Wed.Sep 18, 2019

Before He Spammed You, this Sly Prince Stalked Your Mailbox

Krebs on Security

A reader forwarded what he briefly imagined might be a bold, if potentially costly, innovation on the old Nigerian prince scam that asks for help squirreling away millions in unclaimed fortune: It was sent via the U.S. Postal Service, with a postmarked stamp and everything.

Justice Department Sues Snowden Over Memoir

Data Breach Today

Suit Seeks to Collect Book Profits Based on Alleged Violation of Nondisclosure Agreement The U.S.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

On Roku and Amazon Fire TV, Channels Are Watching You

WIRED Threat Level

New research shows that over 2,000 streaming apps track information about your devices—even when you tell them not to. Security Security / Privacy

Adoption of AI Surveillance Technology Surges

Data Breach Today

China Is Leading Supplier, But Other Countries Catching Up, Report Finds Governments are rapidly adopting AI surveillance technology to advance political goals, according to a new report from the Carnegie Endowment for International Peace.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

More than 737 million medical radiological images found on open PACS servers

Security Affairs

Researchers at Greenbone Networks vulnerability analysis and management company discovered 400 Million medical radiological images exposed online via unsecured PACS servers.

More Trending

Memory corruption flaw in AMD Radeon driver allows VM escape

Security Affairs

Experts at Cisco Talos group discovered a vulnerability in the AMD ATI Radeon ATIDXX64.DLL driver that could lead to VM escape.

IT 102

Victim Total Soars in County Health Data Breach

Data Breach Today

Minnesota County Says Tally is 118,000, Not 600 as Originally Reported A Minnesota county that originally reported last December that a hacking incident affected about 600 individuals now says about 118,000 may have had healthcare data exposed. What's behind the huge spike

Cracking Forgotten Passwords

Schneier on Security

Expandpass is a string expansion program. It's "useful for cracking passwords you kinda-remember." You tell the program what you remember about the password and it tries related passwords.

Lumin PDF Leak Exposed Data on 24 Million Users

Data Breach Today

Data on Users of PDF Editing Tool Found in Accessible Database Ignoring a breach disclosure can have ugly consequences. Case in point: Lumin PDF, a PDF editing tool, which saw data for much of its user base - about 24.3 million - published in an online forum late Monday. Data breach expert Troy Hunt says it's sign of the dysfunction in the breach disclosure process

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

I'm Looking to Hire a Strategist to Help Figure Out Public-Interest Tech

Schneier on Security

I am in search of a strategic thought partner: a person who can work closely with me over the next 9 to 12 months in assessing what's needed to advance the practice, integration, and adoption of public-interest technology. All of the details are in the RFP.


Kubernetes’s explosive growth has come with attention paid to security and stability

DXC Technology

You may have noticed I write a lot about Kubernetes, the Cloud Native Computing Foundation (CNCF) sponsored open-source container orchestration program. That’s because I have no choice in the matter. Just like Docker turned containers into the way to run server applications, Kubernetes quickly overcame its rivals and became the way to manage containers. Practically […]. Cloud Uncategorized Kubernetes

IT 80

The Top 'Human Hacks' to Watch For Now

Dark Reading

Social engineering is as old as mankind. But its techniques have evolved with time. Here are the latest tricks criminals are using to dupe end users

IT 113

Massive Gaming DDoS Exploits Widespread Technology


The attack -- the 4th-largest the company has ever encountered -- leveraged WS-Discovery, which is found "everywhere.". Web Security 4th-largest of all time Akamai DDoS attack Dyn Exploit ws-discovery

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Apple’s new Endpoint Security Framework


macOS Catalina introduces a new user-mode framework called Endpoint Security. See what it is and how it impacts you

IT 107

Emotet Returns from Summer Vacation, Ramps Up Stolen Email Tactic


The ever-changing malware is jumping in the middle of people's existing email conversations to spread itself without suspicion. Malware Web Security emotet malware old email conversations return self propagation stolen email credentials summer hiatus

Apple’s new Endpoint Security Framework


macOS Catalina introduces a new user-mode framework called Endpoint Security. See what it is and how it impacts you

IT 107

Edward Snowden Sued by U.S. Over New Memoir


The U.S. is attempting to seize any assets related to Edward Snowden's new memoir, Permanent Record. Government Privacy CIA Data data leak Edward Snowden non disclosure agreements NSA permanent record Snowden memoir surveillance us lawsuit whistleblower

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Cryptominer Attacks Ramp Up, Focus on Persistence

Dark Reading

The latest attacks, such as Skidmap and Smominru, add capabilities to allow them to persist longer on Windows and Linux systems, surviving initial attempts at eliminating them


IRS Emails Promise a Refund But Deliver Botnet Recruitment


The fake emails direct victims to log into a bogus IRS site. Malware Web Security amadey botnet cofense flawedammy rat IRS Malware analysis phishing campaign

Clever New DDoS Attack Gets a Lot of Bang for a Hacker's Buck

WIRED Threat Level

By exploiting the WS-Discovery protocol, a new breed of DDoS attack can get a huge rate of return. Security Security / Cyberattacks and Hacks

Rethinking Responsibilities and Remedies in Social-Engineering Attacks


The idea that humans are the weakest link shouldn't guide the thinking on social-engineering defense.

A Virus Walks Into a Bar.

Dark Reading

Laughter is, well, contagious. Jokes begin in earnest at the one-minute mark


New EU Strong Customer Authentication Standards: Implications for Payment Service Providers

Data Matters

Under the revised Payment Services Directive (2015/2366) (PSD2), the European Banking Authority (EBA) and the European Commission were required to develop and adopt regulatory technical standards on strong customer authentication and common and secure open standards of communication. These regulatory technical standards were passed into EU law as Commission Delegated Regulation (EU) 2018/389 (the RTS), which entered into effect on September 14, 2019.

How Cybercriminals Exploit Simple Human Mistakes

Dark Reading

A new report explores how attackers identify psychological vulnerabilities to effectively manipulate targets


New! RFP Template for Selecting EDR/EPP and APT Security


Cynet’s new RFP templates clearly lay out the requirements for securing potential APT vectors. Critical Infrastructure Vulnerabilities advanced persistent threats apt EDR EPP RFP

How Ransomware Criminals Turn Friends into Enemies

Dark Reading

Managed service providers are the latest pawns in ransomware's game of chess

5 steps to incorporate ethics into your artificial intelligence strategy

Information Management Resources

In the context of the five most common AI ethics guidelines, here are five lines of questioning that IT leaders should consider when determining an AI ethics strategy. Artificial intelligence Data strategy Data management

DevSecOps: Recreating Cybersecurity Culture

Dark Reading

Bringing developers and security teams together guided by a common goal requires some risk-taking. With patience and confidence, it will pay off. Here's how

A Sense of Security: Information Overload Leads to Security Oversights


Are you guilty of working ahead on Sunday in order to get your coming week under control? According to a recent editor’s pick on LinkedIn originating from the Wall Street Journal , you’re not alone.

Saudi IT Providers Hit in Cyber Espionage Operation

Dark Reading

Symantec identifies new 'Tortoiseshell' nation-state group as the attackers

IT 85