Trending Articles

PSD2 Authentication Deadline Extended: Here's What's Next

Data Breach Today

European Banking Authority Insists EU Nations Take a Consistent Approach to Migration Now that the deadline for all e-commerce card-based transactions in the EU to comply with the new PSD2 "strong customer authentication" requirement has officially been extended to Dec.

130
130

Ransomware Hits B2B Payments Firm Billtrust

Krebs on Security

Business-to-business payments provider Billtrust is still recovering from a ransomware attack that began last week. The company said it is in the final stages of bringing all of its systems back online from backups. With more than 550 employees, Lawrence Township, N.J.-based

B2B 130

Ransomware Attacks: STOP, Dharma, Phobos Dominate

Data Breach Today

GlobeImposter 2.0 and Sodinokibi Strikes Also Common, Researchers Find Ransomware is once again the most common illicit profit-making tool in online attackers' arsenal, police warn. Security firm Emsisoft says the most-seen strains in recent months include STOP, Dharma.cezar, Phobos, GlobeImposter 2.0

MY TAKE: How ‘credential stuffing’ and ‘account takeovers’ are leveraging Big Data, automation

The Last Watchdog

A pair of malicious activities have become a stunning example of digital transformation – unfortunately on the darknet. Related: Cyber risks spinning out of IoT Credential stuffing and account takeovers – which take full advantage of Big Data, high-velocity software, and automation – inundated the internet in massive surges in 2018 and the first half of 2019, according to multiple reports. Credential stuffing is one of the simplest cybercriminal exploits , a favorite among hackers.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Approaching the Reverse Engineering of a RFID/NFC Vending Machine

Security Affairs

Security expert Pasquale Fiorillo demonstrates how to hack n RFID/NFC Vending Machine. The affected vendor did not answer to my responsible disclosure request, so I’m here to disclose this “hack” without revealing the name of the vendor itself.

More Trending

'Silent Librarian' Revamps Phishing Campaign: Proofpoint

Data Breach Today

Iranian-Backed Hacking Group Targeting Research Universities "Silent Librarian," a hacking group with apparent ties to the Iranian government, is continuing to revamp and refine its phishing techniques as it targets research universities in the U.S.

Avast, NordVPN Breaches Tied to Phantom User Accounts

Krebs on Security

SHARING INTEL: Why full ‘digital transformation’ requires locking down ‘machine identities’

The Last Watchdog

Digital commerce has come to revolve around two types of identities: human and machine. Great effort has gone into protecting the former, and yet human identities continue to get widely abused by cyber criminals. By comparison, scant effort has gone into securing the latter. This is so in spite of the fact that machine identities are exploding in numbers and have come to saturate digital transformation. Related: IoT exposures explained I’ve conversed several times with Jeff Hudson about this.

Signature update for Symantec Endpoint protection crashed many device

Security Affairs

Symantec rolled out an intrusion prevention signature update for its Endpoint Protection product that has caused many devices to crash and display a so-called blue screen of death (BSOD).

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Retail has a multi-cloud problem…with sensitive data

Thales eSecurity

Digital transformation (DX) is fundamentally impacting all aspects of the economy across every industry, and nowhere is this truer than in retail.

When Card Shops Play Dirty, Consumers Win

Krebs on Security

Cybercrime forums have been abuzz this week over news that BriansClub — one of the underground’s largest shops for stolen credit and debit cards — has been hacked, and its inventory of 26 million cards shared with security contacts in the banking industry.

Sales 130

WAVs Hide Malware in Their Depths in Innovative Campaign

Threatpost

Three different loaders and two payloads are hiding in audio files. Malware.wav blackberry cylance campaign loaders Malware analysis obfuscation shell code steganography XMRig

How to Build a Rock-Solid Cybersecurity Culture

Dark Reading

In part one of this two-part series, we start with the basics - getting everyone to understand what's at stake - and then look at lessons from the trenches

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

7 steps to a successful ISO 27001 risk assessment

IT Governance

Risk assessments are at the core of any organisation’s ISO 27001 compliance project. They are essential for ensuring that your ISMS (information security management system) – which is the end-result of implementing the Standard – is relevant to your organisation’s needs.

Risk 70

12-Year Prison Term for Hacking LA Court System

Data Breach Today

130
130

Experts found DLL Hijacking issues in Avast, AVG, and Avira solutions

Security Affairs

Flaws in Avast, AVG, and Avira Antivirus could be exploited by an attacker to load a malicious DLL file to bypass defenses and escalate privileges.

52

Docker Containers Riddled with Graboid Crypto-Worm

Threatpost

A worm with a randomized propagation method is spreading via the popular container technology. Cloud Security Malware container technology cryptomining Docker graboid Malware analysis Unit 42 Worm

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Software Is Infrastructure

ForAllSecure

The realization that software is becoming an essential component of our everyday lives was reflected yet again in this year’s. Black Hat. Even more solutions are being touted to deal with the ever-growing exposure of software to malicious threats.

52

NordVPN Breached

Schneier on Security

There was a successful attack against NordVPN: Based on the command log, another of the leaked secret keys appeared to secure a private certificate authority that NordVPN used to issue digital certificates.

Avast: Stolen VPN Credentials Led to CCleaner Attack Redux

Data Breach Today

Avast Says CCleaner Versions Are Malware-Free Avast's CCleaner utility is popular - with attackers. For the second time in two years, the company says it believes CCleaner was the intended targeted of a carefully plotted intrusion executed between May and October

IT 130

Robots at HIS Group are vulnerable to hack

Security Affairs

The Japanese hotel chain HIS Group admitted that its in-room robots were vulnerable and could allow hackers to remotely view video footage from the devices.

10 Steps for Ransomware Protection

Threatpost

Here are things you can do right now to shore up your defenses and help your recovery when you get hit. InfoSec Insider Malware 10 steps derek manky Fortinet ransomware protection Security best practices tips

Understanding Office 365 Impossible Travel

Daymark

Impossible travel. Is it sending a human to Saturn or Venus? Well maybe, but in the context of Microsoft Office 365, Impossible Travel is a security feature that is a great indicator of potential hacking attempts. The concept is straightforward.

IT 52

Maybe shadow IT isn’t so bad after all, study suggests via ZDNet

IG Guru

IT leaders agree shadow IT serves as a force of innovation and productivity. End-users simply need more guidance and support. The post Maybe shadow IT isn’t so bad after all, study suggests via ZDNet appeared first on IG GURU.

Study 52

OCR's Severino Outlines Top HIPAA Enforcement Initiatives

Data Breach Today

Ensuring Patients' Rights to Access Records a Top Priority Enforcing patients' rights under HIPAA to access their health information - including via health apps - is a top policy initiative at the HHS Office for Civil Rights, Director Roger Severino said in a Wednesday presentation.

Exploring the CPDoS attack on CDNs: Cache Poisoned Denial of Service

Security Affairs

Boffins disclosed a web attack technique (CPDoS attack) that can poison content delivery networks (CDNs) into caching and then serving error pages.

Paper 52

Cybercrime Tool Prices Bump Up in Dark Web Markets

Threatpost

A report reveals data, services and toolkits available for cybercriminals are becoming more expensive and sophisticated. Hacks Malware Web Security black market cyber criminals cybercrime Dark Web Data Privacy DDoS exploit kits Flashpoint ransomware