Wed.Aug 21, 2019

Forced Password Reset? Check Your Assumptions

Krebs on Security

Almost weekly now I hear from an indignant reader who suspects a data breach at a Web site they frequent that has just asked the reader to reset their password.

Texas Says 22 Local Government Agencies Hit by Ransomware

Data Breach Today

Single Threat Actor' Suspected; Government Coalition Urges Greater Prevention Ransomware-wielding attackers continue to target not just big businesses and large government agencies, but increasingly their smaller counterparts too.

Thousands credit card numbers of MoviePass customers were exposed online

Security Affairs

A security expert discovered that the popular movie ticket subscription service MoviePass has exposed thousands of customer card numbers and personal credit cards.

Fake VPN Website Delivers Banking Trojan

Data Breach Today

Reseachers Discover Attackers Cloned NordVPN Site Researchers at the security firm Doctor Web have uncovered a fake website for a VPN provider that's designed to spread a Trojan that can steal credentials to bank accounts

Contact Center Cloud Migration Done Right

Speaker: Sheila McGee-Smith, Founder and Principal Analyst, McGee-Smith Analytics

Many companies are in the midst of migrating their contact center to the cloud. Understanding how best to execute the transition of premises to cloud is part of that process. Join contact center industry analyst and No Jitter blogger Sheila McGee-Smith as she discussed tried and true best practices for avoiding the potential pitfalls of CX migration.

Romania is going to exclude Huawei from its 5G Network

Security Affairs

Romania will ban Chinese giant Huawei from its 5G network, reads a joint statement signed by the Romanian and US presidents. Romania could be the last state in order of time to ban Chinese giant Huawei from its 5G network, reads a joint statement signed by the Romanian and US presidents.

IT 107

More Trending

Google Finds 20-Year-Old Microsoft Windows Vulnerability

Schneier on Security

There's no indication that this vulnerability was ever used in the wild, but the code it was discovered in -- Microsoft's Text Services Framework -- has been around since Windows XP. google microsoft vulnerabilities windows

IT 107

Is Apple's Top $1 Million Bug Bounty Too Much?

Data Breach Today

Why One Bug-Hunting Expert Says Big Bounties May Actually Undermine Security Programs Progressive companies seeking to improve their security are increasingly adopting bug bounty programs. The theory is that rewarding outside researchers improves security outcomes.

DoS attacks against most used default Tor bridges could be very cheap

Security Affairs

Researchers explained that carrying out attacks against the most used default Tor bridges would cost threat actors $17,000 per month. According to security researchers Rob Jansen from the U.S.

Paper 102

Embrace Full-Scale Cloud Adoption with a Comprehensive Cloud Data Management Strategy

Data Breach Today

Like many risk-averse organizations, state and local governments are missing out on the benefits of full-scale cloud adoption because they are paralyzed by the complexities associated with trusting their data to a third party. It's no surprise that government agencies have concerns about storing citizen data in the cloud, considering a total of 4.5 billion records were compromised in the first half of 2018 alone

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

China-linked APT41 group targets US-Based Research University

Security Affairs

Security experts at FireEye observed Chinese APT41 APT group targeting a web server at a U.S.-based based research university. Experts at FireEye observed Chinese APT41 APT group targeting a web server at a U.S.-based based research university.

MY TAKE: Here’s how ‘bulletproof proxies’ help criminals put compromised IoT devices to work

The Last Watchdog

Between Q1 2019 and Q2 2019, malicious communications emanating from residential IP addresses in the U.S. namely smart refrigerators, garage doors, home routers and the like – nearly quadrupled for the retail and financial services sectors. Related: How botnets gave Trump 6 million faked followers To put it plainly, this represented a spike in cyber attacks bouncing through ordinary Internet-connected devices humming away in homes across America.

IoT 126

The Cost of Dealing With a Cybersecurity Attack in These 4 Industries

Security Affairs

A cybersecurity issue can cause unexpected costs in several different areas, which is the cost of Dealing with an attack in 4 Industries? A cybersecurity issue can cause unexpected costs in several different areas.

7 steps to highly effective GDPR compliance

IT Governance

The GDPR (General Data Protection Regulation) hasn’t exactly crept up unnoticed over the past year or so, but it’s still caught many organisations by surprise.

GDPR 83

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Backdoor Found in Utility for Linux, Unix Servers

Threatpost

Backdoor was intentionally planted in 2018 and found during the DEF CON 2019 security conference when researchers stumbled upon malicious code. Black Hat Hacks Vulnerabilities Web Security centos CVE-2019-15107 DEF CON Linux Unix Webmin

Harnessing structured and unstructured data for digital transformation

Information Management Resources

As executives look to evolve, the common thread amongst these objectives is the critical importance of analyzing data – both structured and unstructured – to attaining lasting success

Researcher Discloses Second Steam Zero-Day After Valve Bug Bounty Ban

Threatpost

After Valve banned him from its bug bounty program, a researcher has found a second zero-day vulnerability affecting the Steam gaming client. Vulnerabilities disclosure Exploit gaming client Steam Valve vulnerability Vulnerability Disclosure zero day

IT 110

State-Sponsored Cyberattacks Target Medical Research

Dark Reading

Cancer research is a particular target among Chinese espionage groups, says security firm FireEye

Groups 105

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Adult Content Site Exposed Personal Data of 1M Users

Threatpost

The personal email addresses - some indicating user names or government official status - of more than a million pornography website users were exposed. Privacy Web Security adult website security data leak database elasticsearch database exposed data luscious vulnerability

3 skills a data scientist needs to set them apart from the competition

Information Management Resources

In order to be a great data scientist and to land the job you want, you have to think about what your employer is looking for

Data 68

How Your Company Can Prevent a Cyberattack

Adam Levin

Capital One’s announcement of a hack that affected more than 100 million people should have you asking not what, but who’s in your wallet. The company estimated a year-one expense ranging from $100-$150 million. Equifax settled recently on a penalty of more than $700 million.

How to avoid the security mistakes that cost an estate agency £80,000 in fines

IT Governance

Last month, Life at Parliament View was fined £80,000 by the ICO (Information Commissioner’s Office) after security errors exposed 18,610 customers’ personal data for almost two years.

The Texas Ransomware Attacks: A Gamechanger for Cybercriminals

Threatpost

Security researchers worry that this weekend's coordinated attacks on more than 20 Texas governments mark a change in how ransomware attacks will be launched in the future. Malware Podcasts cyberattack malware ransom ransomware state and government ransomware Texas government ransomware

Firefox and Chrome Fight Back Against Kazakhstan's Spying

WIRED Threat Level

The Central Asian country’s government has repeatedly threatened to monitor its citizens’ internet activities. Google and Mozilla aren’t having it. Security Security / Privacy

Cisco Patches Six Critical Bugs in UCS Gear and Switches

Threatpost

Six bugs found in Cisco’s Unified Computing System gear and its 220 Series Smart switches can allow unauthenticated remote hackers to take over equipment.

IT 89

Ransomware Hits Fortnite Players

Dark Reading

Ransomware masquerading as game "cheats" is hitting Fortnite players. Fortunately, there are ways to recover without paying a ransom

Tips for Choosing the Right Records Management Service

Armstrong Archives

Quality records management is a necessity for many business owners, and it can be difficult to know which vendors are the right fit for your business. It is important to understand that not all records management services are the same.

How to Avoid Technical Debt in Open Source Projects

Dark Reading

Engineering teams have only a certain amount of capacity. Cutting down the volume of rework inherent in the open source business model begins with three best practices

2019-2020 Records Management Section Steering Committee

The Schedule

Jessika Drmacich is our new Vice Chair/Chair-Elect. Jessika is Williams College’s Records Manager and Digital Resources Archivist. This is her fourth year serving on the records management steering committee.

MoviePass Leaves Credit Card Numbers, Personal Data Exposed Online

Dark Reading

Thousands of customers' credit card numbers, MoviePass card numbers, and sensitive data were left in an unprotected database

Data 75

California Consumer Privacy Act and AdTech: a CLE webinar

DLA Piper Privacy Matters

How do companies optimize their digital advertising activities while complying with the CCPA?