Krebs on Security

DECEMBER 13, 2022

InfraGard , a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO tha

Sales 359

Sales Energy and Utilities Communications Data breaches 359

Data Breach Today

DECEMBER 13, 2022

Victims Still Learning Their Personal Data Was Illegally Accessed, Copied in 2021 A ransomware attack on the Irish healthcare system in 2021 has cost the government 80 million euros in damages and counting. The Irish Health Service continues to notify victims of the incident that their personal information was illegally accessed and copied.

Ransomware 353

Ransomware Personal data Government Access 353

Hunton Privacy

OCTOBER 12, 2022

On October 3, 2022, Google LLC (“Google”) agreed to pay the State of Arizona $85 million to settle a consumer privacy lawsuit that alleged the company surreptitiously collected consumers’ geolocation data on smartphones even after users disabled location tracking. . Arizona’s lawsuit followed a 2018 Associated Press article that alleged Google continued to track the location of Android devices even after users disabled the Location History setting on the device.

Privacy 145

Privacy Data Privacy Access 145

Security Affairs

DECEMBER 2, 2022

Qualys researchers demonstrated how to chain a new Linux flaw with two other two issues to gain full root privileges on an impacted system. Researchers at the Qualys’ Threat Research Unit demonstrated how to chain a new Linux vulnerability, tracked as CVE-2022-3328 , with two other flaws to gain full root privileges on an affected system. The vulnerability resides in the snap-confine function on Linux operating systems, a SUID-root program installed by default on Ubuntu.

Access 144

Access Security IT Information Security 144

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Troy Hunt

AUGUST 3, 2022

How best to punish spammers? I give this topic a lot of thought because I spend a lot of time sifting through the endless rubbish they send me. And that's when it dawned on me: the punishment should fit the crime - robbing me of my time - which means that I, in turn, need to rob them of their time. With the smallest possible overhead on my time, of course.

Passwords 145

Passwords IT 145

Data Protection Report

JUNE 28, 2022

On 16 June 2022 the Canadian federal government introduced Bill C-27, also known as the Digital Charter Implementation Act 2022. If passed, this package of laws will: Implement Canada’s first artificial intelligence ( AI ) legislation, the Artificial Intelligence and Data Act ( AIDA ). Reform Canadian privacy law, replacing the Personal Information Protection and Electronic Documents Act with the Consumer Privacy Protection Act.

Artificial Intelligence 144

Artificial Intelligence Privacy Compliance Government 144

eSecurity Planet

JULY 11, 2022

Intezer Labs security researchers have identified a sophisticated new malware that targets Linux devices. Dubbed OrBit , the malware can gain persistence quickly, evade detection and hide its presence in network activity by manipulating logs. The module hooks functions called in shared libraries, which is pretty common for malware, but it also implements “advanced evasion techniques” and “remote capabilities over SSH.”.

Libraries 144

Libraries Authentication Security Access 144

Jamf

MAY 16, 2022

The Jamf Threat Labs team has recently identified changes to the UpdateAgent malware dropper. These changes primarily focus on new executables written in Swift that reach out to a registration server to pull down a new set of instructions in the form of a bash script. Perhaps one of the most identifiable features of the malware is that it relies on the AWS infrastructure to host its various payloads and perform its infection status updates to the server.

IT 145

IT 145

IT Governance

JUNE 15, 2022

In an increasingly digital world, there are an escalating number of cyber security risks for business to address. Criminal hackers are adept at spotting weaknesses, while organisations do themselves no favours when they fail to adequately protect their systems. IT Governance identified more than 1,200 publicly disclosed data breaches in 2021 , while another report found that security incidents cost almost £3 million on average.

Risk 144

Risk Security Passwords Phishing 144

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Dark Reading

JULY 14, 2022

Vulnerability will remain a "significant" threat for years to come and highlighted the need for more public and private sector support for open source software ecosystem, Cyber Safety Review Board says.

143

143

Krebs on Security

APRIL 29, 2022

Google said this week it is expanding the types of data people can ask to have removed from search results, to include personal contact information like your phone number, email address or physical address. The move comes just months after Google rolled out a new policy enabling people under the age of 18 (or a parent/guardian) to request removal of their images from Google search results.

Search queries 361

Search queries Retail Government Marketing 361

Data Breach Today

MAY 28, 2022

Agency Spotted Compromised Credentials On Various Dark Web Forums The FBI is warning the U.S. higher education sector about compromised sensitive credentials and network access information advertised for sale across various public and Dark Web forums. The agency states that this access to credentials could potentially lead to a cyberattack.

Education 363

Education Sales Access 363

Hunton Privacy

APRIL 7, 2022

On February 28, 2022, the Emirate of Dubai enacted Law No. 4 of 2022 on the Regulation of Virtual Assets (“ VAL ”) and established the Dubai Virtual Assets Regulatory Authority (“ VARA ”). By establishing a legal framework for businesses related to virtual assets, including crypto assets and non-fungible tokens ( NFTs ), this landmark law reflects Dubai’s vision to become one of the leading jurisdictions for entrepreneurs and investors of blockchain technology.

IT 145

IT Blockchain Financial Services Personal data 145

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Security Affairs

OCTOBER 14, 2022

Researchers disclosed details of a now-patched flaw, tracked as CVE-2022-37969, in Windows Common Log File System (CLFS). The CVE-2022-37969 (CVSS score: 7.8) flaw is a Windows Common Log File System Driver Elevation of Privilege Vulnerability. The Common Log File System (CLFS) is a general-purpose logging subsystem that can be used by applications running in both kernel mode and user mode for building high-performance transaction logs, and is implemented in the driver CLFS.sys.

Metadata 144

Metadata Security IT Access 144

Troy Hunt

SEPTEMBER 8, 2022

The first time I ever wrote publicly about a company's security vulnerabilities, my boss came to have a word with me after seeing my name in the news headlines. One of the worst days I've ever had was right in the middle of the Have I Been Pwned sale process, and it left me an absolute emotional wreck. When I wrote about how I deal with online abuse, it was off the back of some pretty nasty stuff. which I've now included in this book 😊 These are the stories behind the stor

Passwords 143

Passwords IoT Sales Data breaches 143

Schneier on Security

OCTOBER 3, 2022

This is interesting research : In this paper, we develop a new mechanism for detecting audio deepfakes using techniques from the field of articulatory phonetics. Specifically, we apply fluid dynamics to estimate the arrangement of the human vocal tract during speech generation and show that deepfakes often model impossible or highly-unlikely anatomical arrangements.

Paper 142

Paper Artificial Intelligence IT 142

Data Protection Report

JUNE 22, 2022

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill. The Department for Culture, Media and Sport (DCMS) has finally published the UK government’s long-awaited response to the consultation on the future of the UK data protection regime. The government set out very high level principles for a Data Reform Bill in the Queen’s Speech in May.

GDPR 144

GDPR Government Personal data Risk 144

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

ARMA International

MARCH 22, 2022

For as long as there has been communication and work, there has been a means of documenting and tracking it. Sales receipts, pay stubs, tax documents, letters, memoranda, and beyond all have value at one time or another. Sometimes, those records need to be revisited or referenced later down the road in connection with, for example, taxes, audits, or other reviews.

Information governance 144

Information governance Government Compliance Archiving 144

Jamf

FEBRUARY 11, 2022

The remediation for a serious security vulnerability in Microsoft Active Directory (AD) prevents Apple macOS from binding. Affected machines will lose the ability to communicate with AD domain controllers, resulting in user lockout and potential data loss.

Communications 145

Communications Security 145

IT Governance

JANUARY 20, 2022

Welcome to our review of security incidents for 2021, in which we take a closer look at the information gathered in our monthly list of data breaches and cyber attacks. Here, you’ll find an overview of the cyber security landscape in 2021, including the total number of publicly disclosed security incidents, the number of compromised records and the sectors most susceptible to data breaches.

Data breaches 144

Data breaches Ransomware Phishing Government 144

Dark Reading

MAY 26, 2022

Let the threat landscape guide your company's timeline for complying with new data security standards for credit cards. Use the phase-in time to improve security overall — security as a process — not just comply with new standards.

Compliance 143

Compliance Security 143

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

Customer Experience

Krebs on Security

JANUARY 8, 2022

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. But Norton 360 isn’t alone in this dubious endeavor: Avira antivirus — which has built a base of 500 million users worldwide largely by making the product free — was recently bought by the same company that owns Norton 360 and is introducing its customers to a service called Avira Crypto.

Mining 345

Mining Privacy IT Security 345

Data Breach Today

JULY 15, 2022

Small and Mid-Size Businesses Targeted Globally But So Far Extortion Attempts Have Failed Microsoft security researches say they're tracking a hacking group originating from North Korea that may be a side project of an established threat actor. So far the group, which likes the moniker "H0lyGh0st," appears not to have collected any ransom.

Ransomware 361

Ransomware Security 361

Hunton Privacy

JUNE 1, 2022

On June 1, 2022, Thailand’s Personal Data Protection Act (“PDPA”) entered into force after three years of delays. The PDPA, originally enacted in May 2019, provides for a one-year grace period, with the main operative provisions of the law originally set to come into force in 2020. Due to the COVID-19 pandemic, however, the Thai government issued royal decrees to extend the compliance deadline to June 1, 2022. .

Personal data 143

Personal data GDPR Compliance Government 143

Security Affairs

OCTOBER 15, 2022

Palo Alto Networks addressed a high-severity authentication bypass vulnerability affecting the PAN-OS 8.1 software. Palo Alto Networks released security patches to address a high-severity authentication bypass flaw, tracked as CVE-2022-0030 (CVSS score 8.1), impacting the PAN-OS 8.1 software. “An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to imper

Authentication 144

Authentication Cloud Security Access 144

Advertisement

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

Analytics

Troy Hunt

MARCH 28, 2022

Data breaches impact us all as individuals, companies and as governments. Over the last 4 years, I've been providing additional access to data breach information in Have I Been Pwned for government agencies responsible for protecting their citizens. The access is totally free and amounts to APIs designed to search and monitor government owned domains and TLDs.

Government 144

Government Data breaches Access 144

eSecurity Planet

AUGUST 17, 2022

A new Linux kernel exploitation called Dirty Cred was revealed at last week’s Black Hat security conference. Zhenpeng Lin, a PhD student, and a team of researchers worked on an alternative approach to the infamous Dirty Pipe vulnerability that affected Linux kernel versions 8 and later. Dity Pipe is a major flaw that allows attackers to elevate least-privileged accounts to the maximum level (root) by exploiting the way the kernel uses pipes to pass data.

Access 141

Access Risk Security IT 141

KnowBe4

APRIL 26, 2022

Despite the world’s best efforts to get everyone off passwords and onto something else (e.g., MFA , passwordless authentication, biometrics, zero trust, etc.) for decades, passwords have pervasively persisted. Today, nearly everyone has multiple forms of MFA for different applications and websites AND many, many passwords.

Passwords 142

Passwords Authentication Security 142