Tue.Sep 10, 2019

US Government Ban on Kaspersky Formalized

Data Breach Today

Final Rule Includes Ban on Government Contractors Using Russian Firm's Products A final rule published in the Federal Register Tuesday officially bans U.S. government agencies and their contractors from buying or supporting Kaspersky security products

Patch Tuesday, September 2019 Edition

Krebs on Security

Microsoft today issued security updates to plug some 80 security holes in various flavors of its Windows operating systems and related software.

Tips 147

Hackers Attempted DDoS Attack Against Utility: Report

Data Breach Today

Analysis: Attackers Probed Weaknesses in Network Firewalls for 10 Hours Earlier this year, intruders probed weaknesses in the network firewalls of a U.S.

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Security Affairs

A security researcher disclosed zero-day flaws in Telestar Digital GmbH IoT radio devices that could be exploited by remote attackers to hijack systems without any user interaction.

IoT 104

Contact Center Cloud Migration Done Right

Speaker: Sheila McGee-Smith, Founder and Principal Analyst, McGee-Smith Analytics

Many companies are in the midst of migrating their contact center to the cloud. Understanding how best to execute the transition of premises to cloud is part of that process. Join contact center industry analyst and No Jitter blogger Sheila McGee-Smith as she discussed tried and true best practices for avoiding the potential pitfalls of CX migration.

Cybercrime Black Markets: RDP Access Remains Cheap and Easy

Data Breach Today

Also Hot: Payment Card Numbers, Identity Packets, DDoS Attacks, Shell Companies Cybercrime is surging, thanks in no small part due to the easy availability of inexpensive hacking tools and services.

Access 204

More Trending

Email Servers: Exim Flaw Leaves Millions at Risk of Hacking

Data Breach Today

Remotely Executable Flaw Could be Exploited by BEC and Ransomware Attackers Email server alert: Linux and Unix administrators should immediately patch a remotely exploitable flaw in Exim, one of the world's most-used message transfer agents, security experts warn.

Risk 181

Police dismantled Europe’s second-largest counterfeit currency network on the dark web

Security Affairs

The European authorities announced to have dismantled Europe’s second-largest counterfeit currency network on the dark web.

Avoiding Breach Notification Blunders

Data Breach Today

What Can Be Learned From Hospice's Mailing Mishap That Triggered 'Corrective' Notification? A mishap involving the mailing of breach notification letters has led a Tennessee hospice to issue a "corrective" privacy breach notification.

Robert Downey Jr’s Instagram account has been hacked

Security Affairs

The Instagram account of Robert Downey Jr. has been hacked, he is the last celebrity in order of time that had the social media accounts compromised. Robert Downey Jr.

Survey 100

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

CISOs: Navigating Operational Conflicts

Data Breach Today

Chris Hetner of Marsh on the CISO's Role as a Communicator Today's CISOs need to speak the language of business, says Chris Hetner of Marsh, who offers advice on navigating operational conflicts

NEW TECH: Baffin Bay Networks takes a ‘cloud-first’ approach to securing web applications

The Last Watchdog

Hear about the smart toaster that got attacked three times within an hour after its IP address first appeared on the Internet? That experiment conducted by a reporter for The Atlantic crystalizes the seemingly intractable security challenge businesses face today.

Cloud 136

On Cybersecurity Insurance

Schneier on Security

Good paper on cybersecurity insurance: both the history and the promise for the future. From the conclusion: Policy makers have long held high hopes for cyber insurance as a tool for improving security. Unfortunately, the available evidence so far should give policymakers pause.

281 Alleged Email Scammers Arrested in Massive Global Sweep

WIRED Threat Level

The most sweeping takedown yet of so-called BEC scammers involved arrests in nearly a dozen countries. Security Security / Security News

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Microsoft Patch Tuesday updates for September 2019 fix 2 privilege escalation flaws exploited in attacks

Security Affairs

Microsoft Patch Tuesday updates for September 2019 address 80 flaws, including two privilege escalation issues exploited in attacks.

Top 7 benefits of supply chain optimization

OpenText Information Management

In our last blog. we looked at what’s involved in supply chain optimization, the supply chain optimization techniques and tools that are available to you. This time we’ll cover the key benefits of supply chain optimization and how you can achieve them.

Blog 75

Adobe September 2019 Patch Tuesday updates fix 2 code execution flaws in Flash Player

Security Affairs

Adobe September 2019 Patch Tuesday updates address two code execution bugs in Flash Player and a DLL hijacking flaw in Application Manager.

GDPR Compliance — The Fines Have Begun!

InfoGoTo

GDPR compliance has been a major talking point among information governance professionals for quite some time. Unfortunately, some organizations have now run afoul of the law, making the promised fines a reality for the non-compliant. GDPR’s First Fines Are Nothing to Sneeze At.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Why Healthcare is Moving to Cloud: Connect Data Silos

Perficient Data & Analytics

The following is the third blog in a series about why healthcare organizations are moving to the cloud. In this series so far, we have looked at how the cloud brings robust data security and the cost savings and efficiencies that the cloud delivers for healthcare organizations.

Cloud 65

Security Pros' Painless Guide to Machine Intelligence, AI, ML & DL

Dark Reading

Artificial intelligence, machine learning, or deep learning? Knowing what the major terms really mean will help you sort through the morass of words on the subject and the security uses of each

11th Circuit Rules Single Text Message Not Sufficient for Article III Standing

Data Matters

Creating a circuit split, the U.S. Court of Appeals for the Eleventh Circuit has held that receiving a single unwanted text message is not enough to confer standing, even if the text violated the federal Telephone Consumer Protection Act (TCPA). The court disagreed with a Ninth Circuit ruling that reached the opposite conclusion in 2017. In so doing, it gave new life to an argument defendants may use to fend off class actions under the TCPA.

Get your creative team on the same page

OpenText Information Management

When it comes to collaborating on creative projects, we know that processes can often get in the way. Your team members might find themselves working on the wrong versions of an asset, or there might be multiple versions of the same asset being worked on by different people.

Blog 62

Microsoft Addresses Two Zero-Days Under Active Attack

Threatpost

September Patch Tuesday leads off with two elevation-of-privilege bugs that have been exploited in the wild. Cloud Security Vulnerabilities Web Security active attack critical vulnerabilities elevation of privilege Microsoft patch tuesday remote desktop client september 2019 zero day

Cloud 85

Capture the Flag events and eSports

Adam Shostack

Looking at what is popular with smaller niche crowds can give greater insight into the “next thing”. This natural selection of attention can inspire an evolution of methods and practices. Capture the Flag Events (CTFs) and electronic Sports (eSports) are good examples of a relatively new trend.

Beyond the China Personal Information Security Specification

InfoGoTo

Organizations doing business in China should pay attention to recent action by the Cyberspace Administration of China regarding the regulation of cross-border personal information transfers.

Course announcement: Tampering in Depth!

Adam Shostack

I’m excited to announce that I’m hitting my STRIDE and Linkedin has released the second course in my in-depth exploration of STRIDE: Tampering.

How to Better Manage Growing Data Volumes While Maximizing IT Budget

InfoGoTo

Data is growing at an exponential rate and it’s not going to slow down anytime soon. In fact, IDC predicts that by 2025 worldwide data creation will grow to 175 zettabytes. However, it’s more complex than the simple increase in volume and rapid growth of data.

US Power Grid Cyberattack Due to Unpatched Firewall: NERC

Dark Reading

A firewall vulnerability enabled attackers to repeatedly reboot the victim entity's firewalls, causing unexpected outages

80

How SMBs can get more value out of their business data

Information Management Resources

The market forces smaller businesses to be agile in the ever tougher competition, and for this they turn to advanced data analytics as a treasure trove of business-critical knowledge. Data strategy Data management Data mining

Vulnerabilities in D-Link, Comba Routers Can Leak Credentials

Threatpost

Flaws can potentially affect every device and user on the network by directing them to malicious websites or blocking their access to important data or resources. Vulnerabilities Comba Telecom D-Link Routers

How to Get the Most out of MuleSoft’s Anypoint Platform

Perficient Data & Analytics

MuleSoft’s Anypoint platform is a robust system to help both in creating and leveraging connections between separate systems. This can, in effect, create an “application network” where previously unconnected sources of data come together to meet your business’s needs. (By By the way, if you’re not familiar with MuleSoft yet, you can learn more about the basics here.) . 5 Steps to Get the Most out of MuleSoft. Thinking about integrating your company’s systems using the MuleSoft Anypoint Platform?