Wed.Dec 05, 2018

Top Republican Email Accounts Compromised

Data Breach Today

National Republican Congressional Committee Emails Spied On For Months Thousands of emails from four senior aides within the National Republican Congressional Committee were exposed after their accounts were compromised for several months earlier this year, Politico reports on Tuesday.

221

CVE-2018-15982 Adobe zero-day exploited in targeted attacks

Security Affairs

Adobe released security updates for Flash Player that address two vulnerabilities, including a critical flaw, tracked as CVE-2018-15982, exploited in targeted attacks.

Phishing, Ransomware Attacks Continue to Menace Healthcare

Data Breach Today

Arizona Cancer Center a Recent Victim of Major Phishing Attack As the year winds down, phishing and ransomware attacks continue to plague the healthcare sector, as illustrated by recent breach reports. A hospital owned by Cancer Treatment Centers of America is among the latest phishing victims

14 Questions Robert Mueller Knows the Answer To

WIRED Threat Level

The Russia investigation's known unknowns give valuable hints about the special counsel's next moves. Security

Black Hat Europe: The Power of Attribution

Data Breach Today

180

GUEST ESSAY: Atrium Health data breach highlights lingering third-party exposures

The Last Watchdog

The healthcare industry has poured vast resources into cybersecurity since 2015, when a surge of major breaches began. While the nature of these breaches has evolved over the last four years, the growth in total healthcare incidents has unfortunately continued unabated. Related: How to get of HIPAA hit list. The recent disclosure from Atrium Health that more than 2.65

Applying Secure Multiparty Computation Technology

Data Breach Today

Israel-based Yehuda Lindell, a cryptography professor, describes how to use secure multiparty computation technology to protect cryptographic keys and describes other potential security applications

More Trending

Mozilla Releases Annual Privacy Guide to Holiday Shopping

Adam Levin

The Mozilla Foundation has released the second installation of *Privacy Not included, the organization’s annual privacy guide to internet-connected gifts. The list was started to promote the idea that privacy and security by design can and should be a major selling point.

Fractured Block Campaign: CARROTBAT dropper dupports a dozen decoy document formats

Security Affairs

Palo Alto Networks recently discovered a malware dropper, dubbed CARROTBAT, that supports a dozen decoy document file formats to drop many payloads.

Security Risks of Chatbots

Schneier on Security

Good essay on the security risks -- to democratic discourse -- of chatbots. lies nationalsecuritypolicy propaganda risks

Risk 74

How to create a risk assessment matrix

IT Governance

To comply with ISO 27001 , the international standard for information security, you need to know how to perform a risk assessment. This process is at the core of your compliance measures, as it helps you identify the threats you face and the controls you need to implement.

Risk 73

Email accounts of top NRCC officials were hacked in 2018

Security Affairs

Threat actors had access to the email accounts of at least four NRCC aides and spied on thousands of sent and received emails for several months. The email system at the National Republican Congressional Committee (NRCC), the Republican Party’s campaigning arm, was hacked.

So I’m Going to China Saturday. That Just Got Interesting.

John Battelle's Searchblog

So yes, I am planning on going to China on Saturday. My first time, I’m a bit embarrassed to say. It’s not for a lack of opportunities, but rather a conviction that when I did go, I’d make a study of it, staying for at least two weeks, if not more.

Toyota Builds Open-Source Car-Hacking Tool

Dark Reading

PASTA' testing platform specs will be shared via open-source

Tools 87

Improving engineer productivity at SMS group with OpenText Exceed TurboX

OpenText Information Management

As part of a global workforce of 13,500 employees, SMS group engineers perform countless complex calculations and simulations when designing and constructing solutions for clients.

What machine learning means for software development

Information Management Resources

Machine learning is poised to change the nature of software development in fundamental ways, perhaps for the first time since the invention of FORTRAN and LISP. Machine learning Artificial intelligence Data strategy

Quora data breach affects 100 million accounts

IT Governance

The question and answer site Quora has released information about a data breach it recently suffered. A post on its website reads: “We recently discovered that some user data was compromised as a result of unauthorized access to one of our systems by a malicious third party.”. Data affected.

A Shift from Cybersecurity to Cyber Resilience: 6 Steps

Dark Reading

Getting to cyber resilience means federal agencies must think differently about how they build and implement their systems. Here's where to begin

White House Facial Recognition Pilot Raises Privacy Alarms

Threatpost

The facial recognition pilot will identify “subjects of interest" around the White House. Privacy facial recognition secret service White House

Are 'agents of transformation' the new top tech worker?

Information Management Resources

There is an urgent need for organizations to identify and nurture “agents of transformation,” a new breed of technology professionals who can drive innovation. Data strategy Data management Data transparency

NAID Announcing the 2019 Conference Keynote Speaker: Howie Long

IG Guru

Howie Long FOX NFL Analyst, Member of Pro Football Hall of Fame Synonymous with individual performance, personal responsibility, preparation, training, team work, leadership and coaching is Howie Long, FOX NFL Analyst, Member of Pro Football Hall of Fame.

6 predictions for the future of analytics

Information Management Resources

The dynamic nature and improved capabilities for analytics continues to excite and enable companies and even individuals to do more and in better ways. Analytics Predictive analytics Chief Analytics Officer

Facebook discussed cashing in on user data, emails suggest

The Guardian Data Protection

Social network staff apparently conversed about removing data restrictions for big ad spenders Facebook staff in 2012 discussed selling access to user data to major advertisers, before ultimately deciding to restrict such access two years later, according to a tranche of internal emails released by the UK parliament.

Symantec Intros USB Scanning Tool for ICS Operators

Dark Reading

ICSP Neural is designed to address USB-borne malware threats security

Tools 72

Kubernetes Flaw is a “Huge Deal,” Lays Open Cloud Deployments

Threatpost

Hackers can steal data, sabotage cloud deployments and more. Cloud Security Vulnerabilities api server cloud deployments containers critical flaw CVE-2018-1002105 Kubernetes Linux Patches vulnerability

Cloud 71

Windows 10 Security Questions Prove Easy for Attackers to Exploit

Dark Reading

New research shows how attackers can abuse security questions in Windows 10 to maintain domain privileges

Is there value in unstructured data?

Information Management Resources

Learning how to interpret random data points and unstructured information often proves to be more than some companies can handle, but it doesn’t have to be. Unstructured data Data types Data management

6 Ways to Strengthen Your GDPR Compliance Efforts

Dark Reading

Companies have some mistaken notions about how to comply with the new data protection and privacy regulation - and that could cost them

Adobe Flash Zero-Day Leveraged Via Office Docs in Campaign

Threatpost

Adobe issued a patch for the zero-day on Wednesday. Vulnerabilities Web Security adobe adobe flash adobe patch Exploit Phishing zero-day

FTC Seeks Public Comment on Identity Theft Rules

Hunton Privacy

On December 4, 2018, the Federal Trade Commission published a notice in the Federal Register indicating that it is seeking public comment on whether any amendments should be made to the FTC’s Identity Theft Red Flags Rule (“Red Flags Rule”) and the duties of card issuers regarding changes of address (“Card Issuers Rule”) (collectively, the “Identity Theft Rules”). The request for comment forms part of the FTC’s systematic review of all current FTC regulations and guides.

Google Cloud Security Command Center Now in Beta

Dark Reading

The beta release of Google Cloud SCC will include broader coverage across the cloud platform and more granular access controls, among other features

AOL Successor Agrees to Pay $4.95 Million in COPPA Enforcement Action

Hunton Privacy

On December 4, 2018, the New York Attorney General (“NY AG”) announced that Oath Inc., which was known as AOL Inc. (“AOL”) AOL”) until June 2017 and is a subsidiary of Verizon Communications Inc., agreed to pay New York a $4.95 million civil penalty following allegations that it had violated the Children’s Online Privacy Protection Act (“COPPA”) by collecting and disclosing children’s personal information in conducting online auctions for advertising placement.

The Case for a Human Security Officer

Dark Reading

Wanted: a security exec responsible for identifying and mitigating the attack vectors and vulnerabilities specifically targeting and involving people

Seriously, Your “Mashup” of eDiscovery Market Estimates Can’t Possibly Be Any Earlier, Right?: eDiscovery Trends

eDiscovery Daily

The appearance of the mashed potato graphic can only mean one thing (besides making me hungry, that is!). It’s time for the eDiscovery Market Size Mashup that Rob Robinson compiles and presents on his Complex Discovery site each year.

Starwood Breach Reaction Focuses on 4-Year Dwell

Dark Reading

The unusually long dwell time in the Starwood breach has implications for both parent company Marriott International and the companies watching to learn from

61

Adobe Patches Zero-Day Vulnerability in Flash Player

Threatpost

The vulnerability could lead to arbitrary code execution. Vulnerabilities Web Security adobe adobe flash adobe patch critical vulnerability Exploit vulnerability zero day

Former Estonian Foreign Minister Urges Cooperation in Cyberattack Attribution, Policy

Dark Reading

Nations must band together to face nation-state cyberattack threats, said Marina Kaljurand

56