Tue.Jul 09, 2019

Patch Tuesday Lowdown, July 2019 Edition

Krebs on Security

Microsoft today released software updates to plug almost 80 security holes in its Windows operating systems and related software.

Moving From Vulnerability Management to Vulnerability Response

Data Breach Today

Syra Arif of ServiceNow on Essential Steps Shifting from vulnerability management to vulnerability response is becoming increasingly important, says Syra Arif of ServiceNow, who describes three essential steps

264
264

Cell Networks Hacked by (Probable) Nation-State Attackers

Schneier on Security

Marriott Faces $125 Million GDPR Fine Over Mega-Breach

Data Breach Today

Breach Persisted 4 Years - and Through Acquisition - Before Being Discovered Britain's privacy watchdog says it plans to fine hotel giant Marriott $125 million under GDPR for security failures tied to a 2014 breach of the guest reservation database for Starwood, which Marriott acquired in 2016.

GDPR 225

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

A Zoom Flaw Gives Hackers Easy Access to Your Webcam

WIRED Threat Level

All it takes is one wrong click, and the popular video conferencing software will put you in a meeting with a stranger. Security Security / Cyberattacks and Hacks

Access 114

More Trending

Zoom Will Fix the Flaw That Let Hackers Hijack Webcams

WIRED Threat Level

While it at first dismissed the vulnerability, Zoom says it will release a patch Tuesday night. Security Security / Cyberattacks and Hacks

IT 112

Best Practices for Device Security

Data Breach Today

Steve Hyman of Ordr on the Importance of Network Visibility As healthcare providers connect more and more devices to their networks, ensuring data security becomes far more complex, says Steve Hyman of Ordr, who describes best practices

A new Astaroth Trojan Campaign uncovered by Microsoft

Security Affairs

Microsoft Defender ATP Research Team discovered a fileless malware campaign that was spreading the information stealing Astaroth Trojan. Experts at the Microsoft Defender ATP Research Team discovered a fileless malware campaign that is delivering the information stealing Astaroth Trojan.

Overcoming Vulnerability Overload

Data Breach Today

Nate Dyer of Tenable on How Predictive Prioritization Can Help Vulnerability overload is a pervasive problem, says Nate Dyer of Tenable, who describes how predictive prioritization can help

181
181

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Kaspersky report: Malware shared by USCYBERCOM first seen in December 2016

Security Affairs

The malware samples shared by USCYBERCOM last week were first detected in December 2016 in attacks attributed to Iran-linked APT33. Last week the United States Cyber Command (USCYBERCOM) uploaded to VirusTotal a malware used by Iran-linked APT33 group in attacks in Dec 2016 and Jan 2017.

Ransomware Re-examined: To Pay or Not to Pay?

Data Breach Today

Fortinet's Sonia Arista on the Dilemmas Facing CISOs Ransomware plays on ever-bigger stages, but the fundamental question remains: To pay or not to pay? Fortinet's Sonia Arista, a former CISO, weighs in on ransomware and other hot breach trends

Maryland Department of Labor discloses a data breach

Security Affairs

The Maryland Department of Labor announced it has suffered a data breach announced that exposed personally identifiable information. . The Maryland Department of Labor suffered a data breach, hackers accessed databases containing personally identifiable information (PII).

Securing Devices While Maintaining Functionality

Data Breach Today

Chris Hickman of Keyfactor on Managing Medical Device Life Cycles Chris Hickman of Keyfactor explains the challenges of securing and protecting medical devices and the data they collect while delivering the functionality that users demand

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Flaw in Zoom video conferencing software lets sites take over webcam on Mac

Security Affairs

Zoom video conferencing software for Mac is affected by a flaw that could allow attackers to take over webcams when users visit a website.

Threat Intelligence: Why Sharing Is Difficult

Data Breach Today

Cyber adversaries are resilient and move quickly, so it'st critical that organizations share threat intelligence in an automated way, says Shawn Henry of CrowdStrike Services. But that sharing has been hampered by a lack of understanding of why it's important and how organizations can benefit, he says

IT 142

Microsoft released Patch Tuesday security updates for July 2019

Security Affairs

Microsoft Patch Tuesday updates for July 2019 address a total of 77 vulnerabilities, 14 rated as Critical, 62 as Important, and only 1 as Moderate in severity.

Mobile and Wearable Device Examination

OpenText Information Management

With the arrival of 5G technology, the increasing popularity of fitness trackers and smart watches, and growth in other “wearable tech”, the amount of data being collected is increasing at an unprecedented rate.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Prototype Pollution flaw discovered in all versions of Lodash Library

Security Affairs

Liran Tal, a developer advocate at open-source security platform Snyk, discovered a high-severity prototype pollution security flaw that affects all versions of lodash.

Avoid these five all-too-common cloud migration mistakes

DXC Technology

I’m on the cloud. You’re on the cloud. We’re all on the cloud. But, as we move more and more of our IT — lock, stock, and two smoking servers — to the cloud, you should make sure you know what you’re getting into. Yes, the cloud can be a real help, but there are […]. Cloud Uncategorized

Cloud 82

UK ICO proposes a $123 million fine for Marriott 2014 data breach

Security Affairs

The UK’s data privacy regulator plans to fine giant hotel chain Marriott International with a £99 million ($123 million) under GDPR over 2014 data breach. The company replied that it will fight against the fine, it could reply to the UK ICO’s proposal before the final determination.

Zoom Zero-Day Bug Opens Mac Users to Webcam Hijacking

Threatpost

The vulnerability can be exploited on a drive-by basis by a malicious website. Vulnerabilities Web Security Bug conferencing CVE-2019–13450 drive-by mac users video camera vulnerability web cam zero day zoom

Cybercriminals Target Budding Cannabis Retailers

Dark Reading

Companies in the young, rapidly growing industry are targeted for sensitive information they store and immature security practices

Retail 114

Intel Patches High-Severity Flaw in Processor Diagnostic Tool

Threatpost

Intel issued patches for a high-severity flaw in its processor diagnostic tool as well as a fix for a medium-severity vulnerability in its data center SSD lineup. Vulnerabilities CPU patch firmware high severity flaw Intel Intel Patch intel processor diagnostic tool solid state drive SSD data cente

IT 114

Cloud Security and Risk Mitigation

Dark Reading

Just because your data isn't on-premises doesn't mean you're not responsible for security

Risk 114

Microsoft Patches A Pair of Zero-Days Under Active Attack

Threatpost

The software giant also addressed 15 critical flaws and advised on the recently disclosed Linux Kernel "SACK Panic" bug. Cloud Security IoT Vulnerabilities Web Security adobe Critical flaws July Patch Tuesday Microsoft Patches sack panic under active exploit zero day

IoT 114

Organizations Are Adapting Authentication for Cloud Applications

Dark Reading

Companies see the changing demands of cloud identity management but are mixed in their responses to those demands

Marriott Hit With $123M Fine For Massive 2018 Data Breach

Threatpost

The data breach fine against Marriott by the Information Commissioner's Office comes a day after British Airways was also penalized.