Wed.Feb 06, 2019

Data Breach Reports in Europe Under GDPR Exceed 59,000

Data Breach Today

Netherlands, Germany and UK Have Logged the Most Data Breach Reports Since the EU's GDPR went into full effect, European data protection authorities have received over 59,000 data breach reports, with the Netherlands, Germany and the U.K.

MY TAKE: Why Satya Nadella is wise to align with privacy advocates on regulating facial recognition

The Last Watchdog

We’re just a month and change into the new year, and already there have been two notable developments underscoring the fact that some big privacy and civil liberties questions need to be addressed before continuing the wide-scale deployment of advanced facial recognition systems. This week civil liberties groups in Europe won the right to challenge the UK’s bulk surveillance activities in the The Grand Chamber of the European Court of Human Rights. Related: Snowden on unrestrained surveillance.

Report: Nation-State Malware Attack Could Cripple US

Data Breach Today

Government, Industry Need to Work More Closely on Response Plans Without improved coordination, the U.S.

Android devices could be hacked by viewing a malicious PNG Image

Security Affairs

Memo: Nation-State Malware Attack Could Cripple US

Data Breach Today

Government, Industry Need to Work More Closely on Response Plans Without improved coordination, the U.S. government and private companies could be caught flat-footed if malware or a worm hit a software supply chain.

Reverse RDP Attack – Rogue RDP Server can be used to hack RDP clients

Security Affairs

Researchers at Check Point Software Technologies have discovered more than two dozen vulnerabilities in the popular implementations of the remote desktop protocol (RDP).

More Trending

Security expert Marco Ramilli released for free the Malware Hunter tool

Security Affairs

Malware researcher Marco Ramilli released for free the Malware Hunter tool a simple but interesting catching tool base on static YARA rules. Malware researcher Marco Ramilli released for free the Malware Hunter tool a simple but interesting catching tool base on static YARA rules.

Tools 102

Bolstering the Cybersecurity of Medical Devices

Data Breach Today

As cybersecurity threats in the healthcare sector evolve, medical device manufacturer ICU Medical is taking a number of steps to help safeguard its products. Chaitanya Srinivasamurthy and Marshall Fryman of the company describe these security initiatives

New ExileRAT backdoor used in attacks aimed at users in Tibet

Security Affairs

A malware campaign using new LuckyCat-Linked RAT dubbed ExileRAT has been targeting the mailing list of the organization officially representing the Tibetan government-in-exile.

Fortinet's Sonia Arista on Securing the Digital Enterprise

Data Breach Today

Listen to the latest on security's role in digital transformation, as well as visibility challenges facing the security industry

There's No Good Reason to Trust Blockchain Technology

WIRED Threat Level

Opinion: Cryptocurrencies are useless. Blockchain solutions are frequently much worse than the systems they replace. Here's why. Opinion Security

HIMSS19: Cybersecurity in the Spotlight

Data Breach Today

A Sampling of What's Slated for Health IT's Biggest Annual Show Once again, cybersecurity issues will be in the spotlight at the Healthcare Information and Management Systems Society Conference, to be held Feb. 11-15 in Orlando, Fla

What Robert Mueller Knows—and Isn't Telling Us

WIRED Threat Level

The special counsel's indictments have so far stopped short tying Trump and his associates to a broader conspiracy, blanks that will eventually get filled in. Security

Using Gmail "Dot Addresses" to Commit Fraud

Schneier on Security

In Gmail addresses, the dots don't matter. The account "bruceschneier@gmail.com" maps to the exact same address as "bruce.schneier@gmail.com" and "b.r.u.c.e.schneier@gmail.com" -- and so on. Note: I own none of those addresses, if they are actually valid.).

A critical counterfeiting vulnerability addressed in Zcash

Security Affairs

A critical counterfeiting vulnerability in Zcash cryptocurrency could have allowed coining an infinite number of Zcash (ZEC) cryptocurrency. Reading some news, investors could believe that cryptocurrencies are not a good investment.

Over Half of Companies Are Upping Spending on IT Security: eSecurity Planet Survey

eSecurity Planet

Data breaches and new privacy regulations are prompting increased spending on IT security products and staff

Nature and Nurture in Threat Modeling

Adam Shostack

Josh Corman opened a bit of a can of worms a day or two ago, asking on Twitter: “ pls RT: who are the 3-5 best, most natural Threat Modeling minds? Esp for NonSecurity people. adamshostack is a given. ” (Thanks!).

MacOS Zero-Day Exposes Apple Keychain Passwords

Threatpost

A researcher who discovered a flaw letting him steal passwords in MacOS is not sharing his findings with Apple without a macOS bug bounty program. Mobile Security Vulnerabilities apple Apple bug bug bounty ios macOS zero day

What is Infonomics and Why Should You Care?

Everteam

Is the information your organization captures as important as the physical assets it owns or the money it makes? It should be, but figuring out how to put a value on your information isn’t easy or straightforward.

ROT 67

MicroStrategy World: Optimizing Healthcare with Mobile Analytics

Perficient Data & Analytics

Juliet Silver, Chief Strategist for Healthcare , presented on optimizing healthcare operations with mobile analytics. Healthcare Market Forces. There are a number of market forces that influence healthcare. Healthcare is about 17% of our GDP.

How to choose the best predictive analytics software in 2019

OpenText Information Management

If only Kodak or Blockbuster could have seen into the future, what would they have done? If they’d had access to the latest predictive analytics solutions, things may have worked out very differently for their companies.

Enterprise Analytics with Perficient, MicroStrategy & Microsoft

Perficient Data & Analytics

MicroStrategy 2019 officially kicked off this week with some major announcements. Several of these offer new and exciting opportunities for enterprises to leverage business intelligence and analytics in truly transformative ways. Kicking things off on Tuesday, Perficient was proud to be named MicroStrategy’s 2019 North America Partner of the Year. The award recognizes our team’s deep, long-term expertise in delivering end-to-end business intelligence (BI) solutions.

How to manage Microsoft Office 2019 for Mac - Q&A

Jamf

Have questions about managing Microsoft Office for Mac and what its availability in the App Store means for you? We've got (lots) of answers

MicroStrategy World: AI Best Practices and Real-World Examples

Perficient Data & Analytics

Christine Livingston, Chief Strategy for AI at Perficient spoke on AI best practices and gave some real world examples on how it would work. Where are analytics heading?

Clever Phishing Attack Enlists Google Translate to Spoof Login Page

Threatpost

A tricky two-stage phishing scam is targeting Facebook and Google credentials using a landing page that hides behind Google's translate feature. Web Security Credential stuffing Credential Theft Facebook google Google Translate Phishing phishing scam

Incorporating privacy into data protection strategy

Information Management Resources

Enterprises should start from the top – by incorporating data privacy into the enterprise’s data protection strategy. This will set the direction in which the enterprise will move forward concerning the data privacy initiative. Data privacy Data security Cyber security

Some Airline Flight Online Check-in Links Expose Passenger Data

Dark Reading

Several airlines send unencrypted links to passengers for flight check-in that could be intercepted by attackers to view passenger and other data, researchers found

Data 77

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Data Matters

On December 3, 2018, twelve attorneys general (“AGs”) jointly filed a data breach lawsuit against Medical Informatics Engineering and its subsidiary, NoMoreClipboard LLC (collectively “the Company”), an electronic health records company, in federal district court in Indiana. See Indiana v. Informatics Eng’g, Inc. , 3:18-cv-00969 (N.D. filed Dec. 3, 2018).

Serverless Computing: 'Function' vs. 'Infrastructure' as-a-Service

Dark Reading

How much do companies really gain from offloading security duties to the cloud? Let's do the math

Cloud 75

Fujitsu Computer Products of America, Inc. Announces the First Scanner Subscription Service in the Industry

Document Imaging Report

Sunnyvale, CA, January 31, 2019 – Fujitsu Computer Products of America, Inc., the leader in Document Imaging, today announced an all new program, Scanner Subscription Services by FCPA. Scanner Subscription Services by FCPA is the first scanner-as-a-service business model in the industry.

4 Practical Questions to Ask Before Investing in AI

Dark Reading

A pragmatic, risk-based approach can help CISOs plan for an efficient, effective, and economically sound implementation of AI for cybersecurity

URLHaus is a smash success so far: 100,000 malware sites down

IG Guru

via Peerlyst by Kim Crawley Web malware is huge. The web is now one of the top vectors for malware distribution. I took a glance at VirusTotal’s file statistics from the past seven days.

Data 52

What It Takes to Pull Off the Country's First Online Census

WIRED Threat Level

Going digital could make the 2020 census more inclusive and efficient, but experts fear the Census Bureau is also opening itself up to new risks. Security

Risk 51

Organizations must adapt to 'norm' under new data privacy regulations

Information Management Resources

With the increasing value of data, GDPR and California's Consumer Privacy Act of 2018 demonstrate that data privacy policies will continue to be a growing trend in 2019 and beyond. Data privacy Data security GDPR