Krebs on Security

MARCH 1, 2022

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. The chat logs offer a fascinating glimpse into the challenges of running a sprawling criminal enterprise with more than 100 salaried employees.

Ransomware 258

Ransomware Government Security IT 258

Dark Reading

MARCH 1, 2022

Email-borne attacks out of Russia have already targeted at least a few US and European organizations.

133

133

IT Governance

MARCH 1, 2022

The cyber security industry, much like the rest of the world, is on edge. Our figures for this month are comparatively low – with 83 data breaches and cyber attacks accounting for 5,127,241 breached records – but there is a sense that we are on the brink of something. In the final days of February, there were a flurry of security incidents related, either directly or indirectly, to the Ukraine conflict.

Data breaches 134

Data breaches Ransomware Government Blockchain 134

The Last Watchdog

FEBRUARY 28, 2022

One could make the argument that Application Programming Interfaces — APIs – are a vital cornerstone of digital transformation. Related: How a dynamic WAF can help protect SMBs. APIs interconnect the underlying components of modern digital services in a very flexible, open way. This has resulted in astounding innovations in cloud services, mobile computing, IoT systems and agile software development.

Security 255

Security IoT Digital transformation Authentication 255

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Data Matters

MARCH 4, 2022

On February 9, 2022, the U.S. Securities and Exchange Commission (SEC) proposed comprehensive rules for registered advisers and funds. Among other things, these rules will require advisers and funds to implement written policies and procedures designed to address cybersecurity risks, report significant cybersecurity incidents to the SEC within 48 hours using a proposed form, and keep enumerated cybersecurity-related books and records.

Cybersecurity 158

Cybersecurity Risk Privacy Security 158

eSecurity Planet

MARCH 4, 2022

The U.S. National Security Agency (NSA) released comprehensive network security guidance on March 3, on the same day that the Cybersecurity and Infrastructure Security Agency (CISA) released its longest-ever list of exploited vulnerabilities. With organizations around the world on heightened alert in the wake of Russia’s unprovoked war against Ukraine, government agencies have stepped up efforts too.

Security 128

Security Authentication Cybersecurity Encryption 128

Hunton Privacy

MARCH 3, 2022

On February 18, 2022, California Assembly Member Evan Low (D) introduced a pair of bills – AB 2871 and AB 2891 – that would extend the duration of the current exemptions in the California Consumer Privacy Act (“CCPA”) (as amended by the California Privacy Rights Act (“CPRA”)) for certain HR data and business-to-business (“B2B”) customer representative personnel data from most of the law’s requirements.

B2B 126

B2B Privacy Compliance Personal data 126

Data Matters

MARCH 3, 2022

On February 25, 2022, in light of Russia’s attack on Ukraine, and months of continuing Russian state-sponsored cyberattacks on Ukrainian government and critical infrastructure organizations, the Cybersecurity and Infrastructure Security Agency (CISA) issued a “Shields Up” warning to American critical infrastructure organizations and businesses, stating that “[e]very organization—large and small—must be prepared to respond to disruptive cyber activity.

Government 141

Government Cybersecurity Authentication Information Security 141

Schneier on Security

MARCH 4, 2022

Researchers have found a major encryption flaw in 100 million Samsung Galaxy phones. From the abstract: In this work, we expose the cryptographic design and implementation of Android’s Hardware-Backed Keystore in Samsung’s Galaxy S8, S9, S10, S20, and S21 flagship devices. We reversed-engineered and provide a detailed description of the cryptographic design and code structure, and we unveil severe design flaws.

Encryption 116

Encryption Security IT Paper 116

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Dark Reading

MARCH 1, 2022

Hybridizing signatures with artificial intelligence is making a significant difference in our ability to detect cyberattacks, including ransomware.

Artificial Intelligence 126

Artificial Intelligence Cybersecurity Ransomware 126

Hunton Privacy

MARCH 2, 2022

On February 17, 2022, the California Privacy Protection Agency (“CPPA”) announced at a board meeting that it will delay the publication of final regulations under the California Privacy Rights Act (“CPRA”). As drafted, the CPRA provides for regulations to be finalized by July 1, 2022, to allow for a six-month compliance window ahead of the law’s January 1, 2023 effective date.

Privacy 125

Privacy Compliance IT 125

Threatpost

MARCH 1, 2022

The flaws are in the ubiquitous open-source PJSIP multimedia communication library, used by the Asterisk PBX toolkit that's found in a massive number of VoIP implementations.

Libraries 112

Libraries Communications Security 112

OpenText Information Management

FEBRUARY 27, 2022

The benefits of moving to cloud are well-documented. Decision makers surveyed by 451 Research cited improved operational efficiency, greater security, and cost savings as key benefits of cloud-native technology. Leveraging a DevOps strategy – that strategically combines software development with IT operations – is central to this transformation. By balancing operational needs with continuous delivery, … The post From investment to innovation engine: Cloud technology and DevOps strategy are

Digital transformation 109

Digital transformation Cloud Security Content services 109

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Dark Reading

MARCH 4, 2022

Nearly 65% of security operations center (SOC) analysts are likely to change jobs in the next year, survey shows.

Security 137

Security 137

Hunton Privacy

MARCH 1, 2022

The Federal Trade Commission has reached a settlement with WW International, Inc. and Kurbo, Inc. over allegations the companies improperly registered children for the “Kurbo by WW” online weight loss management program. In pleadings filed on February 16, 2022, in federal court in the Northern District of California, the FTC claims WW and Kurbo offered a service that was tailored for children but that failed to ensure parental involvement in the registration process.

Privacy 111

Privacy Personal data Information Security Security 111

Security Affairs

FEBRUARY 27, 2022

The Anonymous hacker collective claims to have breached the Belarusian Railway’s data-processing network. The Anonymous collective announced that the internal network of Belarusian railways has been compromised, the group claims to have blocked all services and will deactivate them until Russian troops will leave the territory of Belarus. The internal network of Belarusian railways has been attacked, all services are out of order and will soon be deactivated until Russian troops leave the

Military 107

Military Security IT Information Security 107

Data Protection Report

MARCH 4, 2022

On February 9, 2022, the U.S. Securities and Exchange Commission (“SEC”) released a proposal aimed at enhancing cybersecurity risk management programs, including cybersecurity preparedness and response, for registered investment advisers (“advisers”), investment companies and business development companies (“funds”). Overall, the proposal addresses the following rule amendments and additions: Cybersecurity Policies and Procedures.

Cybersecurity 104

Cybersecurity Risk Compliance Access 104

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

DLA Piper Privacy Matters

MARCH 1, 2022

Experiencing a global pandemic has provided us with many examples of the importance of scientific research to our lives. Meanwhile, a sometimes popular (mis)conception is that data protection laws – and particularly the GDPR – are a barrier to the effective use of personal data for research. Consequently, new guidance from the UK’s Information Commissioner’s Office ( ICO ) – which is open for public consultation until 22 April 2022 – is timely, and should be on the radar of both private and pub

Personal data 104

Personal data GDPR Data collection Archiving 104

Schneier on Security

MARCH 1, 2022

Nice piece of research : Abstract: Among the many types of malicious codes, ransomware poses a major threat. Ransomware encrypts data and demands a ransom in exchange for decryption. As data recovery is impossible if the encryption key is not obtained, some companies suffer from considerable damage, such as the payment of huge amounts of money or the loss of important data.

Ransomware 102

Ransomware Encryption Paper IT 102

Security Affairs

FEBRUARY 27, 2022

Ukraine is recruiting a volunteer IT army composed of white hat hackers to launch attacks on a list of Russian entities. Ukraine is recruiting a volunteer IT army of cyber security experts and white hat hackers to launch cyberattacks on a list of Russian entities. The list is composed of 31 targets including Russian critical infrastructure, government agencies, banks, hosting prividers.

IT 102

IT Digital transformation Government Ransomware 102

The Security Ledger

MARCH 3, 2022

Seven in 10 SOC analysts say they are “burned out.” Six in 10 plan to leave their job “in the next year.” Tines CEO Eoin Hinchy says no-code automation may be a way to reduce the burnout and retain top talent. The post How to Bring the Power of No-Code Security Automation to Your Team in 2022 appeared first on The Security Ledger with. Read the whole entry. » Related Stories Why Security Practitioners Are Unhappy With Their Current SIEM State of Modern Application Security: 6 Key Takeaways

Security 98

Security 98

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Record Nations

MARCH 4, 2022

Whether schools will continue remote or in-person learning remains to be seen. Staying organized for remote learning, or switching back and forth can be a pain. As of this publication, most schools around the country have resumed their in-person curriculum. If the past few years have taught us anything, we know that this could change […]. The post Staying Organized For Remote or In-Person Learning appeared first on Record Nations.

98

98

Jamf

MARCH 2, 2022

The LifeSaver Mobile integration with Jamf Pro and Jamf Now makes it easier to prevent automotive accidents by restricting employees' access to their company phones while behind the wheel, all without the need for expensive hardware.

Access 98

Access IT 98

Security Affairs

FEBRUARY 28, 2022

Microsoft revealed that Ukrainian entities were targeted with a previous undetected malware, dubbed FoxBlade, several hours before the invasion. The Microsoft Threat Intelligence Center (MSTIC) continues to investigate the attacks that are targeting Ukrainian networks and discovered that entities in Ukraine were targeted with a previously undetected malware, dubbed FoxBlade, several hours before Russia’s invasion. “This trojan can use your PC for distributed denial-of-service (DDoS)

Government 100

Government IT Security 100

The Guardian Data Protection

FEBRUARY 27, 2022

The tech giant has many ways of gathering information about its users’ activity – from Prime to Alexa. But how much can it collect and what can you do to keep your life private? From selling books out of Jeff Bezos’s garage to a global conglomerate with a yearly revenue topping $400bn (£290bn), much of the monstrous growth of Amazon has been fuelled by its customers’ data.

IT 98

IT 98

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

Customer Experience

DLA Piper Privacy Matters

FEBRUARY 28, 2022

By: Andy Serwin ? Ross McKean ? Carolyn Bigg In response to the heightened geo-political tensions resulting from Russia’s invasion of Ukraine and the package of economic sanctions imposed by the West, the risk of cyber-attacks by Russia and her proxies is high. We may see an increase in economic extortion to generate revenue to compensate for economic impacts.

Passwords 98

Passwords Phishing Risk Access 98

Schneier on Security

FEBRUARY 28, 2022

Tarah Wheeler and Josephine Wolff analyze a recent court decision that the NotPetya attacks are not considered an act of war under the wording of Merck’s insurance policy, and that the insurers must pay the $1B+ claim. Wheeler and Wolff argue that the judge “did the right thing for the wrong reasons.

Insurance 97

Insurance Cybersecurity Security 97

Security Affairs

MARCH 2, 2022

The massive operation launched by the Anonymous collective against Russia for its illegitimate invasion continues. The popular collective Anonymous, and its affiliates, relentlessly continue their offensive against Russian targets. In the last few hours, in addition to government sites, the sites of the country’s main banks have been brought to their knees.

IT 95

IT Manufacturing Mining Government 95