Fri.May 10, 2019

Chinese Men Charged With Hacking Health Insurer Anthem

Data Breach Today

Data of 78.8 Million Individuals Was Encrypted, Sent to China, US Alleges Two Chinese men have been indicted on charges related to the breach of health insurer Anthem, which saw the personal information of 78.8 million individuals stolen, as well as attacks against three other large U.S. companies

Nine Charged in Alleged SIM Swapping Ring

Krebs on Security

Feds Warn of 'Electricfish' Malware Linked to North Korea

Data Breach Today

CERT Says Hidden Cobra APT Group Developed Malware The FBI and the Department of Homeland Security have issued a joint warning about new malware called "Electricfish." Investigators suspect it was developed by the advanced persistent threat group Hidden Cobra, which has been linked to North Korea

Groups 251

GUEST ESSAY: How stealth, persistence allowed Wipro attacker to plunder supply chain

The Last Watchdog

The recent network breach of Wipro , a prominent outsourcing company based in India, serves as a stunning reminder that digital transformation cuts two ways. Our rising dependence on business systems that leverage cloud services and the gig economy to accomplish high-velocity innovation has led to a rise in productivity. However, the flip side is that we’ve also created fresh attack vectors at a rapid rate – exposures that are not being adequately addressed.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Symantec CEO Exits as Company Misses Earnings Forecast

Data Breach Today

Events 214

More Trending

DeepDotWeb Goes Dark

Data Breach Today

The latest edition of the ISMG Security Report analyzes the FBI takedown of DeepDotWeb, a dark net portal. Also featured are discussions on healthcare app security and the repercussions of poor coding security

Cryptanalyzing a Pair of Russian Encryption Algorithms

Schneier on Security

A pair of Russia-designed cryptographic algorithms -- the Kuznyechik block cipher and the Streebog hash function -- have the same flawed S-box that is almost certainly an intentional backdoor. It's just not the kind of mistake you make by accident, not in 2014.

Cultural Challenges and Digital Transformation

Data Breach Today

ISMG and Zscaler hosted a roundtable dinner in Morristown, New Jersey on April 11 focused on security's role in digital transformation

Digitizing data to build a talented workforce

OpenText Information Management

Data – whether it is client, vendor, enterprise or consumer – has become the lifeblood of global business. And nearly a year after the General Data Protection Regulation (GDPR) came into force, the way in which organizations store, handle and use data has emerged as a priority.

GDPR 96

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Heap Buffer Overflow Vulnerability found in Kaspersky Antivirus Engine

Security Affairs

Security researchers at the Imaginary team discovered a Heap Buffer Overflow Vulnerability in Kaspersky Antivirus Engine and responsibly reported it. Security experts at the Imaginary team discovered a Heap Buffer Overflow vulnerability in Kaspersky Antivirus Engine.

Data 94

Are we so focused on input that we’ve overlooked the need to output information?

AIIM

Prior to becoming involved with the content and information management industry, I spent several years in the high-volume printing industry.

Tips 82

Access and Source Code to Samsung Apps Left Unprotected on Public Server

Adam Levin

The source code and security keys associated with a number of Samsung apps and projects have been discovered on unprotected server. Samsung’s SmartThings home automation platform was among the projects exposed in the compromise.

DHS and FBI published a Malware Analysis Report on North Korea-linked tool ELECTRICFISH

Security Affairs

The U.S. Department of Homeland Security (DHS) and the FCI published a new joint report on ELECTRICFISH, a malware used by North Korea.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

DOJ Says Chinese Hackers Attacked Anthem, but Not Why

WIRED Threat Level

For years, China was rumored to be behind the health insurance company's massive data breach, but now the Justice Department is noticeably silent on the hackers' motives and affiliation. Security Security / Cyberattacks and Hacks

Demystifying the Dark Web: What You Need to Know

Dark Reading

The Dark Web and Deep Web are not the same, neither is fully criminal, and more await in this guide to the Internet's mysterious corners

86

How some banks are luring talent from big tech

Information Management Resources

Most financial institutions can’t compete on pay, but there are other advantages they can offer, including agile development. Automation Data science Recruiting Cyber security Keybank

Friday Squid Blogging: Cephalopod Appreciation Society Event

Schneier on Security

Last Wednesday was a Cephalopod Appreciation Society event in Seattle. I missed it. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here. squid

Nvidia Warns Windows Gamers on GPU Driver Flaws

Threatpost

Nvidia has patched three vulnerabilities in its Windows GPU display driver that could enable information disclosure, denial of service and privilege escalation. Mobile Security Vulnerabilities cpu flaw Denial of Service Gaming GPU GPU display driver information disclosure flaw Lenovo Nvidia nvidia flaw patch privilege escalation flaw vulnerability

IT 84

8 top technology trends impacting the supply chain in 2019

Information Management Resources

Analysts will explore the top industry trends at the Gartner Supply Chain Executive Conferences, May 13-16 in Phoenix, AZ and June 17-19 in Barcelona, Spain. Artificial intelligence Analytics Internet of things RPA Blockchain

The WannaCry Security Legacy and What’s to Come

Threatpost

The WannaCry attack proved pivotal, changing the way organizations go about securing their environments. InfoSec Insider Malware Vulnerabilities Blaster Code Red Creeper Worm cryptoworm EternalBlue iCloud Microsoft OneDrive oogle Drive PC-Write Trojan Sasser Trojan WannaCry

Microsoft SharePoint Bug Exploited in the Wild

Dark Reading

A number of reports show CVE-2019-0604 is under active attack, Alien Labs researchers say

79

SNP faces fines for data protection breach after election mailing error

The Guardian Data Protection

Party refers itself to ICO after voters receive campaign letters not addressed to them The Scottish National party faces being fined for a breach of data protection laws after sending out tens of thousands of European election mailings to the wrong addresses. The Information Commissioner’s Office confirmed on Friday morning that the SNP have referred itself for investigation after voters across Scotland received letters addressed to strangers or neighbours. Continue reading.

Data 78

Crapo, Brown probe Facebook over financial data collection

Information Management Resources

Mike Crapo and Sherrod Brown are asking Facebook about its consumer financial data collection practices as they consider data privacy legislation. Data privacy Data security Data privacy rules Law and regulation Mike Crapo Sherrod Brown Senate Banking Committee Facebook

How We Collectively Can Improve Cyber Resilience

Dark Reading

Three steps you can take, based on Department of Homeland Security priorities

Do Double-Sided Documents Affect Scanning Prices?

Record Nations

There are a number of different factors that play into the cost of a scanning project, including how much prep work may be involved and deciding where and how you want the scanning project done.

From the CTO: From Information Governance to Information Asset Management

Everteam

There is an evolution that needs to happen in the world of enterprise information management, but it’s going to take some time.

ThreatList: Nigerian Cybercrime Surged 54 Percent in 2018

Threatpost

Nigerian scam groups launched even more attacks in 2018 - and used more complex types of malware to reach more victims. Vulnerabilities Web Security BEC Business Email Compromise email email scam manufacturing scam Nigerian scam scam group threatlist

What good are notebooks? Bridging the data science skills gap with collaboration

IBM Big Data Hub

Predictive modeling and analytics have long been the domain of the data scientist and only the data scientist. But with modern tools, data science is becoming a team sport—business analysts and subject matter experts can join the analysis.

Hackers Still Outpace Breach Detection, Containment Efforts

Dark Reading

Research shows time to discovery and containment of breaches slowly shrinking, but attackers don't need a very big window to do a lot of damage

70

FIN7 Linked to Escalating Active Exploits for Microsoft SharePoint Bug

Threatpost

Using a bug patched in March, the attacks are starting to ramp up worldwide. Vulnerabilities active exploits advisories Canada CVE-2019-0604 FIN7 Microsoft vulnerability saudi arabia sharepoint bug

66

5 Reasons Why Your Data Governance Program Will Fail and Digital Transformation will Triumph

Collibra

Your organization is, or was, off to a great start by understanding the importance of data and its ability to produce better insights and results than your industry competitors. So why are your Data Governance efforts falling flat?