Wed.Sep 18, 2019

Justice Department Sues Snowden Over Memoir

Data Breach Today

Suit Seeks to Collect Book Profits Based on Alleged Violation of Nondisclosure Agreement The U.S.

Before He Spammed You, this Sly Prince Stalked Your Mailbox

Krebs on Security

A reader forwarded what he briefly imagined might be a bold, if potentially costly, innovation on the old Nigerian prince scam that asks for help squirreling away millions in unclaimed fortune: It was sent via the U.S. Postal Service, with a postmarked stamp and everything.

Adoption of AI Surveillance Technology Surges

Data Breach Today

China Is Leading Supplier, But Other Countries Catching Up, Report Finds Governments are rapidly adopting AI surveillance technology to advance political goals, according to a new report from the Carnegie Endowment for International Peace.

More than 737 million medical radiological images found on open PACS servers

Security Affairs

Researchers at Greenbone Networks vulnerability analysis and management company discovered 400 Million medical radiological images exposed online via unsecured PACS servers.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Senators Urge FCC to Review Licenses for Chinese Telecoms

Data Breach Today

Concerns Raised About China Telecom and China Unicom U.S. Senators Chuck Schumer, D-N.Y., and Tom Cotton, R-Ark.,

More Trending

Victim Total Soars in County Health Data Breach

Data Breach Today

Minnesota County Says Tally is 118,000, Not 600 as Originally Reported A Minnesota county that originally reported last December that a hacking incident affected about 600 individuals now says about 118,000 may have had healthcare data exposed. What's behind the huge spike

Memory corruption flaw in AMD Radeon driver allows VM escape

Security Affairs

Experts at Cisco Talos group discovered a vulnerability in the AMD ATI Radeon ATIDXX64.DLL driver that could lead to VM escape.

Video 108

Lumin PDF Leak Exposed Data on 24 Million Users

Data Breach Today

Data on Users of PDF Editing Tool Found in Accessible Database Ignoring a breach disclosure can have ugly consequences. Case in point: Lumin PDF, a PDF editing tool, which saw data for much of its user base - about 24.3 million - published in an online forum late Monday. Data breach expert Troy Hunt says it's sign of the dysfunction in the breach disclosure process

Tools 165

Cracking Forgotten Passwords

Schneier on Security

Expandpass is a string expansion program. It's "useful for cracking passwords you kinda-remember." You tell the program what you remember about the password and it tries related passwords.

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Clever New DDoS Attack Gets a Lot of Bang for a Hacker's Buck

WIRED Threat Level

By exploiting the WS-Discovery protocol, a new breed of DDoS attack can get a huge rate of return. Security Security / Cyberattacks and Hacks

I'm Looking to Hire a Strategist to Help Figure Out Public-Interest Tech

Schneier on Security

I am in search of a strategic thought partner: a person who can work closely with me over the next 9 to 12 months in assessing what's needed to advance the practice, integration, and adoption of public-interest technology. All of the details are in the RFP.

86

Kubernetes’s explosive growth has come with attention paid to security and stability

DXC Technology

You may have noticed I write a lot about Kubernetes, the Cloud Native Computing Foundation (CNCF) sponsored open-source container orchestration program. That’s because I have no choice in the matter. Just like Docker turned containers into the way to run server applications, Kubernetes quickly overcame its rivals and became the way to manage containers. Practically […]. Cloud Uncategorized Kubernetes

IT 80

The Top 'Human Hacks' to Watch For Now

Dark Reading

Social engineering is as old as mankind. But its techniques have evolved with time. Here are the latest tricks criminals are using to dupe end users

IT 114

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

IRS Emails Promise a Refund But Deliver Botnet Recruitment

Threatpost

The fake emails direct victims to log into a bogus IRS site. Malware Web Security amadey botnet cofense flawedammy rat IRS Malware analysis phishing campaign

Cryptominer Attacks Ramp Up, Focus on Persistence

Dark Reading

The latest attacks, such as Skidmap and Smominru, add capabilities to allow them to persist longer on Windows and Linux systems, surviving initial attempts at eliminating them

110
110

Edward Snowden Sued by U.S. Over New Memoir

Threatpost

The U.S. is attempting to seize any assets related to Edward Snowden's new memoir, Permanent Record. Government Privacy CIA Data data leak Edward Snowden non disclosure agreements NSA permanent record Snowden memoir surveillance us lawsuit whistleblower

A Virus Walks Into a Bar.

Dark Reading

Laughter is, well, contagious. Jokes begin in earnest at the one-minute mark

103
103

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Emotet Returns from Summer Vacation, Ramps Up Stolen Email Tactic

Threatpost

The ever-changing malware is jumping in the middle of people's existing email conversations to spread itself without suspicion. Malware Web Security emotet malware old email conversations return self propagation stolen email credentials summer hiatus

Apple’s new Endpoint Security Framework

Jamf

macOS Catalina introduces a new user-mode framework called Endpoint Security. See what it is and how it impacts you

IT 98

Rethinking Responsibilities and Remedies in Social-Engineering Attacks

Threatpost

The idea that humans are the weakest link shouldn't guide the thinking on social-engineering defense.

New EU Strong Customer Authentication Standards: Implications for Payment Service Providers

Data Matters

Under the revised Payment Services Directive (2015/2366) (PSD2), the European Banking Authority (EBA) and the European Commission were required to develop and adopt regulatory technical standards on strong customer authentication and common and secure open standards of communication. These regulatory technical standards were passed into EU law as Commission Delegated Regulation (EU) 2018/389 (the RTS), which entered into effect on September 14, 2019.

Massive Gaming DDoS Exploits Widespread Technology

Threatpost

The attack -- the 4th-largest the company has ever encountered -- leveraged WS-Discovery, which is found "everywhere.". Web Security 4th-largest of all time Akamai DDoS attack Dyn Exploit ws-discovery

How Cybercriminals Exploit Simple Human Mistakes

Dark Reading

A new report explores how attackers identify psychological vulnerabilities to effectively manipulate targets

87

New! RFP Template for Selecting EDR/EPP and APT Security

Threatpost

Cynet’s new RFP templates clearly lay out the requirements for securing potential APT vectors. Critical Infrastructure Vulnerabilities advanced persistent threats apt EDR EPP RFP

DevSecOps: Recreating Cybersecurity Culture

Dark Reading

Bringing developers and security teams together guided by a common goal requires some risk-taking. With patience and confidence, it will pay off. Here's how

Malware Moves: The Rise of LookBack – And Return of Emotet

Threatpost

The malware landscape is constantly changing; including a rise in a new malware called LookBack, as well as anticipation over the return of the Emotet and Retefe malware families. Malware banking trojan Black Hat Code emotet lookback malware malware Retefe Security threat group

Saudi IT Providers Hit in Cyber Espionage Operation

Dark Reading

Symantec identifies new 'Tortoiseshell' nation-state group as the attackers