Krebs on Security
JANUARY 28, 2022
In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. “ BlackCat “), considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language. In this post, we’ll explore some of the clues left behind by a developer who was reputedly hired to code the ransomware variant.
Data Matters
JANUARY 28, 2022
On January 11, 2022, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) recently released a joint Cybersecurity Advisory warning critical infrastructure operators about the threat of Russian state-sponsored cyberattacks and recommended best practices to minimize disruption from such an attack (the “Advisory”).
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Hunton Privacy
JANUARY 28, 2022
On January 21, 2022, the Federal Trade Commission published two new resources for complying with the Health Breach Notification Rule (the “Rule”). In September 2021, the FTC issued a Policy Statement clarifying that the Rule applies to makers of health apps, connected devices and similar products. As we previously blogged , the Rule requires vendors of personal health records (“PHR”), PHR-related entities and service providers to these entities, to notify consumers and the FTC (and, in some case
Schneier on Security
JANUARY 28, 2022
A German activist is trying to track down a secret government intelligence agency. One of her research techniques is to mail Apple AirTags to see where they actually end up: Wittmann says that everyone she spoke to denied being part of this intelligence agency. But what she describes as a “good indicator,” would be if she could prove that the postal address for this “federal authority” actually leads to the intelligence service’s apparent offices. “To understa
Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage
Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.
eSecurity Planet
JANUARY 28, 2022
Microsoft in November fended off a massive distributed denial-of-service (DDoS) attack in its Azure cloud that officials said was the largest ever recorded, the latest in a wave of record attacks that washed over the IT industry in the second half of 2021. The enterprise software and cloud giant said in a blog post this week that during the last six months of the year, there was a 40 percent increase in the number of DDoS attacks worldwide over the first half of 2021, with an average of 1,955 at
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Threatpost
JANUARY 28, 2022
The group once again dangled fake job opportunities at engineers in a spear-phishing campaign that used Windows Update as a living-off-the-land technique and GitHub as a C2.
DLA Piper Privacy Matters
JANUARY 28, 2022
On behalf of DLA Piper’s Global Data Protection team, we would like to wish you a happy International Data Protection Day 2022. We hope that the year has started off well and you will have a safe and healthy year ahead. Data Protection Laws of the World. To celebrate International Data Protection Day, we are delighted to launch our annual update to the Data Protection Laws of the World guide.
Security Affairs
JANUARY 28, 2022
A researcher devised a technique to bypass a security feature of Microsoft Outlook and deliver a malicious link to the recipient. Reegun Richard Jayapaul, SpiderLabs lead threat architect at Trustwave, has devised a technique to bypass a security feature of Microsoft Outlook and deliver a malicious link to the recipient. While investigating a malware campaign, the expert discovered that multiple emails were bypassing a specific email security system.
Micro Focus
JANUARY 28, 2022
We are excited to announce the agenda for Micro Focus Universe is now LIVE! Our largest event of the year will focus on the key challenge facing Enterprises today—how do you keep the lights on while innovating to keep up with the competition? Micro Focus Universe 2022 will feature insights, use cases, best practices, and advice from your peers, Micro Focus experts, and partners.
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
Security Affairs
JANUARY 28, 2022
Zero-day exploit broker Zerodium announced it will pay $400,000 for zero-day RCE in Microsoft Outlook email client. The zero-day exploit broker Zerodium has announced it will pay $400,000 for zero-day remote code execution (RCE) vulnerabilities in the Microsoft Outlook email client. We're currently paying up to $200,000 per exploit for Mozilla Thunderbird RCEs.
Dark Reading
JANUARY 28, 2022
Nearly every organization should assume that it is at risk, but there are ways of countering the tactics used by advanced persistent threats.
Security Affairs
JANUARY 28, 2022
Delta Electronics, a Taiwanese contractor for multiple tech giants such as Apple, Dell, HP and Tesla, was hit by Conti ransomware. Taiwanese electronics manufacturing company Delta Electronics was hit by the Conti ransomware that took place this week. Delta Electronics operates as a contractor for major tech giants such as Apple, Tesla, HP, and Dell.
Dark Reading
JANUARY 28, 2022
The next big threat to corporate security may not be a new strain of malware or innovative attacker tactics, techniques, and processes. It may be our own mental health.
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
Security Affairs
JANUARY 28, 2022
Finland Ministry for Foreign Affairs revealed that devices of Finnish diplomats have been infected with NSO Group’s Pegasus spyware. Finland’s Ministry for Foreign Affairs revealed that the devices of some Finnish diplomats have been compromised with the infamous NSO Group’s Pegasus spyware. The diplomats were targeted with the popular surveillance software as part of a cyber-espionage campaign. “Finnish diplomats have been targets of cyber espionage by means of the Pegas
Dark Reading
JANUARY 28, 2022
One third of the companies studied haven't fixed their credential management — the same issue that led to the Colonial Pipeline hack last May.
Security Affairs
JANUARY 28, 2022
The UK’s National Cyber Security Centre (NCSC) urges organizations to improve cybersecurity due to the risk of imminent destructive cyberattacks from Russia-linked APT groups. The UK’s National Cyber Security Centre (NCSC) is urging organizations to improve their cybersecurity posture due to the imminent risk of destructive cyber-attacks from Russian state-sponsored threat actors after recent attacks against Ukrainian entities.
IG Guru
JANUARY 28, 2022
Check out the post here. The post Let’s Hit the Slopes: What to Know About Colorado’s Personal Privacy Act – Via Zasio appeared first on IG GURU.
Advertisement
“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.
Threatpost
JANUARY 28, 2022
MacOS malware Shlayer and Bundlore may have variations, but the behavior of their attacks have not changed – attacking older macOS versions and poorly-protected websites.
Dark Reading
JANUARY 28, 2022
Fewer than one-quarter of organizations believe they are fully prepared for a ransomware attack, threatening data privacy
Threatpost
JANUARY 28, 2022
The sweetened deal came on the same day that Trustwave SpiderLabs published a new way to bypass Outlook security to deliver malicious links to victims.
eSecurity Planet
JANUARY 28, 2022
Video conferencing vendor Zoom has seen its fortunes soar amid the remote work boom of the last two years, and other cloud collaboration platforms like Microsoft Teams and Cisco Webex have seen demand skyrocket too. The sharp increase in demand put a focus on security shortcomings in Zoom’s architecture – “Zoombombing” became a thing – that the company was quick to address.
Advertisement
If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.
Threatpost
JANUARY 28, 2022
QNAP had to push out an unexpected (and not entirely welcome) NAS device update, and Delta Electronics' network has been crippled.
Schneier on Security
JANUARY 28, 2022
New fossils from Newfoundland push the origins of cephalopods to 522 million years ago. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.
Collibra
JANUARY 28, 2022
As the world rapidly becomes a more digital version of itself with each passing moment, the discussion of protecting the things we put online—as private citizens and as businesses or corporations—becomes more impactful than ever. . The past few years have provided us with an interesting twist on this conversation—what happens to our data privacy—and the policies we put in place—when something unexpected and world-altering occurs?
Expert insights. Personalized for you.
255 
Let's personalize your content