Wed.Jan 12, 2022

Phishers Rip Off High-Profile EA Gamers

Threatpost

Electronic Arts blamed “human error” after attackers compromised customer support and took over and drained some of the top FIFA Ultimate Team player accounts. Breach Hacks Web Security

New Cyberattack Campaign Uses Public Cloud Infrastructure to Spread RATs

Dark Reading

An attack campaign detected in October delivers variants of Nanocore, Netwire, and AsyncRATs to target user data

Cloud 113
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

New RedLine malware version distributed as fake Omicron stat counter

Security Affairs

Experts warn of a new variant of the RedLine malware that is distributed via emails as fake COVID-19 Omicron stat counter app as a lure. Fortinet researchers have spotted a new version of the RedLine info-stealer that is spreading via emails using a fake COVID-19 Omicron stat counter app as a lure.

Patch Management Today: A Risk-Based Strategy to Defeat Cybercriminals

Dark Reading

By combining risk-based vulnerability prioritization and automated patch intelligence, organizations can apply patches based on threat level. Part 2 of 3

Risk 100

Build Your Open Data Lakehouse on Apache Iceberg

Speaker: Veena Vasudevan and Jason Hughes

In this webinar, Dremio and AWS will discuss the most common challenges in data architecture and how to overcome them with an open data lakehouse architecture on AWS. Sign up now!

Faking an iPhone Reboot

Schneier on Security

Researchers have figured how how to intercept and fake an iPhone reboot: We’ll dissect the iOS system and show how it’s possible to alter a shutdown event, tricking a user that got infected into thinking that the phone has been powered off, but in fact, it’s still running.

More Trending

Compliance and Legal industry predictions for 2022

OpenText Information Management

“Power to the People” — a popular slogan for political activism and protests (and a great John Lennon song to boot) – has been a rallying cry for individuals to take control back from the powerful and corrupt.

Iran-linked APT35 group exploits Log4Shell flaw to deploy a new PowerShell backdoor

Security Affairs

Iran-linked APT35 group has been observed leveraging the Log4Shell flaw to drop a new PowerShell backdoor.

Check If You Have to Worry About the Latest HTTP Protocol Stack Flaw

Dark Reading

In this Tech Tip, SANS Institute’s Johannes Ullrich suggests using PowerShell to identify Windows systems affected by the newly disclosed vulnerability in http.sys.

92

SysJoker, a previously undetected cross-platform backdoor made the headlines

Security Affairs

Security researchers found a new cross-platform backdoor, dubbed SysJoker , the is suspected to be the work of an APT group. Security experts from Intezer discovered a new backdoor, dubbed SysJoker , that is able to infect Windows, macOS, and Linux systems.

The Ultimate Guide to Hardening Windows Servers

IT Professional looking to harden your servers? ThreatLocker’s got you covered. The Ultimate Guide to Hardening Windows Servers offers tips and best practices to help mitigate cyber threats, better protect your servers, and secure your endpoints. Download today!

U.S. Security Agencies Warn About Russian Threat Gangs Amid Ukraine Tensions

eSecurity Planet

federal security agencies are putting companies on alert to potential threats from Russian state-sponsored cybercriminal groups, warning in particular about dangers to critical infrastructure and urging organizations to learn how to detect and protect against attacks.

Adobe fixes 4 critical Reader bugs that were demonstrated at Tianfu Cup

Security Affairs

Adobe released security updates to address multiple vulnerabilities affecting several products, including Acrobat and Reader. Adobe patches for January address 41 vulnerabilities in Windows and macOS versions of Acrobat and Reader products, Illustrator, Adobe Bridge, InCopy, and InDesign.

IT 91

Why Is Cyber Assessment So Important in Security?

Dark Reading

All the pen testing and tabletop exercises in the world won't help unless an organization has a complete and accurate understanding of its assets

IT 87

NSO Group Spyware Targeted Dozens of Reporters in El Salvador

WIRED Threat Level

The newly disclosed campaign shows how little the company has done to curb abuses of its powerful surveillance tools. Security Security / Cyberattacks and Hacks

IT 86

Data Value Scorecard Report

This report examines the quantitative research of data leaders on data value and return on investment.

Oxeye Introduce Open Source Payload Deobfuscation Tool

Dark Reading

Ox4Shell exposes hidden payloads thatare actively being used to confuse security protection tools and security teams

KCodes NetUSB flaw impacts millions of SOHO routers

Security Affairs

Cybersecurity experts discovered a flaw in the KCodes NetUSB component that impacts millions of end-user routers from different vendors.

Critical Infrastructure Security and a Case for Optimism in 2022

Dark Reading

The new US infrastructure law will fund new action to improve cybersecurity across rail, public transportation, the electric grid, and manufacturing

The Tape Storage market in 2022

IG Guru

Check out the link here. The post The Tape Storage market in 2022 appeared first on IG GURU. Cyber Security Storage Enterprise Backup Tape Tape Backup Tape Market

TCO Considerations of Using a Cloud Data Warehouse for BI and Analytics

Enterprises poured $73 billion into data management software in 2020 – but are seeing very little return on their data investments. 22% of data leaders surveyed have fully realized ROI in the past two years, with 56% having no consistent way of measuring it.

Flashpoint Acquires Risk Based Security

Dark Reading

Flashpoint plans to integrate Risk Based Security data and technology into its platform to boost threat intelligence and vulnerability management

Risk 79

Widespread, Easily Exploitable Windows RDP Bug Opens Users to Data Theft

Threatpost

Most Windows versions are at risk of remote, unprivileged attackers abusing RDP from the inside to hijack smart cards and get unauthorized file system access. Vulnerabilities Web Security

Risk 104

What is eDiscovery software?

OpenText Information Management

The discovery process in litigation requires that parties must exchange documents deemed relevant to the case.

65

New Research Reveals Public-Sector IAM Weaknesses and Priorities

Dark Reading

Auth0 Public Sector Index shows that governments are struggling to provide trustworthy online citizen services

12 Considerations When Evaluating Data Lake Engine Vendors for Analytics and BI

Businesses today compete on their ability to turn big data into essential business insights. Modern enterprises leverage cloud data lakes as the platform used to store data. 57% of the enterprises currently using a data lake cite improved business agility as a benefit.

FTC Settles with Loan Application Company Over Alleged Misuse of Sensitive Personal Information

Hunton Privacy

On January 6, 2022, the Federal Trade Commission reached a $1.5 million settlement with loan application company ITMedia Solutions LLC (“ITMedia”) over alleged violations of the FTC Act and Fair Credit Reporting Act (“FCRA”).

Stolen TikTok Videos, Bent on Fraud, Invade YouTube Shorts

Threatpost

Scammers easily game YouTube Shorts with viral TikTok content, bilking both creators and users. Web Security

SEC Encourages Self-Reporting of Recordkeeping Violations Resulting From Employees’ Use of Personal Devices for Business Communications

Data Matters

On December 17, 2021, the U.S. Securities and Exchange Commission (SEC) announced settled charges against a broker-dealer firm for recordkeeping violations arising from its employees’ use of personal devices for business communications.

Amazon, Azure Clouds Host RAT-ty Trio in Infostealing Campaign

Threatpost

A cloudy campaign delivers commodity remote-access trojans to steal information and execute code. Cloud Security Malware

Checklist Report: Preparing for the Next-Generation Cloud Data Architecture

Data architectures have evolved dramatically. It is time to reconsider the fundamental ways that information is accumulated, managed, and then provisioned to the different downstream data consumers.

4 Steps in Streamlining Open Records Requests

Gimmal

Many public organizations are faced with the challenge of responding to records requests that they are legally required to produce within a tight timeline.

FOIA 52

How Financial Institutions Use Machine Learning to Prevent Fraud

Rippleshot

Originally Posted Jan 2022 by GN Feature Story. Banking and financial institutions lose billions of dollars because of fraud. Machine learning can help detect and prevent fraud.

What Did We Learn in 2021, and What’s Next for Ediscovery in 2022?

Hanzo Learning Center

As we’ve been wrapping up 2021 and looking forward to 2022—again hopeful that at some point this year we’ll see more of a return to “normal” life, whatever that means—I wanted to pause to reflect on our evolving data landscape.