Wed.Nov 07, 2018

U.S. Secret Service Warns ID Thieves are Abusing USPS’s Mail Scanning Service

Krebs on Security

A year ago, KrebsOnSecurity warned that “Informed Delivery,” a new offering from the U.S.

How Cyber Insurance Is Changing in the GDPR Era

Data Breach Today

Search is Becoming Everything, And Vice Versa

Weissman's World

I’ve just come out of a series of discussions on the issue of records preservation, and one of my take-aways is how similar at least one current approach to the issue is to what we nominally call “search.” And the more I think about it, the more I wonder whether search is on its way […].

Groups 156

HSBC Bank Alerts US Customers to Data Breach

Data Breach Today

Unauthorized Entry' to Some Accounts Exposes Account Details and Statements HSBC bank is warning some of its U.S. customers that their personal data was compromised in a breach, although it says it's detected no signs of fraud following the "unauthorized entry."

Researcher discloses VirtualBox Zero-Day without reporting it to Oracle

Security Affairs

Security expert disclosed the details of a zero-day flaw affecting Oracle’s VirtualBox virtualization software without waiting for a patch from Oracle.

IT 107

Pakistan: Banks Weren't Hacked, But Card Details Leaked

Data Breach Today

Card Details From 22 Banks Appeared On Underground Market Pakistan says the nation's banks have not been hacked, but are taking defensive steps after nearly 20,000 payment card details appeared for sale online.

Sales 192

More Trending

FDA Reacts to Critique of Medical Device Security Strategy

Data Breach Today

Watchdog Agency Cited Deficiencies, But Agency Says Many Have Already Been Addressed The FDA's procedures for handling cybersecurity concerns in medical devices once they are on the market are deficient, according to a new federal watchdog agency report.

How to write a disaster recovery plan

IT Governance

All organisations experience disruptions, whether that’s from a cyber attack, IT failure, weather event or something else, and they need to be prepared. The longer it takes to address an issue, the more the costs will spiral and the harder it will be to recover.

Smart Cities Challenge: Real-Time Risk Management

Data Breach Today

Risk 168

When Accounts are "Hacked" Due to Poor Passwords, Victims Must Share the Blame

Troy Hunt

It's just another day on the internet when the news is full of headlines about accounts being hacked. Yesterday was a perfect example of that with 2 separate noteworthy stories adorning my early morning Twitter feed.

How to Future-Proof the Critical National Infrastructure

Data Breach Today

Design Cyberattack Resilience Into Technology, Says Professor Prashant Pillai The challenge when designing technology for critical national infrastructure sectors is that it must be securable today and remain resilient to cyberattacks for decades to come, says cybersecurity Professor Prashant Pilla

How To 145

How OpenText powers the Intelligent and Connected Enterprise

OpenText Information Management

Successful enterprises are both intelligent and connected. They collect information from as many sources as possible in every format imaginable and analyze it to drive decision making; that’s intelligent.

Blog 73

Signed, Sealed, Delivered! Code Signing Makes Software Yours

Thales eSecurity

In “Signed, Sealed, Delivered,” Stevie Wonder sings “You’ve got the future in your hand — signed, sealed, delivered, I’m yours.” That is not much different from what happens with software and firmware code signing today.

IoT 73

U.S. Air Force announced Hack the Air Force 3.0, the third Bug Bounty Program

Security Affairs

The United States Air Force announced earlier this week that it has launched the third bug bounty program called Hack the Air Force 3.0. The United States Air Force launched earlier this week its third bug bounty program, called Hack the Air Force 3.0 , in collaboration with HackerOne. “Thank you for your interest in participating in HackerOne’s U.S. Department of Defense (DoD) “Hack the Air Force 3.0” Bug Bounty challenge.”

How to write a GDPR data protection policy – with policy template

IT Governance

Updated 7 November 2018. This blog was originally published before the GDPR took effect in May 2018.

GDPR 72

A flaw in WooCommerce WordPress Plugin could be exploited to take over e-stores

Security Affairs

A critical Remote Code Execution vulnerability affects eCommerce website running on WordPress and using the WooCommerce plugin. A critical vulnerability affects eCommerce website running on WordPress and using the WooCommerce plugin. WooCommerce is one of the major eCommerce plugins for WordPress that allows operators to easily build e-stores based on the popular CMS, it accounts for more than 4 million installations with 35% market share.

CMS 65

Top tips for starting a career in cyber security

IT Governance

Since the EU GDPR (General Data Protection Regulation) came into force in May 2018, data protection, privacy and information security have become a top priority for all organisations.

Tips 71

OpenText Extends Cloud Strategy with the Release of OpenText OT2

OpenText Information Management

I’m pleased to announce that today’s release of OpenText products, platforms and services further extends our enterprise cloud strategy, completing the need of our customers to access their business-critical information in the most convenient, secure and agile ways possible.

20 Cybersecurity Firms to Watch

Dark Reading

A look at some of the more interesting investments, acquisitions, and strategic moves in the security sector over the past year

Avoiding threats and complications arising from stringent GDPR provisions

Information Management Resources

Cybercriminals are now incorporating the GDPR in in their modus operandi. Enterprising criminals use the threat of being reported for GDPR violations and non-compliance against businesses. Data security Cyber security Cyber attacks Ransomware

Consumer Reports Reviews Wireless Home-Security Cameras

Schneier on Security

Consumer Reports is starting to evaluate the security of IoT devices. As part of that, it's reviewing wireless home-security cameras. It found significant security vulnerabilities in D-Link cameras: In contrast, D-Link doesn't store video from the DCS-2630L in the cloud. Instead, the camera has its own, onboard web server, which can deliver video to the user in different ways. Users can view the video using an app, mydlink Lite.

Video 54

How to Comparison Shop for a Virtual Data Room

OneHub

In the current digital era, it’s vital that businesses can operate both efficiently and securely online. It’s not enough to utilize the newest apps and software systems in your work, you need to be able to trust that the content you’re uploading, sharing and sending people is safe.

5 Reasons Why Threat Intelligence Doesn't Work

Dark Reading

Cybersecurity folks often struggle to get threat intelligence's benefits. Fortunately, there are ways to overcome these problems

Nine Duties of an Information Security Professional

IG Guru

by Dr. Shuyler Jan Buitron, DCS, MSIA, CISSP, MCSE Throughout my information technology and information security careers, I have encountered many different philosophies and ways of operating. The information security professional represents the profession wherever heshe goes.

Why Password Management and Security Strategies Fall Short

Dark Reading

Researchers say companies need to rethink their password training and take a more holistic approach to security

Cambridge Analytica Shook Up the Way We View Data Privacy—and Ediscovery Collections

Hanzo Learning Center

After 2018, companies may never view online data collection in the same way again. social media collection social media archiving social media Facebook native format Compliance Cambridge Analytica WARC web archive API

Greater 'data literacy' means higher profitability, says study

Information Management Resources

Large enterprises that have higher corporate data literacy experience can expect $320 million to $534 million in higher enterprise value. Data management Data strategy Data mining

Study 72

Utah Hacker Pleads Guilty to DoS Attacks: DoJ

Dark Reading

Online gaming companies, including Sony Online Entertainment, and servers were main targets

71

The importance of human intelligence grows in an AI-driven world

Information Management Resources

The ideal educational experience for today's data scientist provides the knowledge needed of statistics, database design and management, programming, data mining, visualization and predictive modeling. Data Scientist Machine learning Artificial intelligence

New Side-Channel Attacks Target Graphics Processing Units

Dark Reading

A trio of new attacks bypass CPUs to wring data from vulnerable GPUs

Data 69

Program Looks to Tap Military Vets for Cyber-Jobs

Threatpost

The training and job-matching effort is a public-private partnership to address a growing workforce gap. Government Cisco cybersecurity workforce cybervets usa job training Maryland military veterans netapp public private partnership shortage skills gap transition

Finding Gold in the Threat Intelligence Rush

Dark Reading

Researchers sift through millions of threat intel observations to determine where to best find valuable threat data

Data 66

WordPress Flaw Opens Millions of WooCommerce Shops to Takeover

Threatpost

A file delete vulnerability in WordPress can be elevated into a remote code execution vulnerability for plugins like WooCommerce. Vulnerabilities Web Security Denial of Service file deletion vulnerability fix patch plugin remote code execution vulnerability WooCommerce wordpress

Crytpocurrency Exchange Targeted Via Attack on Web Traffic Analysis Firm

Dark Reading

"Island-hopping" attackers breached StatCounter so they could get to users of gate.io.