Mon.Jun 10, 2019

Unsecured Database Leaves 8.4TB of Email Metadata Exposed

Data Breach Today

Shanghai Jiao Tong University Has Since Locked-Down Elasticsearch Server A security researcher found an unsecured database belonging to the Shanghai Jiao Tong University in China that contained 8.4TB of email metadata.

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

The Last Watchdog

Locking down firmware. This is fast becoming a profound new security challenge for all companies – one that can’t be pushed to a side burner. Related: The rise of ‘memory attacks’ I’m making this assertion as federal authorities have just commenced steps to remove and replace switching gear supplied, on the cheap, to smaller U.S. telecoms by Chinese tech giant Huawei. These are the carriers that provide Internet access to rural areas all across America.

Multiple Class Action Lawsuits Filed in AMCA Breach

Data Breach Today

Project Svalbard: The Future of Have I Been Pwned

Troy Hunt

Back in 2013, I was beginning to get the sense that data breaches were becoming a big thing. The prevalence of them seemed to be really ramping up as was the impact they were having on those of us that found ourselves in them, myself included.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Microsoft Warns of Large Spam Campaign Hitting Europe

Data Breach Today

Attackers Using Older Office Exploit Microsoft is warnings about a large-scale spamming campaign hitting several countries in Europe, with the attackers using an old Office exploit to send emails to victims that contain malware in RTF attachments

200
200

More Trending

Huawei Ban: White House Budget Chief Seeks Delay

Data Breach Today

Banning Chinese Manufacturer Means 'Dramatic Reduction' in Government Suppliers The White House budget chief is seeking to delay a ban on the U.S. government using products manufactured by Huawei. In a letter seen by the Wall Street Journal, Russell T.

Hackers Stole a Border Agency Database of Traveler Photos

WIRED Threat Level

In compromising a Customs and Border Protection subcontractor, hackers make off with photos of travelers and license plates. Security Security / Cyberattacks and Hacks

The Vision for Omnichannel Authentication

Data Breach Today

Enterprises today have many digital ways of interacting with their customers - and therefore just as many ways for authenticating those users and transactions. Sesh Venkataraman of CA Technologies explains the business value of omnichannel authentication solutions

CIA sextortion campaign, analysis of a well-organized scam

Security Affairs

Crooks are posing as CIA agents in a sextortion campaign, they are sending emails to inform the victims of an investigation into online pedophilia rings.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Ideation Challenge seeks brightest young minds in artificial intelligence

Information Management Resources

The annual competition created by KPMG gathers STEM students from around the world with the aim of solving real-world business issues with AI-driven ideas and solutions. Artificial intelligence Data Scientist Analytics Career planning Data science Machine learning

CVE-2019-2725 Oracle WebLogic flaw exploited in cryptojacking campaign

Security Affairs

The CVE-2019-2725 vulnerability in Oracle WebLogic recently, addressed by the company, is being exploited in cryptojacking attacks, Trend Micro reports.

Going all-in on AWS Cloud

Thales eSecurity

Virtually every major enterprise is moving to a cloud or multi-cloud environment as part of their digital transformation. In fact, according to our 2019 Thales Data Threat Report-Global Edition , 71% of respondents are using sensitive data in the cloud.

Cloud 83

Employment Scam

Schneier on Security

Interesting story of an old-school remote-deposit capture fraud scam, wrapped up in a fake employment scam. Slashdot thread. employment fraud scams

78

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Spain extradites 94 Taiwanese to China phone and online fraud charges

Security Affairs

Spanish authorities extradited 94 Taiwanese to China to face telephone and online fraud charges, Taiwan’s Foreign Ministry expressed a strong regret. Spain extradited 94 Taiwanese to China to face telephone and online fraud charges, the indicted were transferred via plane by officials.

Microsoft Warns of Email Attacks Executing Code Using an Old Bug

Threatpost

The flaw affected all versions of Microsoft Office, Microsoft Windows and architecture types dating back to 2000, and was patched in November 2017. Vulnerabilities Web Security arbitrary code execution CVE-2017-11882 email campaign equation editor malicious rtf files Microsoft

Microsoft warns of spam campaign exploiting CVE-2017-11882 flaw

Security Affairs

Microsoft is warning of an active spam campaign targeting European languages that leverages an exploit to infect simply by opening the attachment. Microsoft issued a warning on Friday about an ongoing spam campaign that is targeting European users.

Mozilla Confirms Premium Firefox Browser With Security Features

Threatpost

A future premium Firefox browser could come with security features like VPN and secure cloud solutions. Privacy Web Security browser security Firefox Mozilla ProtonVPN secure cloud virtual private network VPN

Retro video game website Emuparadise suffered a data breach

Security Affairs

Retro video game website Emuparadise revealed to have suffered a data breach that exposed 1.1 Million accounts back in April 2018. Emuparadise is a website that offers tons of roms, isos and retro video games, users can download and play them with an emulator or play them with the web browser.

VLC Player Gets Patched for Two High-Severity Bugs

Threatpost

Popular media player receives 33 security bug fixes, two of which are rated high severity. Hacks Vulnerabilities Apache Kafka Filezilla FOSSA Free and Open Source Software Audit Notepad++ Open Source putty Reliable Internet Stream Transport stack-buffer-overflow bug videolan vlc VLC media player

Federal Photos Filched in Contractor Breach

Dark Reading

Data should never have been on subcontractor's servers, says Customs and Border Protection

Data 93

MuddyWater APT group updated its multi-stage PowerShell backdoor Powerstats

Security Affairs

The MuddyWater cyber espionage group has used an updated multi-stage PowerShell backdoor in recent cyber attacks.

Why specialized artificial intelligence is better, yet largely ignored

Information Management Resources

To reap the full benefits of AI, there’s an entirely different type of AI we should be exploring that’s been largely ignored. It’s specialized (or augmented) intelligence systems. Artificial intelligence Machine learning Data management

CVE-2019-12735 – opening a specially crafted file in Vim or Neovim Editor could compromise your Linux system

Security Affairs

Bad news for Linux users, a flaw tracked as CVE-2019-12735 allows to hack their systems by tricking them into opening a specially crafted file in Vim or Neovim Editor. Security expert Armin Razmjou has recently found a high-severity vulnerability (CVE-2019-12735) in Vim and Neovim command-line text editing applications. The vulnerability, tracked as CVE-2019-12735, is classified as an arbitrary OS command execution vulnerability.

Video 62

'Lone Wolf' Scammer Built a Multifaceted BEC Cybercrime Operation

Dark Reading

A one-man 419 scam evolved into a lucrative social-engineering syndicate over the past decade that conducts a combination of business email compromise, romance, and financial fraud

87

Reducing data security complexity: Avoiding endpoint bloat

Information Management Resources

Devices can have 10 or more endpoint security agents, and still, 70 percent of breaches originate on the endpoint and 100 percent of devices will experience an encryption failure within a year. Data security Cyber security Data management

Huawei Represents Massive Supply Chain Risk: Report

Dark Reading

The Chinese technology giant's enormous product and service footprint gives it access to more data than almost any other single organization, Recorded Future says

Risk 82

AMIA calls on FDA to refine its AI regulatory framework

Information Management Resources

The American Medical Informatics Association wants the Food and Drug Administration to improve its conceptual approach to regulating medical devices that leverage self-updating artificial intelligence algorithms. Artificial intelligence Machine learning Medical devices FDA regulations

IT 78

GoldBrute Botnet Brute-Forcing 1.5M RDP Servers

Dark Reading

Botnets are scanning the Internet for servers exposing RDP and using weak, reused passwords to obtain access

IBM is cutting almost 2,000 jobs as it reshapes the business

Information Management Resources

The move amounts to less than 1 percent of if its workforce, which totaled 350,600 at the end of last year. Cloud computing Artificial intelligence IBM

IT 78

Unmixed Messages: Bringing Security & Privacy Awareness Together

Dark Reading

Security and privacy share the same basic goals, so it just makes sense to combine efforts in those two areas. But that can be easier said than done

Aspetti interculturali delle strategie di risposta agli attacchi informatici

DXC Technology

I telefoni stanno squillando al quartier generale, il traffico del vostro sito web sta esplodendo e le caselle di posta elettronica hanno raggiunto la capacità massima consentita. Come mai? Semplicemente perchè i sistemi di sicurezza aziendali sono stati violati, ponendo a rischio la riservatezza di milioni di documenti confidenziali, personali e finanziari dei clienti. È […]. Uncategorized violazione di dati