Wed.Apr 10, 2019

Dark Patterns: How Weaponized Usability Hurts Users

Data Breach Today

Fresh Legislation Targets Deceptive, Privacy-Shredding Interface Design Dark patterns are out to get you. The term describes the practice of abusing usability norms to create user interfaces that trick users into divulging their personal details or sacrificing their privacy.

WPA3 attacks allow hackers to hack Wi-Fi password

Security Affairs

Security researchers discovered weaknesses in WPA3 that could be exploited to recover WiFi passwords by abusing timing or cache-based side-channel leaks.

Yahoo Takes Second Swing at Data Breach Settlement

Data Breach Today

Million Settlement Would Be Largest Ever for a Data Breach, Plaintiffs Say Yahoo is hoping a revamped proposed breach-related settlement will pass muster with a federal judge who rejected the first one for myriad reasons, including high attorney fees and a lack of transparency.

Experts spotted a new Mirai variant that targets new processors

Security Affairs

Palo Alto Networks researchers discovered a new variant of the Mirai malware that is targeting more processor architectures than previous ones.

Kaspersky: New 'TajMahal' APT Malware Enables Espionage

Data Breach Today

Report Describes Technical Sophistication of the Threat A new type of malware, dubbed TajMahal, offers its users a host of espionage techniques, including the ability to steal documents sent to a printer queue and pilfer data from a CD, Kaspersky Lab reports.

Offering Customers Trusted Digital Security

Thales eSecurity

Last week, we welcomed Gemalto as an official part of the Thales Group, marking the start of a bold new chapter in our company’s history.

More Trending

How the Anonymous Artist Bansky Authenticates His or Her Work

Schneier on Security

Interesting scheme : It all starts off with a fairly bog standard gallery style certificate. Details of the work, the authenticating agency, a bit of embossing and a large impressive signature at the bottom.

Yoroi Welcomes “Yomi: The Malware Hunter”

Security Affairs

MY TAKE: Account hijackers follow small banks, credit unions over to mobile banking apps

The Last Watchdog

As long as cyber attacks continue, financial institutions will remain a prime target, for obvious reasons. Related: OneSpan’s rebranding launch. Outside of giants JP Morgan, Bank of America, Citigroup, Wells Fargo and U.S. Bancorp, the remainder of the more than 10,000 U.S. firms are comprised of community banks and regional credit unions. These smaller institutions, much like the giants, are hustling to expand mobile banking services.

Microsoft April 2019 Patch Tuesday fixes Windows 0days under attack

Security Affairs

Microsoft Patches Windows Privilege Escalation Flaws Exploited in Attacks. Microsoft has released its April 2019 Patch Tuesday updates that address over 70 vulnerabilities, including two Windows zero-day flaws.

GDPR: How the definition of personal data has changed

IT Governance

This blog has been updated to reflect industry updates. Originally published June 2017. On 25 May 2018, the EU’s GDPR (General Data Protection Regulation) superseded the UK’s DPA (Data Protection Act) 1998.

Genesis Store black marketplace offers more than 60k+ stolen bot profiles

Security Affairs

Security experts at Kaspersky Lab over 60,000 stolen profiles are offered for sale on an invitation-based private marketplace called Genesis Store.

Sales 84

Report Shows Major Security Holes in Banking Apps

Adam Levin

A security analysis of 30 major banking and financial apps has shown major security holes and a lax approach to protecting user data.

Sophisticated TajMahal APT Framework remained under the radar for 5 years

Security Affairs

Cybersecurity experts at Kaspersky Lab uncovered a highly sophisticated spyware framework dubbed TajMahal that was involved in cyberespionage campaign for at least last 5 years.

William Barr Sends Troubling Signals Ahead of Mueller Report Release

WIRED Threat Level

Attorney general William Barr will have tremendous sway over how much of the Mueller report the public can see. Right now, it doesn't look promising. Security Security / National Security

IT 66

SAP April 2019 Security Patch Day addresses High severity flaws in Crystal Reports, NetWeaver

Security Affairs

SAP released the April 2019 Security Patch Day that is included 6 Security Notes, two of which address High severity flaws in Crystal Reports and NetWeaver.

Google DLP Makes It Easier to Safeguard Sensitive Data Troves

WIRED Threat Level

Google's Data Loss Prevention tool finds and redacts sensitive data in the cloud. A new user interface makes now makes it more broadly accessible. Security Security / Security News

Cloud 65

Minnesota Department of Human Services suffered a security breach

Security Affairs

Minnesota Department of Human Services announced to have suffered a data breach that may have exposed the personal information of about 11,000 people. Minnesota Department of Human Services suffered a data breach that may have exposed the personal information of about 11,000 people.

How are the EU member states progressing in their implementation of the NIS Directive?

IT Governance

On 6 July 2016, the EU officially adopted the NIS Directive (Directive on security of network and information systems) and gave each EU member state just under two years to implement its requirements into national law.

[SI-LAB] EMOTET spread in Chile impacted hundreds of users and targeted financial and banking services

Security Affairs

EMOTET spread in Chile targeted financial and banking services. SI-LAB detected hundreds of users that were impacted by this malware between March 18th and 26th of 2019. The last days of March 2019 are making headlines due to a targeted cyber attack involving a new variant of infamous EMOTET malware.

Merging Companies, Merging Clouds

Dark Reading

Integrating cloud environments is anything but easy. Evaluating the security risks in doing so must be a starting component of an overall M&A strategy

Cloud 92

How to Manage a Security Operations Center

eSecurity Planet

We define security operations centers (SOCs), including how they should be designed, run and staffed, and the technologies needed to make them work

Wireless charging is about convenience and productivity

DXC Technology

If you had to list the top five workplace technology trends for the coming year, you’d probably pretty quickly come up with connected devices, voice-activated technologies, augmented reality (AR), and artificial intelligence (AI). What would be the fifth item? According to 2,000 U.K. office workers surveyed recently by Workthere, a global consultant to organizations looking […]. IoT Mobility Workplace AI AR mobile devices productivity wireless charging wireless charging pad

25% of Phishing Emails Sneak into Office 365: Report

Dark Reading

Researchers analyzed 55.5 million emails and found one out of every 99 messages contains a phishing attack

A Growing Relationship with Google

Collibra

In most industries, digital transformation is no longer a “nice to have” – it’s crucial for companies to evolve and stay relevant. Many organizations diving in head first are turning to cloud service providers to store the growing data sets that come with a digitally-oriented business.

Cloud 56

The White Box Essays (Book Review)

Adam Shostack

The White Box , and its accompanying book, “The White Box Essays” are a FANTASTIC resource, and I wish I’d had them available to me as I designed Elevation of Privilege and helped with Control-Alt-Hack.

Le persone hanno un ruolo chiave nella trasformazione digitale

DXC Technology

Le imprese faticano a trovare personale che abbia le competenze adeguate e l’esperienza necessaria per aiutarle a trionfare nell’era dell’economia digitale. Programmatori, addetti alla sicurezza informatica, analisti dei dati e molto altro personale orientato allo sviluppo tecnologico rappresentano un’offerta insufficiente per il mercato, e questo sta costringendo le aziende a pagare profumatamente nuovi talenti il […].

56

Senate Bill Would Ban Social Networks' Social Engineering Tricks

Dark Reading

Bill takes aim at tactics used to convince people to give up their personal data, designing games that addict kids, and more

Data 79

Steps for implementing a non-invasive data governance program

Information Management Resources

Organizations need to ensure that the exercise of data governance is non-invasive and transparent so it does not seem forceful. Data governance Data quality Data management Data ownership

Majority of Hotel Websites Leak Guest Booking Info

Dark Reading

Third parties such as ad, search engine, and analytics firms often have access to guest name, address, phone numbers, credit cards and other data, Symantec says

Typical data workloads increased by 569% over past two years

Information Management Resources

On average, organizations managed 9.7 petabytes of data in 2018, representing an explosive growth of 569 percent compared with the 1.45 PB managed in 2016. Data storage Data warehouses Data management

Data 76

Cybersecurity Governance Lessons from Nuclear Power

IG Guru

By Cindy Satterfield In the nuclear power industry, a cybersecurity incident or error could be a life or death issue on a mass scale.

Case Law Summary: Court Holds That “Tagged” Social Media Photos Are Discoverable in Vasquez-Santos v. Mathew

Hanzo Learning Center

The internet, and especially social media, represents a rich reservoir of potential evidence for use in litigation. That reservoir grows broader and deeper every day—and sometimes, litigants underestimate how much of that online information is discoverable. via GIPHY.

52

Safe Harbor Programs: Ensuring the Bounty Isn't on White Hat Hackers' Heads

Dark Reading

As crowdsourced security-testing surges in popularity, companies need to implement safe harbor provisions to protect good-faith hackers -- and themselves