Wed.Dec 05, 2018

Top Republican Email Accounts Compromised

Data Breach Today

National Republican Congressional Committee Emails Spied On For Months Thousands of emails from four senior aides within the National Republican Congressional Committee were exposed after their accounts were compromised for several months earlier this year, Politico reports on Tuesday.

211
211

CVE-2018-15982 Adobe zero-day exploited in targeted attacks

Security Affairs

Adobe released security updates for Flash Player that address two vulnerabilities, including a critical flaw, tracked as CVE-2018-15982, exploited in targeted attacks.

Phishing, Ransomware Attacks Continue to Menace Healthcare

Data Breach Today

Arizona Cancer Center a Recent Victim of Major Phishing Attack As the year winds down, phishing and ransomware attacks continue to plague the healthcare sector, as illustrated by recent breach reports. A hospital owned by Cancer Treatment Centers of America is among the latest phishing victims

Fractured Block Campaign: CARROTBAT dropper dupports a dozen decoy document formats

Security Affairs

Palo Alto Networks recently discovered a malware dropper, dubbed CARROTBAT, that supports a dozen decoy document file formats to drop many payloads.

Black Hat Europe: The Power of Attribution

Data Breach Today

171
171

Security Risks of Chatbots

Schneier on Security

Good essay on the security risks -- to democratic discourse -- of chatbots. lies nationalsecuritypolicy propaganda risks

Risk 100

More Trending

Email accounts of top NRCC officials were hacked in 2018

Security Affairs

Threat actors had access to the email accounts of at least four NRCC aides and spied on thousands of sent and received emails for several months. The email system at the National Republican Congressional Committee (NRCC), the Republican Party’s campaigning arm, was hacked.

GUEST ESSAY: Atrium Health data breach highlights lingering third-party exposures

The Last Watchdog

The healthcare industry has poured vast resources into cybersecurity since 2015, when a surge of major breaches began. While the nature of these breaches has evolved over the last four years, the growth in total healthcare incidents has unfortunately continued unabated. Related: How to get of HIPAA hit list. The recent disclosure from Atrium Health that more than 2.65

Mozilla Releases Annual Privacy Guide to Holiday Shopping

Adam Levin

The Mozilla Foundation has released the second installation of *Privacy Not included, the organization’s annual privacy guide to internet-connected gifts. The list was started to promote the idea that privacy and security by design can and should be a major selling point.

Financial Services Data – More at risk than you’d believe

Thales Data Security

One of the top findings from the 2018 Thales Data Threat Report, Financial Services Edition was that data breaches in U.S. financial services organizations are increasing at an alarming rate. Not only are breaches at record highs – with 65% of U.S.

14 Questions Robert Mueller Knows the Answer To

WIRED Threat Level

The Russia investigation's known unknowns give valuable hints about the special counsel's next moves. Security

How to create a risk assessment matrix

IT Governance

To comply with ISO 27001 , the international standard for information security, you need to know how to perform a risk assessment. This process is at the core of your compliance measures, as it helps you identify the threats you face and the controls you need to implement.

Risk 75

So I’m Going to China Saturday. That Just Got Interesting.

John Battelle's Searchblog

So yes, I am planning on going to China on Saturday. My first time, I’m a bit embarrassed to say. It’s not for a lack of opportunities, but rather a conviction that when I did go, I’d make a study of it, staying for at least two weeks, if not more.

Improving engineer productivity at SMS group with OpenText Exceed TurboX

OpenText Information Management

As part of a global workforce of 13,500 employees, SMS group engineers perform countless complex calculations and simulations when designing and constructing solutions for clients.

Quora data breach affects 100 million accounts

IT Governance

The question and answer site Quora has released information about a data breach it recently suffered. A post on its website reads: “We recently discovered that some user data was compromised as a result of unauthorized access to one of our systems by a malicious third party.”. Data affected.

Toyota Builds Open-Source Car-Hacking Tool

Dark Reading

PASTA' testing platform specs will be shared via open-source

Tools 87

What machine learning means for software development

Information Management Resources

Machine learning is poised to change the nature of software development in fundamental ways, perhaps for the first time since the invention of FORTRAN and LISP. Machine learning Artificial intelligence Data strategy

A Shift from Cybersecurity to Cyber Resilience: 6 Steps

Dark Reading

Getting to cyber resilience means federal agencies must think differently about how they build and implement their systems. Here's where to begin

Is there value in unstructured data?

Information Management Resources

Learning how to interpret random data points and unstructured information often proves to be more than some companies can handle, but it doesn’t have to be. Unstructured data Data types Data management

Facebook discussed cashing in on user data, emails suggest

The Guardian Data Protection

Social network staff apparently conversed about removing data restrictions for big ad spenders Facebook staff in 2012 discussed selling access to user data to major advertisers, before ultimately deciding to restrict such access two years later, according to a tranche of internal emails released by the UK parliament.

White House Facial Recognition Pilot Raises Privacy Alarms

Threatpost

The facial recognition pilot will identify “subjects of interest" around the White House. Privacy facial recognition secret service White House

6 predictions for the future of analytics

Information Management Resources

The dynamic nature and improved capabilities for analytics continues to excite and enable companies and even individuals to do more and in better ways. Analytics Predictive analytics Chief Analytics Officer

Information Governance: Trends and Highlights From 2018

InfoGoTo

Continuing the annual tradition, it’s time to review the valuable information governance (IG) lessons of the past year. The successes and failures of 2018 can guide us in the year ahead. Here are the main things we learned : Cybersecurity Remains a High Priority.

Are 'agents of transformation' the new top tech worker?

Information Management Resources

There is an urgent need for organizations to identify and nurture “agents of transformation,” a new breed of technology professionals who can drive innovation. Data strategy Data management Data transparency

Researchers: GDPR Already Having Positive Effect on Cybersecurity in EU

The Security Ledger

The General Data Privacy Regulation (GDPR) seems to already be having a positive effect on the state of cybersecurity in Europe less than seven months after it was enacted, showing that policy indeed can have a direct effect on organizations' security practices, security researchers said.

GDPR 52

NAID Announcing the 2019 Conference Keynote Speaker: Howie Long

IG Guru

Howie Long FOX NFL Analyst, Member of Pro Football Hall of Fame Synonymous with individual performance, personal responsibility, preparation, training, team work, leadership and coaching is Howie Long, FOX NFL Analyst, Member of Pro Football Hall of Fame.

Symantec Intros USB Scanning Tool for ICS Operators

Dark Reading

ICSP Neural is designed to address USB-borne malware threats security

Tools 69

Kubernetes Flaw is a “Huge Deal,” Lays Open Cloud Deployments

Threatpost

Hackers can steal data, sabotage cloud deployments and more. Cloud Security Vulnerabilities api server cloud deployments containers critical flaw CVE-2018-1002105 Kubernetes Linux Patches vulnerability

Cloud 67

6 Ways to Strengthen Your GDPR Compliance Efforts

Dark Reading

Companies have some mistaken notions about how to comply with the new data protection and privacy regulation - and that could cost them

Adobe Flash Zero-Day Leveraged Via Office Docs in Campaign

Threatpost

Adobe issued a patch for the zero-day on Wednesday. Vulnerabilities Web Security adobe adobe flash adobe patch Exploit Phishing zero-day

Windows 10 Security Questions Prove Easy for Attackers to Exploit

Dark Reading

New research shows how attackers can abuse security questions in Windows 10 to maintain domain privileges

Seriously, Your “Mashup” of eDiscovery Market Estimates Can’t Possibly Be Any Earlier, Right?: eDiscovery Trends

eDiscovery Daily

The appearance of the mashed potato graphic can only mean one thing (besides making me hungry, that is!). It’s time for the eDiscovery Market Size Mashup that Rob Robinson compiles and presents on his Complex Discovery site each year.

The Case for a Human Security Officer

Dark Reading

Wanted: a security exec responsible for identifying and mitigating the attack vectors and vulnerabilities specifically targeting and involving people

Adobe Patches Zero-Day Vulnerability in Flash Player

Threatpost

The vulnerability could lead to arbitrary code execution. Vulnerabilities Web Security adobe adobe flash adobe patch critical vulnerability Exploit vulnerability zero day