Mon.Jan 07, 2019

Marriott Mega-Breach: Victim Count Drops to 383 Million

Data Breach Today

Hotel Giant Warns 5.3 Million Unencrypted Passport Numbers Also Stolen Marriott International's digital forensic investigation now counts not 500 million but an "upper limit" of 383 million customers affected by the four-year mega-breach of its Starwood reservations system.

IT 218

Port Covington, MD re-emerges as ‘CyberTown, USA’ — ground zero for cybersecurity research

The Last Watchdog

When CyberTown, USA is fully built out, it’s backers envision it emerging as the world’s premier technology hub for cybersecurity and data science. DataTribe , a Fulton, MD-based cybersecurity startup incubator, has been a key backer of this ambitious urban redevelopment project , which broke ground last October in Port Covington, MD, once a bustling train stop on the south side of Baltimore.

Ransomware Attacks: The Data Integrity Issues

Data Breach Today

Healthcare Incident Points to Possible 'Altered' Patient Data Data integrity issues can arise in the wake of a ransomware attack. Case in point: A California podiatrist practice hit by ransomware reports that patient files were possibly "altered" or "corrupted."

Q&A: Why emerging IoT platforms require the same leading-edge security as industrial controls

The Last Watchdog

The heyday of traditional corporate IT networks has come and gone. In 2019, and moving ahead, look for legacy IT business networks to increasingly intersect with a new class of networks dedicated to controlling the operations of a IoT-enabled services of all types, including smart buildings, IoT-enabled healthcare services and driverless cars. Related: Why the golden age of cyber espionage is upon us.

IoT 133

Marriot Mega-Breach: Victim Count Drops to 383 Million

Data Breach Today

Hotel Giant Warns 5.3 Million Unencrypted Passport Numbers Also Stolen Marriott International's digital forensic investigation now counts not 500 million but an "upper limit" of 383 million customers affected by the four-year mega-breach of its Starwood reservations system.

IT 173

Do you have a data breach response plan?

IT Governance

This blog has been updated to reflect industry updates. Originally published 6 August 2018. The EU GDPR (General Data Protection Regulation) requires organisations to respond to serious data breaches within 72 hours of detection.

More Trending

New Attack Against Electrum Bitcoin Wallets

Schneier on Security

This is clever: How the attack works: Attacker added tens of malicious servers to the Electrum wallet network. Users of legitimate Electrum wallets initiate a Bitcoin transaction.

Moving to a Next-Generation SOC: Critical Factors

Data Breach Today

Organizations looking to migrate to a next-generation security operations center must first carefully assess any problems they are facing with current security technology, says Vikram Mehta, associate director of information security at MakeMyTrip, an India-based online ticketing portal

Solve fundamental IT issues within your business

IT Governance

As a framework in your business, governing your IT effectively helps ensure your organisation’s IT infrastructure supports and enables the corporate strategies and objectives.

IT 82

A place for everything and everything in its place

OpenText Information Management

If you look at my personal desk right now, you’ll see a few piles of paper and various to-do lists. It’s logically organized by subjects such as finances, bills and household projects. My college roommate once said that I had a place for everything and everything was in its place.

Paper 77

Tens of thousands of hot tubs are exposed to hack

Security Affairs

Experts from security firm Pen Test Partners reported that tens of thousands of hot tubs are currently vulnerable to cyber attacks. Security experts at Pen Test Partners have discovered thousands of connected hot tubs vulnerable to remote cyber attacks.

Mastering the 12 Agile software development principles

Information Management Resources

We explore the 12 core principles of agile software development outlined in the Agile Manifesto to help you make sense of the sometimes esoteric text. Hardware and software Data management Data strategy

Threat of a Remote Cyberattack on Today's Aircraft Is Real

Dark Reading

We need more stringent controls and government action to prevent a catastrophic disaster

Austrian DPA Issues Decision on Validity of Cookie Consent Solution

Hunton Privacy

On November 30, 2018, the Austrian Data Protection Authority (“DPA”) published a decision in response to a complaint received from an individual regarding the cookie consent options offered on an Austrian newspaper’s website.

GDPR 85

How the Data Science Elite helped uncover a gold mine at Experian

IBM Big Data Hub

Find out more about how the IBM Data Science Elite team helped Experian succeed at better analyzing their data at Think 2019

Skype Glitch Allowed Android Authentication Bypass

Threatpost

A glitch allowed hackers to access contacts, photos and more on Android devices - simply by answering a Skype call. Mobile Security Vulnerabilities Android Android Security authentication bypass Mobile security skype

Bug Bounty Awards Climb as Software Security Improves

Dark Reading

Top reward for iOS remote exploit hits $2 million, as companies who sell exploits to national governments have to offer more money to attract researchers to tackle increasingly secure software

unCAPTCHA AI Cracks Google reCAPTCHAs with 90% Accuracy

Threatpost

A proof-of-concept from the University of Maryland can defeat the audio challenges that are offered as an option for people with disabilities. Vulnerabilities Web Security audio challenges bot detection google Proof of Concept recaptcha unCaptcha university of maryland Update

2018 eDiscovery Case Law Year in Review, Part 2

eDiscovery Daily

As we noted yesterday , eDiscovery Daily published 65 posts related to eDiscovery case decisions and activities over the past year, covering 56 unique cases ! Yesterday, we looked back at cases related to possession, custody and control, privilege disputes and form of production disputes.

Australian Early Warning Network hacked and used to send fake alerts

Security Affairs

A hacker obtained an unauthorized access to the Australian Early Warning Network over the weekend and abused it to send out an alert via SMS.

More Questions as Expert Recreates Chinese Super Micro Hardware Hack

The Security Ledger

Though the companies named in a blockbuster Bloomberg story have denied that China hacked into Supermicro hardware that shipped to Amazon, Apple and nearly 30 other firms, a recent demonstration at hacking conference in Germany proves the plausibility of the alleged hack. .

ICRM issues 2018 Year in Review Newsletter

IG Guru

[link]. The post ICRM issues 2018 Year in Review Newsletter appeared first on IG GURU. ICRM IG News Information Governance Records Management

10 ways technology will change banking in 2019

Information Management Resources

The coming year will bring a wave of data-sharing deals between banks and fintechs, increased bank use of automated advice, marked changes to financial jobs as a result of automation, and much more. Digital banking Digital currencies Digital payments Robo advisors Fintech regulations Fintech Regtech

Data 73

NSA will reveal its GHIDRA Reverse Engineering tool at RSA Conference

Security Affairs

The National Security Agency (NSA) will release at the next RSA Conference a free reverse engineering framework called GHIDRA. GHIDRA is a multi-platform reverse engineering framework that runs on major OSs (Windows, macOS, and Linux). The framework was first mentioned in the CIA Vault 7 dump that was leaked in 2017. WikiLeaks obtained thousands of files allegedly originating from a CIA high-security network that details CIA hacking techniques, tools, and capabilities.

Hackers Infiltrate Early Warning Network System to Send Spam

Threatpost

Just as ex-tropical Cyclone Penny moved toward the coast of Queensland, Australia, users of Early Warning Network reported receiving strange messages from the emergency system. Critical Infrastructure Hacks Australia early warning network hack hacker nuisance texts public emergency system hack Spam

71

ReiKey app for macOS can detect Mac Keyloggers using event taps

Security Affairs

ReiKey is a free tool that allows to scan and detect keylogger that install persistent keyboard “event taps” to intercept your keystrokes. Good news for macOS users, a new open source tool dubbed ReiKey allows them to detect Mac Keyloggers.

Stronger DNS Security Stymies Would-Be Criminals

Dark Reading

2018 saw a reduced number of huge DNS-facilitated DDoS attacks. Vendors and service providers believe that malicious impact will drop with continued technology improvements

FinTech banking’s nightmare frozen customer money problem

Collaboration 2.0

There’s a lot to like about modern mobile-first FinTech banks, but being locked out of your account isn’t one of them. Minimal customer service, opaque information flows and vague timelines create serious client stress levels

68

Zerodium Raises Zero-Day Payout Ceiling to $2M

Threatpost

Apple exploits will fetch the highest price. Vulnerabilities $2 million bug bounties exploit broker payout ceiling zero day Zerodium

67

Hackers dump data on Merkel, politicians in giant German leak

Information Management Resources

Hackers have released private data linked to Chancellor Angela Merkel and hundreds of other German politicians in the biggest data dump of its kind in the country. Hacking Data security Cyber security

IT 65

Podcast: Beware These Top Security Threats in 2019

Threatpost

In this week's podcast, we weigh in on the top threats to watch out for in 2019 - from fraud to IoT. IoT Malware Podcasts Privacy 2019 cyber predictions breach data breach Fraud magecart payment

Robust IoT investments leave many firms with tangled web of non-transparency

Information Management Resources

Even one dropped connection or poorly performing application per shift can translate into almost $20,000 in annual support and productivity loss costs per mobile worker, says a new study. Mobile technology Internet of things Data management Data strategy

Study 65

Report: Consumers Buy New Smart Devices But Don't Trust Them

Dark Reading

The gap between acceptance and trust for new smart devices is huge, according to a new survey

L.A. sues Weather Channel, IBM over location tracking

Information Management Resources

IBM allegedly used location data for targeted advertising and to identify trends for hedge funds, while telling consumers their location would only be used to localize forecasts. Geospatial data Data privacy Data privacy rules