Fri.Aug 09, 2019

iNSYNQ Ransom Attack Began With Phishing Email

Krebs on Security

A ransomware outbreak that hit QuickBooks cloud hosting firm iNSYNQ in mid-July appears to have started with an email phishing attack that snared an employee working in sales for the company, KrebsOnSecurity has learned.

Minimizing Automation Bias in Machine Learning

Data Breach Today

Microsoft's Diana Kelley Says Diversity Is Key Component for Resilient ML Models Developing robust and resilient machine learning models requires diversity in the teams working on the models as well as in the datasets used to train the models, says Microsoft's Diana Kelley

254
254

Trump’s Intel Vacancies Put Americans in Danger

WIRED Threat Level

Sue Gordon's departure is the latest sign that US national security might be stretching its leaders too thin—and risks putting the wrong people into roles that American lives depend upon. Security Security / National Security

Risk 114

Digital Transformation: Security Best Practices

Data Breach Today

RSA's Holly Rollo on the Importance of Third-Party Risk Management Organizations going through a digital transformation need to make sure they develop a sound third-party risk management strategy, says RSA's Holly Rollo, who discusses best practices

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Inside the Hidden World of Elevator Phone Phreaking

WIRED Threat Level

Eavesdropping, reprogramming, talking to strangers: Welcome to the harmless and not-so-harmless fun of hacking elevator call boxes. Security Security / Security News

More Trending

3Fun Dating App leaked members’ location and personal details

Security Affairs

The 3Fun dating mobile app for “curious couples & singles” exposed the location of its members and their personal details. What do you think about the privacy of dating apps?

Access 113

Broadcom Reaches $10.7B Deal to Buy Symantec Enterprise

Data Breach Today

Symantec Will Focus on its Consumer Business Broadcom says it plans to acquire Symantec's enterprise security business for $10.7 billion in cash. The deal relieves Symantec of a business line where it faced aggressive competition.

IT 217

A Zero-Day in Steam client for Windows affects over 100 Million users

Security Affairs

Two researchers publicly disclosed a zero-day vulnerability that affects the popular Steam game client for Windows, 0ver 100 million users at risk.

Access 113

BlueKeep Patching Still Spotty Months After Alerts: Report

Data Breach Today

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Emsisoft released a free decryptor for JSWorm 4.0

Security Affairs

Security researchers at Emsisoft have released a new decryptor tool that allows the victims of the JSWorm 4.0 ransomware to decrypt their files for free. Thanks to the experts at Emsisoft the victims of the JSWorm 4.0 ransomware can decrypt their files for free.

New Playbooks for Cyber Defense

Data Breach Today

Fortinet's FortiGuard Labs global threat research team is creating research playbooks that provide deep-dive analysis of not only threat trends, but also cybercriminal and adversary tools and techniques. Derek Manky and Tony Giandomenico discuss the playbook model and how it can help in the fight against cybercrime

IT 152

Friday Squid Blogging: Sinuous Asperoteuthis Mangoldae Squid

Schneier on Security

Great video of the Sinuous Asperoteuthis Mangoldae Squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here. squid

Cybersecurity Leadership: The Next Generation

Data Breach Today

IoT, the cloud, third-party risk - we hear a lot about how the cybersecurity risk surface and threat landscape have evolved. But what about the new business demands on cybersecurity leaders? Christopher Hetner, former global CISO at GE Capital, shares insights

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Apple announces major changes to its bug bounty program, including higher rewards

Security Affairs

At the Blackhat cybersecurity conference, Apple has announced a few major changes to its bug bounty program that will be open to any researcher. The most striking change is related to the payout for the rewards, the maximum reward passed from $200,000 to $1 million.

U.S. Election Systems Left Vulnerable Online

Adam Levin

Security researchers have announced the discovery of several election systems across the country connected to the internet that are vulnerable to hacking.

IT 90

Hackers Take on Darpa's $10 Million Voting Machine

WIRED Threat Level

At this year's Defcon hacking conference, Darpa brought the beginnings of what it hopes will be impervious hardware. Security Security / Security News

IT 87

DEF CON 2019: Researchers Demo Hacking Google Home for RCE

Threatpost

Researchers show how they hacked Google Home smart speakers using the Megellan vulnerability. Hacks Vulnerabilities CVE-2018-20346 CVE-2018-20505 CVE-2018-20506 DEF CON google home Megellan SQLite Tencent

114
114

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

A Teen Hacker Found Bugs in School Software That Affects Millions

WIRED Threat Level

Some kids play in a band after school. Bill Demirkapi hacked two education software giants. Security Security / Cyberattacks and Hacks

Hack of High-End Hotel Smart Locks Shows IoT Security Fail

Threatpost

LAS VEGAS – A vulnerability in a popular IoT lock key – used chiefly by a high-end hotel in Europe – allowed researchers to break into hotel rooms.

IoT 114

This Tesla Mod Turns a Model S Into a Mobile 'Surveillance Station'

WIRED Threat Level

The Surveillance Detection Scout can track license plates and faces near your Tesla—with all the privacy concerns that implies. Security Security / Cyberattacks and Hacks

Significant Vulnerabilities Found in 6 Common Printers Brands

Dark Reading

In a half-year project, two researchers tested six of the top enterprise printer brands and found vulnerabilities in every device, some of which allow remote execution

114
114

How Safecrackers Can Unlock an ATM in Minutes—Without Leaving a Trace

WIRED Threat Level

At Defcon this week, security researcher Mike Davis will show how he can pick the lock of an ATM safe in no time, thanks to its electric leaks. Security / Cyberattacks and Hacks

IT 85

State Farm Reports Credential-Stuffing Attack

Dark Reading

The insurer has informed customers a third party used a list of user IDs and passwords to attempt access into online accounts

DEF CON 2019: Delta ICS Flaw Allows Total Industrial Takeover

Threatpost

The bug exists in a controller that oversees HVAC, lighting, sensor and alarm systems, to name a few. Critical Infrastructure Vulnerabilities CVE-2019-9569 def con 2019 Delta enteliBUS Manager hvac ICS industrial control McAfee vulnerability

114
114

New Vulnerability Risk Model Promises More-Efficient Security

Dark Reading

Taking into account more factors than the current CVSS makes for a better assessment of actual danger

Risk 114

PCI SSC warns organisations about growing threat of online skimming

IT Governance

Organisations that accept online payments must urgently address the threat of web-based skimming, the PCI SSC (Payment Card Industry Security Standards Council) has warned.

7 Online Safety Tips for College Students

Dark Reading

Heading back to campus soon? Here are seven tips that will get your digital house in order and keep you safe online this semester

112
112