Tue.May 14, 2019

Attackers Exploit WhatsApp Flaw to Auto-Install Spyware

Data Breach Today

Immediate App Updating Required to Protect Apple and Android Device Users Facebook is warning users of its WhatsApp messaging app to update immediately to fix a flaw that is being used to remotely install Pegasus surveillance software from Israel's NSO Group.

Groups 263

Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003

Krebs on Security

WhatsApp Exploit Reveals 'Legalized Hacking' at Work

Data Breach Today

Attackers exploiting a buffer overflow in WhatsApp's signaling software to automatically infect devices with malware - without users even having to answer their phone - and then alter call logs to hide attack traces is "a bit of a nightmare scenario," says cybersecurity expert Alan Woodward

What is deep learning, and how is it different from machine learning?

Information Management Resources

The terms artificial intelligence, deep learning and machine learning are often used interchangeably. That can be confusing if you are not aware of the distinctions. Deep learning Artificial intelligence Machine learning

IT 118

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Cisco's 'Thrangrycat' Router Flaw Tough to Neuter

Data Breach Today

Vulnerability Could Compromise Secure Boot Process Researchers report finding a vexing vulnerability in Cisco routers that could invisibly undermine device integrity and allow attackers to take full control of a router, if combined with a second exploit.

More Trending

Ransomware Increasingly Hits State and Local Governments

Data Breach Today

Yet These Victims Are Less Likely to Pay Any Ransom, Recorded Future Finds Over the past two years, the number of ransomware attacks against state and local government agencies has increased. But at the same time, these victims are paying less to attackers.

Millions of computers powered by Intel chips are affected by MDS flaws

Security Affairs

Millions of computers powered by Intel processors are affected by a new class of vulnerabilities ( MDS ) that can leak potentially sensitive data.

Data 102

Capturing ROI on Your Unified Endpoint Management Investment

Data Breach Today

Unified endpoint management exists because devices have grown in number, variety and complexity of how they're being used in the workplace. So how should IT and security leaders approach UEM? John Harrington Jr. and Ryan Schwartz of IBM MaaS360 with Watson share insight

WhatsApp zero-day exploited in targeted attacks to deliver NSO spyware

Security Affairs

Facebook fixed a critical zero-day flaw in WhatsApp that has been exploited to remotely install spyware on phones by calling the targeted device.

Groups 101

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

BEST PRACTICES: The case for ‘adaptive MFA’ in our perimeter-less digital environment

The Last Watchdog

One of the catch phrases I overheard at RSA 2019 that jumped out at me was this: “The internet is the new corporate network.” Related: ‘Machine identities’ now readily available in the Dark Net Think about how far we’ve come since 1999, when the Y2K scare alarmed many, until today, with hybrid cloud networks the norm. There’s no question the benefits of accelerating digital transformation are astounding.

WhatsApp urges users to update app after massive security failure

IT Governance

If you’ve recently had a missed call on WhatsApp from a number you didn’t recognise, cyber criminals might be spying on you. The Facebook-owned app has admitted that cyber criminals have exploited a major vulnerability in its voice call function and are planting spyware on users’ phones.

Thrangrycat flaw could allow compromising millions of Cisco devices

Security Affairs

Security firm Red Balloon discovered a severe vulnerability dubbed Thrangrycat , in Cisco products that could be exploited to an implant persistent backdoor in many devices. Experts at Red Balloon Security disclosed two vulnerabilities in Cisco products.

The Necessity of Data Security: Recapping the 2019 Thales Data Security Summit

Thales eSecurity

Digital transformation is driving IT modernization, IoT, and cloud migrations at a record pace in the federal government.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

How Hackers Broke WhatsApp With Just a Phone Call

WIRED Threat Level

All it took to compromise a smartphone was a single phone call over WhatsApp. The user didn't even have to pick up the phone. Security Security / Cyberattacks and Hacks

IT 94

Robots thrive in the forest on jobs that humans find too boring

Information Management Resources

From watching pulp cook for hours on end and tracking parasite bugs on satellite photos to handling lengthy legal documents, Swedish forest companies are creating new jobs they would never ask a human to do. Artificial intelligence Machine learning Data management

Adobe patches over 80 flaws in Flash, Acrobat Reader, and Media Encoder

Security Affairs

Adobe Patch Tuesday updates for May 2019 address a critical flaw in Flash Player and more than 80 vulnerabilities in Acrobat products. Adobe Patch Tuesday updates for May 2019 address a total of 84 vulnerabilities in Acrobat and Acrobat Reader products for Windows and macOS.

How IoT, AI and blockchain will enable tomorrow’s autonomous supply chain

OpenText Information Management

One of the fastest growing technology areas in the automotive industry relates to autonomous and connected vehicle technologies. The word autonomous has been associated with the automotive industry for a few years however it is now starting to find its way into the supply chain as well.

Change is scary. Disruption is scary. Being left behind is scarier

DXC Technology

The world of work is about to change dramatically. Truthfully, it already has been for some time, driven by stunning advances in digital technology and a shift in the job market toward a gig economy. But the already torrid pace of change will accelerate over the next 15 years, rendering unrecognizable many of the tools […]. Career Digital Transformation Leadership and Success adaptability change management collaboration critical thinking

Microsoft Patches Zero-Day Bug Under Active Attack

Threatpost

Microsoft Patch Tuesday security bulletin tackles 22 critical vulnerabilities. Vulnerabilities Web Security critical patch Elevation of Privileges vulnerability Microarchitectural Data Sampling Microsoft’s May Patch Tuesday patch tuesday zombieload

Data 114

Why AI Will Create Far More Jobs Than It Replaces

Dark Reading

Just as spreadsheets and personal computers created a job boom in the '70s, so too will artificial intelligence spur security analysts' ability to defend against advanced threats

Uniqlo owner says 460,000 online accounts accessed in Japan hack

Information Management Resources

Fast Retailing Co., Asia’s largest retailer, said hackers may have gained access to the personal information of about half a million users of its Uniqlo and GU brand e-commerce portals. Data security Cyber security Cyber attacks

North Korea-linked ScarCruft APT adds Bluetooth Harvester to its arsenal

Security Affairs

The North Korea-linked APT group ScarCruft (aka APT37 and Group123) continues to expand its arsenal by adding a Bluetooth Harvester. North Korea-linked APT group ScarCruft (aka APT37 , Reaper, and Group123) continues to expand its arsenal by adding a Bluetooth Harvester.

BSA releases new Software Security Framework to guide developers

Information Management Resources

Tommy Ross, BSA’s cybersecurity expert, talks with Information Management about the new Framework and how it will impact software development. Data security Data strategy Cyber security Fraud prevention Encryption

Linux Kernel Flaw Allows Remote Code-Execution

Threatpost

The bug is remotely exploitable without authentication or user interaction. Vulnerabilities CVE-2019-11815 Kernel Linux race condition remote code execution use-after-free vulnerability

Microsoft will spend $100M on African development center

Information Management Resources

The software giant plans to hire 100 full-time developers at the two sites by the end of this year and expand to 500 by the end of 2023. Software professionals Artificial intelligence Microsoft

Malware Training Sets: FollowUP

Security Affairs

The popular expert Marco Ramilli provided a follow up to its Malware classification activity by adding a scripting section which would be useful for several purposes. On 2016 I was working hard to find a way to classify Malware families through artificial intelligence (machine learning).

Baltimore Ransomware Attack Takes Strange Twist

Dark Reading

Tweet suggests possible screenshot of stolen city documents and credentials in the wake of attack that took down city servers last week

Intel CPUs Impacted By New Class of Spectre-Like Attacks

Threatpost

Intel has disclosed a new class of speculative execution side channel attacks. Hacks Vulnerabilities Intel Intel CPU Meltdown Side-channel attack Spectre speculative execution zombieload

107
107

WhatsApp Was Hacked, Your Computer Was Exposed, and More News

WIRED Threat Level

Catch up on the most important news today in 2 minutes or less. Security Security / Cyberattacks and Hacks

Apple Patches Intel Side-Channel Bugs; Updates iOS, macOS and More

Threatpost

A massive update addresses the breadth of the computing giant's product portfolio. Vulnerabilities apple Apple TV Apple Watch Intel ios macOS may 2019 Microarchitectural Data Sampling Patches side-channel Updates zombieload

Data 97

Cryptanalysis of SIMON-32/64

Schneier on Security

A weird paper was posted on the Cryptology ePrint Archive (working link is via the Wayback Machine), claiming an attack against the NSA-designed cipher SIMON. You can read some commentary about it here.