Thu.Jul 30, 2020

Is Your Chip Card Secure? Much Depends on Where You Bank

Krebs on Security

Chip-based credit and debit cards are designed to make it infeasible for skimming devices or malware to clone your card when you pay for something by dipping the chip instead of swiping the stripe. But a recent series of malware attacks on U.S.-based

Sales 209

Lazarus Group Reportedly Now Wielding Ransomware

Data Breach Today

Kaspersky Discovers 2 Incidents Involving VHD Ransomware The Lazarus Group, the North Korean hacking group behind the WannaCry worm, the theft of $81 million from a Bangladesh bank and the attacks on Sony Pictures, apparently is expanding into ransomware, according to the security firm Kaspersky

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Expert discloses details of 3 Tor zero-day flaws … new ones to come

Security Affairs

A security researcher published the details about two Tor zero-day vulnerabilities and plans to release three more flaws. The security researcher Dr. Neal Krawetz has published technical details about two Tor zero-day vulnerabilities over the past week and promises to release three more.

Questions Persist About Ransomware Attack on Blackbaud

Data Breach Today

CRM Firm Admits Paying Ransom; Waited Weeks to Notify Victims Despite GDPR Rules Numerous unanswered questions persist concerning a ransomware outbreak at Blackbaud, which provides cloud-based marketing, fundraising and customer relationship management software used by thousands of charities, universities, healthcare organizations and others.

Operation North Star – North-Korea hackers targeted US defense and aerospace companies

Security Affairs

North Korea-linked hackers continue to be very active in this period, researchers reported a campaign aimed at the US defense and aerospace sectors.

VPN Vulnerabilities Put Industrial Control Systems at Risk

Data Breach Today

Claroty Researchers Find Remote Access Tool Bugs Could Lead to Attacks Vulnerabilities in some VPNs used to remotely connect to industrial control systems could enable hackers to compromise large-scale industrial organizations, the security firm Claroty reports

Risk 174

More Trending

ONC's Donald Rucker: More Work to Do on Health Data Privacy

Data Breach Today

As a Country, We Really Haven't Sorted Out Privacy' In an exclusive, wide-ranging video interview, Don Rucker, M.D., HHS national coordinator for health IT, discusses why more work needs to be done to protect the privacy of health data as well as why the U.S.

Fake Stories in Real News Sites

Schneier on Security

Fireeye is reporting that a hacking group called Ghostwriter broke into the content management systems of Eastern European news sites to plant fake stories.

An Attacker's IoT Paradise: Billions of Insecure Devices

Data Breach Today

Trend Micro Envisions Maturing IoT Attacker Business Models The speed at which IoT is enabling innovation is far outpacing the ability of the security custodians to implement appropriate controls before these devices hit the market.

IoT 158

Citizens Are Increasingly Worried About How Companies Use Their Data

Dark Reading

With data privacy important to almost every American, more than two-thirds of those surveyed say they don't trust companies to ethically sell their data

What is ArchiMate?

erwin

ArchiMate is an enterprise architecture (EA) modeling language from The Open Group and used to communicate an organization’s enterprise architecture. Pronounced “ AR-ki-mayt” , the modeling language’s name comes from a compounding of “ archi tecture” and “ani mate.”

Dark Web Travel Fraudsters Left Hurting From Lockdowns

Dark Reading

Shadow travel businesses that depend on loyalty program fraud have been impacted just like the legitimate travel orgs they prey on

78

Doki Backdoor Infiltrates Docker Servers in the Cloud

Threatpost

The malware is a new payload that uses Dogecoin wallets for its C2, and spreads via the Ngrok botnet. Cloud Security Malware APIs cloud command and control container security DGA Docker Docker Hub dogecoin wallet doki misconfiguration ngrok botnet

Cloud 103

5 Tips for Optimizing Your Company's Cyber-Crisis Preparedness

Dark Reading

Cyber-incident response often addresses short-term needs, but we need to broaden the view of crisis management to be more forward-thinking

67

Critical, High-Severity Cisco Flaws Fixed in Data Center Network Manager

Threatpost

The flaw could allow a remote, unauthenticated attacker to bypass authentication on vulnerable devices. Vulnerabilities Web Security Cisco critical cisco flaw CVE-2020-3382 data center network manager dcnm fix patch REST API Security vulnerability

Ill-Defined Career Paths Hamper Growth for IT Security Pros

Dark Reading

Appsec and cloud security skills are the most in demand, and a shortage of staff is wearing on security teams, a new study shows

Cloud 65

The Governance Gauntlet

AIIM

You’ve been told that your information management project needs governance. Maybe you’ve even formed a governance committee. However, what is governance, anyway?

Poll: Endpoint Extravaganza

Dark Reading

What shape do you expect remote endpoints to be in when they start winging their way back to the office

64

Zoom Flaw Could Have Allowed Hackers To Crack Meeting Passcodes

Threatpost

Zoom has fixed the issue, which stemmed from a lack of checks against incorrect passcode attempts. Vulnerabilities Web Security incorrect passcode check passcode security issue zoom zoom flaw

Browsers to Enforce Shorter Certificate Life Spans: What Businesses Should Know

Dark Reading

Apple, Google, and Mozilla will shorten the life span for TLS certificates in a move poised to aid security but cause operational troubles

Ephesoft Releases New Version of Transact; Touts Time-to-Value of Cloud-based Document Processing Solution

Document Imaging Report

Delivers new way to quickly, efficiently and accurately capture and process high volumes of data, including more than 1,000 global IDs, in the cloud. IRVINE, Calif., July 28, 2020 – Ephesoft, Inc.,

Cloud 56

Black Hat Virtually: An Important Time to Come Together as a Community

Dark Reading

The significance of this year's event hasn't changed a whit. It's an opportunity to share what we've learned, and plan how to protect each other and the public for the remainder of the pandemic and beyond

IT 58

Vermont Taxpayers Warned of Data Leak Over the Past Three Years

Threatpost

A vulnerability in the state’s system may have exposed personal data that can be used for credential theft for those who filed Property Transfer Tax returns online. Breach Hacks Privacy ` Credential Theft data breach online Security tax returns taxpayer data threat actors Vermont vulnerability

Using the Attack Cycle to Up Your Security Game

Dark Reading

Like the universe, the attack surface is always expanding. Here's how to keep up and even get ahead

The Walden Pond Podcast - Keith Laska Shares His Predictions for the Future of Remote Work Post-COVID

Hanzo Learning Center

Anti-fraud expert, The Walden Pond's Vince Walden talks to experts about technology and compliance trends to help professionals have the latest insights to keep their compliance and fraud-detection programs relevant practical and timely. ediscovery Slack collaboration enterprise Slack

Google Adds Security Updates to Chrome Autofill

Dark Reading

Chrome users can retrieve payment card numbers via biometric authentication and use a new "touch-to-fill: feature to log in to accounts

5 Major Differences Between Backup vs Archive

InfoGoTo

Backup vs archive. Two words that are often used interchangeably but have very different meanings. While both technologies support primary data storage, there are key differences between them. Let’s explore the five key differences between backup vs archive technologies.

Assessing Your Data Maps in a Newly Distributed World

Zapproved

Corporate legal departments are reassessing existing data maps as newly distributed teams add remote work technology and virtual access. Here are some tips! Ediscovery Today Legal Operations PREX Summit Series best practices Data management data map data mapping in-house ediscovery PREX

Mimecast Buys MessageControl

Dark Reading

The email security provider brings into its fold social engineering and human identity capabilities

Commemorating the 19th Amendment Centennial

Archives Blogs

Today’s post comes from Debra Steidel Wall, Deputy Archivist of the United States and Commissioner on the Congressional Women’s Suffrage Centennial Commission.

Schrems II Update: German SAs Require Additional Safeguards for U.S. Transfers and Max Schrems Set to Challenge Facebook Data Transfers Again

Hunton Privacy

GDPR 56

CILIP Pathways wins ESFA approval to assess Level 3 apprenticeship standard

CILIP

CILIP Pathways wins ESFA approval to assess Level 3 apprenticeship standard.

How to Create Great CX Using the Full Potential of MDM

Reltio

Improved customer experience (CX) is a key driver in the digital economy, and having optimal multi-domain Master Data Management (MDM) is a core prerequisite for delivering great CX. First, MDM underpins your insights into the following: Customer identity. Customer hierarchies. Customer locations.

MDM 52

Role of Library and Knowledge Specialists in Moving Education and Training Online

CILIP

Role of Library and Knowledge Specialists in Moving Education and Training Online. This is a statement by the Information Literacy Group, a special interest group of the CILIP, the library and information association.