Wed.Sep 11, 2019

NY Payroll Company Vanishes With $35 Million

Krebs on Security

MyPayrollHR , a now defunct cloud-based payroll processing firm based in upstate New York, abruptly ceased operations this past week after stiffing employees at thousands of companies.

Microsoft Patches 2 Windows Flaws Already Being Exploited

Data Breach Today

September's Patch Tuesday Addresses Elevation of Privileges Flaws As part of its September Patch Tuesday security update, Microsoft issued software fixes for two vulnerabilities in several versions of Windows that it says are being exploited by attackers in the wild.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

NEW TECH: LogicHub introduces ‘virtualized’ security analysts to help elevate SOAR

The Last Watchdog

One of the promising cybersecurity trends that I’ve been keeping an eye on is this: SOAR continues to steadily mature. Security orchestration, automation and response, or SOAR, is a fledgling security technology stack that first entered the cybersecurity lexicon about six years ago. Related: Here’s how Capital One lost 100 million customer records SOAR holds the potential to slow – and, ultimately, to help reverse – the acute and worsening cybersecurity skills shortage.

Ransomware Attack on Utah Clinic Affects 320,000

Data Breach Today

Experts Warn That Attacks Continue to Evolve The ransomware blitz against the healthcare sector continues: A Utah clinic has reported an attack that potentially affected 320,000 patients, making it one of the largest breaches of its kind so far this year

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

NetCAT attack allows hackers to steal sensitive data from Intel CPUs

Security Affairs

Experts discovered a flaw dubbed NetCAT (Network Cache ATtack) that affects all Intel server-grade processors and allows to sniff sensitive data over the network.

More Trending

More on Law Enforcement Backdoor Demands

Schneier on Security

The Carnegie Endowment for International Peace and Princeton University's Center for Information Technology Policy convened an Encryption Working Group to attempt progress on the "going dark" debate. They have released their report: " Moving the Encryption Policy Conversation Forward.

Government Agencies Field More Cybersecurity Maturity Models

Data Breach Today

Pentagon and DOE Pitch Security Frameworks - But Should They Defer to NIST? The Pentagon and the Department of Energy are pitching new or revised cybersecurity capability maturity models to help their sectors prioritize cybersecurity investments and refine processes and controls.

Some models of Comba and D-Link WiFi routers leak admin credentials

Security Affairs

Security experts have discovered that some models of D-Link and Comba WiFi routers leak their administrative login credentials in plaintext. Security researchers from Trustwave’s SpiderLabs have discovered several credential leaking vulnerabilities in some models of D-Link and Comba Telecom.

Chinese APT Group 'Thrip' Powers Ahead

Data Breach Today

Hackers Have Attacked at Least 12 Targets Since 2018, Symantec Researchers Say A Chinese advanced persistent threat group dubbed "Thrip" has attacked at least 12 organizations in Southeast Asia since being exposed last year, Symantec researchers say.

199
199

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Dissecting the 10k Lines of the new TrickBot Dropper

Security Affairs

Malware researc h ers at Yoroi -Cybaze analyzed the TrickBot dropper, a threat that has infected victims since 2016. Introduction. TrickBot it is one of the best known Banking Trojan which has been infecting victims since 2016, it is considered a cyber-crime tool.

Remote Desktop Protocol: The Security Risks

Data Breach Today

In the past year, cybercriminals behind two of the biggest ransomware attacks have abandoned other techniques in favor of exploiting remote desktop protocol. Matt Boddy of Sophos explains why RDP attacks are so popular - and what you can do to discourage them

Risk 138

LokiBot info stealer involved in a targeted attack on a US Company

Security Affairs

Security researchers at Fortinet uncovered a malspam campaign aimed distributing the LokiBot malware at a US manufacturing company. FortiGuard SE Team experts uncovered a malspam campaign aimed distributing the LokiBot malware at a US manufacturing company.

Moving to an Agile “New” Big Data Paradigm

Perficient Data & Analytics

A few years ago, I was in the middle of getting together a conceptual architectural document for a project that required very agile methodologies based on microservices and cross- functional teams.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

The Wolcott school district suffered a second ransomware attack in 4 months

Security Affairs

Another ransomware attack hits a school district, the victim is an institute in Connecticut that was targeted twice in only four months. For the second time in just four months, another the Wolcott school district in Connecticut was a victim of a ransomware attack.

Driving Data

Perficient Data & Analytics

Stuck In Rush Hour. A few days ago I was driving home from Atlanta during rush hour and my phone died. All I could see in front of me were brake lights and red lights. Not a huge deal, I knew where I wanted to go and I knew how to get there.

Sales 83

Unseen 9/11 photos bought at house clearance sale

IG Guru

June 19 2019 via BBC News Archivists who bought a stash of CDs at a house clearance sale found 2,400 photos of Ground Zero in New York taken following the 9/11 attacks in 2001.

Sales 81

Intel CPUs Vulnerable to Sensitive Data Leakage in NetCAT Attack

Threatpost

A new attack on Intel server-grade CPUs could allow the leakage of SSH passwords - but luckily it's not easy to exploit. Hacks Vulnerabilities Intel Intel CPU intel server intel xeon netCAT Side-channel attack ssh passwords

IT 110

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Catches of the month: Phishing scams for September 2019

IT Governance

We’re back for another round-up of phishing scams that caught our eye over the past month. This series provides real-life examples of phishing emails, helping you understand how they work and what you should do to avoid falling victim. You can check out last month’s list if you missed it.

Major Groupon, Ticketmaster Fraud Scheme Exposed By Insecure Database

Threatpost

An exposed database containing 17 million email addresses exposed a massive fraud scheme impacting vendors like Groupon and Ticketmaster. Web Security cybercriminal database exposed data exposed emails Fraud groupon ticketmaster

Proposed Browser Security Guidelines Would Mean More Work for IT Teams

Dark Reading

CA/Browser Forum wants SSL certificates to expire after a year. Many businesses that rely on them aren't equipped to cope

IT 101

198 Million Car-Buyer Records Exposed Online for All to See

Threatpost

An Elastica DB belonging to Dealer Leads exposed a raft of information collected by "research" websites aimed at prospective car buyers.

Cloud 108

5 things you need to do to scale robotic process automation

DXC Technology

Raise your hand if you have deployed one or more robots in your operations. Now raise your hand if you have deployed one hundred or more robots. Not there yet? No worry, as that is currently the situation in most businesses. With robotic process automation (RPA) pilots almost everywhere, creating industrial scale has emerged […]. Business Processes Robotics rpa

68

Strangest Phishing Lures of 2019: From Divorce Papers to Real Estate Decoys

Threatpost

Proofpoint's senior director of the threat research team discusses the strange levels that attackers are going to in order to persuade victims to click on phishing messages. Podcasts Web Security brain food scam Credential Theft deepfake enterprise malicious email malspam Phishing Spam Web security

Community Projects Highlight Need for Security Volunteers

Dark Reading

From university courses to open source self-starters, community software projects aim to solve problems for populations in need. A focus on security is required as well

Feds Indict 281 People for Involvement in Massive E-Mail Fraud Scheme

Threatpost

A coordinated effort between multiple agencies arrested suspects in Nigeria, the U.S. and eight other countries as well as seized nearly $3.7 million.

How responsible are cloud platforms for data security?

Information Management Resources

A trustworthy cloud developer should take precautions and improve cloud security the best it can—but how responsible should the developer be for ensuring the integrity of their system? Cyber security Data security Cloud computing

Cloud 62

ThreatList: Apple Adware, Phishing, APT Attacks Threaten macOS Users

Threatpost

Telemetry for the first half of the year shows that Apple's ecosystem is firmly in cybercriminals' sights. Malware Most Recent ThreatLists Web Security 2019 Adware apple APT attacks first half is it safer Kaspersky Lazarus Group macOS malware Phishing shlayer the report

281 Arrested in International BEC Takedown

Dark Reading

Conspirators stole more than 250,000 identities and filed more than 10,000 fraudulent tax returns, the Department of Justice reports

81

CISO/CIO: Get an iPad and Apple Watch with an App Monitoring your Security 24/7

Threatpost

The Cynet Dashboard provides 24/7 visibility into an organization's security, with real-time alerts and the ability to react as things happen

Fed Kaspersky Ban Made Permanent by New Rules

Dark Reading

A new set of regulations converts the government ban on using Kaspersky products from a temporary rule to one that's permanent