IT Governance

DECEMBER 20, 2022

2022 will go down as the year where some semblance of normality returned. Social distancing restrictions were gone, masks disappeared and we made travel plans unfettered by fear of positive lateral flow tests. These were truly precedented times. Although there have still been a few surprises, with the death of Queen Elizabeth II and blazing heatwaves across the UK to name but two, it was a familiar year in the cyber security landscape.

Security 132

Security Data breaches Ransomware Military 132

Data Breach Today

DECEMBER 20, 2022

Breach Is Latest in Long List of Complex Vendor Incidents An Oklahoma-based provider of administrative and technology services to healthcare organizations is notifying more than 271,000 individuals that their personal information may have been compromised in a hacking incident involving a third-party data storage vendor.

328

328

Dark Reading

DECEMBER 22, 2022

New technical chatbot capabilities raise the promise that their help in threat modeling could free humans for more interesting work.

106

106

Krebs on Security

DECEMBER 19, 2022

Photo: BrandonKleinPhoto / Shutterstock.com. Two U.S. men have been charged with hacking into the Ring home security cameras of a dozen random people and then “swatting” them — falsely reporting a violent incident at the target’s address to trick local police into responding with force. Prosecutors say the duo used the compromised Ring devices to stream live video footage on social media of police raiding their targets’ homes, and to taunt authorities when they arri

Passwords 276

Passwords Access IT Security 276

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

The Last Watchdog

DECEMBER 20, 2022

The 2020s are already tumultuous. Related: The Holy Grail of ‘digital resiliency’ Individuals are experiencing everything from extraordinary political and social upheaval to war on the European continent to the reemergence of infectious diseases to extreme weather events. Against this unsettling backdrop, citizens, consumers, employees, and partners will look to organizations that they trust for stability and positive long-term relationships.

Privacy 145

Privacy Risk Government Compliance 145

Security Affairs

DECEMBER 19, 2022

IT giant Cisco is warning of threat actors exploiting many old vulnerabilities in attacks in the wild. Cisco has updated multiple security advisories to warn of the active exploitation of several old vulnerabilities impacting its products. The bugs, some of which are rated as ‘critical’ severity, impact Cisco IOS, NX-OS, and HyperFlex software. Below are the critical vulnerabilities being exploited in attacks in the wild: CVE-2017-12240 (CVSS score of 9.8) – The vulnerability affects the D

Security 137

Security Access IT Information Security 137

Krebs on Security

DECEMBER 20, 2022

Millions of people likely just received an email or snail mail notice saying they’re eligible to claim a class action payment in connection with the 2017 megabreach at consumer credit bureau Equifax. Given the high volume of reader inquiries about this, it seemed worth pointing out that while this particular offer is legit (if paltry), scammers are likely to soon capitalize on public attention to the settlement money.

Data breaches 233

Data breaches Data collection Paper Personal data 233

The Last Watchdog

DECEMBER 19, 2022

Cybercrime is a big business. And like any other large industry, specialization has emerged. Related: IABs fuel ransomware surge. As data becomes more valuable, criminals can profit more from stealing, selling or holding it for ransom, leading to a massive black market of information. Initial access brokers (IABs) play an increasingly central role in this cyber underworld.

Access 124

Access Ransomware Digital transformation Cybersecurity 124

Data Breach Today

DECEMBER 17, 2022

International Fraudulent Cryptocurrency Pyramid Scheme Netted $4 Billion Karl Sebastian Greenwood, a dual citizen of Sweden and the United Kingdom pleaded guilty in U.S. federal court to his role in selling the purported multi-billion-dollar cryptocurrency pyramid OneCoin that netted $4 billion. He now faces sentencing.

283

283

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Thales Cloud Protection & Licensing

DECEMBER 21, 2022

Thales collaborates with Hewlett Packard Enterprise to Enhance 5G Subscriber Privacy and Security. divya. Thu, 12/22/2022 - 05:40. Thales collaborates with Hewlett Packard Enterprise (HPE) to provide enhanced privacy and secure authentication for global 5G users, further extending its partner ecosystem. The Thales Luna 7 Hardware Security Module (HSM), a world-class HSM, will power a foundation of trust around HPE’s Subscriber Data Management (SDM) solutions, ensuring subscriber data, transactio

Privacy 126

Privacy Security Authentication Cloud 126

Security Affairs

DECEMBER 22, 2022

North Korea-linked threat actors have stolen an estimated $1.2 billion worth of cryptocurrency and other virtual assets in the past five years. South Korea’s spy agency, the National Intelligence Service, estimated that North Korea-linked threat actors have stolen an estimated 1.5 trillion won ($1.2 billion) in cryptocurrency and other virtual assets in the past five years.

Military 126

Military Government Ransomware Security 126

Dark Reading

DECEMBER 19, 2022

Revived levels of holiday spending have caught the eye of threat actors who exploit consumer behaviors and prey on the surge of online payments and digital activities during the holidays.

Retail 113

Retail Phishing 113

Data Breach Today

DECEMBER 20, 2022

'Gamaredon,' Tied to FSB, Expands Intelligence Ops as Invasion of Ukraine Persists Security researchers at Palo Alto Networks say they identified an attempted hack on a large petroleum refining company based inside a NATO member that came from a threat actor known as Gamaredon and Trident Ursa. The Ukrainian government traces the group to a Russian FSB.

Government 273

Government Security 273

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

KnowBe4

DECEMBER 21, 2022

A well-trained Knowster posted: " I lost my dog this weekend and my mother in law was trying to be helpful and put my real phone number on a few social media posts she made. Now im getting these kinds of texts and it’s heartbreaking to think someone else may have fallen for this!

110

110

Security Affairs

DECEMBER 22, 2022

The Vice Society ransomware group has adopted new custom ransomware, with a strong encryption scheme, in recent intrusions. SentinelOne researchers discovered that the Vice Society ransomware gang has started using a custom ransomware that implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms. Vice Society ransomware has been active since June 2021, it is considered by researchers a spin-off of the HelloKitty ransomware , the malware targets both Windows and L

Ransomware 125

Ransomware Encryption File names Education 125

Dark Reading

DECEMBER 22, 2022

Tech Insight report co-produced by Black Hat, Dark Reading, and Omdia examines how cloud security is evolving in a rapid race to beat threat actors to the (cloud) breach.

Cloud 110

Cloud Security 110

Data Breach Today

DECEMBER 23, 2022

Federal Agencies Told to Prepare to Move Quickly Once Standards Get Identified U.S. President Joe Biden signed into law the Quantum Computing Cybersecurity Preparedness Act, designed "to encourage the migration of federal government IT systems to quantum-resistant cryptography" by ensuring they prepare strategies now for implementing forthcoming cryptography standards.

IT 270

IT Cybersecurity Government 270

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Schneier on Security

DECEMBER 19, 2022

The Ukrainian army has released an instructional video explaining how Russian soldiers should surrender to a drone: “Seeing the drone in the field of view, make eye contact with it,” the video instructs. Soldiers should then raise their arms and signal they’re ready to follow. After that the drone will move up and down a few meters, before heading off at walking pace in the direction of the nearest representatives of Ukraine’s army, it says.

IT 109

IT 109

Security Affairs

DECEMBER 19, 2022

Researchers spotted a new variant of the Agenda ransomware which is written in the cross-platform programming language Rust. Trend Micro researchers have spotted a new variant of the Agenda ransomware (aka Qilin) that is written in Rust Language. The move follows the decision of other ransomware gangs, like Hive , Blackcat , RansomExx , and Luna , of rewriting their ransomware into Rust.

Ransomware 123

Ransomware Encryption Passwords Education 123

Hunton Privacy

DECEMBER 20, 2022

On December 19, 2022, the Federal Trade Commission announced two settlements, amounting to $520 million, with Epic Games, Inc. in connection with alleged violations of the Children’s Online Privacy Protection Act Rule (the “COPPA Rule”) and alleged use of “dark patterns” relating to in-game purchases. The first action arises from a complaint and proposed order filed in federal court by the Department of Justice on behalf of FTC.

Privacy 105

Privacy Access IT Personal data 105

Data Breach Today

DECEMBER 20, 2022

Suresh Vasudevan on Why Falco Has Become the Industry Standard for Threat Detection Cloud vendors from Amazon, Microsoft and Google to IBM and Sumo Logic have turned to Sysdig's Falco open-source threat detection engine to secure their environments. Sysdig CEO Suresh Vasudevan says Falco has become the standard for threat detection in the industry.

Cloud 205

Cloud Security 205

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Dark Reading

DECEMBER 20, 2022

When properly designed and trained, artificial intelligence and machine learning can help improve the accuracy of DDoS detection and mitigation.

Artificial Intelligence 112

Artificial Intelligence 112

Security Affairs

DECEMBER 19, 2022

US government is warning of business email compromise (BEC) attacks aimed at hijacking shipments of food products and ingredients. The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of Agriculture (USDA) have published a joint security advisory to warn of business email compromise (BEC) attacks leading to the hijack of shipments of food products and ingredients.

Agriculture 117

Agriculture Communications Sales Access 117

Collibra

DECEMBER 20, 2022

In the public sector, the consequences of bad data can have a profound effect on the daily life of citizens everywhere. . From budgets to policy proposals, the risk that the government not only makes bad decisions but that it doesn’t have the data capabilities to make good ones is real. So it’s not surprising that 87% of government agencies consider data among their “greatest strategic assets.

Government 97

Government Data science Cloud Paper 97

Data Breach Today

DECEMBER 20, 2022

European Commission Took Key Step in Finalizing Trans-Atlantic Data Flow Framework Europe took a key step in formalizing a framework to underpin the trans-Atlantic flow of commercial data but privacy activists say the EU-U.S. agreement won't stand up to a legal challenge. The Commission on Dec. 13 issued a draft adequacy decision on the EU-U.S. Data Privacy Framework.

Data Privacy 205

Data Privacy Privacy 205

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

Customer Experience

KnowBe4

DECEMBER 21, 2022

Attackers are using XLL files to embed malicious code in Office documents, according to researchers at Cisco Talos. Microsoft is phasing out the ability to execute VBA macros in Office documents. These macros have been one of the most popular ways to deliver malware, so attackers are turning to new ways to smuggle malicious code.

96

96

Security Affairs

DECEMBER 21, 2022

Play ransomware attacks target Exchange servers with a new exploit that bypasses Microsoft’s ProxyNotShell mitigations. Play ransomware operators target Exchange servers using a new exploit chain, dubbed OWASSRF by Crowdstrike, that bypasses Microsoft’s mitigations for ProxyNotShell vulnerabilities. The ProxyNotShell flaws are: CVE-2022-41040 – Microsoft Exchange Server Elevation of Privilege Vulnerability.

Ransomware 114

Ransomware Access Authentication Security 114

Dark Reading

DECEMBER 23, 2022

A complete bypass of the Kyverno security mechanism for container image imports allows cyberattackers to completely take over a Kubernetes pod to steal data and inject malware.

Cloud 95

Cloud Security 95