Wed.Mar 25, 2020

US Government Sites Give Bad Security Advice

Krebs on Security

Many U.S. government Web sites now carry a message prominently at the top of their home pages meant to help visitors better distinguish between official U.S. government properties and phishing pages. Unfortunately, part of that message is misleading and may help perpetuate a popular misunderstanding about Web site security and trust that phishers have been exploiting for years now. For example, the official U.S.

More Ransomware Gangs Join Data-Leaking Cult

Data Breach Today

Report: Nefilim, CLOP, Sekhmet Follow in Maze Gang's Footsteps More bad ransomware news: Following in the footsteps of Maze, now even more cybercrime gangs are threatening to not only crypto-lock systems but also leak stolen data. Such moves come following a banner year for ransomware operators, who are continuing to bring more advanced tactics to bear

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

MY TAKE: Deploying ‘machine learning’ at router level helps companies prepare for rise of 5G

The Last Watchdog

Machine learning (ML) and digital transformation (DX) go hand in glove. We’ve mastered how to feed data into pattern-recognition algorithms. And as we accelerate the digitalization of everything, even more data is being generated. Related: Defending networks with no perimeter Machine learning already is deeply embedded in the online shopping, banking, entertainment and social media systems we’ve come to rely on.

FBI Shutters Alleged Russian Cybercriminal Forum

Data Breach Today

Enabled Fraudsters to Buy and Sell Stolen Data, Federal Prosecutors Say The FBI this week seized the domain of Deer.io, which federal authorities describe as a clearinghouse for stolen data and cybercriminal services operating from Russia. The alleged administrator of the now-shuttered site has been arrested and charged

156
156

How to Solve 4 Common Challenges of Legacy Information Management

Speaker: Chris McLaughlin, Chief Marketing Officer and Chief Product Officer, Nuxeo

After 20 years of Enterprise Content Management (ECM), businesses still face many of the same challenges with finding and managing information. Join Chris McLaughlin, CMO and CPO of Nuxeo, as he examines four common business challenges that these legacy ECM systems pose and how they can be addressed with a more modern approach.

The Postal Service's Surprising Role in Surviving Doomsday

WIRED Threat Level

The little-known Postal Plan, which dates back to the Clinton era, charges mail carriers with delivering critical supplies—like vaccines—as a last resort. Security Security / National Security

More Trending

China-linked APT41 group exploits Citrix, Cisco, Zoho flaws

Security Affairs

The China-linked group tracked as APT41 exploited vulnerabilities in Citrix, Cisco, and ManageEngine in a campaign on a global scale. The China-linked cyberespionage group tracked as APT41 exploited vulnerabilities in Citrix, Cisco, and Zoho ManageEngine in a campaign on a global scale. The campaign was uncovered by FireEye , threat actor targeted many organizations worldwide the world by exploiting vulnerabilities in Citrix, Cisco and Zoho ManageEngine products.

Managing Supply Chain Challenges During the COVID-19 Crisis

Data Breach Today

While responding to the COVID-19 crisis, supply chain risks can be better managed if an organization continues to rely on its longtime vendors, says Daniel Bowden, CISO at Sentara Healthcare, who offers insights on third-party security risk management in the current environment

Risk 125

FBI Shutters Russian-Based Hacker Platform, Makes Arrest

Dark Reading

The Deer.io platform let cybercriminals buy access to virtual storefronts where they could sell illicit products and services

Mobile Malware Bypasses Banks' 2-Factor Authentication: Report

Data Breach Today

IBM Researchers Describe How 'TrickMo,' a TrickBot Variant, Works A variant of the TrickBot Trojan bypasses two-factor authentication for mobile banking, for example, by intercepting one-time codes sent over SMS, according to IBM X-Force

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Missing Patches, Misconfiguration Top Technical Breach Causes

Dark Reading

Less than half of businesses surveyed can patch critical vulnerabilities within 72 hours. Why does the process take so long

66

Microsoft Alert: Fresh Zero-Day Flaws Found in Windows

Data Breach Today

Limited Targeted Attacks' Already Being Tracked by Technology Giant Microsoft is warning that attackers are exploiting a pair of critical, zero-day flaws in Windows that allow for remote code execution, which could enable a threat actor to take over an infected device. Although a patch for the flaws is not expected until April, the company described workarounds

118
118

Tupperware website has been compromised with a payment card skimmer

Security Affairs

The Tupperware website, the popular manufactured of plastic food container products was infected with a payment card skimmer. Hackers have compromised the website of the popular vendor of plastic food container products Tupperware implanting a payment card skimmer used to steal customers’ payment card details. The official website has approximately 1 million monthly visits on average. The malicious code was also discovered in some localized versions of the official Tupperware website.

CMS 65

COVID-19 and the CISO: Jim Routh on Leadership

Data Breach Today

MassMutual CISO on the Challenge of Securing Remote Workforce, Supply Chain At its core, cybersecurity is about applying scarce resources to the highest risk. And nothing quite puts that tenet to the test like the COVID-19 pandemic. Jim Routh, CISO of MassMutual, discusses the challenges of managing a remote workforce and third-party relationships during this crisis

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Facial Recognition for People Wearing Masks

Schneier on Security

The Chinese facial recognition company Hanwang claims it can recognize people wearing masks : The company now says its masked facial recognition program has reached 95 percent accuracy in lab tests, and even claims that it is more accurate in real life, where its cameras take multiple photos of a person if the first attempt to identify them fails. [.]. Counter-intuitively, training facial recognition algorithms to recognize masked faces involves throwing data away.

IT 61

Tupperware Hit By Card Skimmer Attack

Dark Reading

Malicious code was found hidden inside graphics files on the storage container maker's e-commerce website

57

Fake Coronavirus Finder spread Ginp Mobile Banker

Security Affairs

Security experts have spotted a new COVID-themed campaign aimed at distributing the Ginp Mobile Banker with “Coronavirus Finder” lure. With the COVID19 outbreak, the number of Coronavirus-themed attacks is rapidly increasing. Kaspersky Lab experts have uncovered a malicious campaign that is spreading the Android banking trojan Ginp masquerade as a Coronavirus Finder.

COVID-19: Getting Ready for the Next Business Continuity Challenge

Dark Reading

What comes after you've empowered your remote workforce in the wake of the coronavirus pandemic? Dealing with a large portion of that workforce getting sick at the same time

56

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Tor Browser 9.0.7 addresses a flaw that could allow unmasking Tor users

Security Affairs

The Tor Project released Tor Browser 9.0.7 that definitively addresses a vulnerability that allowed to execute JavaScript code on sites it should not. The Tor Project released Tor Browser 9.0.7 that permanently addresses a severe bug that allowed JavaScript code to run on sites it should not. Time to update: There's a new version of Tor Browser out now. Tor Browser 9.0.7 updates Tor to 0.4.2.7 and NoScript to 11.0.19.

Do DevOps Teams Need a Company Attorney on Speed Dial?

Dark Reading

In today's regulatory and legislative environment, companies and individuals are exposed to lawsuits over security breaches, resulting in significant fines and ending careers

Secure together: Managing your WordPress access during coronavirus

IT Governance

If a week is a long time in politics, then it’s a veritable aeon when it comes to economy-collapsing, pub-closing, sports-halting pandemics. In the space of a few days, we’ve gone from mild concern as we looked at statistics, to frustration as pubs and restaurants closed, to cautiously stocking up on supplies, and eventually to a numbing acceptance that we’re all going to be stuck inside for the foreseeable future.

CMS 47

Creating trusted COVID-19 data for communities

IBM Big Data Hub

In these rapidly changing times, we all need to get the best information available to make better informed decisions. Between news reports, adjusting to social distancing practices, and other daily adjustments, many of us face a deluge of incoming information.

IT 67

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

IG Maturity Index Report 2020 from ARMA International

IG Guru

We’re very excited to have launched our new research report: IG Maturity Index Report–2020. This is the first time that we’ve truly seen that a majority of organizations are enacting Information Governance – so it adds an extra positive dimension to the work. It’s also ARMA’s first independent research report in over 5 years, so […]. The post IG Maturity Index Report 2020 from ARMA International appeared first on IG GURU.

IT 46

Critical RCE Bug Affects Millions of OpenWrt-based Network Devices

Security Affairs

A security researcher disclosed technical details of a critical remote code execution flaw affecting the OpenWrt Linux-based operating system for network devices. Earlier this year, security expert Guido Vranken from the software firm ForAllSecure, discovered a critical vulnerability in the OpenWrt Linux-based operating system for network devices.

European Data Protection Board Releases Statement on Personal Data and COVID-19

Data Matters

On 20 March 2020, the European Data Protection Board (“ EDPB ”) released a statement on the protection of personal data in connection with measures that public authorities and business organizations (including employers) are taking to address the Coronavirus (COVID-19) pandemic. This statement is an extension of the statement released by the EDPB chair on 16 March 2020, (which can be accessed here ).

Exploring technology innovation at SITE Centers

OpenText Information Management

We are currently seeing a shift in enterprises looking to innovation not just to disrupt, but to solve real business problems as well. As a publicly-traded Real Estate Investment Trust with over 500 value-oriented shopping centers representing 130 million square feet in 41 states, SITE Centers is no stranger to these challenges—or to the potential … The post Exploring technology innovation at SITE Centers appeared first on OpenText Blogs. Technologies Content Services

Apple Safari Blocks Ad-Targeting Cookie Support

Threatpost

The move follows Google’s announcement last May that it would do the same in Chrome by 2022. Web Security ad targeting ads Advertisers apple block Brave browsers chrome Cookies google Intelligent Tracking Prevention online activity Safari Security third party Tor WebKit

IT 64

Agility delivers the world’s goods using greener routes

OpenText Information Management

For leading logistic company Agility, having access to their data through an integrated information platform can provide the insights needed to streamline operations and reduce carbon emissions throughout the supply chain. For decades, Agility ran operations as had been done for centuries: rife with paper trails. Even as email and fax sped delivery, lack of … The post Agility delivers the world’s goods using greener routes appeared first on OpenText Blogs.

Paper 45

What Should I Do If Someone Is Impersonating My Company in a Phishing Campaign?

Dark Reading

Two security awareness advocates from KnowBe4 provide some solid suggestions

7 Maintenance Questions Every IT Pro Should Ask

Daymark

In today’s multi-vendor, multi-cloud world, managing IT maintenance contracts can easily spiral out of control. Not having a full grasp of where they all stand can be costly in terms of both budget and vulnerabilities from out of support equipment and software. We’ve identified seven questions that every IT organization should ask to truly understand if their maintenance management is fully optimized: Reporting

Cloud 43