Fri.Sep 13, 2019

Analysis: The Impact of Business Email Compromise Attacks

Data Breach Today

This week's ISMG Security Report analyzes the cost of business email compromise attacks and the recent arrest of dozens of suspects. Also featured: updates on the easy availability of low-cost hacking tools and the latest payment card fraud trends

The US Treasury placed sanctions on North Korea linked APT Groups

Security Affairs

The US Treasury placed sanctions on three North Korea-linked hacking groups, the Lazarus Group, Bluenoroff, and Andarial. The US Treasury sanctions on three North Korea-linked hacking groups, the Lazarus Group , Bluenoroff , and Andarial.

Groups 109

Credit Card Theft Ringleader Pleads Guilty

Data Breach Today

Fin7 Gang Tied to Theft of 15 Million Payment Cards From Restaurant Chains and Others One of the three Ukrainian men charged with leading the notorious Fin7 hacking group, which prosecutors say stole 15 million payment cards, has pleaded guilty to two federal charges

Groups 229

WatchBog cryptomining botnet now uses Pastebin for C2

Security Affairs

A new cryptocurrency-mining botnet tracked as WatchBog is heavily using the Pastebin service for command and control (C&C) operations. Cisco Talos researchers discovered a new cryptocurrency -mining botnet tracked as WatchBog is heavily using the Pastebin service for command and control.

Mining 109

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

PSD2 Authentication Requirements: The Implementation Hurdles

Data Breach Today

Banks, Merchants, Processors Struggling to Comply With Mandate Because banks, fintech firms, merchants and payments processors in the EU have struggled to meet the Sept.

More Trending

Calif. May Ban Facial Recognition in Police Body Cameras

Data Breach Today

Legislation Awaits Governor's Signature Lawmakers in California have voted to ban the use of facial recognition technology within the body cameras that police wear. The measure now awaits the governor's signature

187
187

Prediction: 2020 election is set to be hacked, if we don’t act fast

Adam Levin

Since 1993, hackers have traveled to Las Vegas from around the world to demonstrate their skills at DefCon ’s annual convention, and every year new horrors of cyber-insecurity are revealed as they wield their craft. Last year, for example, an eleven-year-old boy changed the election results on a replica of the Florida state election website in under ten minutes. This year was no exception. Participants revealed all sorts of clever attacks and pathetic vulnerabilities.

Paper 86

Ransomware Gangs Practice Customer Relationship Management

Data Breach Today

Ransomware-wielding attackers treat infecting endpoints as a business and put customer relationship management principles to work, says Bill Siegel, CEO of ransomware incident response firm Coveware. He notes criminals "go after the low-hanging fruit because it's cheap and the conversion rate is high

National Security Is in Trump's Hands

WIRED Threat Level

With the departure of John Bolton from the White House this week, even the former national security advisor’s biggest critics are worried. Security Security / National Security

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

For Sale: Admin Access Credentials to Healthcare Systems

Data Breach Today

Cybercriminals are "upping their game" by stealing and then auctioning off on the dark web administrative access credentials to healthcare organizations' clinician and patient portals, says Etay Maor of IntSights

Sales 146

iPhone iOS 13 Lockscreen Bypass Flaw Exposes Contacts

Threatpost

Apple will not fix the glitch until the release of iOS 13.1 later in September. Hacks Mobile Security apple Apple hack Apple vulnerability ios 13 iOS 13.1 iphone iPhone X lock screen bypass patch Vulnerability Disclosure

Tips on Countering Insider Threat Risks

Data Breach Today

Insider threats are difficult to counter. What happens when an employee goes rogue, and how do you catch them? Charles Carmakal of Mandiant, who says his firm is dealing with more insider threat investigations, shares tips for better defenses

Tips 138

Astaroth Spy Trojan Uses Facebook, YouTube Profiles to Cover Tracks

Threatpost

At every turn, the info-stealer uses legitimate services to get around normal email, endpoint and network defenses. Facebook Malware Web Security astaroth attack analysis Brazil cofense information stealer legitimate services phishing campaign spy trojan Youtube

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Why Politics, Why Now?

John Battelle's Searchblog

Last week an email hit my inbox with a simple powerful sentiment. “I miss your writing,” it said. The person who sent it was a longtime reader of this site. I miss writing too.

North Korean Spear-Phishing Attack Targets U.S. Firms

Threatpost

Researchers warn that U.S. firms are being targeted with legitimate - but trojanized - documents that are often socially engineered to a tee.

Smart Watches and Cheating on Tests

Schneier on Security

The Independent Commission on Examination Malpractice in the UK has recommended that all watches be banned from exam rooms, basically because it's becoming very difficult to tell regular watches from smart watches. cheating internetofthings

IT 77

WordPress XSS Bug Allows Drive-By Code Execution

Threatpost

Sites that use the Gutenberg (found in WordPress 5.0 to 5.2.2) are open to complete takeover. Vulnerabilities Web Security cross-site scripting drive-by attack gutenberg editor patch remote code execution version 5.2.3 vulnerability website takeover wordpress XSS

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

No Quick Fix for Security-Worker Shortfall

Dark Reading

Security professionals see acquiring skills as the way forward, but only half of companies are training their workers, with more continuing to search for highly skilled employees

Cybercriminals Adding Sophistication to BEC Threats

Threatpost

New tactics aimed at business executives and users are being used to reap greater reward from email based fraud, which continues to rise, researchers said. Government Hacks Malware Web Security BEC Business Email Compromise Department of Justice email email threats Operation reWired

Weekly Update 156

Troy Hunt

Turns out it's actually a sunny day in Oslo today, although it's the last one I'll see here for quite some time before heading off to Denmark then other European things for the remainder of this trip.

How Do Patient Portals Work?

Record Nations

A patient portal is a secure online platform that allows patients to access their health records at any time and anywhere, as long as they have an internet connection. Patients can log on from their computer or smartphone using a secure username and password.

The consequence of valuing data

Information Management Resources

I have read widely in information theory and despite the rhetoric, there remains ample disagreement in research circles that data has an implied value independent of use or context. Data strategy Data management Data science

Data 65

Friday Squid Blogging: How Scientists Captured the Giant Squid Video

Schneier on Security

In June, I blogged about a video of a live juvenile giant squid. Here's how that video was captured. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here. squid

Video 64

6 Questions to Ask Once You've Learned of a Breach

Dark Reading

With GDPR enacted and the California Consumer Privacy Act on the near horizon, companies have to sharpen up their responses. Start by asking these six questions

GDPR 87

News Wrap: IoT Radio Telnet Backdoor And ‘SimJacker’ Active Exploit

Threatpost

Threatpost editors Tara Seals and Lindsey O'Donnell talk about the top news stories of the week - from leaky databases to SIM card attacks. Hacks IoT Malware Podcasts backdoor data expose database elasticsearch server IoT security podcast sim simjacker Telnet

IoT 87

Malware Linked to Ryuk Targets Financial & Military Data

Dark Reading

A newly discovered campaign, packing traces of Ryuk ransomware, aims to steal confidential information

3 ways a data catalog can help optimize your business

IBM Big Data Hub

The best data catalogs can automate the process to collect, classify and profile data to ensure the highest standards of quality. Here are three popular use cases detailing why companies are moving towards IBM’s Watson Knowledge Catalog

Data 85