Fri.Sep 06, 2019

Report: S. Korean Company's Database Leaking Business Data

Data Breach Today

Industrial Supplier DK-Lok's Unsecured Database Accesible Via Internet, Researchers Say Independent security researchers have found yet another unsecured database accessible via the internet. This time, the exposed data belongs to South Korean manufacturing company DK-Lok

MY TAKE: How advanced automation of threat intel sharing has quickened incident response

The Last Watchdog

Threat intelligence sharing is such a simple concept that holds so much promise for stopping threat actors in their tracks. So why hasn’t it made more of an impact stopping network breaches?

Alleged Capital One Hacker Pleads Not Guilty

Data Breach Today

Paige Thompson's Trial Date Tentatively Set for November Paige A. Thompson, who prosecutors allege hacked into Capital One's network to access millions of credit card applications, has pleaded not guilty to federal computer crime charges. Her tentative trial date is Nov.

Access 214

CVE-2019-15846 Exim mail server flaw allows Remote Code Execution

Security Affairs

A security flaw in Exim mail servers could be exploited by local or remote attackers to execute arbitrary code with root privileges.

Contact Center Cloud Migration Done Right

Speaker: Sheila McGee-Smith, Founder and Principal Analyst, McGee-Smith Analytics

Many companies are in the midst of migrating their contact center to the cloud. Understanding how best to execute the transition of premises to cloud is part of that process. Join contact center industry analyst and No Jitter blogger Sheila McGee-Smith as she discussed tried and true best practices for avoiding the potential pitfalls of CX migration.

Texas Ransomware Responders Urge Remote Access Lockdown

Data Breach Today

Lessons Learned From Crypto-Locking Malware Attack That Hit 22 Municipalities Three weeks after a ransomware attack slammed 22 Texas municipalities' systems, state officials say more than half of the cities have returned to normal operations and the rest have advanced to system restoration.

Access 202

More Trending

Chinese APT Group Began Targeting SSL VPN Flaws in July

Data Breach Today

Pulse Secure and Fortinet Released Critical Fixes Months Ago, But Patching Lags A hacking group known as APT5 - believed to be affiliated with the Chinese government - has been targeting serious flaws in Pulse Secure and Fortinet SSL VPNs for more than six weeks, security experts warn.

Groups 202

PHP new versions fix multiple code execution issues

Security Affairs

Maintainers at the PHP programming language have released new versions that address multiple flaws, including some code execution issues.

Medical Device Cybersecurity: 3 Alerts Issued

Data Breach Today

CERT, a Unit of CISA, Warns of Vulnerabilities That Need Mitigation Federal regulators have recently issued three advisories on cybersecurity vulnerabilities identified in medical devices.

Default Password for GPS Trackers

Schneier on Security

Many GPS trackers are shipped with the default password 123456. Many users don't change them. We just need to eliminate default passwords. This is an easy win. gps passwords tracking

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

EMV 3D Secure: Upcoming Milestones

Data Breach Today

Fiserv's Jackie Hersch on Compliance, Improving Fraud Defenses The EMV 3D Secure specification faces some milestone dates in Europe and the U.S. What are these milestones, and how does the standard fit into fundamental fraud defenses? Jackie Hersch of Fiserv shares insight

Apple Finally Breaks Its Silence on iOS Hacking Campaign

WIRED Threat Level

In its first public statement since Google revealed a sophisticated attack against iOS devices, Apple defended its security measures. Security Security / Security News

IT 78

SecOps Is Broken. What Can We Do About It?

Data Breach Today

Learn how your enterprise security team can step up to the challenge of increasing daily attacks. Learn how your enterprise security team can step up to the challenge of increasing daily attacks

IT 160

Taming the data tsunami

OpenText Information Management

The industrial Internet of Things (IIoT) is about to transform everything for manufacturers. From smart factories to autonomous supply chains to new product development and innovation, the vast amount of data from connected sensors can deliver a level of insight not possible before.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Facial Recognition Use in UK Continues to Stir Controversy

Data Breach Today


Back-to-School Scams Target Students with Library-Themed Emails


Students should keep their eyes peeled for phishing emails purporting to be from their colleges, as well as online student resources laced with malware, researchers warn.

The Costs and Risks of Account Takeover

Data Breach Today

What Can be Done About ATO Attacks? Account takeover (ATO) attacks result in billions of dollars of fraud and damage to brand reputation each year. These are the costs and risks associated with ATO

Risk 160

8 Ways To Spot an Insider Threat

Dark Reading

The good news is most insider threats derive from negligence, not malicious intent. The bad news is the frequency of negligence is already ahead of where it was in 2018

IT 96

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Deception Technology in the Cloud Era

Data Breach Today

Don Gray of PacketViper Describes Evolution of the Technology Deception technology is evolving to help address cloud-based cyberthreats, says Don Gray of PacketViper, who describes the latest changes

Cloud 160

Intelligent Resilience

Perficient Data & Analytics

The Resilience of your Intelligence. Regardless of what department or area you work in it is critical that your company is set up to handle storms and disasters that may come.

Expansion of DHS Continuous Diagnostics Program Considered

Data Breach Today

Will Google Play Fair in the ‘Privacy Sandbox?’

ARMA International

On August 22, Justin Schuh, a director on Google’s Chrome Engineering team, introduced the company’s plans for a “privacy sandbox,” a colorful title for its initiative that purports to strengthen web privacy. The news appeared on Google’s blog in an article titled “Building a more private web.”.

Arizona School District Cancels Classes Due to Ransomware

Data Breach Today

Lack of Internet Access Could Jeopardize School Security, Official Says Schools in Flagstaff, Arizona., were closed on Thursday after ransomware appeared on the district's network. Friday's classes were called off while the recovery effort continued

Overcoming the five most common data analytics challenges

Information Management Resources

To optimize your business, you must accumulate and analyze the data and feedback you’ve been getting from all aspects of your business. Here are solutions to top challenges. Analytics Chief Analytics Officer Data management

Analysis: Report on China Attacking Mobile Devices

Data Breach Today

This week's ISMG Security Report takes a close look at whether an iPhone hacking campaign may be linked to Android spying campaigns by China. Plus: Do ransomware gangs target organizations that have cyber insurance

Friday Squid Blogging: Squid Perfume

Schneier on Security

It's not perfume for squids. Nor is it perfume made from squids. It's a perfume called Squid , "inspired by life in the sea.". As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here. squid

Blog 61

Introducing Continuous Password Protection for Active Directory

Data Breach Today

The Industry's 1st Active Directory Plugin That Helps Organizations Prevent Use of Compromised Passwords According to NIST 800-63b Guidelines With widespread use of Active Directory across industries and organizations of all sizes, it is frequently a target for bad actors who can use a cracking dictionary or exposed credentials to gain unauthorized access to an employee's account

What is Supply Chain Optimization?

OpenText Information Management

According to APICS, responding to customer mandates for faster, more accurate and unique fulfilment is a top business priority for supply chain managers.

Chinese Group Built Advanced Trojan by Reverse Engineering NSA Attack Tool

Dark Reading

APT3 quietly monitored an NSA attack on its systems and used the information to build a weapon of its own

NHS gender identity clinic discloses email contacts of 2,000 patients

The Guardian Data Protection

One of the people affected describes incident as a ‘horrendous breach of privacy’ Almost 2,000 patients of an NHS gender identity clinic have had their email addresses disclosed in a “horrendous” breach of patient confidentiality.

China’s APT3 Pilfers Cyberweapons from the NSA


Large portions of APT3's remote code-execution package were likely reverse-engineered from prior attack artifacts. Government Vulnerabilities APT3 cyber arms race Equation Group EternalRomance network attack artifacts NSA reverse engineer Shadow Brokers zero-day