Schneier on Security

JUNE 24, 2022

Earlier this month, I and others wrote a letter to Congress, basically saying that cryptocurrencies are an complete and total disaster, and urging them to regulate the space. Nothing in that letter is out of the ordinary, and is in line with what I wrote about blockchain in 2019. In response, Matthew Green has written —not really a rebuttal—but a “a general response to some of the more common spurious objections …people make to public blockchain systems.” In it, he

Blockchain 145

Blockchain Government Ransomware Security 145

Data Breach Today

JUNE 27, 2022

Baptist Medical Center Latest on Growing List of Entities Reporting Major Hacks A malware incident involving exfiltration of data has affected more than 1.24 million patients of Texas-based Baptist Medical Center and Resolute Health Hospital. It adds to a growing list of major health data breaches reported to regulators in recent weeks as affecting millions of individuals.

Data breaches 292

Data breaches IT 292

Krebs on Security

JUNE 7, 2022

Netflix has a new documentary series airing next week — “ Web of Make Believe: Death, Lies & the Internet ” — in which Yours Truly apparently has a decent amount of screen time. The debut episode explores the far-too-common harassment tactic of “ swatting ” — wherein fake bomb threats or hostage situations are phoned in to police as part of a scheme to trick them into visiting potentially deadly force on a target’s address.

IT 318

IT 318

The Last Watchdog

JUNE 9, 2022

What is it about the elderly that makes them such attractive targets for cybercriminals? A variety of factors play a role. Related: The coming of bio-digital twins. Unlike many younger users online, they may have accumulated savings over their lives — and those nest eggs are a major target for hackers. Now add psychological variables to the mix of assets worth stealing.

Security 272

Security Privacy Phishing Insurance 272

Speaker: Diane Magers, Founder and Chief Experience Officer at Experience Catalysts

In the world of business, connecting the dots from experience to financial impact is an essential skill. Transforming customer engagement, Voice of Customer (VoC) insights, and Journey Maps into tangible financial outcomes poses a significant challenge for most organizations. To gain buy-in from the C-Suite and key stakeholders, it’s crucial to illustrate how Experience Management translates into clear, measurable business results.

Customer Experience

Data Matters

JUNE 27, 2022

Last week, the UK Competition and Markets Authority (CMA) hosted its inaugural Data, Technology, and Analytics (DaTA) Conference. The CMA DaTa Conference has been hailed as a milestone as it convened for the first time regulators, data scientists, engineers, tech companies, and academics to discuss evolving challenges in digital markets. The conference coincided with London Tech Week, during which Chris Philp, UK Minister for Tech and the Digital Economy, unveiled a new UK Digital Strategy: the

Privacy 158

Privacy Marketing Data Privacy Data science 158

Security Affairs

JUNE 9, 2022

Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems. Joint research conducted by security firms Intezer and BlackBerry uncovered a new Linux threat dubbed Symbiote. The name comes from the concept of symbiote which is an organism that lives in symbiosis with another organism, exactly like this implant does with the infected systems.

Security 143

Security Libraries Passwords Cybersecurity 143

Data Breach Today

JUNE 29, 2022

Ukraine Fights Russian Disinformation Perpetuated by Hacking and Social Media Ukraine says it has thwarted multiple Russian misinformation campaigns, including blocking attempts to penetrate the electronic systems of its TV channels on the eve of its Constitution Day holiday. It also flagged social media accounts spreading fake videos.

IT 310

IT 310

Krebs on Security

JUNE 20, 2022

Check out this handmade sign posted to the front door of a shuttered Jimmy John’s sandwich chain shop in Missouri last week. See if you can tell from the store owner’s message what happened. If you guessed that someone in the Jimmy John’s store might have fallen victim to a Business Email Compromise (BEC) or “CEO fraud” scheme — wherein the scammers impersonate company executives to steal money — you’d be in good company.

Paper 363

Paper Sales IT 363

Hunton Privacy

JUNE 1, 2022

On June 1, 2022, Thailand’s Personal Data Protection Act (“PDPA”) entered into force after three years of delays. The PDPA, originally enacted in May 2019, provides for a one-year grace period, with the main operative provisions of the law originally set to come into force in 2020. Due to the COVID-19 pandemic, however, the Thai government issued royal decrees to extend the compliance deadline to June 1, 2022. .

Personal data 143

Personal data GDPR Compliance Government 143

Advertiser: ZoomInfo

Marketing technology is essential for B2B marketers to stay competitive in a rapidly changing digital landscape — and with 53% of marketers experiencing legacy technology issues and limitations, they’re researching innovations to expand and refine their technology stacks. To help practitioners keep up with the rapidly evolving martech landscape, this special report will discuss: How practitioners are integrating technologies and systems to encourage information-sharing between departments and pr

B2B

Dark Reading

JUNE 10, 2022

Next-generation AI products learn proactively and identify changes in the networks, users, and databases using "data drift" to adapt to specific threats as they evolve.

Artificial Intelligence 145

Artificial Intelligence Security 145

Data Protection Report

JUNE 22, 2022

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill. The Department for Culture, Media and Sport (DCMS) has finally published the UK government’s long-awaited response to the consultation on the future of the UK data protection regime. The government set out very high level principles for a Data Reform Bill in the Queen’s Speech in May.

GDPR 144

GDPR Government Personal data Risk 144

Security Affairs

JUNE 11, 2022

Iran-linked Lyceum APT group uses a new.NET-based DNS backdoor to target organizations in the energy and telecommunication sectors. The Iran-linked Lyceum APT group, aka Hexane or Spilrin, used a new.NET-based DNS backdoor in a campaign aimed at companies in the energy and telecommunication sectors, ZScaler researchers warn. The activity of the Lyceum APT group was first documented earlier in August 2019 by researchers at ICS security firm Dragos which tracked it as Hexane.

IT 143

IT Security Phishing Military 143

Data Breach Today

JUNE 17, 2022

DXC Technology's Michael Baker on Top Threats, Recruitment Tips, Career Advice Threat watch: The ongoing Russia-Ukraine war continues to pose both direct and indirect risks to enterprise networks, says Michael Baker, vice president and IT CISO of IT services and consulting firm DXC Technology. He also discusses recruiting and retaining new talent.

Risk 311

Risk IT 311

Advertisement

Embedding dashboards, reports and analytics in your application presents unique opportunities and poses unique challenges. We interviewed 16 experts across business intelligence, UI/UX, security and more to find out what it takes to build an application with analytics at its core. No matter where you are in your analytics journey, you will learn about emerging trends and gather best practices from product experts.

Analytics

Krebs on Security

JUNE 22, 2022

Authorities in the United States, Germany, the Netherlands and the U.K. last week said they dismantled the “ RSOCKS ” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. While the coordinated action did not name the Russian hackers allegedly behind RSOCKS, KrebsOnSecurity has identified its owner as a 35-year-old Russian man living abroad w

Access 325

Access Systems administration Cybersecurity Information Security 325

Jamf

JUNE 30, 2022

Apple’s WWDC 2022 announcements included news of a new framework built for identity providers in macOS Ventura, making it easier for users to access cloud services. While Apple continues development on the framework, it may prove to be the easiest way to authenticate to your Mac and organizational apps in the future By leveraging Jamf Connect to automate creating new, on-demand local user accounts based on the identity provider credentials, users can take full advantage of Single Sign-On (

Passwords 139

Passwords Authentication Cloud Access 139

IT Governance

JUNE 15, 2022

In an increasingly digital world, there are an escalating number of cyber security risks for business to address. Criminal hackers are adept at spotting weaknesses, while organisations do themselves no favours when they fail to adequately protect their systems. IT Governance identified more than 1,200 publicly disclosed data breaches in 2021 , while another report found that security incidents cost almost £3 million on average.

Risk 139

Risk Security Passwords Phishing 139

eSecurity Planet

JUNE 10, 2022

About 90% of security buyers aren’t getting the efficacy from their products that vendors claim they can deliver, according to a panel at this week’s RSA Conference that also offered some solutions to begin to fix that problem. Joe Hubback of cyber risk management startup ISTARI led both the panel and the study, which was based on in-depth interviews with more than a hundred high-level security officials, including CISOs, CIOs, CEOs, security and tech vendors, evaluation organization

Security 135

Security Cybersecurity Risk Government 135

Advertisement

How do 1st, 2nd, and 3rd party intent data compare? 1st, 2nd, and 3rd party data each have specific advantages and disadvantages. It comes down to four factors: accuracy, cost, control and quantity. This infographic explains the pros and cons of each and helps you understand which one is best for meeting your business objectives. Intent data can be a great way to fill your pipeline and close more deals.

IT

Security Affairs

JUNE 22, 2022

Cyber Spetsnaz is targeting government resources and critical infrastructure in Lithuania after the ban of Russian railway goods. Cyber Spetsnaz is targeting Lithuanian government resources and critical infrastructure – the recent ban on Russian railway goods has caused a new spike of hacktivist activity on the Dark Web. Today the group has announced multiple targets for coordinated DDoS attacks – the resources to be attacked are distributed between so-called “units” who are based on members and

Cybersecurity 138

Cybersecurity IoT Government Security 138

Data Breach Today

JUNE 16, 2022

The latest edition of the ISMG Security Report includes highlights and observations from RSA Conference 2022, including a key message from RSA CEO Rohit Ghai. It also discusses the value of automation and the Cybersecurity and Infrastructure Security Agency's mission to grow cyber talent.

Cybersecurity 303

Cybersecurity Security IT 303

Krebs on Security

JUNE 14, 2022

Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying. The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware group, which has traditionally published any stolen victim data on the Dark Web. Today, however, the group began publishing individual victim websites on the public Internet, with the leaked data made available in an easily searchable form

Ransomware 312

Ransomware Security Privacy IT 312

Jamf

JUNE 23, 2022

A new nonprofit organization birthed from the thriving Slack community is working to enhance access and development for IT professionals working with Apple devices.

Access 145

Access IT 145

Advertisement

PostgreSQL is a highly versatile and robust technology, capable of addressing a wide range of challenges in diverse environments. Its expanding range of use cases is witnessing exponential growth, allowing PostgreSQL to effectively target an ever-increasing number of applications while minimizing limitations. This whitepaper presents ten indispensable rules that will empower you to optimize your PostgreSQL installation and stay ahead of the evolving landscape.

IT

IT Governance

JUNE 30, 2022

Welcome to our June 2022 review of data breaches and cyber attacks. We identified 80 security incidents during the month, resulting in 34,908,053 compromised records. You can find the full list below, broken down into categories. Meanwhile, be sure to subscribe to our Weekly Round-up to receive the latest cyber security news and advice delivered straight to your inbox.

Data breaches 132

Data breaches Ransomware Security Privacy 132

eSecurity Planet

JUNE 16, 2022

A cyberattack is any action taken by a cyber criminal in an attempt to illegally gain control of a computer, device, network, or system with malicious intent. Cyber criminals may damage, destroy, steal, encrypt, expose, or leak data as well as cause harm to a system. Cyberattacks are on the rise, with cyber criminal trends and techniques becoming increasingly sophisticated and creative.

Ransomware 135

Ransomware Cybersecurity Phishing Encryption 135

Security Affairs

JUNE 7, 2022

The QBot malware operation has partnered with Black Basta ransomware group to target organizations worldwide. Researchers from NCC Group spotted a new partnership in the threat landscape between the Black Basta ransomware group and the QBot malware operation. Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model. .

Ransomware 139

Ransomware Security Cybersecurity Access 139

Data Breach Today

JUNE 2, 2022

FBI Director Says Boston Children's Hospital Was Targeted Last Summer Boston Children's Hospital thwarted a cyberattack by government-backed Iranian hackers last summer after U.S. authorities received intelligence about the pending assault and alerted the hospital, says FBI Director Christopher Wray, who called Iran's planned cyberattack "despicable.

Government 327

Government 327

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Security

Krebs on Security

JUNE 15, 2022

Microsoft on Tuesday released software updates to fix 60 security vulnerabilities in its Windows operating systems and other software, including a zero-day flaw in all supported Microsoft Office versions on all flavors of Windows that’s seen active exploitation for at least two months now. On a lighter note, Microsoft is officially retiring its Internet Explorer (IE) web browser, which turns 27 years old this year.

Security 308

Security Cloud Cybersecurity IT 308

KnowBe4

JUNE 3, 2022

KnowBe4 just released its official guidance and recommendations regarding password policy. It has been a project in the works for many months now, but we wanted to make sure we got it right.

Passwords 133

Passwords Phishing IT Security 133

IT Governance

JUNE 21, 2022

Data governance and regulatory compliance go hand in hand. Organisations need robust governance practices if they are to stay on top of their legal requirements, while those obligations are designed to help them operate more effectively. Although ‘data governance’ can also refer to the wider political associations of data governance, this blog focuses on the term in an information management context.

Compliance 132

Compliance Government GDPR Data breaches 132