Wed.Aug 14, 2019

20-Year-Old Bug in Legacy Microsoft Code Plagues All Windows Users

Threatpost

A bug in an obscure legacy Windows protocol can lead to serious real-world privilege-escalation attacks. Vulnerabilities CTF CVE-2019-1162 Google Project Zero Microsoft patch tuesday privilege escalation system takeover

113
113

Meet Bluetana, the Scourge of Pump Skimmers

Krebs on Security

“ Bluetana ,” a new mobile app that looks for Bluetooth-based payment card skimmers hidden inside gas pumps, is helping police and state employees more rapidly and accurately locate compromised fuel stations across the nation, a study released this week suggests.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Choice Hotels: 700,000 Guest Records Exposed

Data Breach Today

Vendor Copied Data Without Authorization; Left MongoDB Open to Internet Choice Hotels says about 700,000 records for guests were exposed after one of its vendors copied data from its systems. Fraudsters discovered the data and tried to hold the hotel chain to ransom, which it ignored

IT 204

NEW TECH: Trend Micro inserts ‘X’ factor into ‘EDR’ – endpoint detection and response

The Last Watchdog

With all the talk of escalating cyber warfare , the spread of counterfeit smartphones and new forms of self-replicating malware , I came away from Black Hat USA 2019 (my 15 th ) marveling, once more, at the panache of modern cyber criminals. Related: Lessons learned from Capital One breach Yet, I also had the chance to speak one-on-one with dozens of security vendors who are innovating like crazy to improve security. And I came away, once again, much encouraged.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Microsoft Issues Patches for BlueKeep-Like Vulnerabilities

Data Breach Today

Newly Discovered Bugs Can Carry Out Remote Code Execution Without User Interaction Microsoft has released a set of patches for two newly discovered BlueKeep-like vulnerabilities in a number of Windows operating systems.

172
172

More Trending

AMCA Breach Victim Count Continues to Grow

Data Breach Today

More Affected Labs Revealed; Several Breach Reports Show Up on Federal Tally The American Medical Collection Agency breach continues to grow messier, with more companies being added to the victim count. Here's the very latest tally

170
170

Flaws in HTTP/2 implementations expose servers to DoS attacks

Security Affairs

Experts at Netflix and Google discovered eight denial-of-service ( DoS ) vulnerabilities affecting various HTTP/2 implementations. Researchers from Netflix and Google discovered eight denial-of-service ( DoS ) flaws affecting various HTTP/2 implementations.

IT 102

Side-Channel Attack against Electronic Locks

Schneier on Security

Several high-security electronic locks are vulnerable to side-channel attacks involving power monitoring. hacking locks sidechannelattacks vulnerabilities

KNOB attack threatens over a billion Bluetooth-enabled devices

Security Affairs

A vulnerability tracked as CVE-2019-9506 and referred as Key Negotiation of Bluetooth ( KNOB ) attack could allow attackers to spy on encrypted connections.

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Kostya and Me: How Sam Patten Got Ensnared in Mueller’s Probe

WIRED Threat Level

A political consultant crosses paths with Konstantin Kilimnik, Paul Manafort, and Cambridge Analytica, then becomes part of the Russia investigation. Backchannel Security

Microsoft Patch Tuesday for August 2019 patch 93 bugs, including 2 dangerous wormable issues

Security Affairs

Microsoft Patches Over 90 Vulnerabilities With August 2019 Updates. Microsoft Patch Tuesday security updates for August 2019 address more than 90 flaws, including two new ‘ wormable ‘ issues in Windows Remote Desktop Services.

Major breach found in biometrics system used by banks, UK police and defence firms

The Guardian Data Protection

Security Patch Day for August includes the most critical Note released by SAP in 2019

Security Affairs

SAP Patches Highest Number of Critical Flaws Since 2014. SAP released Security Patch Day updates for August 2019 that address three critical vulnerabilities in the company’s products.

Cloud 92

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Fingerprints of 1M Exposed in Public Biometrics Database

Threatpost

A publicly accessible database exposed the fingerprints and facial recognition information of millions, thrusting biometrics security into the spotlight once again. Hacks Vulnerabilities Biometrics biometrics database data privacyi Data security EU facial recognition White House

Access 114

You Gotta Reach 'Em to Teach 'Em

Dark Reading

As threats continue to evolve and cybercriminals become more sophisticated, organizations that lack a mature security awareness and training program place themselves at serious risk

Lenovo Warns on ThinkPad Bugs, One Unpatched

Threatpost

The notebook maker is warning users of three separate vulnerabilities. Mobile Security Vulnerabilities Bluetooth CVE-2019-0128 CVE-2019-6171 CVE-2019-9506 EoP escalation of privileges INF Update Utility Intel Lenovo Security Update ThinkPad ThinkPad A series ThinkPad E ThinkPad Yoga vulnerabilities

GDPR Data Subject Access Requests: How to Respond

IT Governance

The EU GDPR (General Data Protection Regulation) grants data subjects the right to access their personal data. This is known as a DSAR (data subject access request). Subject access requests are not new, but the GDPR introduced several changes that make responding to them more challenging.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Facebook Records User Audio, Sparking Privacy Questions

Threatpost

Hundreds of contractors reportedly were hired to transcribe Messenger voice chats in order to test the accuracy of an AI algorithm -- raising questions about what Facebook does with the data.

Czech Republic ‘s committee blames foreign state for Foreign Ministry Cyberattack

Security Affairs

A parliamentary committee in the Czech Republic blame s a foreign country state for a cyberattack that hit the C zech Foreig n Ministry. A parliamentary committee in the Czech Republic revealed that the National Cyber and Information Security Agency blamed a foreign state for a cyber attack that targeted the Czech Foreign Ministry. The committee did not reveal the name of the state allegedly involved in the attack.

TikTok Scammers Cash In On Adult Dating, Impersonation Tricks

Threatpost

Scammers are profiting from TikTok's younger audience with adult dating and account impersonation tricks. Podcasts Web Security adult dating scam fake account Instagram social media scam tiktok tiktok scam twitter

Top Penetration Testing Tools

eSecurity Planet

Penetration testing should be an ongoing practice for all IT security teams. Here are the best pen test tools for finding your vulnerabilities

Windows Users at Risk From High-Severity Intel Software Flaw

Threatpost

Overall, Intel stomped out three high-severity vulnerabilities and five medium-severity flaws. Vulnerabilities high severity flaw Intel intel nuc Intel Patch mini PC Next Unit of Computing NUC vulnerability Windows

Risk 100

How advanced technologies can boost worker productivity and creativity

Information Management Resources

While much is written on the constant advances in technologies, it can be easy to overlook the impact that these changes have on the way that IT and data professionals work

IT 69

Attackers Try to Evade Defenses with Smaller DDoS Floods, Probes

Dark Reading

Cybercriminals are initiating more attacks using low-bandwidth techniques, but the tactics expand the gray area between DDoS attacks and popular methods of mass scanning

96

Visibility, governance and compliance among top challenges with digital transformation

Information Management Resources

Digital transformations are fully underway at many companies, but organizations still have work to do to optimize their digital operations, according to new study

Why Companies Fail to Learn from Peers' Mistakes (and How They Can Change)

Dark Reading

Far too often, there's a new breach in the headlines. Companies need to start learning some obvious lessons

96

DEF CON and Feds Partner on Anonymous Bug Submission Program

Threatpost

Bug submission program uses the SecureDrop platform to ensure anonymity. Black Hat Government Malware Vulnerabilities Aaron Swartz DEF CON DHS Freedom of the Press Foundation SecureDrop US-CERT

3 Principles to move from AI Pilots to AI @ Scale

IBM Big Data Hub

In my last blog post , I covered how you can deliver an AI pilot in just eight weeks and at the same time design your program in a way to scale the AI across your enterprise. Culture, architecture and technology is fundamental to move from AI pilot to AI @ Scale.

Risk 84

Norman Cryptominer Employs Sophisticated Obfuscation Tactics

Threatpost

A new XMRig Monero cryptominer stands apart, despite its non-flashy name. Malware Cryptominer cryptomining Malware analysis Monero norman obfuscation techniques varonis XMRig

IT 91

BioStar 2 Leak Exposes 23GB Data, 1M Fingerprints

Dark Reading

Thousands of organizations, including banks, governments, and the UK Metropolitan Police, use the biometric security tool to authenticate users