Thu.Apr 11, 2019

Android 7.0+ Phones Can Now Double as Google Security Keys

Krebs on Security

Google this week made it easier for Android users to enable strong 2-factor authentication (2FA) when logging into Google’s various services. The company announced that all phones running Android 7.0

MD Anderson Cancer Center Appeals $4.3 Million HIPAA Fine

Data Breach Today

Organization List Reasons Why It Believes Breach-Related Penalty Was Not Justified The University of Texas MD Anderson Cancer Center has filed a lawsuit arguing that a $4.3

FBI/DHS MAR report details HOPLIGHT Trojan used by Hidden Cobra APT

Security Affairs

According to a joint report published by the United States Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI), North Korea-linked Lazarus APT group is using a new Trojan in attacks.

WikiLeaks' Julian Assange Arrested; US Seeks Extradition

Data Breach Today

Indictment Cites Alleged Involvement in Chelsea Manning Case WikiLeaks founder Julian Assange, who released hacked emails from Hillary Clinton's campaign and many other secret U.S. documents, was arrested in London Thursday, and now the U.S. is seeking his extradition

Breaking Down the Julian Assange Hacking Case

WIRED Threat Level

WikiLeaks founder Julian Assange has been arrested, and now faces extradition to the United States. But not for leaking classified information. Security Security / Security News

Wikileaks' Assange Arrested on Behalf of US

Data Breach Today

Now Likely Faces Extradition to U.S. to Face Charges WikiLeaks founder Julian Assange, who released hacked emails from Hillary Clinton's campaign and other secret U.S. documents, was arrested in London Thursday at the request of U.S. authorities

More Trending

Android Devices Can Now Be Used as a Security Key

Data Breach Today

New Google Feature Offers Advantages Over Its Titan Keys Google's latest security feature enables the use of Android phones as a security key, eliminating the need for a separate token or hardware device. The free feature is potentially more appealing that Google's Titan security keys, which cost $50

TajMahal Spyware

Schneier on Security

Kaspersky has released details about a sophisticated nation-state spyware it calls TajMahal: The TajMahal framework's 80 modules, Shulmin says, comprise not only the typical keylogging and screengrabbing features of spyware, but also never-before-seen and obscure tricks.

WikiLeaks Founder Julian Assange arrested and charged in US with computer hacking conspiracy

Security Affairs

WikiLeaks founder Julian Assange has been arrested at the Ecuadorian Embassy in London. after Ecuador withdrew asylum after seven years. Seven years ago, WikiLeaks founder Julian Assange took refuge in the embassy to avoid extradition to Sweden over a sexual assault case.

NEW TECH: Critical Start delivers managed security services with ‘radical transparency’

The Last Watchdog

It was in 2012 that CRITICAL START burst onto the Managed Security Service Provider (MSSP) scene with bold intentions. Related: How SMBs can leverage threat intelligence. The Plano, TX-based company sought to elevate the “MSSP” space high above the accepted standard at the time. It set out to do this by delivering security services based on Zero-Trust and that also provided radical transparency to its customers. CRITICAL START has since grown to 105 employees, serving hundreds of customers.

VSDC video editing software website hacked again

Security Affairs

Users that have downloaded the VSDC multimedia editing software between 2019-02-21 and 2019-03-23, may have been infected with malware.

Video 74

How To Make Your Amazon Echo and Google Home as Private as Possible

WIRED Threat Level

With news that Amazon lets human employees listen to Alexa recordings, you might want to tighten up your smart assistant ship. Security

New 'HOPLIGHT' Malware Appears in Latest North Korean Attacks, Say DHS, FBI

Dark Reading

The FBI and Department of Homeland Security release malware analysis report, indicators of compromise for nine different executable files

Trump’s Homeland Security Purge Worries Cybersecurity Experts

WIRED Threat Level

A leadership void at DHS means the White House is calling the shots where it wants to, cybersecurity experts warn, and other agencies can muscle in where it won’t. Security Security / National Security

In Security, All Logs Are Not Created Equal

Dark Reading

Prioritizing key log sources goes a long way toward effective incident response

[Podcast] Intelligent Information Management – REAL Opportunities from the Front Lines of Business

AIIM

“Every organization is on — or should be on — a Digital Transformation journey.”. I would bet that this isn’t the first time you’ve heard that statement. At AIIM, we really believe in that statement, so we’ve been practically screaming it from mountain tops.

90% of critical infrastructure providers have fallen victim to a cyber attack since 2017

IT Governance

Critical infrastructure providers have been deluged by cyber attacks in the past two years, according to a Ponemon Institute study. Cybersecurity in Operational Technology: 7 Insights You Need to Know found that 90% of respondents from the UK, US, Germany, Australia, Mexico and Japan had been breached since 2017, with many organisations revealing they’d fallen victim to multiple attacks.

Keeping Up with New Data Protection Regulations

erwin

Keeping up with new data protection regulations can be difficult, and the latest – the General Data Protection Regulation (GDPR) – isn’t the only new data protection regulation organizations should be aware of.

Data 59

Amazon Auditors Listen to Echo Recordings, Report Says

Threatpost

Amazon is under fire for its privacy policies after a Bloomberg report revealed that the company hires auditors to listen to Echo recordings. IoT Privacy amazon Amazon Alexa amazon recording Data echo voice services

IT 82

Cloud computing leaves banks exposed to risks, EU regulators say

Information Management Resources

The finance industry’s dependence on a handful of large cloud computing companies to store key data is an emerging threat to financial stability, three top regulators say. Cloud computing Data security Fintech

Cloud 81

Tax Hacks: How Seasonal Scams Cause Yearlong Problems

Dark Reading

Tax season is marked with malware campaigns, tax fraud, and identity theft, with money and data flowing through an underground economy

Data 78

Why humans still hold the advantage in decision automation

Information Management Resources

While machines can and will magnify our thinking and apply it to data faster and more accurately than we can without assistance, they still can’t think for us. Advantage: human. Automation Data strategy Data management Artificial intelligence

IT 78

WordPress Urges Users to Uninstall Yuzo Plugin After Flaw Exploited

Threatpost

A vulnerability in the Yuzo Related Posts WordPress plugin, used by 60,000 websites, is being exploited in the wild. Vulnerabilities Web Security cross site scripting attack Exploit vulnerability wordpress Wordpress plugin Yuzo Related Posts zeroday

'Dragonblood' Vulnerabilities Seep Into WPA3 Secure Wifi Handshake

Dark Reading

A new set of vulnerabilities may put some early adopters of strong Wifi security at greater security risk

Risk 77

What corporate legal teams can learn from Deepwater Horizon

OpenText Information Management

I recently watched Deepwater Horizon, a dramatization of the tragic drilling rig explosion and subsequent oil spill in the Gulf of Mexico in April 2010. In the movie, Mark Wahlberg’s character commented that “Hope ain’t a tactic.”

When Your Sandbox Fails

Dark Reading

The sandbox is an important piece of the security stack, but an organization's entire strategy shouldn't rely on its ability to detect every threat. Here's why

The 5 cloud skillsets that will best serve tech workers in 2019

Information Management Resources

Earlier this year, IT consulting and talent services firm Akraya Inc. compiled a list of the most in-demand cloud skills for 2019. Cloud computing Software professionals Career advancement

Cloud 76

European Commission Releases Study on GDPR Data Protection Certification Mechanisms

Hunton Privacy

The European Commission (the “Commission”) has released a long-awaited study on GDPR data protection certification mechanisms (the “Study”). As we previously reported , the Commission announced its intention to look into GDPR certifications in January of 2018. The GDPR empowers the Commission to adopt delegated and implementing acts regarding certifications to specify the requirements and lay down technical standards for certification mechanisms.

Study 75

Webinar: Managing Information Policies and Lifecycles

Everteam

Retention rules define what information your organization manages must be kept or deleted, and if they are kept, for how long and what the disposition policy is. Increasing legal and regulatory compliance translates to a lot of work planning for and implementing these retention rules.

4 companies with relentless customer focus

DXC Technology

We just returned from the Leading Edge Forum (LEF) Spring Study Tour in Seattle and San Francisco, where we met with leading companies who are rapidly evolving their businesses to meet the latest customer demands. Directed by a clear purpose, these organisations are seemingly able to evolve their business models, change their operating models, and […].

Study 50

Records Management Bills in the 86th Legislative Session

The Texas Record

“So what bills are you following this session?” ” That is a common question I get in my email inbox or from RMOs when I’m at meetings. It’s a great question.

Simon Says Two Years After Spoliation is Discovered is Too Late for Sanctions: eDiscovery Case Law

eDiscovery Daily

Sorry, I couldn’t resist… ; o ). In Wakefield v. Visalus, Inc., 3:15-cv-1857-SI (D. 27, 2019) , Oregon District Judge Michael H.

CompTIA training for Mobile Devices

ITPro.TV

Mobile devices have evolved from an employee’s personal phone to a critical tool for the ever-moving employee. Sometimes, it may be a company-issued device, but more often, companies are turning to a “bring your own device,” or BYOD model.

Julian Assange Arrested, Mastering *Jeopardy!*, and More News

WIRED Threat Level

Catch up on the most important news today in 2 minutes or less. Security / Cyberattacks and Hacks