Jamf

DECEMBER 20, 2021

Log4j, a third-party security vulnerability affecting Java libraries that handle logging has recently been making the rounds, impacting an unknown number of products and services that utilize those libraries. This is making systems vulnerable to attacks by threat actors actively exploiting the affected systems in the wild. Jamf is here to explain what the risks are, why it’s so important and provide guidance on how admins can proceed going forward with this critical vulnerability.

Libraries 59

Libraries Risk Security IT 59

The Last Watchdog

DECEMBER 20, 2021

Within the past year, we have seen a glut of ransomware attacks that made global news as they stymied the operations of many. In May, the infamous Colonial Pipeline ransomware attack disrupted nationwide fuel supply to most of the U.S. East Coast for six days. Related: Using mobile apps to radicalize youth. But the danger has moved up a notch with a new, grave threat: killware.

Phishing 225

Phishing Ransomware Analytics Cybersecurity 225

Dark Reading

DECEMBER 20, 2021

Security experts in Germany discover similar attacks that lock building engineering management firms out of the BASes they built and manage — by turning a security feature against them.

Security 144

Security 144

Schneier on Security

DECEMBER 20, 2021

Citizen Lab published another report on the spyware used against two Egyptian nationals. One was hacked by NSO Group’s Pegasus spyware. The other was hacked both by Pegasus and by the spyware from another cyberweapons arms manufacturer: Cytrox. We haven’t heard a lot about Cytrox and its Predator spyware. According to Citzen Lab: We conducted Internet scanning for Predator spyware servers and found likely Predator customers in Armenia, Egypt, Greece, Indonesia, Madagascar, Oman, Saud

Manufacturing 124

Manufacturing Access IT 124

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Security Affairs

DECEMBER 20, 2021

DarkWatchman is a new lightweight javascript-based Remote Access Trojan (RAT) that uses novel methods for fileless persistence. Recently Prevailion experts detected a malicious javascript-based Remote Access Trojan (RAT) dubbed DarkWatchman that uses a robust Domain Generation Algorithm (DGA) to contact the C2 infrastructure and novel methods for fileless persistence, on-system activity, and dynamic run-time capabilities like self-updating and recompilation. .

Archiving 114

Archiving Communications Ransomware Phishing 114

Security Affairs

DECEMBER 20, 2021

The Belgian defense ministry was hit by a cyber attack, it seems that threat actors exploited the Log4Shell vulnerability. The Belgian defense ministry confirmed it was hit by a cyberattack, it seems that threat actors exploited the Log4Shell vulnerability. The attack was uncovered on Thursday and today the government disclosed it, but according to local media , the security breach blocked the ministry’s activities for several days. “Hackers exploited a vulnerability in software call

Government 109

Government Cybersecurity Security IT 109

Dark Reading

DECEMBER 20, 2021

Some think zero trust means you cannot or should not trust employees, an approach that misses the mark and sets up everyone for failure.

125

125

Record Nations

DECEMBER 20, 2021

As the holiday season approaches, it’s likely that many of us will be receiving smart devices as gifts. Smart devices are becoming more and more common, and many of our appliances even have “smart features”. In fact, you may be in possession of some of these items, and not even know it. Smart devices can […]. The post How Secure are Smart Devices?

Security 105

Security IT Data breaches 105

Hunton Privacy

DECEMBER 20, 2021

On December 17, 2021, the European Commission announced that it had adopted its adequacy decision on the Republic of Korea. The adequacy decision allows for the free flow of personal data between the EU and Korea, without any further need for authorization or additional transfer tool. The adequacy decision also covers transfers of personal data between public authorities.

Personal data 105

Personal data Access IT Information Security 105

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Dark Reading

DECEMBER 20, 2021

Meanwhile, Apache Foundation releases third update to logging tool in 10 days to address yet another flaw.

136

136

Threatpost

DECEMBER 20, 2021

Conti has become the first professional-grade, sophisticated ransomware group to weaponize Log4j2, now with a full attack chain.

Ransomware 123

Ransomware Security 123

Data Matters

DECEMBER 20, 2021

In a much anticipated (and, to many, long overdue) release published in mid-November, the U.S. Securities and Exchange Commission (SEC) proposed to update its decades-old recordkeeping requirements for broker-dealers to, among other things, allow for electronic records to be retained in a manner other than “exclusively in a non-rewriteable, non-erasable format” (aka write once, read many, or WORM).

Compliance 88

Compliance Access Paper Authentication 88

Security Affairs

DECEMBER 20, 2021

The FBI warns that zero-day flaw in Zoho’s ManageEngine Desktop Central has been under active exploitation by nation-state actors since October. The Federal Bureau of Investigation (FBI) revealed that the critical CVE-2021-44515 zero-day vulnerability in Zoho’s ManageEngine Desktop Central has been under active exploitation by nation-state actors since at least October.

Authentication 98

Authentication Security IT Cybersecurity 98

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Rocket Software

DECEMBER 20, 2021

Customers and employees today are demanding increasingly higher quality digital user experiences. This means modern DevOps teams need to deploy applications efficiently and securely. Most enterprises have a process in place for their IBM i application development, but as their organizational needs become more complex, so do the DevOps processes they require.

Compliance 82

Compliance Risk Mining Paper 82

Security Affairs

DECEMBER 20, 2021

An alleged APT group planted a backdoor in the network of a U.S. federal government commission associated with international rights. Experts spotted a backdoor in the network of an unnamed U.S. federal government commission associated with international rights. The backdoor allowed the threat actors to achieve complete control over the infected networks, experts described the compromise as a “classic APT-type operation.” According to security firm Avast who discovered the attack, the

Government 93

Government Libraries Access Security 93

Hunton Privacy

DECEMBER 20, 2021

On December 15, 2021, the Federal Trade Commission announced a $2 million settlement with OpenX Technologies (“OpenX”) in connection with alleged violations of the Children’s Online Privacy Protection Act Rule (“COPPA Rule”) and the FTC Act. According to the FTC’s complaint, OpenX knowingly collected personal information from children under age 13 without parental consent, and collected geolocation data from users of all ages who opted out of being tracked.

Privacy 87

Privacy IT Marketing 87

Dark Reading

DECEMBER 20, 2021

The acquisition of Cedrus Digital, with its consulting-led model and over 150 cloud, data and product engineers, primarily in the United States, will further augment Brillio’s nearshore digital transformation capabilities offered for Fortune 500 clients.

Digital transformation 70

Digital transformation Cloud IT 70

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Threatpost

DECEMBER 20, 2021

The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI.

Libraries 73

Libraries IT Security 73

IG Guru

DECEMBER 20, 2021

Special thank you to G. Mark Walsh, CA CRM for posting this on LinkedIn as well as Peter Kurilecz, FAI, CRM, CA, IGP on LinkedIn. The post RIM industry mourns the passing of Virginia “Ginny” Jones, CRM, FAI appeared first on IG GURU.

71

71

Threatpost

DECEMBER 20, 2021

T-Mobile reported blocking 21 billion scam calls during a record-smashing year for robocalls.

Security 93

Security 93

Dark Reading

DECEMBER 20, 2021

Half of security decision makers also say the cyber skills gap will significantly impact their 2022 strategy, according to new research from Neustar.

Cybersecurity 75

Cybersecurity Security 75

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Jamf

DECEMBER 20, 2021

Log4j, a third-party security vulnerability affecting Java libraries that handle logging has recently been making the rounds, impacting an unknown number of products and services that utilize those libraries. This is making systems vulnerable to attacks by threat actors actively exploiting the affected systems in the wild. Jamf is here to explain what the risks are, why it’s so important and provide guidance on how admins can proceed going forward with this critical vulnerability.

Libraries 52

Libraries Risk Security IT 52

Dark Reading

DECEMBER 20, 2021

Challenges were designed to address critical areas of cybersecurity, including reversing, cloud, IoT, open source intelligence, forensics, and machine learning.

IoT 70

IoT Cloud Cybersecurity 70

Data Protection Report

DECEMBER 20, 2021

As part of Singapore’s move towards living with COVID-19 as an endemic disease, the country has been making efforts to re-open its economy. In order to facilitate the safe re-opening of the economy, the Ministry of Manpower (“ MOM ”) and the Tripartite Alliance for Fair and Progressive Employment Practices (“ TAFEP ”) have collectively issued new guidance for employers on the COVID-19 measures to be implemented at the workplace from 1 January 2022 (the “ MOM Guidance ”) [1].

Personal data 52

Personal data Access Risk IT 52

Dark Reading

DECEMBER 20, 2021

Vladislav Klyushin was allegedly involved in a global operation to trade on nonpublic data stolen from US computer networks.

79

79

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Jamf

DECEMBER 20, 2021

Wandera is now part of Jamf. Here's how we're delivering a new, unified security brand.

Security 52

Security 52

Dark Reading

DECEMBER 20, 2021

Led by IoT security expert Larry Trowell, the IoT pen-testing services focus on securing ATMs, automotive, medical devices, operational technology, and other embedded systems.

IoT 62

IoT Security IT 62

Collibra

DECEMBER 20, 2021

The explosion of data across organizations has led to a wide variety of ways to store, catalog and use that data. One common organizational theme is a central data lake, which is useful for centrally maintaining as much data as possible and having corporate data engineering store it securely. But modern data-consuming organizations are discovering that central data lakes have their downsides.

Cloud 52

Cloud Government Metadata Access 52