Thu.Jan 13, 2022

GUEST ESSAY: JPMorgan’s $200 million in fines stems from all-too-common compliance failures

The Last Watchdog

Last month’s $125 million Security and Exchange Commission (SEC) fine combined with the $75 million U.S. Commodity Futures Trading Commission (CFTC) fine against JPMorgan sent shockwaves through financial and other regulated customer-facing industries. Related: Why third-party risks are on the rise.

Redefining the CISO-CIO Relationship

Dark Reading

While these roles have different needs, drivers, and objectives, they should complement each other rather than compete with one another


Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Open Source Sabotage Incident Hits Software Supply Chain

eSecurity Planet

An astonishing incident in recent days highlights the risks of widespread dependence on open source software – while also highlighting the free labor corporations benefit from by using open source software.

Fighting Back Against Pegasus, Other Advanced Mobile Malware

Dark Reading

Detecting infection traces from Pegasus and other APTs can be tricky, complicated by iOS and Android security features

Build Your Open Data Lakehouse on Apache Iceberg

Speaker: Veena Vasudevan and Jason Hughes

In this webinar, Dremio and AWS will discuss the most common challenges in data architecture and how to overcome them with an open data lakehouse architecture on AWS. Sign up now!

Threat actors abuse public cloud services to spread multiple RATs

Security Affairs

Threat actors are actively abusing cloud services from Amazon and Microsoft to deliver RATs such as Nanocore , Netwire , and AsyncRAT.

Cloud 97

More Trending

Cisco fixes a critical flaw in Unified CCMP and Unified CCDM

Security Affairs

Cisco fixed a critical privilege escalation vulnerability, tracked as CVE-2022-20658, in Unified CCMP and Unified CCDM.

Microsoft RDP Bug Enables Data Theft, Smart-Card Hijacking

Dark Reading

The vulnerability was patched this week in Microsoft's set of security updates for January 2022

Using Foreign Nationals to Bypass US Surveillance Restrictions

Schneier on Security

Remember when the US and Australian police surreptitiously owned and operated the encrypted cell phone app ANOM? They arrested 800 people in 2021 based on that operation.

How to Protect Your Phone from Pegasus and Other APTs

Dark Reading

The good news is that you can take steps to avoid advanced persistent threats. The bad news is that it might cost you iMessage. And FaceTime

IT 109

The Ultimate Guide to Hardening Windows Servers

IT Professional looking to harden your servers? ThreatLocker’s got you covered. The Ultimate Guide to Hardening Windows Servers offers tips and best practices to help mitigate cyber threats, better protect your servers, and secure your endpoints. Download today!

USCYBERCOM: MuddyWater APT is linked to Iran’s MOIS intelligence

Security Affairs

US Cyber Command (USCYBERCOM) has officially linked the Iran-linked MuddyWater APT group to Iran’s Ministry of Intelligence and Security (MOIS).

How Cybercriminals Are Cashing in on the Culture of 'Yes'

Dark Reading

The reward is always front of mind, while the potential harm of giving out a phone number doesn't immediately reveal itself


Iran-Based APT35 Group Exploits Log4J Flaw

eSecurity Planet

Security researchers are continuing to see state-supported hacking groups developing tools to leverage the high-profile Log4j vulnerability that exploded onto the scene last month even as the White House and other parts of the federal government look for ways to get ahead of the threat.

BlueNoroff Threat Group Targets Cryptocurrency Startups

Dark Reading

A series of attacks against small and medium-sized businesses has led to major cryptocurrency losses for the victims


Data Value Scorecard Report

This report examines the quantitative research of data leaders on data value and return on investment.

Mozilla addresses High-Risk Firefox, Thunderbird vulnerabilities

Security Affairs

Mozilla addressed18 security vulnerabilities affecting the popular Firefox web browser and the Thunderbird mail program. Mozilla released Firefox 96 that addressed 18 security vulnerabilities in its web browser and the Thunderbird mail program.

Risk 87

North Korean Hackers Stole Nearly $400M in Crypto Last Year

WIRED Threat Level

The regime had a “banner year,” thanks to skyrocketing cryptocurrency values and a new generation of vulnerable startups. Security Security / Cyberattacks and Hacks

Adobe Cloud Abused to Steal Office 365, Gmail Credentials


Threat actors are creating accounts within the Adobe Cloud suite and sending images and PDFs that appear legitimate to target Office 365 and Gmail users, researchers from Avanan discovered. Hacks Malware Web Security

Cloud 106

European Commission Defends Irish Data Protection Commissioner

Hunton Privacy

In a letter addressed to certain members of the European Parliament (“MEPs”), European Commissioner for Justice Reynders refuted some of the criticism that has been raised against the Irish Data Protection Commissioner (“DPC”). Background.

TCO Considerations of Using a Cloud Data Warehouse for BI and Analytics

Enterprises poured $73 billion into data management software in 2020 – but are seeing very little return on their data investments. 22% of data leaders surveyed have fully realized ROI in the past two years, with 56% having no consistent way of measuring it.

Microsoft Yanks Buggy Windows Server Updates


Since their release on Patch Tuesday, the updates have been breaking Windows, causing spontaneous boot loops on Windows domain controller servers, breaking Hyper-V and making ReFS volume systems unavailable. Vulnerabilities Web Security

Catches of the Month: Phishing Scams for January 2022

IT Governance

Welcome to the first review of phishing attacks for 2022, in which we explore the latest scams and the tactics that cyber criminals use to trick people into handing over their personal information.

IT 71

New HIPAA Regulations in 2022 via the HIPAA Journal

IG Guru

Check out the article here. The post New HIPAA Regulations in 2022 via the HIPAA Journal appeared first on IG GURU. Compliance Education HIPAA information privacy Risk News 2022 HIPAA Journal

North Korean APTs Stole ~$400M in Crypto in 2021


Meanwhile, EtherumMax got sued over an alleged pump-and-dump scam after using celebs like Floyd Mayweather Jr. & & Kim Kardashian to promote EMAX Tokens. Hacks Web Security

12 Considerations When Evaluating Data Lake Engine Vendors for Analytics and BI

Businesses today compete on their ability to turn big data into essential business insights. Modern enterprises leverage cloud data lakes as the platform used to store data. 57% of the enterprises currently using a data lake cite improved business agility as a benefit.

Top four trends for the U.S. Public Sector in 2022

OpenText Information Management

There are many shifts happening in government in the year ahead, such as moving from a project-based to customer-oriented focus, the emergence of work-anywhere environments and actively addressing organizational infrastructure and design debts.

Cloud 67

US Military Ties Prolific MuddyWater Cyberespionage APT to Iran


US Cyber Command linked the group to Iranian intelligence and detailed its multi-pronged, increasingly sophisticated suite of malware tools. Government Hacks Malware Vulnerabilities Web Security

Meta sued for £2.3bn over claim Facebook users in UK were exploited

The Guardian Data Protection

Lawsuit claims company set ‘unfair price’ by taking users’ personal data without proper compensation Mark Zuckerberg’s Meta is being sued for £2.3bn in a class action lawsuit that claims 44 million Facebook users in the UK had their data exploited after signing up to the social network.

Getting the Most out of Your Keyword Searches

eDiscovery Daily

Though a more basic searching technique, keyword searches allow professionals to identify one or two specific words from multiple documents. Nowadays, keyword searches are considered inferior to the successor, predictive coding (TAR).

Checklist Report: Preparing for the Next-Generation Cloud Data Architecture

Data architectures have evolved dramatically. It is time to reconsider the fundamental ways that information is accumulated, managed, and then provisioned to the different downstream data consumers.

New GootLoader Campaign Targets Accounting, Law Firms


GootLoader hijacks WordPress sites to lure professionals to download malicious sample contract templates. Malware Vulnerabilities Web Security

CNIL Fines Big Tech Companies 210 Million Euros for Cookie Violations

Hunton Privacy

On December 31, 2021, the French Data Protection Authority (the “CNIL”) imposed a €150,000,000 fine on Google and a €60,000,000 fine on Facebook (now Meta) for violations of French rules on the use of cookies. Background.

2022 Will Be the Year of Hybrid Everything

Rocket Software

There may be several different associations that come to mind when we hear the word hybrid, but essentially, they all refer to a combination of multiple elements coming together to create something with the best possible capabilities. .