Wed.Aug 14, 2019

20-Year-Old Bug in Legacy Microsoft Code Plagues All Windows Users

Threatpost

A bug in an obscure legacy Windows protocol can lead to serious real-world privilege-escalation attacks. Vulnerabilities CTF CVE-2019-1162 Google Project Zero Microsoft patch tuesday privilege escalation system takeover

111
111

Meet Bluetana, the Scourge of Pump Skimmers

Krebs on Security

“ Bluetana ,” a new mobile app that looks for Bluetooth-based payment card skimmers hidden inside gas pumps, is helping police and state employees more rapidly and accurately locate compromised fuel stations across the nation, a study released this week suggests.

Choice Hotels: 700,000 Guest Records Exposed

Data Breach Today

Vendor Copied Data Without Authorization; Left MongoDB Open to Internet Choice Hotels says about 700,000 records for guests were exposed after one of its vendors copied data from its systems. Fraudsters discovered the data and tried to hold the hotel chain to ransom, which it ignored

Data 195

Flaws in HTTP/2 implementations expose servers to DoS attacks

Security Affairs

Experts at Netflix and Google discovered eight denial-of-service ( DoS ) vulnerabilities affecting various HTTP/2 implementations. Researchers from Netflix and Google discovered eight denial-of-service ( DoS ) flaws affecting various HTTP/2 implementations.

Contact Center Cloud Migration Done Right

Speaker: Sheila McGee-Smith, Founder and Principal Analyst, McGee-Smith Analytics

Many companies are in the midst of migrating their contact center to the cloud. Understanding how best to execute the transition of premises to cloud is part of that process. Join contact center industry analyst and No Jitter blogger Sheila McGee-Smith as she discussed tried and true best practices for avoiding the potential pitfalls of CX migration.

Microsoft Issues Patches for BlueKeep-Like Vulnerabilities

Data Breach Today

Newly Discovered Bugs Can Carry Out Remote Code Execution Without User Interaction Microsoft has released a set of patches for two newly discovered BlueKeep-like vulnerabilities in a number of Windows operating systems.

156
156

More Trending

AMCA Breach Victim Count Continues to Grow

Data Breach Today

More Affected Labs Revealed; Several Breach Reports Show Up on Federal Tally The American Medical Collection Agency breach continues to grow messier, with more companies being added to the victim count. Here's the very latest tally

152
152

Microsoft Patch Tuesday for August 2019 patch 93 bugs, including 2 dangerous wormable issues

Security Affairs

Microsoft Patches Over 90 Vulnerabilities With August 2019 Updates. Microsoft Patch Tuesday security updates for August 2019 address more than 90 flaws, including two new ‘ wormable ‘ issues in Windows Remote Desktop Services.

Attorney General Barr and Encryption

Schneier on Security

Last month, Attorney General William Barr gave a major speech on encryption policy­what is commonly known as "going dark." Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it.

Kostya and Me: How Sam Patten Got Ensnared in Mueller’s Probe

WIRED Threat Level

A political consultant crosses paths with Konstantin Kilimnik, Paul Manafort, and Cambridge Analytica, then becomes part of the Russia investigation. Backchannel Security

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Side-Channel Attack against Electronic Locks

Schneier on Security

Several high-security electronic locks are vulnerable to side-channel attacks involving power monitoring. hacking locks sidechannelattacks vulnerabilities

NEW TECH: Trend Micro inserts ‘X’ factor into ‘EDR’ – endpoint detection and response

The Last Watchdog

With all the talk of escalating cyber warfare , the spread of counterfeit smartphones and new forms of self-replicating malware , I came away from Black Hat USA 2019 (my 15 th ) marveling, once more, at the panache of modern cyber criminals. Related: Lessons learned from Capital One breach Yet, I also had the chance to speak one-on-one with dozens of security vendors who are innovating like crazy to improve security. And I came away, once again, much encouraged.

Trends 122

Security Patch Day for August includes the most critical Note released by SAP in 2019

Security Affairs

SAP Patches Highest Number of Critical Flaws Since 2014. SAP released Security Patch Day updates for August 2019 that address three critical vulnerabilities in the company’s products.

Cloud 82

Major breach found in biometrics system used by banks, UK police and defence firms

The Guardian Data Protection

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Fingerprints of 1M Exposed in Public Biometrics Database

Threatpost

A publicly accessible database exposed the fingerprints and facial recognition information of millions, thrusting biometrics security into the spotlight once again. Hacks Vulnerabilities Biometrics biometrics database data privacyi Data security EU facial recognition White House

Access 111

GDPR Data Subject Access Requests: How to Respond

IT Governance

The EU GDPR (General Data Protection Regulation) grants data subjects the right to access their personal data. This is known as a DSAR (data subject access request). Subject access requests are not new, but the GDPR introduced several changes that make responding to them more challenging.

Czech Republic ‘s committee blames foreign state for Foreign Ministry Cyberattack

Security Affairs

A parliamentary committee in the Czech Republic blame s a foreign country state for a cyberattack that hit the C zech Foreig n Ministry. A parliamentary committee in the Czech Republic revealed that the National Cyber and Information Security Agency blamed a foreign state for a cyber attack that targeted the Czech Foreign Ministry. The committee did not reveal the name of the state allegedly involved in the attack.

How advanced technologies can boost worker productivity and creativity

Information Management Resources

While much is written on the constant advances in technologies, it can be easy to overlook the impact that these changes have on the way that IT and data professionals work

Data 69

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

You Gotta Reach 'Em to Teach 'Em

Dark Reading

As threats continue to evolve and cybercriminals become more sophisticated, organizations that lack a mature security awareness and training program place themselves at serious risk

Visibility, governance and compliance among top challenges with digital transformation

Information Management Resources

Digital transformations are fully underway at many companies, but organizations still have work to do to optimize their digital operations, according to new study

Why Companies Fail to Learn from Peers' Mistakes (and How They Can Change)

Dark Reading

Far too often, there's a new breach in the headlines. Companies need to start learning some obvious lessons

88

Lenovo Warns on ThinkPad Bugs, One Unpatched

Threatpost

The notebook maker is warning users of three separate vulnerabilities. Mobile Security Vulnerabilities Bluetooth CVE-2019-0128 CVE-2019-6171 CVE-2019-9506 EoP escalation of privileges INF Update Utility Intel Lenovo Security Update ThinkPad ThinkPad A series ThinkPad E ThinkPad Yoga vulnerabilities

Attackers Try to Evade Defenses with Smaller DDoS Floods, Probes

Dark Reading

Cybercriminals are initiating more attacks using low-bandwidth techniques, but the tactics expand the gray area between DDoS attacks and popular methods of mass scanning

86

Facebook Records User Audio, Sparking Privacy Questions

Threatpost

Hundreds of contractors reportedly were hired to transcribe Messenger voice chats in order to test the accuracy of an AI algorithm -- raising questions about what Facebook does with the data.

AI augmentation will fuel $2.9 trillion of business value in 2021

Information Management Resources

Decision support and AI augmentation will surpass all other types of AI initiatives, says research firm Gartner

57

TikTok Scammers Cash In On Adult Dating, Impersonation Tricks

Threatpost

Scammers are profiting from TikTok's younger audience with adult dating and account impersonation tricks. Podcasts Web Security adult dating scam fake account Instagram social media scam tiktok tiktok scam twitter

40% of organisations respond to bogus DSARs

IT Governance

A security researcher has identified major flaws in many organisations’ DSAR (data subject access request) procedures. James Pavur contacted dozens of UK and US-based companies to request personal information about his fiancée in order to see how they would respond.

Windows Users at Risk From High-Severity Intel Software Flaw

Threatpost

Overall, Intel stomped out three high-severity vulnerabilities and five medium-severity flaws. Vulnerabilities high severity flaw Intel intel nuc Intel Patch mini PC Next Unit of Computing NUC vulnerability Windows

Risk 80

BioStar 2 Leak Exposes 23GB Data, 1M Fingerprints

Dark Reading

Thousands of organizations, including banks, governments, and the UK Metropolitan Police, use the biometric security tool to authenticate users

Looking to start a career in cyber security?

IT Governance

IT Governance, part of GRC International Group, is looking to recruit recent graduates to join its successful Cyber Essentials consultancy as trainee assessors. Cyber Essentials is a baseline cyber security standard that is run by the NCSC (National Cyber Security Centre) on behalf of the UK government. Applicants must have degrees in networking, digital forensics, ethical hacking, or computer science, and strong technical knowledge of networking.

Color-Coding (Part 3): Retention and disposition headaches? Add a splash of color!

TAB OnRecord

In a four-part blog series, we are focusing on color-coding. In part one we discussed the color-coded file folder and in part two we looked beyond the obvious and immediate benefits of color-coding.