Fri.Jun 26, 2020

Payment Card Skimmer Attacks Hit 8 Cities

Data Breach Today

Trend Micro: 5 of the Cities Had Previously Been Victims of Magecart-Style Attacks Eight U.S. cities recently had payment card data stolen via point-of-sale skimming malware on their Click2Gov online payment platforms, according to Trend Micro, which says five of those cities had already been victims of similar Magecart-style attacks in recent years

Sales 177

5 New InfoSec Job Training Trends: What We're Studying During COVID-19

Dark Reading

With the pandemic uprooting networks and upending careers, which security skills are hot -- and which are not

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Attackers Target Vulnerable Exchange Servers

Data Breach Today

Microsoft Urges Patching, Other Mitigation Steps Microsoft is warning its customers that attackers are increasingly targeting unpatched Exchange servers, with a significant uptick in activity since April

IT 158

Developer of DDoS Mirai based botnets sentenced to prison

Security Affairs

A man accused to have developed distributed denial of service (DDoS) botnets based on the Mirai botnet was sentenced to 13 months in federal prison. Kenneth Currin Schuchman, 22, of Vancouver, Washington, was sentenced to 13 months in federal prison because it has developed distributed denial of service (DDoS) botnets based on the source code of Mirai botnet.

IoT 82

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

Hackers Used Malicious Docker Images to Mine Monero

Data Breach Today

Researchers Found Images on Docker Hub That Contained Cryptominers A recently uncovered cryptomining scheme used malicious Docker images to hide cryptocurrency mining code, according to an analysis from Palo Alto Networks' Unit 42

Mining 135

More Trending

Analysis: Keeping IoT Devices Secure

Data Breach Today

This edition of the ISMG Security Report analyzes whether IoT devices will outlive their security updates. Also featured: Why security spending needs to shift further upstream; could banks be custodians of identity

IoT 131

Good Cyber Hygiene in a Post-Pandemic World Starts with Us

Dark Reading

Three ways that security teams can improve processes and collaboration, all while creating the common ground needed to sustain them

Breach Aftermath: Authorities Order Lab to Improve Security

Data Breach Today

LifeLabs' 2019 Breach Exposed Data on 15 Million Canadians Canadian information privacy regulators have ordered medical testing laboratory LifeLabs to improve its data security practices following their investigation of a 2019 breach that exposed the health data of 15 million individuals

Police arrested 32 people while investigating underground economy forum

Security Affairs

German Police have arrested 32 individuals and detained 11 after a series of raids targeting users of an illegal underground economy forum. According to prosecutors in Frankfurt and Bamberg, the German Police have arrested 32 individuals and detained 11 after a series of raids targeting users of the “ crimenetwork.co ” illegal underground economy forum. The operation involved 1,400 agents that raided sites in 15 of 16 states in Germany and in Austria and Poland.

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

You've finally done it: You've won over C-Suite and your DevSecOps team is up and running. You feel ready to take on rising security threats while continuously delivering quality software updates. But how do you monitor your new program? Are you truly able to gauge the state of your projects? To ensure the success of this new breed of a team, you need to know the metrics to look at and how to advocate these metrics to C-Suite and stakeholders. Join Shannon Lietz, Leader and Director of DevsecOps at Intuit, and learn to lead your DevSecOps team to the top.

How Amazon and Walmart Could Fix IoT Security

Data Breach Today

Bruce Schneier Says Pressure on Retailers Could Fix Insecure IoT Supply Chains IoT devices can be made cheaply and quickly. But as a result, they may lack adequate security features. The Atlantic Council is proposing regulations that would require technology retailers to sell devices that meet security standards, which would, in turn, put pressure on IoT component makers

Retail 128

SOC Wins & Losses

Dark Reading

While the security operations center is enjoying a higher profile these days, just one-fourth of security operations centers actually resolve incidents quickly enough

Satori Botnet Co-Creator Sentenced

Data Breach Today

Justice Department Also Unseals Indictments of Alleged Co-Conspirators in DDoS Attacks A man from the state of Washington has been sentenced to 13 months in federal prison for his role in developing the Satori botnet, which was used to conduct several large-scale DDoS attacks. The Justice Department also unsealed indictments naming co-conspirators

123
123

The Unintended Harms of Cybersecurity

Schneier on Security

Interesting research: " Identifying Unintended Harms of Cybersecurity Countermeasures ": Abstract: Well-meaning cybersecurity risk owners will deploy countermeasures (technologies or procedures) to manage risks to their services or systems. In some cases, those countermeasures will produce unintended consequences, which must then be addressed.

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

PCI Council's Efforts to Fight Fraud During COVID-19 Crisis

Data Breach Today

Troy Leach of the PCI Security Standards Council discusses how the shift to card-not-present transactions during the COVID-19 pandemic has created new fraud-fighting challenges and offers an update on pending standards revisions

Five steps to jumpstart your data integration journey

IBM Big Data Hub

As coined by British mathematician Clive Humby, "data is the new oil." Like oil, data is valuable but it must be refined in order to provide value. Organizations need to collect, organize, and analyze their data across multi-cloud, hybrid cloud, and data lakes. Yet traditional ETL tools support only a limited number of delivery styles and involve a significant amount of hand-coding.

An Embattled Group of Leakers Picks Up the WikiLeaks Mantle

WIRED Threat Level

After releasing over a million hacked law enforcement files, DDoSecrets got banned from Twitter. But it has no plans to slow down. Security Security / Security News

IT 71

Crooks hide e-skimmer code in favicon EXIF Metadata

Security Affairs

Malwarebytes experts observed crooks hiding a software skimmer in the EXIF metadata of an image that was surreptitiously loaded by compromised online stores. While investigating a Magecart attack, experts found an e-skimmer code hidden in the EXIF metadata of an image file and surreptitiously loaded by compromised online stores. The malicious script detected by the researchers was loaded from an e-store running the WooCommerce plugin for WordPress.

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Fake Contact Tracing Apps Spreading Malware, Ransomware

Adam Levin

Phony contact-tracing apps meant to mitigate the spread of the Covid-19 pandemic are installing ransomware on mobile devices. One app billed itself, “The Covid-19 Tracer App,” claiming to be an official mobile app of the Canadian government’s coronavirus contact tracing effort. The more Canadians who voluntarily download and use the app, the safer we’ll be, and the faster we can reopen the economy,” stated the scam website.

TikTok To Stop Clipboard Snooping After Apple Privacy Feature Exposes Behavior

Threatpost

App will stop reading users’ device cut-and-paste data after a new banner alert in an Apple update uncovered the activity. Mobile Security Privacy Android apple clipboard cut and paste Data Privacy ios mobile app Mysk tiktok Tommy Mysk vulnerability

How companies can lessen financial impacts through DX and technology

Micro Focus

The ‘new normal’ I’ve been chatting with many colleagues over the last few months as I learn more about digital transformation (DX) and work on DX assets for Micro Focus. We’re all dealing with the pandemic in our own way, and most of us share truths on many common topics: the high demand on toilet. View Article. Digital Transformation COVID-19 DX IDC pandemic

Good Cyber Hygiene in a Pandemic-Driven World Starts with Us

Dark Reading

Three ways that security teams can improve processes and collaboration, all while creating the common ground needed to sustain them

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

The resilient procurement organization

OpenText Information Management

Recently, the world has dramatically changed – including the marketplace for goods and services, up-ending and shifting supply and demand dynamics for procurement professionals. Procurement professionals are masters at cost savings and keeping the wheels of production turning, but supply chain disruption presents big challenges as vendor operations are interrupted and market demand fluctuates. During … The post The resilient procurement organization appeared first on OpenText Blogs.

Do I Need a Data Catalog?

erwin

If you’re serious about a data-driven strategy , you’re going to need a data catalog. Organizations need a data catalog because it enables them to create a seamless way for employees to access and consume data and business assets in an organized manner. Given the value this sort of data-driven insight can provide, the reason organizations need a data catalog should become clearer.

8 U.S. City Websites Targeted in Magecart Attacks

Threatpost

Researchers believe that Click2Gov, municipal payment software, may be at the heart of this most recent government security incident. Web Security card skimmer city websites click2gov Credit Card Theft data breach local government breach magecart

Will telehealth fundamentally change Life Sciences?

OpenText Information Management

Telehealth has come to prominence with the Covid-19 pandemic. A technology area that we’d been talking about for decades suddenly became front and center in healthcare delivery. Telehealth is only going to grow moving forward so what could this mean for the Life Sciences sector? The post Will telehealth fundamentally change Life Sciences? appeared first on OpenText Blogs.

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

The Return of the Mac: CCPA 2.0 Qualifies for California’s November 2020 Ballot and Could Usher In Sweeping Changes to CCPA

Data Matters

The California Privacy Rights Act (CPRA), a proposed initiative to codify far-reaching amendments to the California Consumer Privacy Act (CCPA) and sometimes referred to as “CCPA 2.0”, is back in play and heading to the November 2020 ballot.

10 steps to modern ESI investigations

OpenText Information Management

Modern electronically stored information (ESI) investigations – interrogating a large collection of electronic documents to quickly answer the key questions and locate the critical evidence – are intensely demanding in every sense of the word. Whether minimizing risk or maximizing positive outcomes, optimizing the “time to results” is critical for the success of any investigation. … The post 10 steps to modern ESI investigations appeared first on OpenText Blogs.

Risk 45

Legendary Help: Delivering a home-away-from-home experience every single time

Rocket Software

Although the restaurant industry may be experiencing a shift due to COVID-19, that doesn’t mean that they’ve stopped thinking about how to optimize business. With many restaurants closed or facing changes to how they operate, this makes it an ideal time to reconsider their systems. The world is changing and we may never go back to “normal,” but at Rocket, we’re trying to help customers prepare for the “new normal.”