Krebs on Security
DECEMBER 8, 2021
A 31-year-old Canadian man has been arrested and charged with fraud in connection with numerous ransomware attacks against businesses, government agencies and private citizens throughout Canada and the United States. Canadian authorities describe him as “the most prolific cybercriminal we’ve identified in Canada,” but so far they’ve released few other details about the investigation or the defendant.
The Last Watchdog
DECEMBER 7, 2021
Without much fanfare, digital twins have established themselves as key cogs of modern technology. Related: Leveraging the full potential of data lakes. A digital twin is a virtual duplicate of a physical entity or a process — created by extrapolating data collected from live settings. Digital twins enable simulations to be run without risking harm to the physical entity; they help inform efficiency gains made in factories and assure the reliability of jet engines, for instance.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
DECEMBER 9, 2021
A botnet tracked as Dark Mirai spreads by exploiting a new vulnerability affecting TP-Link TL-WR840N EU V5 home routers. Dark Mirai botnet spreads by exploiting a new vulnerability, tracked as CVE-2021-41653, affecting TP-Link TL-WR840N EU V5 home routers. “The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.” reads the description for the CVE-20
Dark Reading
DECEMBER 10, 2021
A remote code execution vulnerability in Log4j presents a bigger threat to organizations than even the infamous 2017 Apache Struts vulnerability that felled Equifax, they say.
Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage
Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.
Troy Hunt
DECEMBER 7, 2021
I was having a coffee with a good mate the other day. He's not a techie (he runs a pizza restaurant), but somehow, we ended up talking about passwords. Because he's a normal person, he has the same 1 or 2 or 3 he uses everywhere and even without telling me what they were, I knew they were terrible. Actually, I'll rephrase that: because he was a normal guy; he's not normal anymore because yesterday I carved out some time to give him an early Christmas present: Today I spent an
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Security Affairs
DECEMBER 5, 2021
Researchers discovered a total of 226 potential security vulnerabilities in nine Wi-Fi popular routers from known manufacturers. Security researchers and editors with the German IT magazine CHIP have discovered 226 potential security defects in nine Wi-Fi routers from known manufacturers (Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology, and Linksys).
Dark Reading
DECEMBER 9, 2021
Volume of traffic associated with the malware is now back at 50% of the volume before law enforcement took the botnet operation down in January 2021, security vendor says.
eSecurity Planet
DECEMBER 10, 2021
A critical vulnerability in the open-source logging software Apache Log4j 2 is fueling a chaotic race in the cybersecurity world, with the Apache Software Foundation (ASF) issuing an emergency security update as bad actors searched for vulnerable servers. Log4j 2, developed by the ASF, is a widely used Java package that enables logging in an array of popular applications.
Schneier on Security
DECEMBER 7, 2021
Since 2017, someone is running about a thousand — 10% of the total — Tor servers in an attempt to deanonymize the network: Grouping these servers under the KAX17 umbrella, Nusenu says this threat actor has constantly added servers with no contact details to the Tor network in industrial quantities, operating servers in the realm of hundreds at any given point.
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
Security Affairs
DECEMBER 10, 2021
Experts publicly disclose Proof-of-concept exploits for a critical zero-day vulnerability in the Apache Log4j Java-based logging library. Experts publicly disclose Proof-of-concept exploits for a critical remote code execution zero-day vulnerability, tracked a CVE-2021-44228 (aka Log4Shell ), in the Apache Log4j Java-based logging library. Apache Log4j2 jndi RCE #apache #rce [link] pic.twitter.com/CdSlSCytaD — p0rz9 (@P0rZ9) December 9, 2021.
IT Governance
DECEMBER 9, 2021
Cloud security is an essential part of today’s cyber security landscape. With hybrid working now the norm, many organisations are relying on Cloud services to access data from home or the office. But whenever organisations adopt technological solutions such as this, they must acknowledge the risks that come with it. Indeed, Cloud computing can increase the risk of data breaches and regulatory non-compliance, as well as introducing other vulnerabilities.
Threatpost
DECEMBER 10, 2021
The Log4Shell vulnerability critically threatens anybody using the popular open-source Apache Struts framework and could lead to a “Mini internet meltdown soonish.”.
Schneier on Security
DECEMBER 9, 2021
Google took steps to shut down the Glupteba botnet, at least for now. (The botnet uses the bitcoin blockchain as a backup command-and-control mechanism, making it hard to get rid of it permanently.) So Google is also suing the botnet’s operators. It’s an interesting strategy. Let’s see if it’s successful.
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
Security Affairs
DECEMBER 4, 2021
The FBI has revealed that the Cuba ransomware gang breached the networks of at least 49 US critical infrastructure organizations. A flash alert published by the FBI has reported that the Cuba ransomware gang breached the networks of at least 49 US critical infrastructure organizations. “The FBI has identified, as of early November 2021 that Cuba ransomware actors have compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the financial, gover
eSecurity Planet
DECEMBER 9, 2021
We make IT, security, or any business decision by weighing the risks and the rewards. What investments can we make to drive down costs or increase sales? Or as is often the case with security, what costs can we skip and still escape big penalties later? Unfortunately for those of us indulging in wishful thinking, the likelihood and costs of data breaches continue to increase.
Dark Reading
DECEMBER 8, 2021
Cybercriminals are increasingly adopting "living-off-the-land’ techniques, leveraging commonly used tools to fly under the radar of conventional detection tools. But with AI, thousands of organizations have regained the upper hand.
Schneier on Security
DECEMBER 6, 2021
From Ontario and not surprising : Since September 2021, officers have investigated five incidents where suspects have placed small tracking devices on high-end vehicles so they can later locate and steal them. Brand name “air tags” are placed in out-of-sight areas of the target vehicles when they are parked in public places like malls or parking lots.
Advertisement
Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.
Security Affairs
DECEMBER 10, 2021
Swedish automotive manufacturer Volvo Cars revealed that has suffered a cyberattack that resulted in the theft of R&D data. Swedish automotive manufacturer Volvo Cars revealed that threat actors have stolen R&D data from its systems. In 2010, Volvo Cars became a subsidiary of the Chinese manufacturer Geely Holding Group, which confirmed that it “has become aware that one of its file repositories has been illegally accessed by a third party.” “Investigations so far confi
Hunton Privacy
DECEMBER 6, 2021
On November 30, 2021, the European Commission issued a press release indicating that the European Parliament and the Council of the EU ( i.e. , representatives of EU Member States) reached political agreement on the proposed EU Data Governance Act. The political agreement now will be subject to final approval by the European Parliament and the Council of the EU.
Threatpost
DECEMBER 6, 2021
Tony Lauro, director of Security Technology & Strategy at Akamai, discusses VPNs, RDP, flat networks, BYOD and other network-security bugbears.
Schneier on Security
DECEMBER 10, 2021
A January 2021 FBI document outlines what types of data and metadata can be lawfully obtained by the FBI from messaging apps. Rolling Stone broke the story and it’s been written about elsewhere. I don’t see a lot of surprises in the document. Lots of apps leak all sorts of metadata: iMessage and WhatsApp seem to be the worst. Signal protects the most metadata.
Advertisement
“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.
Security Affairs
DECEMBER 7, 2021
The Emotet malware continues to evolve, in the latest attacks, it directly installs Cobalt Strike beacons to give the attackers access to the target network. Emotet malware now directly installs Cobalt Strike beacons to give the attackers immediate access to the target network and allow them to carry out malicious activities, such as launching ransonware attacks.
Hunton Privacy
DECEMBER 6, 2021
On December 2, 2021, the Transportation Security Administration (“TSA”) announced that it issued two security directives requiring higher-risk freight railroads, passenger rail and rail transit to implement measures to strengthen cybersecurity within the sector. In its press release, the TSA stated that it determined these requirements needed to be issued immediately to protect the transportation sector.
Dark Reading
DECEMBER 10, 2021
The latest NIST publication outlines how organizations can build systems that can anticipate, withstand, recover from, and adapt to cyberattacks.
Threatpost
DECEMBER 9, 2021
E-commerce's proverbial Who-ville is under siege, with a rise in bots bent on ruining gift cards and snapping up coveted gifts for outrageously priced resale.
Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO
The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.
Security Affairs
DECEMBER 8, 2021
Moobot is a Mirai-based botnet that is leveraging a critical command injection vulnerability in the webserver of some Hikvision products. The Mirai -based Moobot botnet is rapidly spreading by exploiting a critical command injection flaw, tracked as CVE-2021-36260 , in the webserver of several Hikvision products. The Moobot was first documented by Palo Alto Unit 42 researchers in February 2021, the recent attacks demonstrated that its authors are enhancing their malware.
OpenText Information Management
DECEMBER 8, 2021
OpenText™?Extended ECM for Engineering Extended ECM for Engineering helps you manage and control your engineering information to: Accelerate revenue Improve external and internal collaboration to reduce time to project milestones Increase production uptime revenue by speeding operations and maintenance task completion Provide visibility, insight, and control to ensure governance CE 21.4 for Extended ECM for Engineering includes the … The post What’s new in OpenText Extended ECM for Engine
Data Matters
DECEMBER 9, 2021
On November 26, 2021, the U.S. Department of Commerce (Commerce) issued a notice of proposed rulemaking (Proposed Rule) implementing Executive Order 14034 on Protecting Americans’ Sensitive Data from Foreign Adversaries (EO 14034). The Proposed Rule would bring “connected software applications” into the scope of Commerce’s authority to review certain transactions involving information and communications technology and services (ICTS) in the U.S. supply chain and approve or prohibit such transact
Expert insights. Personalized for you.
259 
Let's personalize your content