Sat.May 07, 2022 - Fri.May 13, 2022

article thumbnail

Microsoft Patch Tuesday, May 2022 Edition

Krebs on Security

Microsoft today released updates to fix at least 74 separate security problems in its Windows operating systems and related software. This month’s patch batch includes fixes for seven “critical” flaws, as well as a zero-day vulnerability that affects all supported versions of Windows. By all accounts, the most urgent bug Microsoft addressed this month is CVE-2022-26925 , a weakness in a central component of Windows security (the “ Local Security Authority ” process

article thumbnail

The Danger of Online Data Brokers

Dark Reading

Enterprises should consider online data brokers as part of their risk exposure analysis if they don't already do so.

Risk 113
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Better Together: How Data Loss Prevention Can Shed Light on Ediscovery and Internal Investigations

Hanzo Learning Center

Some things that are great on their own turn out to be even better as half of a dynamic duo. We’re talking peanut butter and jelly. Burgers and fries. Hall and Oates. And now: data loss prevention (DLP) and ediscovery.

98
article thumbnail

A $150 Million Plan to Secure Open-Source Software

Data Breach Today

Areas of Proposed Investments Include SBOMs, Software Supply Chains The Linux Foundation and the Open Source Security Foundation have put forth a nearly $150 million investment plan, spread across two years, to strengthen open-source security in the U.S. The plan was announced at the Open Source Software Security Summit II in Washington, D.C., on Thursday.

Security 358
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

DEA Investigating Breach of Law Enforcement Data Portal

Krebs on Security

The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets.

More Trending

article thumbnail

JPMorgan’s $200 Million in Fines Ups the Ante for Recordkeeping Violations

AIIM

Late last year, the Securities and Exchange Commission announced that J.P. Morgan Securities LLC had agreed to pay $125 million to help settle charges of “widespread and longstanding failures by the firm and its employees to maintain and preserve written communications” over the course of several years. On the same day, the Commodity Futures Trading Commission (“CFTC”) levied a $75 million fine against J.P.

article thumbnail

Feds Post $10 Million Reward for Conti Ransomware Actors

Data Breach Today

2nd $5m reward for conviction of actual or potential Conti incident participants The U.S. State Department is offering rewards of up to $10 million for information that leads to the identification or location of members of any individual who holds a key leadership position in the Conti ransomware variant transnational organized crime group.

article thumbnail

Your Phone May Soon Replace Many of Your Passwords

Krebs on Security

Apple , Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. Experts say the changes should help defeat many types of phishing attacks and ease the overall password burden on Internet users, but caution that a true passwordless future may still be years away for most websites.

Passwords 228
article thumbnail

NFTs Emerge as the Next Enterprise Attack Vector

Dark Reading

Cybersecurity has to be a top priority as enterprises begin incorporating the use of nonfungible tokens into their business strategies, brand-awareness campaigns, and employee-communication efforts, experts say.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Antitrust and Consumer Protection at Last Converge

Data Matters

Antitrust and consumer protection law—long separate provinces, even within a dual-mission government enforcement agency like the FTC that covers both fields—at last seem to be converging, as reflected in recent government enforcement activity, statements by the FTC’s leadership, and novel private litigation theories. Sean Royall, who co-leads Sidley’s Antitrust and Consumer Protection practice and is a former Deputy Director of the FTC’s Bureau of Competition, recently called attention to this t

Privacy 109
article thumbnail

Viasat Cyberattack Attributed to Russia by EU, UK and US

Data Breach Today

Russia Continues Its Cyber Offensive, Launches New DDoS Attacks on Ukraine Viasat's satellite communications suffered an outage an hour before the Russian invasion of Ukraine began on Feb. 24. The company said it was a cyberattack, but did not identify the attacker. The U.S., U.K., EU and Ukraine have now attributed this attack to Russia.

article thumbnail

Connecticut Enacts Consumer Privacy Law

Hunton Privacy

On May 10, 2022, Connecticut Governor Ned Lamont signed An Act Concerning Personal Data Privacy and Online Monitoring , after the law was previously passed by the Connecticut General Assembly in April. Connecticut is now the fifth state to enact a consumer privacy law. Upon taking effect on July 1, 2023, the law, also known as the Connecticut Data Privacy Act (“CTDPA”), will apply to individuals and entities that (1) conduct business in Connecticut, or produce products or services that are targe

Privacy 118
article thumbnail

Threat Actors Use Telegram to Spread ‘Eternity’ Malware-as-a-Service

Threatpost

An account promoting the project—which offers a range of threat activity from info-stealing to crypto-mining to ransomware as individual modules—has more than 500 subscribers.

Mining 114
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

ICE Is a Domestic Surveillance Agency

Schneier on Security

Georgetown has a new report on the highly secretive bulk surveillance activities of ICE in the US: When you think about government surveillance in the United States, you likely think of the National Security Agency or the FBI. You might even think of a powerful police agency, such as the New York Police Department. But unless you or someone you love has been targeted for deportation, you probably don’t immediately think of Immigration and Customs Enforcement (ICE).

article thumbnail

Microsoft Unveils Services to Simplify Threat Hunting, XDR

Data Breach Today

New Microsoft Services Help Clients Hunt Threats and Extend XDR Beyond the Endpoint Microsoft plans to roll out new managed services that give organizations the expertise needed to proactively hunt for threats and extend XDR beyond the endpoint. Microsoft Security Experts features new managed services as well as existing services around incident response and modernization.

Security 293
article thumbnail

UK Announces Data Reform Bill

Hunton Privacy

On May 10, 2022, as part of the Queen’s Speech , the UK government announced its intention to introduce a Data Reform Bill (the “Bill”). The UK government’s background and briefing notes to the Queen’s Speech state that the purpose of the Bill is to “take advantage of the benefits of Brexit to create a world class data rights regime…that reduces burdens on businesses, boosts the economy, helps scientists to innovate and improves the lives of people in the UK.”.

article thumbnail

Microsoft Patch Tuesday updates for May 2022 fixes 3 zero-days, 1 under active attack

Security Affairs

Microsoft Patch Tuesday security updates for May 2022 address three zero-day vulnerabilities, one of them actively exploited. Microsoft Patch Tuesday security updates for May 2022 addressed three zero-day vulnerabilities, one of which is under active attack. The IT giant fixed a total of 74 flaws in Microsoft Windows and Windows Components,NET and Visual Studio, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Office and Office Components, Windows Hyper-V, Windows Authentication Metho

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

What is Vulnerability Management under ISO 27001?

IT Governance

Vulnerability management is the practice of identifying and addressing the weaknesses in an organisation’s systems. The process is an essential part of information security and is discussed in ISO 27001 , the international standard that describes best practice for implementing an ISMS (information security management system). In this blog, we explain what vulnerability management is, how it fits into ISO 27001 and the steps you can take to address organisational weaknesses. 5 steps to effective

Risk 111
article thumbnail

Preparing for Hacktivism Tied to US Supreme Court's Ruling

Data Breach Today

Healthcare sector organizations should prepare to deal with potential hacktivist attacks tied to controversy surrounding the U.S. Supreme Court's leaked draft ruling and eventual final decision involving Roe vs. Wade, says attorney Erik Weinick of the law firm Otterbourg PC.

285
285
article thumbnail

Colleen Brown Welcomes New Partner Sean Royall

Data Matters

Sean Royall , new Sidley partner and co-leader of the firm’s global Antitrust and Consumer Protection practice, sits down with Colleen Brown to discuss the convergence in antitrust and consumer protection law. They cover the U.S. Federal Trade Commission’s (FTC) promotion of a more inter-disciplinary approach of looking at data issues, the practical effects that the closer coordination of the FTC’s antitrust and consumer protection branches would have on clients, and what law firms can be doing

Privacy 97
article thumbnail

Homeland Security: U.S. Ransomware Attacks Have Doubled in the Last Year

KnowBe4

A March 2022 report from the Senate Committee on Homeland Security and Governmental Affairs zeros in on the growing problem of ransomware and lessons learned so far.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

In the Pursuit of Liberty

OpenText Information Management

OpenText has decided to protect employee benefits and rights, regardless of which US State they live in. The post In the Pursuit of Liberty appeared first on OpenText Blogs.

109
109
article thumbnail

Five Eyes Alliance Warns MSPs About Targeted Cyberattacks

Data Breach Today

Advisory From US, UK, New Zealand, Australia and Canada Offers Recommendations The Five Eyes alliance of cybersecurity authorities from the U.S., U.K., Australia, New Zealand and Canada issued a warning to managed service providers about targeted attacks, advising MSP customers on how to protect sensitive data and reassess their security posture and contractual agreements.

article thumbnail

Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks

Threatpost

The stealthy, feature-rich malware has multistage evasion tactics to fly under the radar of security analysis, researchers at Proofpoint have found.

Security 115
article thumbnail

Mustang Panda Uses Spear Phishing to Conduct Cyberespionage

KnowBe4

The China-based threat actor Mustang Panda is conducting spear phishing campaigns against organizations in NATO countries and Russia, as well as entities in the US and Asia, according to researchers at Cisco Talos. The goal of this activity is cyberespionage.

Phishing 107
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

CISA adds CVE-2022-1388 flaw in F5 BIG-IP to its Known Exploited Vulnerabilities Catalog

Security Affairs

US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-1388 flaw in F5 BIG-IP products to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added critical CVE-2022-1388 flaw in F5 BIG-IP products to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulne

IT 101
article thumbnail

Okta and Lapsus$: A Post Mortem

Data Breach Today

A Perfect Storm Turned a Minor Security Event into a Debacle A hacking group called Lapsus$ caused major headaches for identity vendor Okta in March when it dropped incriminating but misleading screenshots of a security breach. Brett Winterford of Okta breaks down what happened and why visibility into third-party support operations is important.

Security 258
article thumbnail

Black Hat Asia: Firmware Supply-Chain Woes Plague Device Security

Dark Reading

The supply chain for firmware development is vast, convoluted, and growing out of control: patching security vulnerabilities can take up to two years. For cybercriminals, it's a veritable playground.