Krebs on Security
JANUARY 6, 2022
Norton 360 , one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers’ computers. Norton’s parent firm says the cloud-based service that activates the program and allows customers to profit from the scheme — in which the company keeps 15 percent of any currencies mined — is “opt-in,” meaning users have to agree to enable it.
Dark Reading
JANUARY 6, 2022
Attackers use the comment feature in Google Docs to email victims and lure them into clicking malicious links.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
JANUARY 2, 2022
The Twitter account of NASA Director Parimal Kopardekar (@nasapk) was hacked by the Powerful Greek Army group. The Twitter account of the NASA Director and Sr Technologist for Air Transporation Sytem Mr. Parimal Kopardekar ( @nasapk ) was hacked by the Powerful Greek Army group. NASA Director account hacked by PGA! — Powerful Greek Army (@PowerfulGRArmy) January 2, 2022.
The Last Watchdog
JANUARY 6, 2022
Cyber threats continue to gain momentum and there are still not enough ways to counter it. Related: Why the ‘Golden Age’ of cyber espionage is upon us. The global threat intelligence market size was estimated at $10.9 billion in 2020 and will grow to $16.1 billion by 2025. Yet, according to the study by the Ponemon Institute, the number of insider leaks has increased by 47 percent in 2020 compared to 2018.
Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage
Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.
Thales Cloud Protection & Licensing
JANUARY 5, 2022
Trends and Predictions for 2022 – More of the Same? madhav. Wed, 01/05/2022 - 05:12. What will 2022 bring for cybersecurity? Are we going to see more of the same as we did in 2021? During the latest Thales Security Sessions podcast , hosted by Neira Jones, I had the pleasure to discuss what we can expect in 2022 with Andy Green, CISO at Gemserv, and how the many changes have impacted the security landscape.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Security Affairs
JANUARY 2, 2022
The Lapsus$ ransomware hit Impresa, the largest media conglomerate in Portugal and the owner of SIC and Expresso. The Lapsus$ ransomware gang has compromised the infrastructure of Impresa, the largest media conglomerate in Portugal. Impresa owns SIC TV channel, and Expresso newspaper, among other leading media, like several magazine publications. The attack took place during the New Year holiday, the websites of the Impresa group, the SIC TV channels, and the Expresso were forced offline.
The Last Watchdog
JANUARY 4, 2022
APIs are putting business networks at an acute, unprecedented level of risk – a dynamic that has yet to be fully acknowledged by businesses. Related: ‘SASE’ framework extends security to the network edge. That said, APIs are certain to get a lot more attention by security teams — and board members concerned about cyber risk mitigation — in 2022.
IT Governance
JANUARY 4, 2022
2021 was a difficult year many of us, and with the hope that COVID-19 will dissipate in the spring, this is a new year more than any other where we want to look forwards, not backwards. But before we turn our attention to 2022, we must first round out 2021 with our final monthly review of data breaches and cyber attacks. December saw 74 publicly disclosed security incidents, which accounted for 219,310,808 breached records.
Hunton Privacy
JANUARY 6, 2022
Stephen Mathias from Kochhar & Co. reports that on December 16, 2021, the Indian Joint Parliamentary Committee (the “JPC”) submitted its report on India’s draft Data Protection Bill (the “Bill”). The Bill is now likely to be passed by Parliament in its next session, beginning in February 2022, and likely will enter into force in the first half of 2022.
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
Security Affairs
JANUARY 7, 2022
The appointment scheduling service FlexBooker discloses a data breach that impacted over 3.7 million accounts. Threat actors compromised the FlexBooker accounts of more than 3.7 million users, the attack took place before the holidays. Stolen data are now available for sale on multiple cybercrime forums. FlexBooker is an online appointment scheduling platform that allows users to schedule appointments and sync employee calendars.
Schneier on Security
JANUARY 6, 2022
DuckDuckGo has had a banner year : And yet, DuckDuckGo. The privacy-oriented search engine netted more than 35 billion search queries in 2021 , a 46.4% jump over 2020 (23.6 billion). That’s big. Even so, the company, which bills itself as the “Internet privacy company,” offering a search engine and other products designed to “empower you to seamlessly take control of your personal information online without any tradeoffs,” remains a rounding error compared to Google
eSecurity Planet
JANUARY 6, 2022
About the only consensus on cybersecurity in 2022 is that things will get uglier, but in what ways? Third-party security, ransomware , artificial intelligence (AI) and decentralized finance (DeFi) are some of the threats you can expect to see more of this year – with the potential for far worse results than we’ve seen in the past. Here are some of the more interesting predictions for 2022 we’ve seen from cybersecurity researchers.
Dark Reading
JANUARY 4, 2022
Security Pro File: The years at the National Security Agency shaped Vinnie Liu's views on security. "We're missionaries, not mercenaries," he says.
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
Security Affairs
JANUARY 6, 2022
North Korea-linked APT group Konni targets Russian Federation’s Ministry of Foreign Affairs (MID) new versions of malware implants. Security researchers at Cluster25 uncovered a recent campaign carried out by the North Korea-linked Konni APT group aimed at Russian diplomatic entities that used new versions of malware implants. The APT group carried out spear-phishing attacks using New Year’s Eve festivities as a lure.
Threatpost
JANUARY 7, 2022
There are active ransomware and brute-force attacks being launched against internet-exposed, network-attached storage devices, the device maker warned.
OpenText Information Management
JANUARY 7, 2022
Following the turbulence that the last two years have brought to the Healthcare industry, this sector is ripe for transformation. As is true in many industries, success is dependent upon the effective use of data drawn from every source possible and securely shared across the organization. Here’s how I see the year playing out for … The post 2022 predictions for Healthcare providers appeared first on OpenText Blogs.
Dark Reading
JANUARY 6, 2022
A handful of malicious tools that emerged last year showed threat actors may be getting more serious about attacking Apple macOS and iOS environments.
Advertisement
Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.
Security Affairs
JANUARY 1, 2022
U.S. online store PulseTV disclosed a potential credit card data breach, more than 200,000 customers have been impacted. U.S. online store PulseTV has disclosed a credit card data breach that has impacted more than 200,000 customers. According to the notification letter published by the Office of the Maine Attorney General, VISA informed the company on March 8, 2021, that its website (www.pulsetv.com) was a common point of purchase for some unauthorized credit card transactions due to a possible
Threatpost
JANUARY 6, 2022
ESXi version 7 users are still waiting for a full fix for a high-severity heap-overflow security vulnerability, but Cloud Foundation, Fusion and Workstation users can go ahead and patch.
WIRED Threat Level
JANUARY 3, 2022
You’ll never be able to get a clean slate—but you can significantly downsize your digital footprint.
Dark Reading
JANUARY 5, 2022
The Malsmoke attack group is behind a campaign that has exploited the Microsoft e-signature verification tool to target 2,100 victims.
Advertisement
“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.
Security Affairs
JANUARY 7, 2022
Researchers warn of a new ransomware family, called ‘Night Sky,’ that uses a double-extortion model in attacks again businesses. Researchers from MalwareHunterteam first spotted a new ransomware family dubbed Night Sky that implements a double extortion model in attacks aimed at businesses. Once encrypted a file, the ransomware appends the ‘ nightsky ‘ extension to encrypted file names.
Threatpost
JANUARY 6, 2022
A wave of phishing attacks identified in December targeting mainly Outlook users are difficult for both email scanners and victims to flag, researchers said.
Hunton Privacy
JANUARY 4, 2022
On December 20, 2021, the UK Information Commissioner’s Office (“ICO”) launched a public consultation on its regulatory approach. The consultation involves three separate documents – the ICO’s Regulatory Action Policy (“RAP”), Statutory Guidance on the ICO’s Regulatory Action , and Statutory Guidance on the ICO’s PECR Powers. The RAP sets forth the ICO’s risk-based approach to regulatory action and explains the factors the ICO considers before taking regulatory action, how the ICO works with oth
Dark Reading
JANUARY 4, 2022
If the CISO is responsible for the security of the organization, then that same person also should be responsible for both security and IT infrastructure.
Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO
The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.
Security Affairs
JANUARY 2, 2022
Microsoft released an emergency patch to fix the Y2k22 bug that is breaking email delivery on on-premise Microsoft Exchange servers. Microsoft has rolled out an emergency fix that addresses the Y2k22 bug that is breaking email delivery on on-premise Microsoft Exchange servers since January 1st, 2022. “We have addressed the issue causing messages to be stuck in transport queues of on-premises Exchange Server 2016 and Exchange Server 2019.
Threatpost
JANUARY 6, 2022
The FBI is seeing so much activity around malicious Google Voice activity, where victims are associated with fraudulent virtual phone numbers, that it sent out an alert this week.
Schneier on Security
JANUARY 7, 2022
Norton 360 can now mine Ethereum. It’s opt-in, and the company keeps 15%. It’s hard to uninstall this option.
Expert insights. Personalized for you.
322 
Let's personalize your content