Tue.Feb 08, 2022

article thumbnail

Salesforce DevOps Needs Guardrails

Dark Reading

Some companies go too fast when it comes to SaaS, DevOps, and security, but smart developers and implementers will respect some basic guidelines to keep their product safe.

article thumbnail

Microsoft Patch Tuesday, February 2022 Edition

Krebs on Security

Microsoft today released software updates to plug security holes in its Windows operating systems and related software. This month’s relatively light patch batch is refreshingly bereft of any zero-day threats, or even scary critical vulnerabilities. But it does fix four dozen flaws, including several that Microsoft says will likely soon be exploited by malware or malcontents.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Catches of the Month: Phishing Scams for February 2022

IT Governance

Welcome to our February 2022 review of phishing attacks, in which we explore the latest scams and the tactics that cyber criminals use to trick people into handing over their personal information. This month, we look at a bogus online contest designed to capture your Facebook login details, the latest Microsoft scam and whether ‘passwordless’ security can mitigate the threat of scams.

Phishing 137
article thumbnail

New York SHIELD Act $600,000 settlement

Data Protection Report

On January 24, 2022, the New York Attorney General (AG) announced a settlement with vision-benefits-provider EyeMed Vision Care, Inc., relating to a 2020 security incident where a threat actor obtained access to an email account that enabled the threat actor to get access to personal information of consumers including, but not limited to, , dates of birth; health insurance accounts and vision insurance accounts ID numbers; Social Security Numbers; Medicaid numbers; Medicare numbers; driver’s lic

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Vodafone Portugal hit by a massive cyberattack

Security Affairs

A cyberattack hit Vodafone Portugal causing severe outages in the country of its communication and television services. Vodafone Portugal suffered a major cyberattack that caused service outages in the country, media reported the temporary disruption of 4G/5G communications and television services. “Vodafone was the target of a network disruption that began on the night of February 7, 2022 due to a deliberate and malicious cyberattack intended to cause damage and disruption.

More Trending

article thumbnail

Threat Actors Revive 20-Year-Old Tactic in Microsoft 365 Phishing Attacks

Dark Reading

Recent attacks involving so-called "right-to-left override" spoofing aimed at Microsoft 365 users show how attackers sometimes modify and improve old methods to try and stay one step ahead of defenders.

article thumbnail

Roaming Mantis SMSishing campaign now targets Europe

Security Affairs

The Roaming Mantis SMS phishing campaign is now targeting Android and iPhone users in Europe with malicious apps and phishing pages. Roaming Mantis surfaced in March 2018 when hacked routers in Japan redirecting users to compromised websites. Roaming Mantis is a credential theft and malware campaign that leverages smishing to distribute malicious Android apps in the format of APK files.

article thumbnail

Cyber Terrorism Is a Growing Threat & Governments Must Take Action

Dark Reading

With its benefits of deniability, relatively low costs, and the ability to attack from anywhere, cyber terrorism will increasingly threaten civilians everywhere.

article thumbnail

Data of +6K Puma employees stolen in December Kronos Ransomware attack

Security Affairs

Data belonging to 6,632 Puma employees was stolen in a December 2021 ransomware attack that hit Ultimate Kronos Group (UKG). Data of 6,632 Puma employees was stolen in a ransomware attack that hit HR management platform Ultimate Kronos Group (UKG) in December. Potentially exposed data includes names, Social Security numbers, and other personal information.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Vulnerability Scanning Triples, Leading to Two-Thirds Fewer Flaws

Dark Reading

Companies are scanning more applications for vulnerabilities — and more often.

127
127
article thumbnail

Top Single Sign-On (SSO) Solutions for 2022

eSecurity Planet

Single sign-on (SSO) is one of several authentication technologies aimed at streamlining and keeping login information and processes secure. SSO makes it feasible for one login to be enough for a group of related sites and applications. It is often implemented along with multi-factor authentication (MFA) , wherein more than one factor of authentication is needed to authenticate the user.

article thumbnail

Prioritizing the Right Vulnerabilities to Reduce Risk

Dark Reading

Prioritization needs to be part of vulnerability management if security teams are to keep up and mitigate issues in a timely manner.

Risk 100
article thumbnail

US seizes $3.6 billion worth of cryptocurrency stolen in 2016 Bitfinex hack

Security Affairs

The law enforcement seized $3.6 billion worth of cryptocurrency linked to the 2016 Bitfinex cryptocurrency exchange hack. Law enforcement Ilya Lichtenstein (34) and his wife, Heather Morgan (31), were arrested for alleged conspiracy to launder $4.5 Billion in stolen cryptocurrency stolen during the 2016 hack of Bitfinex. Law enforcement also seized over $3.6 billion in cryptocurrency linked to that hack.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

CIGO Association to Hold Hybrid 1st Annual IG Leadership Summit

IG Guru

The Certified Information Governance Officers Association (CIGOA) will hold its 1st annual IG Leadership Summit in San Diego March 24 & 25 at the Horton Grand Hotel in the Gaslamp Quarter, and also online. It is the first hybrid event to be held in the IG space. The event will consist of two 1-day workshops, the first […]. The post CIGO Association to Hold Hybrid 1st Annual IG Leadership Summit appeared first on IG GURU.

article thumbnail

Cryptocurrency Is Funding Ukraine's Defense—and Its Hacktivists

WIRED Threat Level

As Russia continues to amass troops at the border, resistance groups have seen a surge in crypto donations.

IT 100
article thumbnail

Amy Zegart on Spycraft in the Internet Age

Schneier on Security

Amy Zegart has a new book: Spies, Lies, and Algorithms: The History and Future of American Intelligence. Wired has an excerpt : In short, data volume and accessibility are revolutionizing sensemaking. The intelligence playing field is leveling­ — and not in a good way. Intelligence collectors are everywhere, and government spy agencies are drowning in data.

Access 70
article thumbnail

Myanmar’s Fight for Democracy Is Now a Scrap Over Phone Records

WIRED Threat Level

Norwegian telecoms giant Telenor wants to leave Myanmar. Activists say its exit risks putting their data— and their freedom—at risk.

Risk 80
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

China Suspected of News Corp Cyberespionage Attack

Threatpost

Attackers infiltrated the media giant’s network using BEC, while Microsoft moved to stop such attacks by blocking VBA macros in 5 Windows apps. Included: more ways to help stop BEC.

article thumbnail

Google Cuts User Account Compromises in Half With Simple Change

Dark Reading

The online tech giant auto-enabled two-step verification for more than 150 million users, throwing up steep hurdles against scammers and attackers.

98
article thumbnail

No Critical Bugs for Microsoft February 2022 Patch Tuesday, 1 Zero-Day

Threatpost

This batch had zero critical CVEs, which is unheard of. Most (50) of the patches are labeled Important, so don't delay to apply the patches, security experts said.

article thumbnail

Get Started on Continuous Compliance Ahead of PCI DSS v4.0

Dark Reading

Here's what vendors can do to prepare in the time remaining before the final release of PCI DSS 4.0 this quarter.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Kai Ming makes more data-driven decisions with IBM Cognos Analytics

IBM Big Data Hub

In the 1960s, emerging research on the effects of poverty and its impact on education came to light. This research indicated an obligation to help disadvantaged groups, compensating for inequality in social or economic conditions. In January 1964, a former teacher and then-President Lyndon B. Johnson declared a “war on poverty.” They established Head Start, a program to promote the school readiness of infants, toddlers and preschool-aged children from low-income families as part of t

article thumbnail

Qualys Launches Context XDR

Dark Reading

Qualys Context XDR provides the security context that operations teams need to eliminate false positives and noise by triangulating risk posture, asset criticality, and threat intelligence.

Risk 58
article thumbnail

US State Privacy Update: Colorado AG Identifies CPA Rulemaking Topics and Releases Data Security Best Practices Guidance

Privacy and Cybersecurity Law

On January 28, 2022, as part of prepared remarks in recognition of Global Data Privacy Day, the Colorado Attorney General (AG) outlined key rulemaking topics his office intends to pursue under the Colorado Privacy Act (CPA), a novel new consumer privacy law that takes effect in July 2023, and released a data security best practices guide to help organizations understand what is considered reasonable security in Colorado.

Privacy 52
article thumbnail

New product series: Getting to know Compliance Reporter

Jamf

Gain real-time visibility into your Mac endpoints: from critical processes, network, system and user activity – gather reports of valuable compliance status data to audit security settings, validate system integrity and plan actionable, data-driven remediation workflows to meet complex compliance requirements of regulated industries.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

No Mail, Low Morale: The 6888th Central Postal Battalion

Unwritten Record

Photograph of Women’s Army Auxiliary Corps (WAAC) Captain Charity Adams of Columbia, NC Drilling Her Company. Local Identifier: 111-SC-238651; National Archives Identifier: 531334. “No mail, low morale,” or so the motto goes. Even before the founding of the 6888th Central Postal Battalion, the mail was piling up for the soldiers serving during World War II.

article thumbnail

Microsoft Issues 51 CVEs for Patch Tuesday, None 'Critical'

Dark Reading

One publicly known flaw — an elevation-of-privilege bug in Windows Kernel — was included in the patches.

61
article thumbnail

GUEST ESSAY: Can Apple’s pricey ‘Business Essentials’ truly help SMBs secure their endpoints?

The Last Watchdog

Today’s operating system battleground has long been defined by the warfare between the top three players—Microsoft’s Windows, Google’s Android, and Apple’s iOS. Related: Co ok vs. Zuckerberg on privacy. While each of them has its distinguishing features, Apple’s privacy and security are what makes it the typical enterprise’s pick.

MDM 230