Crisis' as Businesses Increasingly Use the Cloud CrowdStrike, Microsoft and Trend Micro sit atop the Forrester Wave for endpoint detection and response as vendors grapple with business data increasingly moving to the cloud. This has forced EDR providers to build out full-fledged Extended Detection and Response platforms that protect cloud data.

Cloud 241

Cloud 241

Hunton Privacy

APRIL 7, 2022

On April 7, 2022, the European Data Protection Board (the “EDPB”) released a statement on the announcement of a new Trans-Atlantic Data Privacy Framework (the “Statement”). A new framework for transfers of personal data between the EU and the U.S. has been needed since the previous EU-U.S. Privacy Shield framework was annulled by the Court of Justice of the European Union (“CJEU”) in the Schrems II judgment in July 2020.

Privacy 105

Privacy Personal data Data Privacy Security 105

KnowBe4

APRIL 7, 2022

New insights into the state of data security show a clear focus on the weakest part of your security stance – your users – and organizations doing little to address it.

Cybersecurity 104

Cybersecurity Security IT Security awareness 104

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Dark Reading

APRIL 7, 2022

Risk increases as the lines between physical and digital supply chains blur and the computing footprint expands.

Risk 123

Risk 123

KnowBe4

APRIL 7, 2022

Last month, Latvian and Lithuanian police – in conjunction with Europol – coordinated a raid on 3 call centers responsible for an international effort to defraud victims worldwide.

94

94

Threatpost

APRIL 7, 2022

Researchers discovered the vulnerability in an API already integrated into many bank systems, which could have defrauded millions of users by giving attackers access to their funds.

Access 92

Access 92

Security Affairs

APRIL 7, 2022

Palo Alto Networks addressed a high-severity OpenSSL infinite loop vulnerability, tracked as CVE-2022-0778 , that affects some of its firewall, VPN, and XDR products. In Mid March, OpenSSL released updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778 , that affects the BN_mod_sqrt() function used when certificate parsing.

Libraries 90

Libraries Cybersecurity Authentication Cloud 90

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

KnowBe4

APRIL 7, 2022

A phishing campaign impersonating WhatsApp has targeted more than 27,000 mailboxes, according to researchers at Armorblox. It’s not clear who the attackers were, but they used an old version of a road safety operations website belonging to Russia’s Ministry of Internal Affairs, which helped the emails to bypass authentication checks.

Phishing 88

Phishing Authentication 88

IG Guru

APRIL 7, 2022

Check out the post here. The post AWS Announces Data Transfer Price Reduction for AWS PrivateLink, AWS Transit Gateway, and AWS Client VPN services appeared first on IG GURU.

Information governance 86

Information governance Government Information Security Security 86

WIRED Threat Level

APRIL 7, 2022

The proposal would stop the biggest platforms from giving themselves an advantage over the little guys. Who's afraid of a little competition?

Security 97

Security 97

Security Affairs

APRIL 7, 2022

VMware fixed critical vulnerabilities in multiple products that could be exploited by remote attackers to execute arbitrary code. VMware has addressed critical remote code vulnerabilities in multiple products , including VMware’s Workspace ONE Access, VMware Identity Manager (vIDM), vRealize Lifecycle Manager, vRealize Automation, and VMware Cloud Foundation products.

Authentication 85

Authentication Risk Cloud Cybersecurity 85

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Schneier on Security

APRIL 7, 2022

The Justice Department announced the disruption of a Russian GRU-controlled botnet: The Justice Department today announced a court-authorized operation, conducted in March 2022, to disrupt a two-tiered global botnet of thousands of infected network hardware devices under the control of a threat actor known to security researchers as Sandworm, which the U.S. government has previously attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation

Manufacturing 80

Manufacturing Government Access Security 80

Security Affairs

APRIL 7, 2022

Recently discovered malware loader Colibri leverages a trivial and efficient persistence mechanism to deploy Windows Vidar data stealer. Malwarebytes researchers observed a new loader, dubbed Colibri, which has been used to deploy a Windows information stealer tracked as Vidar in a recent campaign. The Colibri Loader first appeared in the threat landscape in August 2021 when it was advertised in the underground forums.

Cybersecurity 81

Cybersecurity IT Security Information Security 81

Dark Reading

APRIL 7, 2022

Collaboration between the two firms will help organizations better identify and protect against complexity cyberthreats, chief executives from both companies said.

IT 84

IT 84

John Battelle's Searchblog

APRIL 7, 2022

Caveat: This will likely be one of my longish, link-heavy Thinking Out Loud pieces, so I invite you all to pour yourselves a glass of your favorite adult beverage or rustle up a fine cannabis pairing, should you care to indulge… As The Recount prepares for a major launch this spring, I found myself again contemplating the state of digital marketing – a subject I’ve written about extensively over the years.

Marketing 72

Marketing IT Risk Sales 72

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Dark Reading

APRIL 7, 2022

Trendy restaurant tables now feature QR codes that lead to menus, payment apps, and CISO nightmares.

92

92

Threatpost

APRIL 7, 2022

Huntress Labs R&D Director Jamie Levy busts the old “Macs don’t get viruses” myth and offers tips on how MacOS malware differs and how to protect against it.

IT 67

IT Security 67

Dark Reading

APRIL 7, 2022

Members of BlackMatter, and possibly REvil, have likely resurfaced in the new ransomware-as-a-service group ALPHV, whose primary tool is the BlackCat malware.

Ransomware 90

Ransomware 90