Sat.May 21, 2022 - Fri.May 27, 2022

Twitter Fined $150M for Misusing Private Data to Sell Ads

Data Breach Today

Firm Deceptively Used Account Security Data of 140 Million Users A $150 million penalty has been slapped on Twitter for deceptively using account security data of millions of users for targeted advertising, the U.S. Justice Department and the Federal Trade Commission say.

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

The Last Watchdog

Google, Microsoft and Apple are bitter arch-rivals who don’t often see eye-to-eye. Related: Microsoft advocates regulation of facial recognition tools. Yet, the tech titans recently agreed to adopt a common set of standards supporting passwordless access to websites and apps.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Zero-Click Zoom Bug Allows Code Execution Just by Sending a Message

Dark Reading

Google has disclosed a nasty set of six bugs affecting Zoom chat that can be chained together for MitM and RCE attacks, no user interaction required

108
108

Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw

Security Affairs

Security researchers released PoC exploit code for the critical authentication bypass vulnerability CVE-2022-22972 affecting multiple VMware products.

Build Your Open Data Lakehouse on Apache Iceberg

Speaker: Veena Vasudevan and Jason Hughes

In this webinar, Dremio and AWS will discuss the most common challenges in data architecture and how to overcome them with an open data lakehouse architecture on AWS. Sign up now!

Feds Allege Former IT Consultant Hacked Healthcare Company

Data Breach Today

Experts: Case Spotlights Critical, But Often Overlooked, Insider Threats, Risks A former IT consultant has been charged with allegedly hacking into a computer server of a healthcare company client that had months earlier denied him employment with the organization.

IT 266

More Trending

ChromeLoader Malware Hijacks Browsers With ISO Files

Dark Reading

The malware’s abuse of PowerShell makes it more dangerous, allowing for more advanced attacks such as ransomware, fileless malware, and malicious code memory injections

Proton Is Trying to Become Google—Without Your Data

WIRED Threat Level

The encrypted-email company, popular with security-conscious users, has a plan to go mainstream. Security Security / Privacy Security / Security News

Hospital Cyberattack Compromises Data From Decades Ago

Data Breach Today

Ontario Entity Says Patient, Employee Information Affected A cyberattack detected in December at a Canadian healthcare entity has compromised a wide range of data, including some patient information dating back to 1996, as well as employee vaccination records from last year.

GUEST ESSAY: Deploying ‘XDR’ can help companies avoid the security ‘vendor-silo’ trap

The Last Watchdog

According to recent data from Oracle and KPMG, organizations today employ over 100 cybersecurity products to secure their environments. These products play essential roles in detecting and preventing threats. Related: Taking a ‘risk-base’ approach to security compliance. However, because they generate thousands of alerts every day , this vast sprawl of security sources adds even more work to already over-stretched security teams. It could create a cybersecurity ticking time bomb.

The Ultimate Guide to Hardening Windows Servers

IT Professional looking to harden your servers? ThreatLocker’s got you covered. The Ultimate Guide to Hardening Windows Servers offers tips and best practices to help mitigate cyber threats, better protect your servers, and secure your endpoints. Download today!

Act Now: Leveraging PCI Compliance to Improve Security

Dark Reading

Let the threat landscape guide your company's timeline for complying with new data security standards for credit cards. Use the phase-in time to improve security overall — security as a process — not just comply with new standards

ERMAC 2.0 Android Banking Trojan targets over 400 apps

Security Affairs

A new version of the ERMAC Android banking trojan is able to target an increased number of apps. The ERMAC Android banking trojan version 2.0 can target an increasing number of applications, passing from 378 to 467 target applications to steal account credentials and crypto-wallets.

ISMG Editors: London Summit Highlights

Data Breach Today

MY TAKE: ‘Digital trust’ has a huge role to play mitigating cybersecurity threats, going forward

The Last Watchdog

Modern digital systems simply could not exist without trusted operations, processes and connections. They require integrity, authentication, trusted identity and encryption. Related: Leveraging PKI to advance electronic signatures. It used to be that trusting the connection between a workstation and a mainframe computer was the main concern. Then the Internet took off and trusting the connection between a user’s device and a web server became of paramount importance.

Data Value Scorecard Report

This report examines the quantitative research of data leaders on data value and return on investment.

New Chaos Malware Variant Ditches Wiper for Encryption

Dark Reading

The Chaos ransomware-builder was known for creating destructor malware that overwrote files and made them unrecoverable -- but the new Yashma version finally generates binaries that can encrypt files of all sizes

GhostTouch: how to remotely control touchscreens with EMI

Security Affairs

Security researchers devised a technique, dubbed GhostTouch, to remotely control touchscreens using electromagnetic signals.

Paper 112

Lacework Announces Layoffs, 6 Months After Raising $1.3B

Data Breach Today

Layoffs Designed to Increase Lacework's Cash Runway and Strengthen Balance Sheet High-flying cybersecurity startup Lacework has announced layoffs - affecting 20% of its employees, according to one report - in a bid to strengthen its balance sheet, just six months after raising $1.3 billion.

NOYB open letter on the new EU – US data deal

DLA Piper Privacy Matters

Max Schrems, through his organisation, ‘My Privacy is None of your Business’ (“ noyb.eu ”) has issued an open letter to U.S. and EU officials about the announcement of an ‘agreement in principle’ for a new Trans-Atlantic Data Privacy Framework (“ letter ”).

TCO Considerations of Using a Cloud Data Warehouse for BI and Analytics

Enterprises poured $73 billion into data management software in 2020 – but are seeing very little return on their data investments. 22% of data leaders surveyed have fully realized ROI in the past two years, with 56% having no consistent way of measuring it.

Space Force Expands Cyber Defense Operations

Dark Reading

Space Force's Delta 6 cyber-defense group adds squadrons, updates legacy Satellite Control Network

112
112

Chaining Zoom bugs is possible to hack users in a chat by sending them a message

Security Affairs

Security flaws in Zoom can be exploited to compromise another user over chat by sending specially crafted messages.

Ransomware Costs City of Quincy, Illinois, $650,000

Data Breach Today

No Evidence of Data Being Stolen From Affected Systems The City of Quincy, Illinois' administrative systems were hit by a ransomware attack on May 7, confirmed Mayor Mike Troup in a press conference held on Tuesday.

North Korean IT Workers Are Infiltrating Tech Companies

WIRED Threat Level

Plus: The Conti ransomware gang shuts down, Canada bans Huawei and ZTE, and more of the week’s top security news. Security Security / Cyberattacks and Hacks

12 Considerations When Evaluating Data Lake Engine Vendors for Analytics and BI

Businesses today compete on their ability to turn big data into essential business insights. Modern enterprises leverage cloud data lakes as the platform used to store data. 57% of the enterprises currently using a data lake cite improved business agility as a benefit.

Linux Trojan XorDdos Attacks Surge, Targeting Cloud, IoT

Dark Reading

Analysts have seen a massive spike in malicious activity by the XorDdos trojan in the last six months, against Linux cloud and IoT infrastructures

IoT 109

CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog

Security Affairs

US Critical Infrastructure Security Agency (CISA) adds 41 new vulnerabilities to its Known Exploited Vulnerabilities Catalog.

IT 107

Cyberattack Affects Greenland's Healthcare Services

Data Breach Today

Attack Began on May 9; Patient Records Currently Inaccessible The healthcare services in the island country of Greenland, an autonomous Danish dependent territory, have been crippled by a cyberattack that began on May 9, 2022.

Open Source Intelligence May Be Changing Old-School War

WIRED Threat Level

Intelligence collected from public information online could be impacting traditional warfare and altering the calculus between large and small powers. Security Security / National Security

Checklist Report: Preparing for the Next-Generation Cloud Data Architecture

Data architectures have evolved dramatically. It is time to reconsider the fundamental ways that information is accumulated, managed, and then provisioned to the different downstream data consumers.

VMware, Airline Targeted as Ransomware Chaos Reigns

Dark Reading

Global ransomware incidents target everything from enterprise servers to grounding an airline, with one India-based group even taking a Robin Hood approach to extortion with the "GoodWill" strain

Italy announced its National Cybersecurity Strategy 2022/26

Security Affairs

Italy announced its National Cybersecurity Strategy for 2022/26, a crucial document to address cyber threats and increase the resilience of the country.

US Sets Up Multiagency Initiatives to Curb Ransomware

Data Breach Today

FBI, CISA Will Focus on Threat Awareness and DOJ Will Focus on Illicit Crypto Use The U.S.