Thu.Jan 13, 2022

GUEST ESSAY: JPMorgan’s $200 million in fines stems from all-too-common compliance failures

The Last Watchdog

Last month’s $125 million Security and Exchange Commission (SEC) fine combined with the $75 million U.S. Commodity Futures Trading Commission (CFTC) fine against JPMorgan sent shockwaves through financial and other regulated customer-facing industries. Related: Why third-party risks are on the rise.

How to Protect Your Phone from Pegasus and Other APTs

Dark Reading

The good news is that you can take steps to avoid advanced persistent threats. The bad news is that it might cost you iMessage. And FaceTime

IT 114
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Threat actors abuse public cloud services to spread multiple RATs

Security Affairs

Threat actors are actively abusing cloud services from Amazon and Microsoft to deliver RATs such as Nanocore , Netwire , and AsyncRAT.

Cloud 109

How Cybercriminals Are Cashing in on the Culture of 'Yes'

Dark Reading

The reward is always front of mind, while the potential harm of giving out a phone number doesn't immediately reveal itself

114
114

100 Pipeline Plays: The Modern Sales Playbook

For the first time, we’re sharing the winning plays that took us from scrappy startup to a publicly traded company. Use our proven data-driven plays to grow your pipeline and crush your revenue targets.

USCYBERCOM: MuddyWater APT is linked to Iran’s MOIS intelligence

Security Affairs

US Cyber Command (USCYBERCOM) has officially linked the Iran-linked MuddyWater APT group to Iran’s Ministry of Intelligence and Security (MOIS).

More Trending

Cisco fixes a critical flaw in Unified CCMP and Unified CCDM

Security Affairs

Cisco fixed a critical privilege escalation vulnerability, tracked as CVE-2022-20658, in Unified CCMP and Unified CCDM.

Access 106

Microsoft RDP Bug Enables Data Theft, Smart-Card Hijacking

Dark Reading

The vulnerability was patched this week in Microsoft's set of security updates for January 2022

Mozilla addresses High-Risk Firefox, Thunderbird vulnerabilities

Security Affairs

Mozilla addressed18 security vulnerabilities affecting the popular Firefox web browser and the Thunderbird mail program. Mozilla released Firefox 96 that addressed 18 security vulnerabilities in its web browser and the Thunderbird mail program.

Risk 98

Fighting Back Against Pegasus, Other Advanced Mobile Malware

Dark Reading

Detecting infection traces from Pegasus and other APTs can be tricky, complicated by iOS and Android security features

Optimize the Performance of Your Serverless Functions

Run mission-critical applications on serverless without sacrificing visibility.

Open Source Sabotage Incident Hits Software Supply Chain

eSecurity Planet

An astonishing incident in recent days highlights the risks of widespread dependence on open source software – while also highlighting the free labor corporations benefit from by using open source software.

New Vulnerabilities Highlight Risks of Trust in Public Cloud

Dark Reading

Major cloud providers are vulnerable to exploitation because a single flaw can be turned into a global attack using trusted core services

Risk 113

Using Foreign Nationals to Bypass US Surveillance Restrictions

Schneier on Security

Remember when the US and Australian police surreptitiously owned and operated the encrypted cell phone app ANOM? They arrested 800 people in 2021 based on that operation.

BlueNoroff Threat Group Targets Cryptocurrency Startups

Dark Reading

A series of attacks against small and medium-sized businesses has led to major cryptocurrency losses for the victims

87

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

Iran-Based APT35 Group Exploits Log4J Flaw

eSecurity Planet

Security researchers are continuing to see state-supported hacking groups developing tools to leverage the high-profile Log4j vulnerability that exploded onto the scene last month even as the White House and other parts of the federal government look for ways to get ahead of the threat.

Adobe Cloud Abused to Steal Office 365, Gmail Credentials

Threatpost

Threat actors are creating accounts within the Adobe Cloud suite and sending images and PDFs that appear legitimate to target Office 365 and Gmail users, researchers from Avanan discovered. Hacks Malware Web Security

Cloud 113

North Korean Hackers Stole Nearly $400M in Crypto Last Year

WIRED Threat Level

The regime had a “banner year,” thanks to skyrocketing cryptocurrency values and a new generation of vulnerable startups. Security Security / Cyberattacks and Hacks

Microsoft Yanks Buggy Windows Server Updates

Threatpost

Since their release on Patch Tuesday, the updates have been breaking Windows, causing spontaneous boot loops on Windows domain controller servers, breaking Hyper-V and making ReFS volume systems unavailable. Vulnerabilities Web Security

Your Guide to Using Conversational Marketing to Drive Demand Generation

What is conversational marketing really about? This guide will examine the market forces at play, shifting buyer trends, how to leverage conversation marketing, and the tactics involved in adopting it for a B2B demand generation strategy.

Catches of the Month: Phishing Scams for January 2022

IT Governance

Welcome to the first review of phishing attacks for 2022, in which we explore the latest scams and the tactics that cyber criminals use to trick people into handing over their personal information.

New GootLoader Campaign Targets Accounting, Law Firms

Threatpost

GootLoader hijacks WordPress sites to lure professionals to download malicious sample contract templates. Malware Vulnerabilities Web Security

European Commission Defends Irish Data Protection Commissioner

Hunton Privacy

In a letter addressed to certain members of the European Parliament (“MEPs”), European Commissioner for Justice Reynders refuted some of the criticism that has been raised against the Irish Data Protection Commissioner (“DPC”). Background.

IT 100

North Korean APTs Stole ~$400M in Crypto in 2021

Threatpost

Meanwhile, EtherumMax got sued over an alleged pump-and-dump scam after using celebs like Floyd Mayweather Jr. & & Kim Kardashian to promote EMAX Tokens. Hacks Web Security

Monitoring AWS Container Environments at Scale

In this eBook, learn how to monitor AWS container environments at scale with Datadog and which key metrics to monitor when leveraging two container orchestration systems (ECS and EKS).

Weekly Update 278

Troy Hunt

I recorded this a week after Charlotte appeared with me, fresh out of isolation with a negative COVID test. However. 9 year old Elle had tested positive on Monday (albeit entirely symptomatic, so no idea how long she'd been positive) but hey, hopefully she'd be clear today.

IT 67

US Military Ties Prolific MuddyWater Cyberespionage APT to Iran

Threatpost

US Cyber Command linked the group to Iranian intelligence and detailed its multi-pronged, increasingly sophisticated suite of malware tools. Government Hacks Malware Vulnerabilities Web Security

New HIPAA Regulations in 2022 via the HIPAA Journal

IG Guru

Check out the article here. The post New HIPAA Regulations in 2022 via the HIPAA Journal appeared first on IG GURU. Compliance Education HIPAA information privacy Risk News 2022 HIPAA Journal

Top four trends for the U.S. Public Sector in 2022

OpenText Information Management

There are many shifts happening in government in the year ahead, such as moving from a project-based to customer-oriented focus, the emergence of work-anywhere environments and actively addressing organizational infrastructure and design debts.

Cloud 64

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

Getting the Most out of Your Keyword Searches

eDiscovery Daily

Though a more basic searching technique, keyword searches allow professionals to identify one or two specific words from multiple documents. Nowadays, keyword searches are considered inferior to the successor, predictive coding (TAR).

CNIL Fines Big Tech Companies 210 Million Euros for Cookie Violations

Hunton Privacy

On December 31, 2021, the French Data Protection Authority (the “CNIL”) imposed a €150,000,000 fine on Google and a €60,000,000 fine on Facebook (now Meta) for violations of French rules on the use of cookies. Background.

Meta sued for £2.3bn over claim Facebook users in UK were exploited

The Guardian Data Protection

Lawsuit claims company set ‘unfair price’ by taking users’ personal data without proper compensation Mark Zuckerberg’s Meta is being sued for £2.3bn in a class action lawsuit that claims 44 million Facebook users in the UK had their data exploited after signing up to the social network.