Mon.Nov 12, 2018

Chinese Cyber Threat: NSA Confirms Attacks Have Escalated

Data Breach Today

Defending Forward' Is New Military Mantra for Defending Government Networks With cyber espionage attacks from China escalating over the past year, the NSA's Rob Joyce says the U.S.

Expert found a way to bypass Windows UAC by mocking trusted Directory

Security Affairs

David Wells, a security expert from Tenable, devised a method to bypass Windows’ User Account Control (UAC) by spoofing the execution path of a file in a trusted directory. .

Course 108

Lazarus 'FASTCash' Bank Hackers Wield AIX Trojan

Data Breach Today

Hackers Exploit Outdated Unix to Deploy Cash-Out Malware, Symantec Reports Hackers behind the FASTCash ATM cash-out attack campaign - tied by the U.S.

Hacking the hackers – IOT botnet author adds his own backdoor on top of a ZTE router backdoor

Security Affairs

The author of an IoT botnet is distributing a backdoor script for ZTE routers that also includes his own backdoor to hack script kiddies. A weaponized IoT exploit script is being used by script kiddies, making use of a vendor backdoor account to hack the ZTE routers.

IoT 104

Update: HealthCare.gov Breach Exposed Extensive Data

Data Breach Today

Data 145

BA data breach: 565,000 customers may have been affected

IT Governance

In September, British Airways announced it had suffered a data breach that compromised the personal and financial data of more than 380,000 customers. However, the airline has since admitted that an extra 185,000 people may have been affected. Then and now.

CISO Job Mandate: Be a 'Jack or Jill' of All Trades

Data Breach Today

Chief Information Security Officers Must Marshal Experts, Says Paul Swarbrick The days of effective CISOs being pure-play technologists are long gone.

Risk 140

More Trending

Hiding Secret Messages in Fingerprints

Schneier on Security

This is a fun steganographic application : hiding a message in a fingerprint image. Can't see any real use for it, but that's okay. academicpapers encryption fingerprints steganography

IT 83

A critical flaw in GDPR compliance plugin for WordPress exploited in the wild

Security Affairs

A critical security vulnerability affects a GDPR compliance plugin for WordPress has been already exploited in the wild to take control of vulnerable websites.

Q&A: How certifying in-house IT staffers as cyber analysts, pen testers can boost SMB security

The Last Watchdog

A security-first mindset is beginning to seep into the ground floor of the IT departments of small and mid-sized companies across the land. Senior executives at these SMBs are finally acknowledging that a check-box approach to security isn’t enough, and that instilling a security mindset pervasively throughout their IT departments has become the ground stakes. Related: The ‘gamification’ of cybersecurity training.

When Tech Loves Its Fiercest Critics, Buyer Beware

John Battelle's Searchblog

Detail from the cover of Harari’s lastest work, 21 Lessons for the 21st Century. A year and a half ago I reviewed Yuval Noah Harari’s Homo Deus , recommending it to the entire industry with this subhead: “No one in tech is talking about Homo Deus. We most certainly should be.”

Watch Those Cookies: Girl Scouts Compromised by Hacker

Adam Levin

The Girl Scouts of Orange County has sent out letters warning almost three thousand members that their personal information may have been compromised in a breach.

The US Didn’t Sign the Paris Call for Trust and Security in Cyberspace

WIRED Threat Level

Corporations have taken the lead over nations on governing the internet: The initiative might not have counted the US as a signatory, but did include Microsoft, Facebook, Google, and others. Security

Elon Musk BITCOIN Twitter scam, a simple and profitable fraud for crooks

Security Affairs

Crooks are exploiting the popularity of Elon Musk and a series of hacked verified Twitter accounts to implement a new fraud scheme. Crooks are exploiting the popularity of Elon Musk and a series of hacked verified Twitter accounts (i.e.

From data collection to data consumption

IBM Big Data Hub

Not every startup is going to become a world-changing behemoth, but when a small, agile company hits on a truly disruptive idea, it can transform an entire industry

The US Is the Only Country Where There Are More Guns Than People

WIRED Threat Level

The US has worst rate of gun violence among all developed countries, and still we fail to regulate. Security

Building an artificial general intelligence begins by asking 'what is intelligence?'

Information Management Resources

Whatever the challenges of artificial general intelligence, the chances of us actually achieving it will be greatly improved if we have a better idea of just what we are trying to create. Artificial intelligence Machine learning Data strategy Data management

IT 95

Feel the need for speed?

OpenText Information Management

“I feel the need… the need for speed” is a famous quote from the 1986 film “Top Gun” about students at the U.S. Navy’s elite fighter-pilot school competing to be best in the class.

Reading the Android Ecosystem Security Transparency Report

Security Affairs

According to Android Ecosystem Security Transparency Report the number of potentially harmful applications has fallen from 0.66% in Lollipop to 0.06% in Pie.

Judge Says “Alexa, Please Testify in a Double Murder Case”: eDiscovery Trends

eDiscovery Daily

The occurrence of Internet of Things (IoT) devices in criminal cases is becoming more and more frequent. Just last month , we covered a case where data from a Fitbit led to the arrest of a murder suspect (we covered another case like it last year as well).

IoT 61

U.S. Chip Cards Are Being Compromised in the Millions

Threatpost

A full 60 million U.S. cards were compromised in the past 12 months. While 93 percent of those were EMV chip-enabled, merchants continued to use mag stripes. Breach Malware cards compromised chip cards. emv Fraud gemini merchant compliance

Top tips for data retention under the GDPR

IT Governance

Under the GDPR (General Data Protection Regulation) an organisation must not keep data for longer than it is needed. Article 5(1)(e) of the GDPR states: “1.

Tips 60

NIST Announces Privacy Framework Effort

Privacy and Cybersecurity Law

On September 4, 2018, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) announced the start of a collaborative project to develop a voluntary privacy framework to help organizations manage privacy related risk.

2018 On Track to Be One of the Worst Ever for Data Breaches

Dark Reading

A total of 3,676 breaches involving over 3.6 billion records were reported in the first nine months of this year alone

New Boom in Facial Recognition Tech Prompts Privacy Alarms

Threatpost

Tech advances are accelerating the use of facial recognition as a reliable and ubiquitous mass surveillance tool, privacy advocates warn. Government Privacy Videos American Civil LIberties Union ASIS International biometric authentication biometric database facial ID facial recognition RealNetworks Robie.AI SureID

Tools 83

7 Cool New Security Tools to be Revealed at Black Hat Europe

Dark Reading

Black Hat Europe's Arsenal lineup will include demonstrations of tools addressing everything from unsecured cloud buckets to unknown IoT devices

IoT 81

Experiences made easy in the cloud

OpenText Information Management

In today’s cloud-first market, it’s essential to have cloud strategies that empower marketing, line of business users, and developers.

Malware-Laced App Lurked on Google Play For a Year

Threatpost

Google Play’s policy prohibits apps or SDKs that download executable code, such as dex files or native code, from a source other than Google Play. Mobile Security Web Security adobe flash Android Android malware executable google google play malware Trojan

Veterans Find New Roles in Enterprise Cybersecurity

Dark Reading

Facebook and Synack create programs to educate vets and grow employment opportunities while shrinking the cybersecurity talent gap

Business Identity Theft: Are You at Risk?

Armstrong Archives

Identity theft is nothing new, but it’s become a more compelling concern in the digital age. As hackers become savvier, they’re discovering that business identity theft can be far more lucrative than taking a consumer’s personal information.

Risk 52

How fast is your internet connection?

IG Guru

Ever wonder if you are getting what you paid for? Check out Ookla’s speed test. There are other tests out there, but their utility has been around a while, and it is free. link]. The post How fast is your internet connection? appeared first on IG GURU.

IT 52

Insurance CFOs seek larger digital role

Information Management Resources

Leaders of the finance organizations want to be leaders in developing data and digital strategy, according to Accenture survey. Data strategy Real-time data Data science Analytics Machine learning Artificial intelligence Accenture

Cyberattacks Top Business Risks in North America, Europe, EAP

Dark Reading

The World Economic Forum reports cyberattacks are a top enterprise concern following WannaCry and the rise of e-commerce

Risk 73

The benefits and challenges automation brings to data security

Information Management Resources

As more vulnerabilities and threats plague today’s security professionals, many organizations are turning to automation as a necessary component in their cybersecurity programs. Automation Data security Cyber security

Emotet Campaign Ramps Up with Mass Email Harvesting Module

Threatpost

The new variant can exfiltrate emails for a period going back 180 days, en masse. Malware Privacy emotet Malware analysis mass email harvesting spam campaign

France seeks Global Talks on Cyberspace security and a “code of good conduct”

Security Affairs

The French government announced a “Paris Call” for global talks about cyberspace security aimed at laying out a shared framework of rules. The French government is promoting a series of Global Talks on cyberspace security, it urges for a “code of good conduct” for states in the cyberspace. Events such as the interference in the 2016 Presidential election or massive attacks like WannaCry and NotPetya increase the sense of urgency among states.

'CARTA': A New Tool in the Breach Prevention Toolbox

Dark Reading

Gartner's continuous adaptive risk and trust assessment for averting a data breach addresses the shortcomings of static security programs