Wed.Apr 10, 2019

Dark Patterns: How Weaponized Usability Hurts Users

Data Breach Today

Fresh Legislation Targets Deceptive, Privacy-Shredding Interface Design Dark patterns are out to get you. The term describes the practice of abusing usability norms to create user interfaces that trick users into divulging their personal details or sacrificing their privacy.

WPA3 attacks allow hackers to hack Wi-Fi password

Security Affairs

Security researchers discovered weaknesses in WPA3 that could be exploited to recover WiFi passwords by abusing timing or cache-based side-channel leaks.

Yahoo Takes Second Swing at Data Breach Settlement

Data Breach Today

Million Settlement Would Be Largest Ever for a Data Breach, Plaintiffs Say Yahoo is hoping a revamped proposed breach-related settlement will pass muster with a federal judge who rejected the first one for myriad reasons, including high attorney fees and a lack of transparency.

Experts spotted a new Mirai variant that targets new processors

Security Affairs

Palo Alto Networks researchers discovered a new variant of the Mirai malware that is targeting more processor architectures than previous ones.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Kaspersky: New 'TajMahal' APT Malware Enables Espionage

Data Breach Today

Report Describes Technical Sophistication of the Threat A new type of malware, dubbed TajMahal, offers its users a host of espionage techniques, including the ability to steal documents sent to a printer queue and pilfer data from a CD, Kaspersky Lab reports.

More Trending

Women in Cybersecurity: A Progress Report

Data Breach Today

Nearly one-quarter of the global cybersecurity workforce is now made up of women. But women still face significant compensation and other career challenges, according to a new study. Mary-Jo de Leeuw of (ISC)2 shares analysis

Report Shows Major Security Holes in Banking Apps

Adam Levin

A security analysis of 30 major banking and financial apps has shown major security holes and a lax approach to protecting user data.

Retail 101

Yoroi Welcomes “Yomi: The Malware Hunter”

Security Affairs

GDPR: How the definition of personal data has changed

IT Governance

This blog has been updated to reflect industry updates. Originally published June 2017. On 25 May 2018, the EU’s GDPR (General Data Protection Regulation) superseded the UK’s DPA (Data Protection Act) 1998.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Microsoft April 2019 Patch Tuesday fixes Windows 0days under attack

Security Affairs

Microsoft Patches Windows Privilege Escalation Flaws Exploited in Attacks. Microsoft has released its April 2019 Patch Tuesday updates that address over 70 vulnerabilities, including two Windows zero-day flaws.

Offering Customers Trusted Digital Security

Thales eSecurity

Last week, we welcomed Gemalto as an official part of the Thales Group, marking the start of a bold new chapter in our company’s history.

Genesis Store black marketplace offers more than 60k+ stolen bot profiles

Security Affairs

Security experts at Kaspersky Lab over 60,000 stolen profiles are offered for sale on an invitation-based private marketplace called Genesis Store.

Sales 86

MY TAKE: Account hijackers follow small banks, credit unions over to mobile banking apps

The Last Watchdog

As long as cyber attacks continue, financial institutions will remain a prime target, for obvious reasons. Related: OneSpan’s rebranding launch. Outside of giants JP Morgan, Bank of America, Citigroup, Wells Fargo and U.S. Bancorp, the remainder of the more than 10,000 U.S. firms are comprised of community banks and regional credit unions. These smaller institutions, much like the giants, are hustling to expand mobile banking services.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Sophisticated TajMahal APT Framework remained under the radar for 5 years

Security Affairs

Cybersecurity experts at Kaspersky Lab uncovered a highly sophisticated spyware framework dubbed TajMahal that was involved in cyberespionage campaign for at least last 5 years.

How are the EU member states progressing in their implementation of the NIS Directive?

IT Governance

On 6 July 2016, the EU officially adopted the NIS Directive (Directive on security of network and information systems) and gave each EU member state just under two years to implement its requirements into national law.

SAP April 2019 Security Patch Day addresses High severity flaws in Crystal Reports, NetWeaver

Security Affairs

SAP released the April 2019 Security Patch Day that is included 6 Security Notes, two of which address High severity flaws in Crystal Reports and NetWeaver.

Wireless charging is about convenience and productivity

DXC Technology

If you had to list the top five workplace technology trends for the coming year, you’d probably pretty quickly come up with connected devices, voice-activated technologies, augmented reality (AR), and artificial intelligence (AI). What would be the fifth item? According to 2,000 U.K. office workers surveyed recently by Workthere, a global consultant to organizations looking […]. IoT Mobility Workplace AI AR mobile devices productivity wireless charging wireless charging pad

Minnesota Department of Human Services suffered a security breach

Security Affairs

Minnesota Department of Human Services announced to have suffered a data breach that may have exposed the personal information of about 11,000 people. Minnesota Department of Human Services suffered a data breach that may have exposed the personal information of about 11,000 people.

William Barr Sends Troubling Signals Ahead of Mueller Report Release

WIRED Threat Level

Attorney general William Barr will have tremendous sway over how much of the Mueller report the public can see. Right now, it doesn't look promising. Security Security / National Security

IT 65

[SI-LAB] EMOTET spread in Chile impacted hundreds of users and targeted financial and banking services

Security Affairs

EMOTET spread in Chile targeted financial and banking services. SI-LAB detected hundreds of users that were impacted by this malware between March 18th and 26th of 2019. The last days of March 2019 are making headlines due to a targeted cyber attack involving a new variant of infamous EMOTET malware.

Google DLP Makes It Easier to Safeguard Sensitive Data Troves

WIRED Threat Level

Google's Data Loss Prevention tool finds and redacts sensitive data in the cloud. A new user interface makes now makes it more broadly accessible. Security Security / Security News

Cloud 61

Merging Companies, Merging Clouds

Dark Reading

Integrating cloud environments is anything but easy. Evaluating the security risks in doing so must be a starting component of an overall M&A strategy

Cloud 87

Les transactions M2M ou l’avenir du paiement des machines connectées

DXC Technology

Les modes de paiements ont connu des changements radicaux avec notamment la démocratisation des portefeuilles numériques tels que Paypal ou Venmo et l’apparition des cryptomonnaies comme Bitcoin. Mais le progrès ne s’arrête pas là et d’autres technologies font leur apparition. Au sein de DXC Labs, un groupe d’experts travaille sur des machines capables de réaliser […]. Automotive Digital Transformation Energy Insurance IoT Manufacturing Robotics

How to Manage a Security Operations Center

eSecurity Planet

We define security operations centers (SOCs), including how they should be designed, run and staffed, and the technologies needed to make them work

Le persone hanno un ruolo chiave nella trasformazione digitale

DXC Technology

Le imprese faticano a trovare personale che abbia le competenze adeguate e l’esperienza necessaria per aiutarle a trionfare nell’era dell’economia digitale. Programmatori, addetti alla sicurezza informatica, analisti dei dati e molto altro personale orientato allo sviluppo tecnologico rappresentano un’offerta insufficiente per il mercato, e questo sta costringendo le aziende a pagare profumatamente nuovi talenti il […].

57

Kalpataru Power Transmission increases Accounts Payable efficiency with OpenText

OpenText Information Management

With over 2,000 employees, 150 site offices across India and operations in more than 30 countries outside India, leading Indian global power transmission and infrastructure company Kalpataru Power Transmission Limited (KPTL) is a diverse conglomerate.

Blog 56

The White Box Essays (Book Review)

Adam Shostack

The White Box , and its accompanying book, “The White Box Essays” are a FANTASTIC resource, and I wish I’d had them available to me as I designed Elevation of Privilege and helped with Control-Alt-Hack.

25% of Phishing Emails Sneak into Office 365: Report

Dark Reading

Researchers analyzed 55.5 million emails and found one out of every 99 messages contains a phishing attack

How the PSD2 helps prevent payment card data breaches

IT Governance

On 14 September 2019, the PSD2 (Second Payment Services Directive) will take effect, overhauling the way people pay for goods and services across the EU. The legislation has been implemented to prevent fraud and to keep customers’ payment details secure during in-store, online and card-not-present transactions. It does this in two main ways. Strong authentication.

Senate Bill Would Ban Social Networks' Social Engineering Tricks

Dark Reading

Bill takes aim at tactics used to convince people to give up their personal data, designing games that addict kids, and more

Data 78

Steps for implementing a non-invasive data governance program

Information Management Resources

Organizations need to ensure that the exercise of data governance is non-invasive and transparent so it does not seem forceful. Data governance Data quality Data management Data ownership