Mon.Jul 08, 2019

Who’s Behind the GandCrab Ransomware?

Krebs on Security

The crooks behind an affiliate program that paid cybercriminals to install the destructive and wildly successful GandCrab ransomware strain announced on May 31, 2019 they were terminating the program after allegedly having earned more than $2 billion in extortion payouts from victims.

British Airways Faces Record-Setting $230 Million GDPR Fine

Data Breach Today

GDPR 254

Cardiac Biometric

Schneier on Security

IT 114

Canonical Investigating Hack of Its GitHub Page

Data Breach Today

Company Says Ubuntu Linux Source Code Remains Safe Canonical Ltd., a British company that offers commercial support and services for the popular Ubuntu Linux open source operating system, is investigating a hack of its GitHub page over the weekend.

IT 207

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Pwned Passwords, Version 5

Troy Hunt

Almost 2 years ago to the day, I wrote about Passwords Evolved: Authentication Guidance for the Modern Era. This wasn't so much an original work on my behalf as it was a consolidation of advice from the likes of NIST, the NCSC and Microsoft about how we should be doing authentication today.

More Trending

Cyberattack shuts down La Porte County government systems

Security Affairs

Government computer systems at La Porte County, Indiana, were shut down after a cyber attack hit them on July 6. Experts believe it was a ransomware attack. On July 6, a cyber attack brought down government computer systems atLa Porte County, Indiana.

Breach Impact on the CISO

Data Breach Today

Attorney Aravind Swaminathan on Executives Being Held Personally Accountable for Breaches Increasingly, regulators are looking to hold individual executives accountable for data breaches. This is where attorney Aravind Swaminathan steps in to represent security leaders in legal actions.

Hackers are poisoning the PGP SKS keyserver network poisoned

Security Affairs

Threat actors targeted two high-profile PGP project contributors with the intent to poison certificates used by the SKS keyserver network. .

Open Source Genomic Analysis Software Flaw Patched

Data Breach Today

Do Data Integrity Security Concerns Pose Potential Patient Safety Worries? A cybersecurity vulnerability discovered in open source software used by organizations conducting genomic analysis could potentially have enabled hackers to affect the accuracy of patient treatment decisions.

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Backdoor mechanism found in Ruby strong_password library

Security Affairs

The developer Tute Costa found a backdoor in the Ruby library during regular security audits before deploying his code in the production environment. The developer Tute Costa found a backdoor in the Ruby library during regular security audits.

Blockchain Revisited: How Can It Reduce Fraud?

Data Breach Today

Microsoft's David Houlding on Use Cases and Lessons Learned Critics say blockchain is a technology looking for a purpose, but Microsoft's David Houlding says organizations are using blockchain today to validate identities and to help prevent fraud. He shares use cases and emerging best practices

UK ICO fines British Airways £183 Million under GDPR over 2018 security breach

Security Affairs

The UK Information Commissioner’s Office (ICO) fined British Airways with £183 million for failing to protect its customers’ data during last year’s security breach.

GDPR 108

Securing Connected Medical Devices

Data Breach Today

Safi Oranski of CyberMDX Says to Secure Them, First You Have to Find Them A major challenge in ensuring medical device security is tracking all of these devices, says Safi Oranski of CyberMDX, who offers a review of other critical issues

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Experts uncovered a new Magecart campaign that hacked over 960 stores

Security Affairs

Security experts have uncovered a Magecart large-scale payment card skimming campaign that compromised 962 online stores based on Magento.

CMS 107

HSBC Whistleblower on 'Too Big to Jail'

Data Breach Today

Everett Stern Reflects on Fallout From Money Laundering Case HSBC paid a record $1.92 billion fine for money laundering violations in 2012. But no one ever went to jail for the crimes. Whistleblower Everett Stern discusses lessons learned from the case and the concept of "too big to jail

170
170

Spotting RATs: Delphi wrapper makes the analysis harder

Security Affairs

Experts observed an increase of the malware spreading using less-known archive types as dropper,in particular ISO image.Delphi wrapper makes analysis harder. Introduction.

CISO Tackles the Accidental Insider Threat

Data Breach Today

Anne-Marie Scollay of Axiom Law Focuses on the Human Factor For years, security leaders focused primarily on malicious insiders - those who intend to do harm to an organization. But CISOs are increasingly concerned about the accidental insider.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Ransomware Recovery Firms Who Secretly Pay Hackers

Schneier on Security

ProPublica is reporting on companies that pretend to recover data locked up by ransomware, but just secretly pay the hackers and then mark up the cost to the victims. fraud hacking ransomware

CISO Notebook: Third-Party Risk

Data Breach Today

Cris Ewell of UW Medicine on Managing Vendor Risks Where is the data, who has access to it, and how is it being secured? These are among the top questions inherent in any third-party risk program. Cris Ewell, CISO of UW Medicine, shares insight from his experience managing vendor risk

Risk 163

Documentation required by ISO 27001

IT Governance

Organisations seeking ISO 27001 compliance must prove their compliance with the Standard by completing appropriate documents. List of documents required for ISO 27001 compliance. The scope of the ISMS. Information security policy. Information security risk assessment process.

GE Aviation Passwords, Source Code Exposed in Open Jenkins Server

Threatpost

A DNS misconfiguration resulted in an open Jenkins server being available to all. Critical Infrastructure Web Security data exposure DNS dns misconfiguration GE ge aviation Jenkins server open server

Android App Publishers Won't Take 'No' for an Answer on Personal Data

Dark Reading

Researchers find more than 1,000 apps in the Google Play store that gather personal data even when the user has denied permission

Apple Patches iMessage Bug That Bricks iPhones with Out-of-Date Software

Threatpost

Google Project Zero finds Apple iMessage bug that bricks iPhones running older versions of the company's iOS software. Hacks Mobile Security Vulnerabilities apple brick iPhone CVE-2019-8664 Find my iPhone Google Project Zero IMCore iMessage ios iPhone brick Springboard

7 Hot Cybersecurity Trends to Be Highlighted at Black Hat

Dark Reading

Just some of the research and ideas worth checking out at this year's 'security summer camp

Post-Data Breach, British Airways Slapped With Record $230M Fine

Threatpost

A proposed $230 million fine on British Airways after a data breach would be the biggest GDPR penalty yet. Breach Privacy British Airways data breach data breach fine Data Privacy GDPR general data protection restrictions

Britain Looks to Levy Record GDPR Fine Against British Airways

Dark Reading

The penalty is a sign of things to come, say experts

GDPR 114

GoBotKR Targets Pirate Torrents to Build a DDoS Botnet

Threatpost

The authors have tweaked a known piece of malware to specifically target Korean TV fans. Malware Web Security