Thu.Aug 08, 2019

Democratic Campaign Group Left 6 Million Emails Exposed

Data Breach Today

UpGuard Finds Misconfigured Amazon S3 Bucket Left Addresses Exposed Security firm UpGuard found that a misconfigured Amazon S3 bucket belonging to the Democratic Senatorial Campaign Committee left the email addresses of more than 6 million U.S. citizens exposed to the internet.

Groups 247

How to adopt a business-driven data and analytics strategy

Information Management Resources

To succeed, companies need a process that allows data to be transformed into actionable intelligence with an emphasis on business value

Addressing Opioid Crisis: A Call for Privacy Rule Changes

Data Breach Today

Visual data discovery tools help organizations make sense of analytics

Information Management Resources

Visual data discovery involves using visualizations and visual exploration of data to find new insights that can help the business

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

State Farm Investigates Credential-Stuffing Attack

Data Breach Today

Not Yet Clear How Many Customers May Have Been Affected Insurer State Farm has been hit by a credential-stuffing attack designed to gain access to U.S. customers' online accounts, a company spokesperson confirms

More Trending

Baldr Credential-Stealing Malware Targets Gamers

Data Breach Today

New strain of Clipsa malware launches brute-force attacks on WordPress sites

Security Affairs

Avast spotted a new strain of Clipsa malware that is used to mine and steal cryptocurrencies along with carrying out brute-force attacks on WordPress sites.

Mining 104

Ex-Secret Service Agent Tackles Banking Cybercrime

Data Breach Today

Former Secret Service agent Jeff Dant now heads fraud operations and intelligence for the financial crimes unit at BMO Financial Group. Which threats and threat actors does he focus on, and how does his law enforcement experience help? Dant previews a session at the upcoming Cybersecurity Summit in New York

'Egregious Eleven' report cites the top security threats to cloud computing

Information Management Resources

The new report re-examines the risks inherent with cloud security and takes a new approach, examining the problems inherent in configuration and authentication

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Medical Booking Firm Could Face Penalties for Selling Data

Data Breach Today

AT&T Employees Took Bribes to Unlock Smartphones

Schneier on Security

This wasn't a small operation : A Pakistani man bribed AT&T call-center employees to install malware and unauthorized hardware as part of a scheme to fraudulently unlock cell phones, according to the US Department of Justice.

DEF CON 2019: 35 Bugs in Office Printers Offer Hackers an Open Door

Threatpost

A raft of bugs in six popular models can allow a hacker to wreak havoc on a corporate network. Black Hat IoT Vulnerabilities backdoor access Brother code execution def con 2019 DoS HP kyocera Lexmark mundane office equipment NCC Group printers ricoh vulnerabilities Xerox

Groups 113

Supply-Chain Attack against the Electron Development Platform

Schneier on Security

Electron is a cross-platform development system for many popular communications apps, including Skype, Slack, and WhatsApp. Security vulnerabilities in the update system allows someone to silently inject malicious code into applications.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Infographic: GDPR data subject access request (DSAR) flowchart

IT Governance

DSARs are becoming increasingly common, and failure to respond in accordance with the GDPR’s (General Data Protection Regulation) requirements can lead to significant fines and sanctions.

GDPR 73

Yes, FaceApp Really Could Be Sending Your Data to Russia

Dark Reading

FaceApp has an unprecedented level of access to data from 150 million users. What could its endgame be? We unpack three potential risks

Risk 105

Managing Legacy Paper Files in the Digital Era

ARMA International

Addressing your organization’s legacy paper files and capturing them in your digital information ecosystem may feel like a daunting task.

Paper 69

LegalTech is no longer optional

OpenText Information Management

“In the post-digital world, every company is an information company.” Mark Barrenechea’s quote at OpenText™ Enterprise World in Toronto ought to be a wake-up call to legal professionals everywhere that legaltech and eDiscovery are no longer optional.

Blog 69

How to become an ethical hacking master

IT Governance

Does the idea of being paid to hack into organisations’ systems sound appealing? Why wouldn’t it? The pay is good, it’s creative and you get to test your skills every day. But we’re not advocating that you break the law.

Apple Upgrades Bug Bounty Program: Adds Macs, $1M Reward

Threatpost

Apple is opening its once-private bug bounty program to all researchers, as well as boosting vulnerability payouts and expanding the product scope to include MacOS. Black Hat Mobile Security apple apple security black hat USA 2019 bug bounty macOS secure boot firmware zero day

IT 95

How Behavioral Data Shaped a Security Training Makeover

Dark Reading

A new program leveraged behavioral data of employees to determine when they excelled at security and where they needed improvement

Black Hat 2019: Addressing Supply-Chain Risk Starts with People, Microsoft Says

Threatpost

LAS VEGAS – Supply-chain attacks have nabbed headlines lately thanks to high-profile incidents like the Wipro news last April, where attackers were able to compromise the staffing agency’s network and pivot to their customers.

Risk 93

Slow Your Roll Before Disclosing a Security Incident

Dark Reading

Transparency rules, but taking the right amount of time to figure out what happened will go a long way toward setting the record straight

Black Hat 2019: WhatsApp Users Still Open to Message Manipulation

Threatpost

Attack vectors disclosed last year are still fully exploitable, researchers demoed at Black Hat USA 2019. Black Hat Vulnerabilities Web Security black hat 2019 Black Hat USA Encryption Facebook message manipulation vulnerabilities WhatsApp WhatsApp flaws WhatsApp message

Demo 92

How a 10-Year-Old Desk Phone Bug Came Back From the Dead

WIRED Threat Level

Avaya patched a problem hackers could exploit in phones. But the bad code never went away. Security Security / Security News

Critical RCE Bug Found Lurking in Avaya VoIP Phones

Threatpost

The vulnerability is a decade old with a public exploit, yet remained unpatched in one of the phone giant's most popular models.

89

How Apple Pay Buttons Can Make Websites Less Safe

WIRED Threat Level

Apple Pay itself is safe. But the way websites implement it can cause serious problems. Security Security / Security News

IT 60

Siemens S7 PLCs Share Same Crypto Key Pair, Researchers Find

Dark Reading

Researchers at Black Hat USA reveal how security authentication weaknesses in popular Siemens ICS family let them control a PLC

Why Python is getting more popular.and how to use it with SQL databases

IBM Big Data Hub

For the past nine years, Stack Overflow , a question-and-answer website for programmers, has polled developers to understand what technologies they are using and to find out what technologies they want to work with next. This year, the nearly 90,000 survey participants revealed that, once again, Python has risen in the ranks of language popularity

Hidden Algorithm Flaws Expose Websites to DoS Attacks

WIRED Threat Level

Why throw a bunch of junk traffic at a service, when all it takes to stall it out is just a few bytes? Security Security / Cyberattacks and Hacks

IT 57

Researchers Bypass Apple FaceID Using Biometrics ‘Achilles Heel’

Threatpost

Researchers were able to bypass Apple's FaceID using a pair of glasses with tape on the lenses. Black Hat Hacks apple apple faceID Biometrics black hat USA 2019 faceID liveness detection

81

A Hacker Guide To Deep Learning Based Side Channel Attacks

Elie

This talk provides a step-by-step introduction on how to use deep learning to perform AES side-channel attacks.