Sat.Dec 25, 2021 - Fri.Dec 31, 2021

New Android banking Malware targets Brazil’s Itaú Unibanco Bank

Security Affairs

Researchers analyzed a new Android banking malware that targets Brazil’s Itaú Unibanco that spreads through fake Google Play Store pages.

The CISO as Sustaining Force: Helping Infosec Staff Beat Burnout

Dark Reading

To protect their staffers, leaders should focus on identifying and alleviating root causes of burnout

107
107
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Apple fixed macOS flaw that could allow to bypass Gatekeeper security feature

Security Affairs

Apple recently addressed fixed a flaw in the macOS that could be potentially exploited by an attacker to bypass Gatekeeper security feature.

ROUNDTABLE: What happened in privacy and cybersecurity in 2021 — and what’s coming in 2022

The Last Watchdog

In 2021, we endured the fallout of a seemingly endless parade of privacy controversies and milestone cyber attacks. Related: The dire need to security-proof APIs. The Solar Winds hack demonstrated supply chain exposures; the attempted poisoning of a Tampa suburb’s water supply highlighted public utilities at risk; and the Colonial Winds ransomware attack signaled cyber extortionist rings continuing to run rampant.

Build Your Open Data Lakehouse on Apache Iceberg

Speaker: Veena Vasudevan and Jason Hughes

In this webinar, Dremio and AWS will discuss the most common challenges in data architecture and how to overcome them with an open data lakehouse architecture on AWS. Sign up now!

Apple AirTags Are Being Used to Track People and Cars

Schneier on Security

This development suprises no one who has been paying attention: Researchers now believe AirTags, which are equipped with Bluetooth technology, could be revealing a more widespread problem of tech-enabled tracking.

More Trending

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Security Affairs

A previously unknown rootkit, dubbed iLOBleed, was used in attacks aimed at HP Enterprise servers that wiped data off the infected systems.

GUEST ESSAY: Here’s how ‘WFM’ tools can boost productivity — and security — of remote workers

The Last Watchdog

Workforce management software ( WFM ) is an essential tool companies across industries can use to organize their workforce, track employee work and performance, forecast labor demand, and create schedules for employees. Related: Turning workers into security security sensors. Most, if not all, WFM software is chock full of features that makes managing a workforce more efficient and effortless for top management.

5 Cybersecurity Trends to Watch in 2022

Threatpost

Here’s what cybersecurity watchers want infosec pros to know heading into 2022. . Cloud Security Critical Infrastructure Government IoT Malware Mobile Security Vulnerabilities Web Security

The Log4j Flaw Will Take Years to be Fully Addressed

Dark Reading

Over 80% of Java packages stored on Maven Central Repository have log4j as an indirect dependency, with most of them burying the vulnerable version five levels deep, says Google's Open Source Insights Team

109
109

The Ultimate Guide to Hardening Windows Servers

IT Professional looking to harden your servers? ThreatLocker’s got you covered. The Ultimate Guide to Hardening Windows Servers offers tips and best practices to help mitigate cyber threats, better protect your servers, and secure your endpoints. Download today!

Apache Log4j 2.17.1 fixes new remote code execution flaw (CVE-2021-44832)

Security Affairs

The Apache Software Foundation released Log4j 2.17.1 version to address recently discovered arbitrary code execution flaw tracked as CVE-2021-44832. The Apache Software Foundation released Log4j 2.17.1

How to Use MITRE ATT&CK to Understand Attacker Behavior

eSecurity Planet

MITRE ATT&CK (“miter attack”) is an up-to-date and widely-used knowledge base that focuses on how attackers think and operate. It’s based on practical use cases, so companies can better evaluate security issues and get examples of common tactics and techniques used by threat actors.

That Toy You Got for Christmas Could Be Spying on You

Threatpost

Security flaws in the recently released Fisher-Price Chatter Bluetooth telephone can allow nearby attackers to spy on calls or communicate with children using the device. IoT Mobile Security Privacy Vulnerabilities

An Adaptive Security Strategy Is Critical for Stopping Advanced Attacks

Dark Reading

Ransomware demands a new approach to incident response

Data Value Scorecard Report

This report examines the quantitative research of data leaders on data value and return on investment.

French IT services provider Inetum hit by BlackCat ransomware attack

Security Affairs

The IT services company Inetum Group was hit by a ransomware attack a few days before the Christmas holiday.

IT 100

Episode 233: Unpacking Log4Shell’s Un-coordinated Disclosure Chaos

The Security Ledger

In this episode of the podcast (#233) Mark Stanislav, a Vice President at the firm Gemini, joins Paul to talk about what went wrong with disclosure of Log4Shell, the critical, remote code execution flaw in the Log4j open source library.

What the Rise in Cyber-Recon Means for Your Security Strategy

Threatpost

Expect many more zero-day exploits in 2022, and cyberattacks using them being launched at a significantly higher rate, warns Aamir Lakhani, researcher at FortiGuard Labs. Cloud Security Critical Infrastructure InfoSec Insider IoT Malware Mobile Security Vulnerabilities Web Security

A Year in Microsoft Bugs: The Most Critical, Overlooked & Hard to Patch

Dark Reading

Severe flaws in Microsoft Exchange and Windows Print Spooler stood out amid a wide range of vulnerabilities security teams were forced to prioritize in 2021

TCO Considerations of Using a Cloud Data Warehouse for BI and Analytics

Enterprises poured $73 billion into data management software in 2020 – but are seeing very little return on their data investments. 22% of data leaders surveyed have fully realized ROI in the past two years, with 56% having no consistent way of measuring it.

A new wave of ech0raix ransomware attacks targets QNAP NAS devices

Security Affairs

A new wave of ech0raix ransomware attacks is targeting QNAP network-attached storage (NAS) devices. The threat actors behind the ech0raix ransomware are targeting NAP network-attached storage (NAS) devices. Users reported numerous compromises of their devices a few days before Christmas.

Merry Christmas from IG GURU

IG Guru

The post Merry Christmas from IG GURU appeared first on IG GURU. IG News

70

APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools

Threatpost

Researchers from CrowdStrike disrupted an attempt by the threat group to steal industrial intelligence and military secrets from an academic institution. Vulnerabilities Web Security

In the Fight Against Cybercrime, Takedowns Are Only Temporary

Dark Reading

Disrupting access to servers and infrastructure continues to interfere with cybercrime activity, but it's far from a perfect strategy

Access 105

12 Considerations When Evaluating Data Lake Engine Vendors for Analytics and BI

Businesses today compete on their ability to turn big data into essential business insights. Modern enterprises leverage cloud data lakes as the platform used to store data. 57% of the enterprises currently using a data lake cite improved business agility as a benefit.

How to implant a malware in hidden area of SSDs with Flex Capacity feature

Security Affairs

Researchers devised a series of attacks against SSDs that could allow to implant malware in a location that is not monitored by security solutions.

Paper 99

Michigan ARMA Chapters Announce Winter 2022 Events

IG Guru

Save the Dates!

Threat Advisory: E-commerce Bots Use Domain Registration Services for Mass Account Fraud

Threatpost

Jason Kent, hacker-in-residence at Cequence Security, discusses sneaky shopping bot tactics (i.e., domain parking) seen in a mass campaign, and what retail security teams can do about them. InfoSec Insider Web Security

Retail 100

Getting Started With Threat-Informed Security Programs

Dark Reading

Security leaders need to examine their business model, document risks, and develop a strategic plan to address those risks

Checklist Report: Preparing for the Next-Generation Cloud Data Architecture

Data architectures have evolved dramatically. It is time to reconsider the fundamental ways that information is accumulated, managed, and then provisioned to the different downstream data consumers.

Flaws in DataVault encryption software impact multiple storage devices

Security Affairs

Researchers found several vulnerabilities in third-party encryption software that is used by multiple storage devices from major vendors.

IAPP published Privacy Risk Study 2021

IG Guru

Check out the study here. The post IAPP published Privacy Risk Study 2021 appeared first on IG GURU. IG News 2021 IAPP Privacy Study

Risk 67

The 5 Most-Wanted Threatpost Stories of 2021

Threatpost

A look back at what was hot with readers in this second year of the pandemic. Breach Cloud Security Hacks Malware Mobile Security Privacy Vulnerabilities Web Security

Cloud 99