Sat.Jan 01, 2022 - Fri.Jan 07, 2022

Norton 360 Now Comes With a Cryptominer

Krebs on Security

Norton 360 , one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers’ computers.

Mining 266

Google Docs Comments Weaponized in New Phishing Campaign

Dark Reading

Attackers use the comment feature in Google Docs to email victims and lure them into clicking malicious links

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Exclusive: NASA Director Twitter account hacked by Powerful Greek Army

Security Affairs

The Twitter account of NASA Director Parimal Kopardekar (@nasapk) was hacked by the Powerful Greek Army group. The Twitter account of the NASA Director and Sr Technologist for Air Transporation Sytem Mr. Parimal Kopardekar ( @nasapk ) was hacked by the Powerful Greek Army group.

GUEST ESSAY: Going beyond watermarks to protect sensitive documents from illegal access

The Last Watchdog

Cyber threats continue to gain momentum and there are still not enough ways to counter it. Related: Why the ‘Golden Age’ of cyber espionage is upon us. The global threat intelligence market size was estimated at $10.9 billion in 2020 and will grow to $16.1 billion by 2025. Yet, according to the study by the Ponemon Institute, the number of insider leaks has increased by 47 percent in 2020 compared to 2018.

Access 195

Build Your Open Data Lakehouse on Apache Iceberg

Speaker: Veena Vasudevan and Jason Hughes

In this webinar, Dremio and AWS will discuss the most common challenges in data architecture and how to overcome them with an open data lakehouse architecture on AWS. Sign up now!

6 Ways to Delete Yourself From the Internet

WIRED Threat Level

You’ll never be able to get a clean slate—but you can significantly downsize your digital footprint. Security Security / Privacy

More Trending

Threat actors stole 1.1 million customer accounts from 17 well-known companies

Security Affairs

NY OAG warned 17 companies that roughly 1.1 million of their customers have had their user accounts compromised in credential stuffing attacks. The New York State Office of the Attorney General (NY OAG) has warned 17 companies that roughly 1.1

Retail 104

MY TAKE: Why companies had better start taking the security pitfalls of API proliferation seriously

The Last Watchdog

APIs are putting business networks at an acute, unprecedented level of risk – a dynamic that has yet to be fully acknowledged by businesses. Related: ‘SASE’ framework extends security to the network edge. That said, APIs are certain to get a lot more attention by security teams — and board members concerned about cyber risk mitigation — in 2022. This is so because a confluence of developments in 2021 has put API security in the spotlight, where it needs to be.

Hackers Are Exploiting a Flaw Microsoft Fixed 9 Years Ago

WIRED Threat Level

Unless you go out of your way to install the patch, your system could be exposed. Security Security / Cyberattacks and Hacks

New Mac Malware Samples Underscore Growing Threat

Dark Reading

A handful of malicious tools that emerged last year showed threat actors may be getting more serious about attacking Apple macOS and iOS environments

113
113

The Ultimate Guide to Hardening Windows Servers

IT Professional looking to harden your servers? ThreatLocker’s got you covered. The Ultimate Guide to Hardening Windows Servers offers tips and best practices to help mitigate cyber threats, better protect your servers, and secure your endpoints. Download today!

Lapsus$ ransomware gang hits Impresa, Portugal’s largest media conglomerate

Security Affairs

The Lapsus$ ransomware hit Impresa, the largest media conglomerate in Portugal and the owner of SIC and Expresso. The Lapsus$ ransomware gang has compromised the infrastructure of Impresa, the largest media conglomerate in Portugal.

People Are Increasingly Choosing Private Web Search

Schneier on Security

DuckDuckGo has had a banner year : And yet, DuckDuckGo. The privacy-oriented search engine netted more than 35 billion search queries in 2021 , a 46.4% jump over 2020 (23.6 billion). That’s big.

Signal's Cryptocurrency Feature Has Gone Worldwide

WIRED Threat Level

A beta “payments” feature now lets users of the popular encrypted messaging app send MobileCoin around the globe. Security Security / Security News

Attackers Exploit Log4j Flaws in Hands-on-Keyboard Attacks to Drop Reverse Shells

Dark Reading

Microsoft says vulnerabilities present a "real and present" danger, citing high volume of scanning and attack activity targeting the widely used Apache logging framework

113
113

Data Value Scorecard Report

This report examines the quantitative research of data leaders on data value and return on investment.

Over 3.7 million accounts were compromised in the FlexBooker data breach

Security Affairs

The appointment scheduling service FlexBooker discloses a data breach that impacted over 3.7 million accounts. Threat actors compromised the FlexBooker accounts of more than 3.7 million users, the attack took place before the holidays.

Norton’s Antivirus Product Now Includes an Ethereum Miner

Schneier on Security

Norton 360 can now mine Ethereum. It’s opt-in, and the company keeps 15%. It’s hard to uninstall this option. Uncategorized antivirus cryptocurrency

List of data breaches and cyber attacks in December 2021 – 219 million records breached

IT Governance

2021 was a difficult year many of us, and with the hope that COVID-19 will dissipate in the spring, this is a new year more than any other where we want to look forwards, not backwards.

How to Proactively Limit Damage From BlackMatter Ransomware

Dark Reading

Logic flaw exists in malware that can be used to prevent it from encrypting remote shares, security vendor says

TCO Considerations of Using a Cloud Data Warehouse for BI and Analytics

Enterprises poured $73 billion into data management software in 2020 – but are seeing very little return on their data investments. 22% of data leaders surveyed have fully realized ROI in the past two years, with 56% having no consistent way of measuring it.

Y2k22 bug in Microsoft Exchange causes failure in email delivery

Security Affairs

Y2k22 bug is causing Microsoft Exchange on-premise servers to fail in delivering email starting on January 1st, 2022. Microsoft Exchange on-premise servers cannot deliver emails starting on January 1st, 2022, due to a bug in the FIP-FS anti-malware scanning engine dubbed Y2k22 bug.

More Russian Cyber Operations against Ukraine

Schneier on Security

Both Russia and Ukraine are preparing for military operations in cyberspace. Uncategorized cyberwar Russia Ukraine

2022 predictions for Healthcare providers

OpenText Information Management

Following the turbulence that the last two years have brought to the Healthcare industry, this sector is ripe for transformation. As is true in many industries, success is dependent upon the effective use of data drawn from every source possible and securely shared across the organization.

Vinnie Liu Has a Mission: Keeping People Safe Online and Offline

Dark Reading

Security Pro File: The years at the National Security Agency shaped Vinnie Liu's views on security. We're missionaries, not mercenaries," he says

12 Considerations When Evaluating Data Lake Engine Vendors for Analytics and BI

Businesses today compete on their ability to turn big data into essential business insights. Modern enterprises leverage cloud data lakes as the platform used to store data. 57% of the enterprises currently using a data lake cite improved business agility as a benefit.

North Korea-linked threat actors stole $1.7 billion from cryptocurrency exchanges

Security Affairs

North Korea-linked threat actors are behind some of the largest cyberattacks against cryptocurrency exchanges. North Korea-linked APT groups are suspected to be behind some of the largest cyberattacks against cryptocurrency exchanges.

Cybersecurity Outlook 2022: Third-party, Ransomware and AI Attacks Will Get Worse

eSecurity Planet

About the only consensus on cybersecurity in 2022 is that things will get uglier, but in what ways?

QNAP: Get NAS Devices Off the Internet Now

Threatpost

There are active ransomware and brute-force attacks being launched against internet-exposed, network-attached storage devices, the device maker warned. Malware Vulnerabilities Web Security

Why CIOs Should Report to CISOs

Dark Reading

If the CISO is responsible for the security of the organization, then that same person also should be responsible for both security and IT infrastructure

Checklist Report: Preparing for the Next-Generation Cloud Data Architecture

Data architectures have evolved dramatically. It is time to reconsider the fundamental ways that information is accumulated, managed, and then provisioned to the different downstream data consumers.

SEGA Europe left AWS S3 bucket unsecured exposing data and infrastructure to attack

Security Affairs

SEGA Europe inadvertently left users’ personal information publicly accessible on Amazon Web Services (AWS) S3 bucket. SEGA Europe inadvertently left users’ personal information publicly accessible on Amazon Web Services (AWS) S3 bucket. .

Access 102

Morgan Stanley to Pay $60 Million to Settle Data-Breach Suit via Bloomberg

IG Guru

Check out the article here. The post Morgan Stanley to Pay $60 Million to Settle Data-Breach Suit via Bloomberg appeared first on IG GURU. Breach Compliance Cyber Security Privacy Risk News Security Morgan Stanley Settlement

The Future of Tech Is Here. Congress Isn't Ready for It

WIRED Threat Level

In a conversation with WIRED, former representative Will Hurd talked AI, the metaverse, China, and how ill-prepared legislators are to grapple with any of it. Security Security / National Security

IT 76