Tue.Oct 08, 2019

Developers' Code Reuse Security Conundrum: Cut, Paste, Fail

Data Breach Today

GitHub Projects Riddled With Flawed Stack Overflow Code, Researchers Find Code reuse kills - software quality, that is, according to a new study of C++ code snippets shared on Stack Overflow that were reused in more than 2,800 GitHub projects.

Study 202

Developer hacked back Muhstik ransomware crew and released keys

Security Affairs

One of the victims of the Muhstik ransomware gang who initially paid the ransomware, decided to hack back the crooks and released their decryption keys. Tobias Frömel , is a German software developer, who was a victim of the Muhstik ransomware.

Health Data Breach Tally: Ransomware Proliferates

Data Breach Today

Here's An Update on Additions to the 'Wall of Shame' Ransomware attacks are among the largest incidents added to the federal tally of major health data breaches in recent weeks. Attacks on a variety of clinics affected a total of more than 1 million individuals

Experts found a link between a Magecart group and Cobalt Group

Security Affairs

Researchers from MalwareBytes and HYAS Threat Intelligence linked one of the hacking groups under the Magecart umbrella to the notorious Cobalt cybercrime Group.

Groups 109

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Update: Internet Security Threat Report

Data Breach Today

Kevin Haley of Symantec Shares Key Findings Kevin Haley of Symantec shares key findings from the company's latest Internet Security Threat Report

More Trending

DevSecOps: Overcoming Resistance

Data Breach Today

Johnathan Nicholson, Former Interac CISO, on How to Change the Culture How can organizations overcome resistance to implementing DevSecOps? Johnathan Nicholson, former CISO at Interac, the Canadian interbank network, provides insights

How To 176

FBI Warns of Cyber Attacks on Multi-Factor Authentication

Adam Levin

The FBI is warning businesses about a new series of cyberattacks that can circumvent multi-factor authentication (MFA).

Minimizing File Transfer Risk

Data Breach Today

Jeffrey Edwards of Progress Software on Ensuring Privacy File transfers are a significant factor in accidental insider risk. Jeffrey Edwards of Progress Software explains how secure file transfers can help ensure privacy and play a role in regulatory compliance

Risk 176

New Unpatchable iPhone Exploit Allows Jailbreaking

Schneier on Security

A new iOS exploit allows jailbreaking of pretty much all version of the iPhone. This is a huge deal for Apple, but at least it doesn't allow someone to remotely hack people's phones.

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

The Case Against a 'SOC in a Box'

Data Breach Today

John Matthews of Extrahop on Avoiding Homogeneity in Security Platforms Homogeneity in security platforms can be a problem, says John Matthews of Extrahop, who makes the case for avoiding implementing a "SOC in a box

MS October 2019 Patch Tuesday updates address 59 flaws

Security Affairs

Microsoft October 2019 Patch Tuesday addressed a total of 59 vulnerabilities. 9 of which are rated as critical and 49 as important.

Addressing Privacy Compliance Challenges

Data Breach Today

Fatima Khan of Okta on Going Beyond GDPR Compliance Compliance with the European Union's General Data Protection Regulation is no guarantee of compliance with other privacy regulations, says Fatima Khan of Okta, who discusses the challenges

Russia's Disinformation War Is Just Getting Started

WIRED Threat Level

The Internet Research Agency specifically targeted African Americans, and has not stopped trying to influence elections, a Senate intelligence report says. Business Business / Social Media Security

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Insider Threat Mitigation: Sanctions and Incentives

Data Breach Today

Michael Theis of CERT Insider Threat Center on Best Practices The battle against insider threats requires a balance of sanctions and incentives, says Michael Theis of the CERT Insider Threat Center

153
153

APT Groups Exploiting Flaws in Unpatched VPNs, Officials Warn

Threatpost

and U.K. agencies warn consumers to update VPN technologies from Fortinet, Pulse Secure and Palo Alto Networks. Government Hacks Vulnerabilities Web Security apt apt5 china state sponsored cybergroup cyberattack Fortinet NSA Palo Alto Networks pule secure

Groups 114

Can the Girl Scouts Save the Moon from Cyberattack?

Dark Reading

The Girl Scouts Cyber Challenge event, later this month, pledges to give middle and high-school girls a realistic, and fun, look at cybersecurity careers

Intimate Details on Healthcare Workers Exposed as Cloud Security Lags

Threatpost

Ponemon survey data shows that only a third of IT staff say they take a security-first approach to data storage in the cloud. Cloud Security Privacy data exposure freedom healthcare healthcare workers misconfiguration Ponemon survey the report tu ora compass health

Cloud 113

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Utilities' Operational Networks Continue to Be Vulnerable

Dark Reading

More than half of utilities have suffered an outage or data loss in the last 12 months, but only a minority of organizations seem ready for an attack that could affect operations, a survey finds

Survey 111

Google October Android Security Update Fixes Critical RCE Flaws

Threatpost

Google's October security update fixed several critical and high-severity vulnerabilities. Mobile Security Vulnerabilities Android Android OS critical flaw fix google LG patch patch tuesday Qualcomm remote code execution Samsung vulnerability

7 Considerations Before Adopting Security Standards

Dark Reading

Here's what to think through as you prepare your organization for standards compliance

Critical Microsoft Remote Desktop Flaw Fixed in Security Update

Threatpost

Microsoft has released fixes for nine critical and 49 important vulnerabilities as part of Patch Tuesday. Vulnerabilities critical flaw Microsoft patch patch tuesday RDP remote code execution remote desktop services vulnerability

Most organizations fall short of global data privacy requirements

Information Management Resources

A majority of organizations do not comply with current international data privacy regulations and are not prepared for new U.S. regulations rolling out in 2020. Data privacy rules Data security Data management

Apple Tackles Over a Dozen Bugs in its Catalina 10.15 Update

Threatpost

Apple released fixes for Catalina and patches for iCloud and iTunes for Windows software. Vulnerabilities Web Security Apache web server apple Catalina 10.15 CoreAudio Intel Graphic Driver IOGraphics macOS macOS kernel WebKit

IT 108

The Security of Data in the Cloud is Your Responsibility Unveiling the 2019 Thales Cloud Security Study

Thales eSecurity

Businesses are vigorously adopting digital transformation to provide higher quality services, operate more efficiently and deliver better customer experiences. The engine that is powering this transformation is the cloud and the vast array of on demand services it provides.

The Importance of Reinforcement Learning

Perficient Data & Analytics

A few years ago, BBC Earth highlighted a memory test performed by a Chimpanzee named Ayumu.

NSA Issues Advisory on VPN Vulnerability Trio

Dark Reading

Vulnerabilities with Pulse Secure, Fortinet, and Palo Alto Networks VPNs are called out in the advisory

#ModernDataMasters: Carl Smith, PZ Cussons

Reltio

Kate Tickner, Reltio. Carl Smith is the global head of master data management for PZ Cussons. He is an experienced data leader / strategist, having worked across large enterprise organisations including Philips, Metro AG and Office Depot.

MDM 56