Krebs on Security
OCTOBER 11, 2022
Microsoft today released updates to fix at least 85 security holes in its Windows operating systems and related software, including a new zero-day vulnerability in all supported versions of Windows that is being actively exploited. However, noticeably absent from this month’s Patch Tuesday are any updates to address a pair of zero-day flaws being exploited this past month in Microsoft Exchange Server.
The Last Watchdog
OCTOBER 10, 2022
As digital technologies become more immersive and tightly integrated with our daily lives, so too do the corresponding intrusive attacks on user privacy. Related: The case for regulating facial recognition. Virtual reality (VR) is well positioned to become a natural continuation of this trend. While VR devices have been around in some form since well before the internet, the true ambition of major corporations to turn these devices into massively-connected social “metaverse” platforms has only r
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
KnowBe4
OCTOBER 12, 2022
Security researchers at Akamai identify an average of 13 million newly observed domains (NOD) each month this year, representing about 20% of the NODs resolved in the same timeframe.
WIRED Threat Level
OCTOBER 10, 2022
Colleges and K-12 campuses increasingly monitor student emails, social media, and more. Here’s how to secure your (or your child’s) privacy.
Advertisement
Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.
Schneier on Security
OCTOBER 12, 2022
Researchers have used thermal cameras and ML guessing techniques to recover passwords from measuring the residual heat left by fingers on keyboards. From the abstract: We detail the implementation of ThermoSecure and make a dataset of 1,500 thermal images of keyboards with heat traces resulting from input publicly available. Our first study shows that ThermoSecure successfully attacks 6-symbol, 8-symbol, 12-symbol, and 16-symbol passwords with an average accuracy of 92%, 80%, 71%, and 55% respec
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Data Matters
OCTOBER 13, 2022
On October 5, 2022, a federal jury in the Northern District of California convicted former Uber Chief Security Officer Joseph Sullivan of obstructing a federal proceeding and misprision of a felony for his role in deceiving management and the federal government to cover up a 2016 data breach that exposed personally identifiable information (“PII”) of approximately 57 million users, including approximately 600,000 drivers’ license numbers, of the ride-hailing service.
Security Affairs
OCTOBER 14, 2022
Researchers disclosed details of a now-patched flaw, tracked as CVE-2022-37969, in Windows Common Log File System (CLFS). The CVE-2022-37969 (CVSS score: 7.8) flaw is a Windows Common Log File System Driver Elevation of Privilege Vulnerability. The Common Log File System (CLFS) is a general-purpose logging subsystem that can be used by applications running in both kernel mode and user mode for building high-performance transaction logs, and is implemented in the driver CLFS.sys.
Hunton Privacy
OCTOBER 12, 2022
On October 3, 2022, Google LLC (“Google”) agreed to pay the State of Arizona $85 million to settle a consumer privacy lawsuit that alleged the company surreptitiously collected consumers’ geolocation data on smartphones even after users disabled location tracking. . Arizona’s lawsuit followed a 2018 Associated Press article that alleged Google continued to track the location of Android devices even after users disabled the Location History setting on the device.
Data Breach Today
OCTOBER 14, 2022
39 Million Shoppers of Shein and Romwe Weren't Notified of Personal Data Exposure Fast-fashion clothing giant Shein has been fined $1.9 million by the New York state attorney general for multiple failings tied to a massive 2018 data breach, including substandard password security as well as failing to alert users or force password resets in a timely manner.
Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage
Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.
Dark Reading
OCTOBER 11, 2022
The computing giant didn't fix ProxyNotLogon in October's Patch Tuesday, but it disclosed a rare 10-out-of-10 bug and patched two other zero-days, including one being exploited.
Schneier on Security
OCTOBER 11, 2022
Interesting research: “ ImpNet: Imperceptible and blackbox-undetectable backdoors in compiled neural networks , by Tim Clifford, Ilia Shumailov, Yiren Zhao, Ross Anderson, and Robert Mullins: Abstract : Early backdoor attacks against machine learning set off an arms race in attack and defence development. Defences have since appeared demonstrating some ability to detect backdoors in models or even remove them.
Data Matters
OCTOBER 14, 2022
*This article first appeared on Law360 on October 14, 2022. A series of coordinated announcements on Oct. 7 lifted the veil on a new trans-Atlantic data transfer mechanism. This announcement has been hotly anticipated since a joint declaration from the U.S. and European Union governments on March 25, that there was an agreement in principle for a new EU-U.S.
Data Breach Today
OCTOBER 8, 2022
Phishing Incident Caused Service Disruptions and Delays Australian fruit and vegetable supplier Costa Group says it was subjected to a malicious and sophisticated phishing attack in August that resulted in unauthorized access to its servers. The company, listed on the Australian Securities Exchange, says that the attack occurred on August 21.
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
Dark Reading
OCTOBER 10, 2022
A CISO's responsibilities have evolved immensely in recent years, so their first three months on the job should look a different today than they might have several years ago.
John Battelle's Searchblog
OCTOBER 10, 2022
Over at LinkedIn I’ve published a short piece on Web3 – a primer of sorts for the many marketing pals who’ve asked me “does this s**t matter!?” As I do with everything I pen, I’ve posted it here as well. (image credit). In the more than 30 years since the digital revolution swept through marketing, most of us have adapted to the ever-present change inherent in what has become a technology-driven profession.
Security Affairs
OCTOBER 13, 2022
The Budworm espionage group resurfaced targeting a U.S.-based organization for the first time, Symantec Threat Hunter team reported. The Budworm cyber espionage group (aka APT27 , Bronze Union , Emissary Panda , Lucky Mouse , TG-3390 , and Red Phoenix) is behind a series attacks conducted over the past six months against a number of high-profile targets, including the government of a Middle Eastern country, a multinational electronics manufacturer, and a U.S. state legislature.
Data Breach Today
OCTOBER 14, 2022
39 Million Shoppers of Shein and Romwe Weren't Notified of Personal Data Exposure Fast-fashion clothing giant Shein has been fined $1.9 million by New York state's attorney general for multiple failings tied to a massive 2018 data breach, including substandard password security, as well as failing to alert users or force password resets in a timely manner.
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
Dark Reading
OCTOBER 13, 2022
The comprehensive, multiplatform framework comes loaded with weapons, and it is likely another effort by a China-based threat group to develop an alternative to Cobalt Strike and Sliver.
IT Governance
OCTOBER 11, 2022
One of the most common mistakes that organisations make when addressing cyber security is that they consider it a one-off event. Whether they’re taking small steps, such as installing antivirus software, or large ones, such as a GDPR (General Data Protection Regulation) compliance campaign, they consider it ‘job done’ when the implementation project is complete.
Security Affairs
OCTOBER 11, 2022
VMware has yet to address the CVE-2021-22048 privilege escalation vulnerability in vCenter Server disclosed in November 2021. VMware warns customers that it has yet to address a high-severity privilege escalation vulnerability, tracked as CVE-2021-22048 , in the vCenter Server. The flaw was disclosed in November 2021, it resides in the vCenter Server ‘s IWA (Integrated Windows Authentication) mechanism.
Data Breach Today
OCTOBER 14, 2022
Redmond Uses Protocol NIST Says Is a "Severe Security Vulnerability" Emails encrypted through Microsoft Office are vulnerable to attacks that can reveal the original content of messages due to shortcomings in the protocol, says WithSecure security researcher Harry Sintonen. Microsoft says it may finally abandon its use of the Electronic Codebook algorithm.
Advertisement
Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.
Dark Reading
OCTOBER 12, 2022
The platform lets network connectivity data escape outside of the secure tunnel when connected to a public network, posing a "privacy concern" for users with "certain threat models," researchers said.
IT Governance
OCTOBER 10, 2022
Welcome to our October 2022 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over personal data. This month, we look at a social engineering scam targeting an employee at the financial tech firm Revolut, the consequences of that attack, and – in more positive news – Microsoft’s improvements to phishing protection in Windows 11.
Security Affairs
OCTOBER 10, 2022
The pro-Russia hacktivist group ‘KillNet’ is behind massive DDoS attacks that hit websites of several major airports in the US. The pro-Russia hacktivist group ‘ KillNet ‘ is claiming responsibility for massive distributed denial-of-service (DDoS) attacks against the websites of several major airports in the US. The DDoS attacks have taken the websites offline, users were not able to access it during the offensive.
Data Breach Today
OCTOBER 12, 2022
October's Patch Tuesday Includes Fixes for 84 Bugs One zero-day down but two Microsoft Exchange zero-days to go in this month's dose of patches from the Redmond, Washington computing giant. Microsoft fixed a COM+ flaw being exploited in the wild but for now is relying on workarounds for two known email server bugs.
Advertisement
“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.
KnowBe4
OCTOBER 14, 2022
With ransomware gangs making so much money and then dropping off the face of the earth, what’s the motivation to come back to life and potentially risk getting caught?
Dark Reading
OCTOBER 14, 2022
Once overloaded, our brains can't process information effectively, performance decreases, and even the simplest of tasks seem foreign.
Security Affairs
OCTOBER 14, 2022
Chinese-speaking threat actor, tracked as WIP19, is targeting telecommunications and IT service providers in the Middle East and Asia. SentinelOne researchers uncovered a new threat cluster, tracked as WIP19, which has been targeting telecommunications and IT service providers in the Middle East and Asia. The experts believe the group operated for cyber espionage purposes and is a Chinese-speaking threat group.
Expert insights. Personalized for you.
258 
Let's personalize your content