Thu.Aug 08, 2019

Democratic Campaign Group Left 6 Million Emails Exposed

Data Breach Today

UpGuard Finds Misconfigured Amazon S3 Bucket Left Addresses Exposed Security firm UpGuard found that a misconfigured Amazon S3 bucket belonging to the Democratic Senatorial Campaign Committee left the email addresses of more than 6 million U.S. citizens exposed to the internet.

WhatsApp flaws allow the attackers to manipulate conversations

Security Affairs

Security experts at CheckPoint discovered a series of vulnerabilities in WhatsApp that could be exploited by attackers to tamper with conversations.

Addressing Opioid Crisis: A Call for Privacy Rule Changes

Data Breach Today

AT&T Employees Took Bribes to Unlock Smartphones

Schneier on Security

This wasn't a small operation : A Pakistani man bribed AT&T call-center employees to install malware and unauthorized hardware as part of a scheme to fraudulently unlock cell phones, according to the US Department of Justice.

Access 114

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

State Farm Investigates Credential-Stuffing Attack

Data Breach Today

Not Yet Clear How Many Customers May Have Been Affected Insurer State Farm has been hit by a credential-stuffing attack designed to gain access to U.S. customers' online accounts, a company spokesperson confirms

More Trending

Baldr Credential-Stealing Malware Targets Gamers

Data Breach Today

IT 201

New strain of Clipsa malware launches brute-force attacks on WordPress sites

Security Affairs

Avast spotted a new strain of Clipsa malware that is used to mine and steal cryptocurrencies along with carrying out brute-force attacks on WordPress sites.

Mining 113

Ex-Secret Service Agent Tackles Banking Cybercrime

Data Breach Today

Former Secret Service agent Jeff Dant now heads fraud operations and intelligence for the financial crimes unit at BMO Financial Group. Which threats and threat actors does he focus on, and how does his law enforcement experience help? Dant previews a session at the upcoming Cybersecurity Summit in New York

Hidden Algorithm Flaws Expose Websites to DoS Attacks

WIRED Threat Level

Why throw a bunch of junk traffic at a service, when all it takes to stall it out is just a few bytes? Security Security / Cyberattacks and Hacks

IT 110

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Medical Booking Firm Could Face Penalties for Selling Data

Data Breach Today

How Apple Pay Buttons Can Make Websites Less Safe

WIRED Threat Level

Apple Pay itself is safe. But the way websites implement it can cause serious problems. Security Security / Security News

IT 110

Managing Legacy Paper Files in the Digital Era

ARMA International

Addressing your organization’s legacy paper files and capturing them in your digital information ecosystem may feel like a daunting task.

Paper 87

How a 10-Year-Old Desk Phone Bug Came Back From the Dead

WIRED Threat Level

Avaya patched a problem hackers could exploit in phones. But the bad code never went away. Security Security / Security News

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

A Hacker Guide To Deep Learning Based Side Channel Attacks

Elie

This talk provides a step-by-step introduction on how to use deep learning to perform AES side-channel attacks.

83

Apple Gives Hackers a Special iPhone—And a Big Bug Bounty

WIRED Threat Level

The company’s sometimes rocky relationship with security researchers just got a whole lot smoother. Security Security / Security News

Infographic: GDPR data subject access request (DSAR) flowchart

IT Governance

DSARs are becoming increasingly common, and failure to respond in accordance with the GDPR’s (General Data Protection Regulation) requirements can lead to significant fines and sanctions.

GDPR 82

DEF CON 2019: 35 Bugs in Office Printers Offer Hackers an Open Door

Threatpost

A raft of bugs in six popular models can allow a hacker to wreak havoc on a corporate network. Black Hat IoT Vulnerabilities backdoor access Brother code execution def con 2019 DoS HP kyocera Lexmark mundane office equipment NCC Group printers ricoh vulnerabilities Xerox

Access 114

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Yes, FaceApp Really Could Be Sending Your Data to Russia

Dark Reading

FaceApp has an unprecedented level of access to data from 150 million users. What could its endgame be? We unpack three potential risks

Risk 114

Black Hat 2019: WhatsApp Users Still Open to Message Manipulation

Threatpost

Attack vectors disclosed last year are still fully exploitable, researchers demoed at Black Hat USA 2019. Black Hat Vulnerabilities Web Security black hat 2019 Black Hat USA Encryption Facebook message manipulation vulnerabilities WhatsApp WhatsApp flaws WhatsApp message

How Behavioral Data Shaped a Security Training Makeover

Dark Reading

A new program leveraged behavioral data of employees to determine when they excelled at security and where they needed improvement

Critical RCE Bug Found Lurking in Avaya VoIP Phones

Threatpost

The vulnerability is a decade old with a public exploit, yet remained unpatched in one of the phone giant's most popular models.

114
114

Slow Your Roll Before Disclosing a Security Incident

Dark Reading

Transparency rules, but taking the right amount of time to figure out what happened will go a long way toward setting the record straight

Apple Upgrades Bug Bounty Program: Adds Macs, $1M Reward

Threatpost

Apple is opening its once-private bug bounty program to all researchers, as well as boosting vulnerability payouts and expanding the product scope to include MacOS. Black Hat Mobile Security apple apple security black hat USA 2019 bug bounty macOS secure boot firmware zero day

IT 114

Siemens S7 PLCs Share Same Crypto Key Pair, Researchers Find

Dark Reading

Researchers at Black Hat USA reveal how security authentication weaknesses in popular Siemens ICS family let them control a PLC

Black Hat 2019: Addressing Supply-Chain Risk Starts with People, Microsoft Says

Threatpost

LAS VEGAS – Supply-chain attacks have nabbed headlines lately thanks to high-profile incidents like the Wipro news last April, where attackers were able to compromise the staffing agency’s network and pivot to their customers.

Risk 114

How to adopt a business-driven data and analytics strategy

Information Management Resources

To succeed, companies need a process that allows data to be transformed into actionable intelligence with an emphasis on business value

Phishing Attacks Enlist Amazon AWS, Microsoft Azure in Ploys

Threatpost

An ongoing campaign is hosting its phishing landing pages on enterprise-class public cloud storage services -- a nascent trend meant to throw defenders off.