Tue.May 14, 2019

Attackers Exploit WhatsApp Flaw to Auto-Install Spyware

Data Breach Today

Immediate App Updating Required to Protect Apple and Android Device Users Facebook is warning users of its WhatsApp messaging app to update immediately to fix a flaw that is being used to remotely install Pegasus surveillance software from Israel's NSO Group.

Groups 255

Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003

Krebs on Security

WhatsApp Exploit Reveals 'Legalized Hacking' at Work

Data Breach Today

Attackers exploiting a buffer overflow in WhatsApp's signaling software to automatically infect devices with malware - without users even having to answer their phone - and then alter call logs to hide attack traces is "a bit of a nightmare scenario," says cybersecurity expert Alan Woodward

BEST PRACTICES: The case for ‘adaptive MFA’ in our perimeter-less digital environment

The Last Watchdog

One of the catch phrases I overheard at RSA 2019 that jumped out at me was this: “The internet is the new corporate network.” Related: ‘Machine identities’ now readily available in the Dark Net Think about how far we’ve come since 1999, when the Y2K scare alarmed many, until today, with hybrid cloud networks the norm. There’s no question the benefits of accelerating digital transformation are astounding.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Cisco's 'Thrangrycat' Router Flaw Tough to Neuter

Data Breach Today

Vulnerability Could Compromise Secure Boot Process Researchers report finding a vexing vulnerability in Cisco routers that could invisibly undermine device integrity and allow attackers to take full control of a router, if combined with a second exploit.

More Trending

Ransomware Increasingly Hits State and Local Governments

Data Breach Today

Yet These Victims Are Less Likely to Pay Any Ransom, Recorded Future Finds Over the past two years, the number of ransomware attacks against state and local government agencies has increased. But at the same time, these victims are paying less to attackers.

The Necessity of Data Security: Recapping the 2019 Thales Data Security Summit

Thales eSecurity

Digital transformation is driving IT modernization, IoT, and cloud migrations at a record pace in the federal government.

Capturing ROI on Your Unified Endpoint Management Investment

Data Breach Today

Unified endpoint management exists because devices have grown in number, variety and complexity of how they're being used in the workplace. So how should IT and security leaders approach UEM? John Harrington Jr. and Ryan Schwartz of IBM MaaS360 with Watson share insight

Millions of computers powered by Intel chips are affected by MDS flaws

Security Affairs

Millions of computers powered by Intel processors are affected by a new class of vulnerabilities ( MDS ) that can leak potentially sensitive data.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

WhatsApp urges users to update app after massive security failure

IT Governance

If you’ve recently had a missed call on WhatsApp from a number you didn’t recognise, cyber criminals might be spying on you. The Facebook-owned app has admitted that cyber criminals have exploited a major vulnerability in its voice call function and are planting spyware on users’ phones.

WhatsApp zero-day exploited in targeted attacks to deliver NSO spyware

Security Affairs

Facebook fixed a critical zero-day flaw in WhatsApp that has been exploited to remotely install spyware on phones by calling the targeted device.

Groups 101

How Hackers Broke WhatsApp With Just a Phone Call

WIRED Threat Level

All it took to compromise a smartphone was a single phone call over WhatsApp. The user didn't even have to pick up the phone. Security Security / Cyberattacks and Hacks

IT 96

Thrangrycat flaw could allow compromising millions of Cisco devices

Security Affairs

Security firm Red Balloon discovered a severe vulnerability dubbed Thrangrycat , in Cisco products that could be exploited to an implant persistent backdoor in many devices. Experts at Red Balloon Security disclosed two vulnerabilities in Cisco products.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

How IoT, AI and blockchain will enable tomorrow’s autonomous supply chain

OpenText Information Management

One of the fastest growing technology areas in the automotive industry relates to autonomous and connected vehicle technologies. The word autonomous has been associated with the automotive industry for a few years however it is now starting to find its way into the supply chain as well.

Adobe patches over 80 flaws in Flash, Acrobat Reader, and Media Encoder

Security Affairs

Adobe Patch Tuesday updates for May 2019 address a critical flaw in Flash Player and more than 80 vulnerabilities in Acrobat products. Adobe Patch Tuesday updates for May 2019 address a total of 84 vulnerabilities in Acrobat and Acrobat Reader products for Windows and macOS.

Microsoft Patches Zero-Day Bug Under Active Attack

Threatpost

Microsoft Patch Tuesday security bulletin tackles 22 critical vulnerabilities. Vulnerabilities Web Security critical patch Elevation of Privileges vulnerability Microarchitectural Data Sampling Microsoft’s May Patch Tuesday patch tuesday zombieload

Data 112

What is deep learning, and how is it different from machine learning?

Information Management Resources

The terms artificial intelligence, deep learning and machine learning are often used interchangeably. That can be confusing if you are not aware of the distinctions. Deep learning Artificial intelligence Machine learning

IT 111

Baltimore Ransomware Attack Takes Strange Twist

Dark Reading

Tweet suggests possible screenshot of stolen city documents and credentials in the wake of attack that took down city servers last week

North Korea-linked ScarCruft APT adds Bluetooth Harvester to its arsenal

Security Affairs

The North Korea-linked APT group ScarCruft (aka APT37 and Group123) continues to expand its arsenal by adding a Bluetooth Harvester. North Korea-linked APT group ScarCruft (aka APT37 , Reaper, and Group123) continues to expand its arsenal by adding a Bluetooth Harvester.

Linux Kernel Flaw Allows Remote Code-Execution

Threatpost

The bug is remotely exploitable without authentication or user interaction. Vulnerabilities CVE-2019-11815 Kernel Linux race condition remote code execution use-after-free vulnerability

Malware Training Sets: FollowUP

Security Affairs

The popular expert Marco Ramilli provided a follow up to its Malware classification activity by adding a scripting section which would be useful for several purposes. On 2016 I was working hard to find a way to classify Malware families through artificial intelligence (machine learning).

Intel CPUs Impacted By New Class of Spectre-Like Attacks

Threatpost

Intel has disclosed a new class of speculative execution side channel attacks. Hacks Vulnerabilities Intel Intel CPU Meltdown Side-channel attack Spectre speculative execution zombieload

104
104

Why AI Will Create Far More Jobs Than It Replaces

Dark Reading

Just as spreadsheets and personal computers created a job boom in the '70s, so too will artificial intelligence spur security analysts' ability to defend against advanced threats

WhatsApp Was Hacked, Your Computer Was Exposed, and More News

WIRED Threat Level

Catch up on the most important news today in 2 minutes or less. Security Security / Cyberattacks and Hacks

Apple Patches Intel Side-Channel Bugs; Updates iOS, macOS and More

Threatpost

A massive update addresses the breadth of the computing giant's product portfolio. Vulnerabilities apple Apple TV Apple Watch Intel ios macOS may 2019 Microarchitectural Data Sampling Patches side-channel Updates zombieload

Data 98

Cryptanalysis of SIMON-32/64

Schneier on Security

A weird paper was posted on the Cryptology ePrint Archive (working link is via the Wayback Machine), claiming an attack against the NSA-designed cipher SIMON. You can read some commentary about it here.

WhatsApp Zero-Day Exploited in Targeted Spyware Attacks

Threatpost

WhatsApp has patched a vulnerability that allowed attackers to install spyware on victims' phones. Government Vulnerabilities attack Exploit malware NSO Group Pegasus Spyware surveillance WhatsApp WhatsApp zero day zero day vulnerability

Robots thrive in the forest on jobs that humans find too boring

Information Management Resources

From watching pulp cook for hours on end and tracking parasite bugs on satellite photos to handling lengthy legal documents, Swedish forest companies are creating new jobs they would never ask a human to do. Artificial intelligence Machine learning Data management

Manwiller Joins The Crowley Company as CFO

Document Imaging Report

Frederick, Md. Effective Monday, May 6, Jeffrey (Jeff) Manwiller, CPA, has joined The Crowley Company as its chief financial officer.

Providing equal learning opportunities through 1-to-1 iPad programs

Jamf

Sewanhaka Central High School District is doing incredible things with their iPad program. In part one of our three-part blog series, we examine why the district chose iPad over other education technologies

Law firms report increase in staff-related security incidents

IT Governance

Staff can jeopardise a firm’s security with a single moment of carelessness. 2018 saw a significant rise in the number of law firms reporting security incidents concerning their own staff, up from 33% in 2017 to 46% in 2018 according to research by PwC. These incidents included the loss or leakage of confidential information, highlighting the need for better information security management within the legal sector. Look closer to home – insider threats.