Fri.Aug 09, 2019

Minimizing Automation Bias in Machine Learning

Data Breach Today

Microsoft's Diana Kelley Says Diversity Is Key Component for Resilient ML Models Developing robust and resilient machine learning models requires diversity in the teams working on the models as well as in the datasets used to train the models, says Microsoft's Diana Kelley

iNSYNQ Ransom Attack Began With Phishing Email

Krebs on Security

A ransomware outbreak that hit QuickBooks cloud hosting firm iNSYNQ in mid-July appears to have started with an email phishing attack that snared an employee working in sales for the company, KrebsOnSecurity has learned.

Digital Transformation: Security Best Practices

Data Breach Today

RSA's Holly Rollo on the Importance of Third-Party Risk Management Organizations going through a digital transformation need to make sure they develop a sound third-party risk management strategy, says RSA's Holly Rollo, who discusses best practices

Nearly three-quarters of firms now victims of email-based cyber attacks

Information Management Resources

The most common effects cited were loss of employee productivity, downtime and business disruption, and damage to the reputation of the IT team

IT 139

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

New Ursnif Variant Spreads Through Infected Word Documents

Data Breach Today

Banking Trojan Designed to Steal Passwords and Credentials A new variant of the Ursnif Trojan is targeting vulnerable systems in an attempt to steal banking passwords and other credentials.

More Trending

Broadcom Reaches $10.7B Deal to Buy Symantec Enterprise

Data Breach Today

Symantec Will Focus on its Consumer Business Broadcom says it plans to acquire Symantec's enterprise security business for $10.7 billion in cash. The deal relieves Symantec of a business line where it faced aggressive competition.

IT 206

Trump’s Intel Vacancies Put Americans in Danger

WIRED Threat Level

Sue Gordon's departure is the latest sign that US national security might be stretching its leaders too thin—and risks putting the wrong people into roles that American lives depend upon. Security Security / National Security

Risk 107

BlueKeep Patching Still Spotty Months After Alerts: Report

Data Breach Today

3Fun Dating App leaked members’ location and personal details

Security Affairs

The 3Fun dating mobile app for “curious couples & singles” exposed the location of its members and their personal details. What do you think about the privacy of dating apps?

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

New Playbooks for Cyber Defense

Data Breach Today

Fortinet's FortiGuard Labs global threat research team is creating research playbooks that provide deep-dive analysis of not only threat trends, but also cybercriminal and adversary tools and techniques. Derek Manky and Tony Giandomenico discuss the playbook model and how it can help in the fight against cybercrime

Trends 139

A Zero-Day in Steam client for Windows affects over 100 Million users

Security Affairs

Two researchers publicly disclosed a zero-day vulnerability that affects the popular Steam game client for Windows, 0ver 100 million users at risk.

Access 105

Cybersecurity Leadership: The Next Generation

Data Breach Today

IoT, the cloud, third-party risk - we hear a lot about how the cybersecurity risk surface and threat landscape have evolved. But what about the new business demands on cybersecurity leaders? Christopher Hetner, former global CISO at GE Capital, shares insights

Inside the Hidden World of Elevator Phone Phreaking

WIRED Threat Level

Eavesdropping, reprogramming, talking to strangers: Welcome to the harmless and not-so-harmless fun of hacking elevator call boxes. Security Security / Security News

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Emsisoft released a free decryptor for JSWorm 4.0

Security Affairs

Security researchers at Emsisoft have released a new decryptor tool that allows the victims of the JSWorm 4.0 ransomware to decrypt their files for free. Thanks to the experts at Emsisoft the victims of the JSWorm 4.0 ransomware can decrypt their files for free.

A Teen Hacker Found Bugs in School Software That Affects Millions

WIRED Threat Level

Some kids play in a band after school. Bill Demirkapi hacked two education software giants. Security Security / Cyberattacks and Hacks

As cloud use rises among payers, so do cybersecurity concerns

Information Management Resources

Most organizations are in the process of transitioning to the cloud, and this is making it difficult for IT departments to monitor security

Cloud 81

Hackers Take on Darpa's $10 Million Voting Machine

WIRED Threat Level

At this year's Defcon hacking conference, Darpa brought the beginnings of what it hopes will be impervious hardware. Security Security / Security News

U.S. Election Systems Left Vulnerable Online

Adam Levin

Security researchers have announced the discovery of several election systems across the country connected to the internet that are vulnerable to hacking.

Apple announces major changes to its bug bounty program, including higher rewards

Security Affairs

At the Blackhat cybersecurity conference, Apple has announced a few major changes to its bug bounty program that will be open to any researcher. The most striking change is related to the payout for the rewards, the maximum reward passed from $200,000 to $1 million.

This Tesla Mod Turns a Model S Into a Mobile 'Surveillance Station'

WIRED Threat Level

The Surveillance Detection Scout can track license plates and faces near your Tesla—with all the privacy concerns that implies. Security Security / Cyberattacks and Hacks

DEF CON 2019: Researchers Demo Hacking Google Home for RCE

Threatpost

Researchers show how they hacked Google Home smart speakers using the Megellan vulnerability. Hacks Vulnerabilities CVE-2018-20346 CVE-2018-20505 CVE-2018-20506 DEF CON google home Megellan SQLite Tencent

Demo 110

State Farm Reports Credential-Stuffing Attack

Dark Reading

The insurer has informed customers a third party used a list of user IDs and passwords to attempt access into online accounts

Hack of High-End Hotel Smart Locks Shows IoT Security Fail

Threatpost

LAS VEGAS – A vulnerability in a popular IoT lock key – used chiefly by a high-end hotel in Europe – allowed researchers to break into hotel rooms.

IoT 104

Significant Vulnerabilities Found in 6 Common Printers Brands

Dark Reading

In a half-year project, two researchers tested six of the top enterprise printer brands and found vulnerabilities in every device, some of which allow remote execution

103
103

PCI SSC warns organisations about growing threat of online skimming

IT Governance

Organisations that accept online payments must urgently address the threat of web-based skimming, the PCI SSC (Payment Card Industry Security Standards Council) has warned.

New Vulnerability Risk Model Promises More-Efficient Security

Dark Reading

Taking into account more factors than the current CVSS makes for a better assessment of actual danger

Risk 103

Username (and password) free login with security keys

Imperial Violet

Most readers of this blog will be familiar with the traditional security key user experience: you register a token with a site then, when logging in, you enter a username and password as normal but are also required to press a security key in order for it to sign a challenge from the website. This is an effective defense against phishing, phone number takeover, etc.

5 Digital Transformation Interests for IT Service Providers

Perficient Data & Analytics

Gartner predicts a whopping 70% growth in artificial intelligence (AI), while niche vendors such as KenSci and viz.ai are shaking industries with their industry specific intelligence.

Creating a Retention Schedule that Works

Gimmal

Creating a usable, automated, and simple file plan is an important part of ensuring records are managed in a consistent manner and that you are protected from legal risks, such as failure to disclose information during a discovery proceeding or the unauthorized leakage of information.

Risk 62

DEF CON 2019: Delta ICS Flaw Allows Total Industrial Takeover

Threatpost

The bug exists in a controller that oversees HVAC, lighting, sensor and alarm systems, to name a few. Critical Infrastructure Vulnerabilities CVE-2019-9569 def con 2019 Delta enteliBUS Manager hvac ICS industrial control McAfee vulnerability

7 Online Safety Tips for College Students

Dark Reading

Heading back to campus soon? Here are seven tips that will get your digital house in order and keep you safe online this semester

Tips 88