Hunton Privacy

JANUARY 26, 2022

On November 14, 2021, the Cyberspace Administration of China (“CAC”) released for public comment its draft Regulations on Network Data Security Management (the “Draft Regulations”). The Draft Regulations are intended to implement portions of three existing laws – the Cybersecurity Law (“CSL”), the Data Security Law (“DSL”) and the Personal Information Protection Law (“PIPL”) (together, the “Three Laws”) – by providing guidance on certain provisions and establishing specific requirements for impl

Security 116

Security Data breaches Personal data Cybersecurity 116

IT Governance

JANUARY 26, 2022

Since the early days of the pandemic, experts warned that cyber criminals would thrive on new vulnerabilities and unfamiliar working conditions. However, few would have expected just how severe the threat would be. A Software Advice report has found that 62% of UK-based SMEs experienced an increase in cyber threats in the last two years. Cyber attackers were most likely to target organisations with phishing emails, with 57% of incidents involving scam messages.

Data breaches 111

Data breaches Phishing Access Passwords 111

Data Matters

JANUARY 26, 2022

A Caremark­ -based claim against a board of directors alleging a failure to monitor corporate operations has been said to be “the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment,” or at least to withstand a motion to dismiss. Yet, Caremark has taken on renewed importance — as noted by this blog — following recent high-profile successes on duty-to-oversee claims, most notably in Marchand v.

Data breaches 88

Data breaches Cybersecurity Risk Security 88

Dark Reading

JANUARY 26, 2022

"BotenaGo" contains exploits for more than 30 vulnerabilities in multiple vendor products and is being used to spread Mirai botnet malware, security vendor says.

IoT 104

IoT Risk Security 104

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

DLA Piper Privacy Matters

JANUARY 26, 2022

By: Heidi Waem , Simon Verschaeve. Data is at the heart of the EU’s digital and green transformation, which are the two priorities of the European Commission. With the General Data Protection Regulation (GDPR), adopted in 2016, the EU has created a solid framework for the protection of personal data in line with the EU Charter of Fundamental Rights.

Personal data 98

Personal data GDPR Computer and Electronics Artificial Intelligence 98

Security Affairs

JANUARY 26, 2022

VMware released security patches to address critical Log4j security vulnerabilities in VMware Horizon servers targeted in ongoing attacks. VMware urges customers to patch critical Log4j security vulnerabilities impacting Internet-exposed VMware Horizon servers targeted in ongoing attacks. Searching for Internet-exposed VMware Horizon servers with Shodan , we can find tens of thousands of installs potentially exposed to attacks.

Ransomware 98

Ransomware Libraries Risk Access 98

Schneier on Security

JANUARY 26, 2022

There’s a new ransomware that targets NAT devices made by QNAP: The attacks started today, January 25th, with QNAP devices suddenly finding their files encrypted and file names appended with a.deadbolt file extension. Instead of creating ransom notes in each folder on the device, the QNAP device’s login page is hijacked to display a screen stating, “WARNING: Your files have been locked by DeadBolt”… […].

Ransomware 87

Ransomware File names Encryption Access 87

Security Affairs

JANUARY 26, 2022

A flaw in Polkit’s pkexec component, tracked as CVE-2021-4034 (PwnKit) can be exploited to gain full root privileges on major Linux distros. An attacker can exploit a vulnerability in Polkit’s pkexec component, tracked as CVE-2021-4034, that affects all major Linux distributions to gain full root privileges on the system. The good news is that this issue is not remotely exploitable, but if an attacker can log in as any unprivileged user, it can allow to gain root privileges.

Communications 102

Communications IT Security Information Security 102

Dark Reading

JANUARY 26, 2022

The incident response landscape has changed drastically, largely from shifting attitudes among insurance companies and, to some extent, business customers feeling the pain of security incidents.

Insurance 87

Insurance IT Security 87

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Security Affairs

JANUARY 26, 2022

New malware is targeting targets QNAP NAS devices, it is the DeadBolt ransomware and ask 50 BTC for master key. DeadBolt ransomware is targeting QNAP NAS devices worldwide, its operators claim the availability of a zero-day exploit that allows them to encrypt the content of the infected systems. Once encrypted the content of the device, the ransomware appends. deadbolt extension to the name of the excerpted files and deface the login page of the QNAP NAS to display the following message: “

Ransomware 98

Ransomware Blockchain Encryption Sales 98

IG Guru

JANUARY 26, 2022

As a profession, Information Governance is finally receiving the resources it deserves. But for women that have been in the industry for a while, is there a risk of being left behind while IG moves on and up? At the MER Conference, we will: Examine how women can ensure positions of leadership feature our industry’s best, […]. The post The Women of IG – MER Conference 2022 appeared first on IG GURU.

Information governance 78

Information governance Government Risk IT 78

Security Affairs

JANUARY 26, 2022

The BfV German domestic intelligence services warn of ongoing attacks carried out by the China-linked APT27 cyberespionage group. The Bun­des­amt für Ver­fas­sungs­schutz (BfV) federal domestic intelligence agency warns of ongoing attacks coordinated by the China-linked APT27 group. “The Federal Office for the Protection of the Constitution ( BfV ) has information about an ongoing cyber espionage campaign by the cyber attack group APT27 using the malware variant HYPERBRO against German com

Financial Services 99

Financial Services Access IT Security 99

Threatpost

JANUARY 26, 2022

The mobile malware heisted hundreds of millions of dollars from unsuspecting users, thanks to 470 different well-crafted malicious app in Google Play.

85

85

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Security Affairs

JANUARY 26, 2022

Apple released security updates to fix two zero-day flaws, one of them actively exploited to hack iPhones and Macs. Apple has released security updates to address a couple of zero-day vulnerabilities, one of them being actively exploited in the wild by threat actors to compromise iPhone and Mac devices. One of the zero-day flaws addressed by the IT giant, tracked as CVE-2022-22587, is a memory corruption issue that resides in the IOMobileFrameBuffer and affects iOS, iPadOS, and macOS Monterey.

Security 95

Security IT Information Security 95

Threatpost

JANUARY 26, 2022

The 12-year-old flaw in the sudo-like Polkit’s pkexec tool, found in all major Linux distributions, is likely to be exploited in the wild within days.

Security 84

Security 84

Thales Cloud Protection & Licensing

JANUARY 26, 2022

Five Hot Security and Privacy Topics You Need To Understand in 2022. madhav. Thu, 01/27/2022 - 06:13. Throughout 2021 Thales hosted several webinars whose purpose was to raise awareness on trending topics around cybersecurity and privacy. Panelists included security professionals from many well-established and successful organizations as well as consultants and industry leaders.

Privacy 71

Privacy Security Encryption Cloud 71

Threatpost

JANUARY 26, 2022

iOS 15.3 & iPadOS 15.3 fix the Safari browser flaw that could have spilled users’ browsing data, plus a zero day IOMobileFrameBuffer bug exploited in the wild.

Security 73

Security Privacy 73

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Dark Reading

JANUARY 26, 2022

Europol and 10 nations seized servers and disconnected the anonymous network allegedly used by many cybercriminals in the latest effort to hobble cybercrime groups.

99

99

Threatpost

JANUARY 26, 2022

Threat actors use bogus 'shipping delays' to deceive customers and businesses. Troy Gill, senior manager of threat intelligence at Zix, discusses how spoofing is evolving and what to do.

Security 66

Security 66

Dark Reading

JANUARY 26, 2022

It's not just your imagination — malicious threats have exponentially increased organizational risk.

IT 89

IT Cybersecurity Risk 89

Threatpost

JANUARY 26, 2022

Attackers are getting creative, using smishing & a malicious Google Play QR reader to plant banking trojans on the phones of victims across the globe.

Security 71

Security 71

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Dark Reading

JANUARY 26, 2022

Supply chain account takeover is the most pressing issue facing email security today, but artificial intelligence can head off such attempts.

Artificial Intelligence 72

Artificial Intelligence Security 72

Threatpost

JANUARY 26, 2022

Need a blueprint for architecting a formidable cyber-defense? Kerry Matre, senior director at Mandiant, shares hers in this detailed breakdown.

Cloud 70

Cloud Security 70

Dark Reading

JANUARY 26, 2022

While opinions about the trustworthiness of the cloud are split, everyone believes that's where hackers will focus their efforts.

Cloud 72

Cloud IT 72

Rippleshot

JANUARY 26, 2022

Originally Posted Jan 21, 2022 by Chuck Brooks. The past two years has seen a rapid shift of work to remote and hybrid offices. The statistics show that hackers welcomed that shift and took advantage of the vulnerabilities and gaps in security by businesses.

Cybersecurity 52

Cybersecurity Security Analytics 52

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Dark Reading

JANUARY 26, 2022

The memory corruption vulnerability in a policy component installed by default on most Linux distributions allows any user to become root. Researchers have already reproduced the exploit.

79

79

Rippleshot

JANUARY 26, 2022

Originally Posted Jan 8, 2022 by Gordon Kelly on Forbes. Last year saw the biggest hack in iPhone history , complete with individual horror stories from affected users. Now a haunting new discovery could make all iPhone attacks a lot worse.

Analytics 52

Analytics 52

The Security Ledger

JANUARY 26, 2022

Massive growth in Zoom’s customer base as a result of the COVID 19 pandemic brought new business - but also new challenges and security requirements. Establishing a CISO Council gave those customers a voice and a seat at the table, writes CISO Jason Lee. The post Tapping into the Power of the Security Community appeared first on The Security. Read the whole entry. » Related Stories Episode 230: Are Vaccine Passports Cyber Secure?

Security 52

Security Cloud IT Data Privacy 52