Jamf

DECEMBER 20, 2021

Log4j, a third-party security vulnerability affecting Java libraries that handle logging has recently been making the rounds, impacting an unknown number of products and services that utilize those libraries. This is making systems vulnerable to attacks by threat actors actively exploiting the affected systems in the wild. Jamf is here to explain what the risks are, why it’s so important and provide guidance on how admins can proceed going forward with this critical vulnerability.

Libraries 59

Libraries Risk Security IT 59

The Last Watchdog

DECEMBER 20, 2021

Within the past year, we have seen a glut of ransomware attacks that made global news as they stymied the operations of many. In May, the infamous Colonial Pipeline ransomware attack disrupted nationwide fuel supply to most of the U.S. East Coast for six days. Related: Using mobile apps to radicalize youth. But the danger has moved up a notch with a new, grave threat: killware.

Phishing 256

Phishing Ransomware Analytics Cybersecurity 256

Dark Reading

DECEMBER 20, 2021

Security experts in Germany discover similar attacks that lock building engineering management firms out of the BASes they built and manage — by turning a security feature against them.

Security 144

Security 144

Schneier on Security

DECEMBER 20, 2021

Citizen Lab published another report on the spyware used against two Egyptian nationals. One was hacked by NSO Group’s Pegasus spyware. The other was hacked both by Pegasus and by the spyware from another cyberweapons arms manufacturer: Cytrox. We haven’t heard a lot about Cytrox and its Predator spyware. According to Citzen Lab: We conducted Internet scanning for Predator spyware servers and found likely Predator customers in Armenia, Egypt, Greece, Indonesia, Madagascar, Oman, Saud

Manufacturing 130

Manufacturing Access IT 130

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, CTO of Betterworks, will explore a practical framework to transform Generative AI prototypes into

Artificial Intelligence

Security Affairs

DECEMBER 20, 2021

DarkWatchman is a new lightweight javascript-based Remote Access Trojan (RAT) that uses novel methods for fileless persistence. Recently Prevailion experts detected a malicious javascript-based Remote Access Trojan (RAT) dubbed DarkWatchman that uses a robust Domain Generation Algorithm (DGA) to contact the C2 infrastructure and novel methods for fileless persistence, on-system activity, and dynamic run-time capabilities like self-updating and recompilation. .

Archiving 123

Archiving Communications Ransomware Phishing 123

Security Affairs

DECEMBER 20, 2021

The Belgian defense ministry was hit by a cyber attack, it seems that threat actors exploited the Log4Shell vulnerability. The Belgian defense ministry confirmed it was hit by a cyberattack, it seems that threat actors exploited the Log4Shell vulnerability. The attack was uncovered on Thursday and today the government disclosed it, but according to local media , the security breach blocked the ministry’s activities for several days. “Hackers exploited a vulnerability in software call

Government 114

Government Cybersecurity Security IT 114

Dark Reading

DECEMBER 20, 2021

Some think zero trust means you cannot or should not trust employees, an approach that misses the mark and sets up everyone for failure.

125

125

Record Nations

DECEMBER 20, 2021

As the holiday season approaches, it’s likely that many of us will be receiving smart devices as gifts. Smart devices are becoming more and more common, and many of our appliances even have “smart features”. In fact, you may be in possession of some of these items, and not even know it. Smart devices can […]. The post How Secure are Smart Devices?

Security 105

Security IT Data breaches 105

Hunton Privacy

DECEMBER 20, 2021

On December 17, 2021, the European Commission announced that it had adopted its adequacy decision on the Republic of Korea. The adequacy decision allows for the free flow of personal data between the EU and Korea, without any further need for authorization or additional transfer tool. The adequacy decision also covers transfers of personal data between public authorities.

Personal data 105

Personal data Access IT Information Security 105

Advertisement

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

Analytics

Dark Reading

DECEMBER 20, 2021

Meanwhile, Apache Foundation releases third update to logging tool in 10 days to address yet another flaw.

136

136

Security Affairs

DECEMBER 20, 2021

The FBI warns that zero-day flaw in Zoho’s ManageEngine Desktop Central has been under active exploitation by nation-state actors since October. The Federal Bureau of Investigation (FBI) revealed that the critical CVE-2021-44515 zero-day vulnerability in Zoho’s ManageEngine Desktop Central has been under active exploitation by nation-state actors since at least October.

Authentication 104

Authentication Security IT Cybersecurity 104

Threatpost

DECEMBER 20, 2021

Conti has become the first professional-grade, sophisticated ransomware group to weaponize Log4j2, now with a full attack chain.

Ransomware 123

Ransomware Security 123

Data Matters

DECEMBER 20, 2021

In a much anticipated (and, to many, long overdue) release published in mid-November, the U.S. Securities and Exchange Commission (SEC) proposed to update its decades-old recordkeeping requirements for broker-dealers to, among other things, allow for electronic records to be retained in a manner other than “exclusively in a non-rewriteable, non-erasable format” (aka write once, read many, or WORM).

Compliance 88

Compliance Access Paper Authentication 88

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

Security Affairs

DECEMBER 20, 2021

An alleged APT group planted a backdoor in the network of a U.S. federal government commission associated with international rights. Experts spotted a backdoor in the network of an unnamed U.S. federal government commission associated with international rights. The backdoor allowed the threat actors to achieve complete control over the infected networks, experts described the compromise as a “classic APT-type operation.” According to security firm Avast who discovered the attack, the

Government 98

Government Libraries Access Security 98

Rocket Software

DECEMBER 20, 2021

Customers and employees today are demanding increasingly higher quality digital user experiences. This means modern DevOps teams need to deploy applications efficiently and securely. Most enterprises have a process in place for their IBM i application development, but as their organizational needs become more complex, so do the DevOps processes they require.

Compliance 82

Compliance Risk Mining Paper 82

Hunton Privacy

DECEMBER 20, 2021

On December 15, 2021, the Federal Trade Commission announced a $2 million settlement with OpenX Technologies (“OpenX”) in connection with alleged violations of the Children’s Online Privacy Protection Act Rule (“COPPA Rule”) and the FTC Act. According to the FTC’s complaint, OpenX knowingly collected personal information from children under age 13 without parental consent, and collected geolocation data from users of all ages who opted out of being tracked.

Privacy 87

Privacy IT Marketing 87

Dark Reading

DECEMBER 20, 2021

The acquisition of Cedrus Digital, with its consulting-led model and over 150 cloud, data and product engineers, primarily in the United States, will further augment Brillio’s nearshore digital transformation capabilities offered for Fortune 500 clients.

Digital transformation 70

Digital transformation Cloud IT 70

Advertisement

Start-ups & SMBs launching products quickly must bundle dashboards, reports, & self-service analytics into apps. Customers expect rapid value from your product (time-to-value), data security, and access to advanced capabilities. Traditional Business Intelligence (BI) tools can provide valuable data analysis capabilities, but they have a barrier to entry that can stop small and midsize businesses from capitalizing on them.

Analytics

Threatpost

DECEMBER 20, 2021

The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI.

Libraries 73

Libraries IT Security 73

IG Guru

DECEMBER 20, 2021

Special thank you to G. Mark Walsh, CA CRM for posting this on LinkedIn as well as Peter Kurilecz, FAI, CRM, CA, IGP on LinkedIn. The post RIM industry mourns the passing of Virginia “Ginny” Jones, CRM, FAI appeared first on IG GURU.

68

68

Threatpost

DECEMBER 20, 2021

T-Mobile reported blocking 21 billion scam calls during a record-smashing year for robocalls.

Security 93

Security 93

Dark Reading

DECEMBER 20, 2021

Half of security decision makers also say the cyber skills gap will significantly impact their 2022 strategy, according to new research from Neustar.

Cybersecurity 75

Cybersecurity Security 75

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Jamf

DECEMBER 20, 2021

Log4j, a third-party security vulnerability affecting Java libraries that handle logging has recently been making the rounds, impacting an unknown number of products and services that utilize those libraries. This is making systems vulnerable to attacks by threat actors actively exploiting the affected systems in the wild. Jamf is here to explain what the risks are, why it’s so important and provide guidance on how admins can proceed going forward with this critical vulnerability.

Libraries 52

Libraries Risk Security IT 52

Dark Reading

DECEMBER 20, 2021

Challenges were designed to address critical areas of cybersecurity, including reversing, cloud, IoT, open source intelligence, forensics, and machine learning.

IoT 70

IoT Cloud Cybersecurity 70

Data Protection Report

DECEMBER 20, 2021

As part of Singapore’s move towards living with COVID-19 as an endemic disease, the country has been making efforts to re-open its economy. In order to facilitate the safe re-opening of the economy, the Ministry of Manpower (“ MOM ”) and the Tripartite Alliance for Fair and Progressive Employment Practices (“ TAFEP ”) have collectively issued new guidance for employers on the COVID-19 measures to be implemented at the workplace from 1 January 2022 (the “ MOM Guidance ”) [1].

Personal data 52

Personal data Access Risk IT 52

Dark Reading

DECEMBER 20, 2021

Vladislav Klyushin was allegedly involved in a global operation to trade on nonpublic data stolen from US computer networks.

79

79

Advertisement

While data platforms, artificial intelligence (AI), machine learning (ML), and programming platforms have evolved to leverage big data and streaming data, the front-end user experience has not kept up. Holding onto old BI technology while everything else moves forward is holding back organizations. Traditional Business Intelligence (BI) aren’t built for modern data platforms and don’t work on modern architectures.

Artificial Intelligence

Jamf

DECEMBER 20, 2021

Wandera is now part of Jamf. Here's how we're delivering a new, unified security brand.

Security 52

Security 52

Dark Reading

DECEMBER 20, 2021

Led by IoT security expert Larry Trowell, the IoT pen-testing services focus on securing ATMs, automotive, medical devices, operational technology, and other embedded systems.

IoT 62

IoT Security IT 62

Collibra

DECEMBER 20, 2021

The explosion of data across organizations has led to a wide variety of ways to store, catalog and use that data. One common organizational theme is a central data lake, which is useful for centrally maintaining as much data as possible and having corporate data engineering store it securely. But modern data-consuming organizations are discovering that central data lakes have their downsides.

Cloud 52

Cloud Government Metadata Access 52