Mon.Jun 10, 2019

Unsecured Database Leaves 8.4TB of Email Metadata Exposed

Data Breach Today

Shanghai Jiao Tong University Has Since Locked-Down Elasticsearch Server A security researcher found an unsecured database belonging to the Shanghai Jiao Tong University in China that contained 8.4TB of email metadata.

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

The Last Watchdog

Locking down firmware. This is fast becoming a profound new security challenge for all companies – one that can’t be pushed to a side burner. Related: The rise of ‘memory attacks’ I’m making this assertion as federal authorities have just commenced steps to remove and replace switching gear supplied, on the cheap, to smaller U.S. telecoms by Chinese tech giant Huawei. These are the carriers that provide Internet access to rural areas all across America.

Multiple Class Action Lawsuits Filed in AMCA Breach

Data Breach Today

Project Svalbard: The Future of Have I Been Pwned

Troy Hunt

Back in 2013, I was beginning to get the sense that data breaches were becoming a big thing. The prevalence of them seemed to be really ramping up as was the impact they were having on those of us that found ourselves in them, myself included.

Contact Center Cloud Migration Done Right

Speaker: Sheila McGee-Smith, Founder and Principal Analyst, McGee-Smith Analytics

Many companies are in the midst of migrating their contact center to the cloud. Understanding how best to execute the transition of premises to cloud is part of that process. Join contact center industry analyst and No Jitter blogger Sheila McGee-Smith as she discussed tried and true best practices for avoiding the potential pitfalls of CX migration.

Microsoft Warns of Large Spam Campaign Hitting Europe

Data Breach Today

Attackers Using Older Office Exploit Microsoft is warnings about a large-scale spamming campaign hitting several countries in Europe, with the attackers using an old Office exploit to send emails to victims that contain malware in RTF attachments

192
192

More Trending

Huawei Ban: White House Budget Chief Seeks Delay

Data Breach Today

Banning Chinese Manufacturer Means 'Dramatic Reduction' in Government Suppliers The White House budget chief is seeking to delay a ban on the U.S. government using products manufactured by Huawei. In a letter seen by the Wall Street Journal, Russell T.

Essential Tips to Scale Remote Work Productively

AIIM

Recently, you may have heard the phrase, “I am working remotely.” But, what exactly is remote work? Let’s start by explaining the term first. A remote worker is someone who works outside the office space.

Tips 91

The Vision for Omnichannel Authentication

Data Breach Today

Enterprises today have many digital ways of interacting with their customers - and therefore just as many ways for authenticating those users and transactions. Sesh Venkataraman of CA Technologies explains the business value of omnichannel authentication solutions

Going all-in on AWS Cloud

Thales eSecurity

Virtually every major enterprise is moving to a cloud or multi-cloud environment as part of their digital transformation. In fact, according to our 2019 Thales Data Threat Report-Global Edition , 71% of respondents are using sensitive data in the cloud.

Cloud 88

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Shanghai Jiao Tong University data leak – 8.4TB in email metadata exposed

Security Affairs

Security expert discovered an exposed database belonging to Shanghai Jiao Tong University containing 8.4TB in email metadata. Cloudflare Director of Trust & Safety Justin Paine discovered an unprotected database owned by Shanghai Jiao Tong University that was exposed online.

Microsoft Warns of Email Attacks Executing Code Using an Old Bug

Threatpost

The flaw affected all versions of Microsoft Office, Microsoft Windows and architecture types dating back to 2000, and was patched in November 2017. Vulnerabilities Web Security arbitrary code execution CVE-2017-11882 email campaign equation editor malicious rtf files Microsoft

CIA sextortion campaign, analysis of a well-organized scam

Security Affairs

Crooks are posing as CIA agents in a sextortion campaign, they are sending emails to inform the victims of an investigation into online pedophilia rings.

VLC Player Gets Patched for Two High-Severity Bugs

Threatpost

Popular media player receives 33 security bug fixes, two of which are rated high severity. Hacks Vulnerabilities Apache Kafka Filezilla FOSSA Free and Open Source Software Audit Notepad++ Open Source putty Reliable Internet Stream Transport stack-buffer-overflow bug videolan vlc VLC media player

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

CVE-2019-2725 Oracle WebLogic flaw exploited in cryptojacking campaign

Security Affairs

The CVE-2019-2725 vulnerability in Oracle WebLogic recently, addressed by the company, is being exploited in cryptojacking attacks, Trend Micro reports.

Federal Photos Filched in Contractor Breach

Dark Reading

Data should never have been on subcontractor's servers, says Customs and Border Protection

Data 105

Spain extradites 94 Taiwanese to China phone and online fraud charges

Security Affairs

Spanish authorities extradited 94 Taiwanese to China to face telephone and online fraud charges, Taiwan’s Foreign Ministry expressed a strong regret. Spain extradited 94 Taiwanese to China to face telephone and online fraud charges, the indicted were transferred via plane by officials.

Employment Scam

Schneier on Security

Interesting story of an old-school remote-deposit capture fraud scam, wrapped up in a fake employment scam. Slashdot thread. employment fraud scams

73

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Mozilla Confirms Premium Firefox Browser With Security Features

Threatpost

A future premium Firefox browser could come with security features like VPN and secure cloud solutions. Privacy Web Security browser security Firefox Mozilla ProtonVPN secure cloud virtual private network VPN

Here’s What You Missed at Connected Claims 2019!

Nuxeo

This past week we witnessed a whos-who of insurance executives gather to expound upon the future of claims processing at the Connected Claims USA Summit. One message was crystal clear; the old way of doing things is not meeting the needs of today’s hyper-connected digital customer

Microsoft warns of spam campaign exploiting CVE-2017-11882 flaw

Security Affairs

Microsoft is warning of an active spam campaign targeting European languages that leverages an exploit to infect simply by opening the attachment. Microsoft issued a warning on Friday about an ongoing spam campaign that is targeting European users.

Meet the women shaping the future of AI

IBM Big Data Hub

Read why IBM has just launched the inaugural IBM Women Leaders of AI , and why we’re honoring women pioneering AI in their businesses in diverse industries from across the globe

Unmixed Messages: Bringing Security & Privacy Awareness Together

Dark Reading

Security and privacy share the same basic goals, so it just makes sense to combine efforts in those two areas. But that can be easier said than done

Retro video game website Emuparadise suffered a data breach

Security Affairs

Retro video game website Emuparadise revealed to have suffered a data breach that exposed 1.1 Million accounts back in April 2018. Emuparadise is a website that offers tons of roms, isos and retro video games, users can download and play them with an emulator or play them with the web browser.

Huawei Represents Massive Supply Chain Risk: Report

Dark Reading

The Chinese technology giant's enormous product and service footprint gives it access to more data than almost any other single organization, Recorded Future says

Risk 94

CVE-2019-12735 – opening a specially crafted file in Vim or Neovim Editor could compromise your Linux system

Security Affairs

Bad news for Linux users, a flaw tracked as CVE-2019-12735 allows to hack their systems by tricking them into opening a specially crafted file in Vim or Neovim Editor. Security expert Armin Razmjou has recently found a high-severity vulnerability (CVE-2019-12735) in Vim and Neovim command-line text editing applications. The vulnerability, tracked as CVE-2019-12735, is classified as an arbitrary OS command execution vulnerability.

Video 59

'Lone Wolf' Scammer Built a Multifaceted BEC Cybercrime Operation

Dark Reading

A one-man 419 scam evolved into a lucrative social-engineering syndicate over the past decade that conducts a combination of business email compromise, romance, and financial fraud

92

MuddyWater APT group updated its multi-stage PowerShell backdoor Powerstats

Security Affairs

The MuddyWater cyber espionage group has used an updated multi-stage PowerShell backdoor in recent cyber attacks.

GoldBrute Botnet Brute-Forcing 1.5M RDP Servers

Dark Reading

Botnets are scanning the Internet for servers exposing RDP and using weak, reused passwords to obtain access

What’s your customer’s perfect travel experience? Use advanced analytics to find out

DXC Technology

Years ago, airline travel was considered glamorous. People wore suits and dresses. They smoked cigarettes, drank martinis and cut their steaks with metal knives. There was only one version of the perfect travel experience and it was wrapped up in the glamour and prestige of the journey itself — and the personal service supporting it. […]. Analytics Distinguished Technologists Travel, Transportation & Hospitality customer experience

Black Hat USA Offers Fresh Perspectives on Enterprise Cybersecurity

Dark Reading

Learn new enterprise-grade techniques for identifying vulnerabilities, improving Active Directory security, and building trust with customers at Black Hat USA this summer