The Last Watchdog

MARCH 14, 2022

When was the last time you read an online privacy policy in its entirety? Perhaps, never? Yet our world has moved online. We have on average 67 applications on our mobile phones, seven social media accounts and more than 120 online accounts. But these accounts are not all about networking and games. Related: What happened to privacy in 2021. COVID crisis has forced us to work remotely.

Privacy 221

Privacy Artificial Intelligence Financial Services Archiving 221

Data Breach Today

MARCH 15, 2022

Critical Infrastructure Defense Project From Cloudflare, CrowdStrike, Ping Identity As Western cybersecurity officials warn that Russia's Ukraine invasion poses an elevated cybersecurity risk to all, kudos to Cloudflare, CrowdStrike and Ping Identity for offering free endpoint security and other defenses to the healthcare sector and power sectors, for at least four months.

Cybersecurity 344

Cybersecurity Risk Security 344

Dark Reading

MARCH 15, 2022

A simple request to the VirusTotal scanning service reveals thousands of mobile-application databases left open to the public by developers in a three-month period.

131

131

Imperial Violet

MARCH 14, 2022

When taking something from cryptographic theory into practice, it's very important to pick parameters. I don't mean picking the right parameters — although that certainly helps. I mean picking parameters at all. That might seem obvious, but there are pressures pushing towards abdication: what if you get it wrong? Why not hedge bets and add another option?

IT 154

IT Security 154

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

The Last Watchdog

MARCH 17, 2022

Cybersecurity tools evolve towards leveraging machine learning (ML) and artificial intelligence (AI) at ever deeper levels, and that’s of course a good thing. However, we often see results that feel cookie cutter and counter-productive, raising the question: can AI really do as good of a job as a human? Related: Business logic hacks plague websites.

Cybersecurity 213

Cybersecurity Artificial Intelligence Personal data Phishing 213

Security Affairs

MARCH 17, 2022

The collective Anonymous and its affiliated groups continue to target the Russian government and private organizations. The collective Anonymous, and other groups in its ecosystem, continue to target the Russian government and private organizations. Let’s summarize the most interesting attacks observed in the last few days. Yesterday Anonymous announced the hack of the website of the Ministry of Emergencies of Russia, the hackers defaced them and published the message: “Don’t t

Military 144

Military Communications Government Access 144

IT Governance

MARCH 15, 2022

Cyber threat management is the process of identifying, analysing, evaluating and addressing an organisation’s cyber security requirements. With more than a 1,000 publicly disclosed security incidents last year – and countless others that weren’t reported – cyber security is a growing priority. It’s only by actively monitoring threats throughout their lifecycle that organisations can identify the risks that they face and the steps they should take to mitigate them.

Risk 126

Risk Data breaches Information Security Government 126

eSecurity Planet

MARCH 14, 2022

Cobalt Strike was created a decade ago by Raphael Mudge as a tool for security professionals. It’s a comprehensive platform that emulates very realistic attacks. Indeed, the tool can assess vulnerabilities and run penetration tests , while most tools on the market cannot do both. Vulnerability assessment and pentesting are two different things. The first consists of identifying vulnerabilities that could be used by hackers, not exploiting them.

Energy and Utilities 125

Energy and Utilities Ransomware Communications Security 125

Data Breach Today

MARCH 15, 2022

Despite Russian Aggression, Distributed Denial-of-Service Attacks Remain Illegal With Ukraine having called on the world to join its "IT Army" and help it hack Russia and ally Belarus, what could possibly go wrong? For starters, launching distributed denial-of-service attacks - at least from outside Ukraine - remains illegal and risks triggering an escalation by Moscow.

IT 353

IT Risk 353

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Security Affairs

MARCH 15, 2022

OpenSSL addressed a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778, related to certificate parsing. OpenSSL released updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778 , that affects the BN_mod_sqrt() function used when certificate parsing. The flaw was discovered by the popular Google Project Zero researchers Tavis Ormandy.

IT 134

IT Security Information Security 134

Hunton Privacy

MARCH 18, 2022

On March 16, 2022, Google announced the launch of its new analytics solution, “Google Analytics 4.” Google Analytics 4 aims, among other things, to address recent developments in the EU regarding the use of analytics cookies and data transfers resulting from such use. Background. On August 17, 2020, the non-governmental organization None of Your Business (“NOYB”) filed 101 identical complaints with 30 European Economic Area data protection authorities (“DPAs”) regarding the use of Google Analyti

Analytics 118

Analytics Privacy GDPR Personal data 118

Micro Focus

MARCH 18, 2022

We all have a competitive drive within us. Explore yours while you’re learning how to run and transform your business at the same time—at Micro Focus Universe 2022. Micro Focus Universe is more than a high-profile IT industry event. Just like our technical partner, Jaguar TCS Racing, we like to compete! So we’re bringing the. View Article. The post Scratch Your Competitive Itch at Universe appeared first on Micro Focus Blog.

IT 116

IT 116

Data Breach Today

MARCH 15, 2022

Report: Business Operations Unaffected, Despite Some Disruption International hacking collective Anonymous reportedly hacked the German subsidiary of Russian energy company Rosneft on Monday, die Welt newspaper says, citing the country's cybersecurity watchdog, the Federal Office for Information Security.

Information Security 311

Information Security Cybersecurity Security 311

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Security Affairs

MARCH 17, 2022

Researchers uncovered a new Linux botnet, tracked as B1txor20, that exploits the Log4J vulnerability and DNS tunnel. Researchers from Qihoo 360’s Netlab have discovered a new backdoor used to infect Linux systems and include them in a botnet tracked as B1txor20. The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured an unknown ELF file that was spreading by exploiting the Log4J vulnerability.

Honeypots 131

Honeypots File names Communications Encryption 131

eSecurity Planet

MARCH 18, 2022

Many security professionals think that if they have done the hard work of securing their organization, that should be enough. There is, however, a next step: Documenting policies. Even though drafting IT security policies can be a pain, formal policies provide a valuable resource to protect both the IT team and their organization. In this article, we’ll briefly touch on what policies are; tips for writing them; and the advantages policies provide for compliance, transitions, and IT team liabilit

IT 112

IT Compliance Security Access 112

Hunton Privacy

MARCH 18, 2022

On February 22, 2022, the European Data Protection Board (the “EDPB”) adopted its final Guidelines 04/2021 on Codes of Conduct as tools for transfers (the “Guidelines”), following a public consultation that took place in 2021. Articles 46 of the EU General Data Protection Regulation ( the “GDPR”) provides that data controllers and processors must put in place appropriate safeguards when transferring personal data to third countries, including codes of conduct.

GDPR 111

GDPR Personal data IT 111

Data Breach Today

MARCH 18, 2022

Also: Anonymous Continues Its Cyberwar Against the Russian Government As the Ukrainian military resists Russian advances toward its major population centers, its IT security teams are contending with record cyber incidents - although the same is true of their eastern neighbors, with Russia reporting "unprecedented" cyberattacks on its networks.

IT 264

IT Military Government Security 264

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Security Affairs

MARCH 18, 2022

Experts spotted a new Unix rootkit, called Caketap, that was used to steal ATM banking data. Mandiant researchers discovered a new Unix rootkit named Caketap, which is used to steal ATM banking data, while investigating the activity of the LightBasin cybercrime group (aka UNC1945 ). The China-linked hacking group has been active since at least 2016, according to the CrowdStrike researchers it is using a very sophisticated toolset.

Systems administration 130

Systems administration Security IT Access 130

Threatpost

MARCH 18, 2022

The Russian invasion of Ukraine has coincided with the jamming of airplane navigation systems and hacks on the SATCOM networks that empower critical infrastructure.

Government 115

Government Security 115

Hunton Privacy

MARCH 17, 2022

On March 10, 2022, in its first formal written opinion interpreting the California Consumer Privacy Act’s (“CCPA’s”) compliance obligations, the California Attorney General (“AG”) confirmed that the CCPA grants a consumer the right to access inferences drawn from personal information collected about the consumer, even if such inferences are generated by the business (unless the business can demonstrate that a statutory exception to the CCPA applies).

Access 108

Access Privacy Compliance IT 108

Data Breach Today

MARCH 18, 2022

Feds Issue Satellite Network Security Alert; Viasat Saw 'Deliberate' Cyberattack If Russia uses hack attacks to support its invasion, would Western governments want to immediately attribute those attacks or disruptions? Enter a Thursday alert from the U.S. government warning that it is "aware of possible threats to U.S. and international satellite communication networks.

Communications 264

Communications Government Security IT 264

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Security Affairs

MARCH 16, 2022

In mere seconds, a hacker remotely accessed a computer belonging to a regional Russian Ministry of Health, taking advantage of sloppy cybersecurity practices to expose its entire network. Original post at [link]. Spielerkid89, who wished to remain anonymous, did not intend to harm the organization and left its systems intact. However, his experiment is a perfect example of how poor cyber hygiene can leave organizations vulnerable to cyber attacks.

Authentication 125

Authentication Access Systems administration Military 125

Threatpost

MARCH 17, 2022

In the latest software supply-chain attack, the code maintainer added malicious code to the hugely popular node-ipc library to replace files with a heart emoji and a peacenotwar module.

Libraries 107

Libraries Security 107

Schneier on Security

MARCH 16, 2022

Basically, the SafeZone library doesn’t sufficiently randomize the two prime numbers it used to generate RSA keys. They’re too close to each other, which makes them vulnerable to recovery. There aren’t many weak keys out there, but there are some: So far, Böck has identified only a handful of keys in the wild that are vulnerable to the factorization attack.

Manufacturing 106

Manufacturing Libraries Encryption IT 106

Data Breach Today

MARCH 17, 2022

This report analyzes how sanctions levied against Russia and Belarus for the invasion of Ukraine are affecting security researchers in those countries who participate in bug bounty programs. It also examines lessons to be learned from data breaches and developments in passwordless authentication.

Data breaches 263

Data breaches Authentication Security IT 263

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Security Affairs

MARCH 17, 2022

Microsoft released an open-source tool to secure MikroTik routers and check for indicators of compromise for Trickbot malware infections. Microsoft has released an open-source tool, dubbed RouterOS Scanner, that can be used to secure MikroTik routers and check for indicators of compromise associated with Trickbot malware infections. “This analysis has enabled us to develop a forensic tool to identify Trickbot-related compromise and other suspicious indicators on MikroTik devices.

Ransomware 118

Ransomware Passwords IoT Communications 118

KnowBe4

MARCH 16, 2022

New data puts the spotlight on how most organizations unable to completely recover their data after a ransomware attack, making the case for better data protection for improved incident response.

Ransomware 104

Ransomware 104

Schneier on Security

MARCH 18, 2022

My proof of COVID-19 vaccination is recorded on an easy-to-forge paper card. With little trouble, I could print a blank form, fill it out, and snap a photo. Small imperfections wouldn’t pose any problem; you can’t see whether the paper’s weight is right in a digital image. When I fly internationally, I have to show a negative COVID-19 test result. That, too, would be easy to fake.

Paper 106

Paper Security Compliance Privacy 106