Wed.Jul 17, 2019

Party Like a Russian, Carder’s Edition

Krebs on Security

“It takes a certain kind of man with a certain reputation.

Ransomware: As GandCrab Retires, Sodinokibi Rises

Data Breach Today

Ransom Payments to Crypto-Locking Malware Extortionists Are Surging With the GandCrab ransomware-as-service gang promising to retire - and free decryptors now aiding victims - rival Sodinokibi has already stepped into the void, security experts warn.

Think FaceApp Is Scary? Wait Till You Hear About Facebook

WIRED Threat Level

The idea that FaceApp is somehow exceptionally dangerous threatens to obscure the real point: All apps deserve this level of scrutiny. Security Security / Privacy

Impact of AMCA Breach Continues to Grow

Data Breach Today

More Victims Identified; Allegations Made in Court Filings The impact of the massive American Medical Collection Agency data breach continues to grow. At least two more laboratories have said their patients' data was potentially compromised by the breach.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Security Affairs - Untitled Article

Security Affairs

Tesla paid $10,000 a researcher that found a stored cross-site scripting (XSS) vulnerability that could have been exploited to change vehicle information.

IT 111

More Trending

U.S. Healthcare Industry Needs a Shot in the Arm When it Comes to Data Protection: 70% experienced a breach; Less than 38% are encrypting even as threats increase

Thales eSecurity

If the vast majority of the people in your office knew they would contract the flu today, it’s safe to say most chairs would remain empty. Anyone who actually came to work would avoid others, sanitize drawer handles, wash their hands, and/or wear a mask.

Bulgarian Authorities Arrest Suspect in Massive Data Breach

Data Breach Today

20-Year-Old Charged as Investigation Continues Bulgaria's national cybercrime unit has arrested a 20-year-old local man for his alleged role in breaching the country's tax servers and exposing the financial details and other personal data of nearly 5 million citizens, according to news media report

Anti-Debugging Techniques from a Complex Visual Basic Packer

Security Affairs

One of the latest trends for the attackers is to leverage the ISO files to avoid detection, the technique has also been used in a recent Hawkeye campaign. Introduction.

How Deception Technology Is Evolving

Data Breach Today

Deception technology is becoming more sophisticated, enabling organizations to battle against emerging threats, says Alissa Knight, senior analyst at Aite Group, a research and advisory company


Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Security Affairs - Untitled Article

Security Affairs

Threat actors used the Extembro DNS- changer Trojan in an adware campaign to prevent users from accessing security-related websites.

Access 103

Proactive Mobile Threat Defense

Data Breach Today

From malware and phishing to cryptojacking and man-in-the-middle attacks, mobile threats are rampant, and organizations need to stay a step ahead. Traditional threat management has been reactive. But IBM and Wandera have joined forces to stop threats dead in their tracks before they get close to your environment

Constructing A Digital Transformation Strategy: Putting the Data in Digital Transformation


Having a clearly defined digital transformation strategy is an essential best practice for successful digital transformation. But what makes a viable digital transformation strategy?

Why Microsoft’s BlueKeep Bug Hasn’t Wreaked Havoc—Yet

WIRED Threat Level

Microsoft's critical vulnerability remains unpatched in hundreds of thousands of computers, and may already be exploited in secret. Security Security / Cyberattacks and Hacks

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Digital transformation threats and opportunities in travel and transportation

DXC Technology

In travel and transportation most companies today don’t look at customer journeys as a collaborative exercise. They consider their job done when passengers are delivered safely to their appointed destination for their segment.

MITRE ATT&CK Framework Not Just for the Big Guys

Dark Reading

At Black Hat, analysts from MITRE and Splunk will detail how organizations of many different sizes are leveraging ATT&CK's common language


Massive Malvertising Campaign Reaches 100M Ads, Manipulates Supply Chain


A sophisticated and growing malvertising attacker is partnering with legitimate ad tech platforms to drop malware at scale. Web Security 100 million compromised ads advertising supply chain demand side platform Hong Kong Malvertising malware

For Real Security, Don't Let Failure Be Your Measure of Success

Dark Reading

For too long, we've focused almost exclusively on keeping out the bad guys rather than what to do when they get in (and they will

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Bluetooth Flaws Could Allow Global Tracking of Apple, Windows 10 Devices


Identifying tokens and random addresses, meant to create anonymity, do not change in sync on some devices -- opening an attack vector.

IoT 114

The 10 Essentials of Infosec Forensics

Dark Reading

Whether it's your first investigation or 500th, review the basics of IT forensics to streamline and simplify your discovery

IT 114

StrongPity APT Returns with Retooled Spyware


The group is using malicious versions of WinRAR and other legitimate software packages to infect targets, likely via watering-hole attacks. Malware alien labs new spyware prometheus StrongPity Watering hole attacks WinRAR


Bluetooth Bug Enables Tracking on Windows 10, iOS & macOS Devices

Dark Reading

Researchers discover a third-party algorithm in multiple high-profile Bluetooth devices exposes users to third-party tracking and data access

Access 114

Digital Transformation: Lessons Learned from the World Cup

Micro Focus

Turla APT group adds Topinambour Trojan to its arsenal

Security Affairs

Kaspersky researchers revealed that since earlier this year, Russia-linked APT group Turla used new variants of the KopiLuwak Trojan in targeted attacks. Security experts at Kaspersky revealed that the Russia-linked APT group Turla used new variants of the KopiLuwak Trojan in targeted attacks since early 2019.

IT 79

Data Loss, Leakage Top Cloud Security Concerns

Dark Reading

Compliance, accidental exposure of credentials, and data control are also primary concerns for senior IT and security managers

Firmware Bugs Plague Server Supply Chain, 7 Vendors Impacted


Lenovo, Acer and five additional server manufacturers are hit with supply-chain bugs buried in motherboard firmware.

800K Systems Still Vulnerable to BlueKeep

Dark Reading

Organizations with systems exploitable via the RDP flaw pose an increasing risk to themselves and other organizations, BitSight says

Risk 111

[Guide] Designing a Data Governance Program in Financial Services

Perficient Data & Analytics

Data is the lifeblood of any company. It is the basis of management decision-making, regulatory supervision, taxation, and investor and market behavior. In recent years, firms have recognized data as an independent asset that should be managed and leveraged to fully reap its benefits.

A Password Management Report Card

Dark Reading

New research on password management tools identifies the relative strengths and weaknesses of 12 competing offerings

How to recover from a cyber attack

IT Governance

One in three UK organisations fell victim to a cyber attack in 2018, costing £17.8 billion in total. Your first – obviously valid – thought might be that we all need to get better at preventing security incidents, but it’s not the whole story.

FaceApp denies storing users' photographs without permission

The Guardian Data Protection

App was launched by Russian developer in 2017 and uses AI to change people’s features The developer of a popular app which transforms users’ faces to predict how they will look as older people has insisted they are not accessing users’ photographs without permission.