Tue.Sep 17, 2019

IoT and Quantum Computing’s Impact on the Federal Government

Thales eSecurity

As government agencies get back to work after summer barbeques, family vacations and once-in-a-lifetime getaways, the focus is on the priorities for the rest of 2019. Cybersecurity remains one of the top concerns and priorities for our government.

IoT 100

Researchers: Emotet Botnet Is Active Again

Data Breach Today

New Surge in Activity Spotted After Four-Month Absence Emotet, one of the most powerful malware-spreading botnets, is active again after a four-month absence, according to several security researchers who noticed a surge in activity primarily against U.S., and German targets starting on Monday

Man Who Hired Deadly Swatting Gets 15 Months

Krebs on Security

An Ohio teen who recruited a convicted serial “swatter “to fake a distress call that ended in the police shooting an innocent Kansas man in 2017 has been sentenced to 15 months in prison. Image: FBI.gov.

Investigation Launched After Ecuadorian Records Exposed

Data Breach Today

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

The Air Force Will Let Hackers Try to Hijack an Orbiting Satellite

WIRED Threat Level

At the Defcon hacking conference next year, the Air Force will bring a satellite for fun and glory. Security Security / Security News

More Trending

A Password-Exposing Bug Was Purged From LastPass

WIRED Threat Level

Google Project Zero found and reported a flaw in the widely used password manager. Security Security / Cyberattacks and Hacks

NIST Issues Draft Guidance for Securing PACS

Data Breach Today

Tips on Keeping Picture Archiving and Communications Systems Secure New draft guidance from the National Institute of Standards and Technology aims to help healthcare organizations improve the security of picture archiving and communications systems, or PACS

Backup files for Lion Air and parent airlines exposed and exchanged on forums

Security Affairs

Tens of millions of records belonging to passengers of two airline companies owned by Lion Air have been exposed and exchanged on forums. Data belonging to passengers of two airline companies owned by Lion Air have been exposed and exchanged on forums.

IT 114

Using Artificial Intelligence to Combat Card Fraud

Data Breach Today

Artificial intelligence is playing an important role in the fight against payment card fraud, says Gord Jamieson, senior director of Canada risk services at Visa. He'll offer a keynote presentation on the latest fraud trends at Information Security Media Group's Cybersecurity Summit in Toronto Sept 24-25

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

A Brutal Murder, a Wearable Witness, and an Unlikely Suspect

WIRED Threat Level

Karen Navarra was a quiet woman in her sixties who lived alone. She was found beaten to death. The neighbors didn't see anything. But her Fitbit did. Security Security / Privacy Backchannel

Mainframe Security Challenges: An Encroaching Perimeter

Data Breach Today

Even with the uptake of cloud services, many large enterprises still hold data on mainframes, says Philip MacLochlainn of IBM. But the diversity of computing environments around mainframes is rapidly changing, which increases the risk of data breaches, he explains

Banks, Arbitrary Password Restrictions and Why They Don't Matter

Troy Hunt

Allow me to be controversial for a moment: arbitrary password restrictions on banks such as short max lengths and disallowed characters don't matter. Also, allow me to argue with myself for a moment: banks shouldn't have these restrictions in place anyway.

Experts warn of the exposure of thousands of Google Calendars online

Security Affairs

The news is shocking, thousands of Google Calendars are leaking private information posing a severe threat to the privacy of the users. Thousands of Google Calendars are leaking private information online threatening the privacy of the users.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

ISO 27701 unlocks the path to GDPR compliance and better data privacy

IT Governance

We have good news for those looking for help complying with the GDPR (General Data Protection Regulation) : new guidance has been released on how to create effective data privacy controls.

GDPR 87

Experts found 125 new flaws in SOHO routers and NAS devices from multiple vendors

Security Affairs

Researchers discovered many flaws in over a dozen small office/home office (SOHO) routers and network-attached storage (NAS) devices. Security experts have discovered multiple vulnerabilities in over a dozen small office/home office (SOHO) routers and network-attached storage (NAS) devices.

IoT 112

AMD Radeon Graphics Cards Open VMware Workstations to Attack

Threatpost

Bug impacts VMware Workstation 15 running 64-bit versions of Windows 10 as the guest VM. Vulnerabilities AMD Radeon graphics card CVE-2019-5049 memory corruption bug pixel shader vmware VMware Workstation Windows 10

114
114

Skidmap Linux miner leverages kernel-mode rootkits to evade detection

Security Affairs

Trend Micro researchers spotted a piece of Linux cryptocurrency miner, dubbed Skidmap that leverages kernel-mode rootkits to evade the detection. Skidmap is a new piece of crypto-miner detected by Trend Micro that target Linux machines, it uses kernel-mode rootkits to evade the detection.

Trends 109

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

LastPass Fixes Bug That Leaks Credentials

Threatpost

The company has patched a vulnerability that could allow malicious sites unauthorized access to usernames and passwords. Privacy Vulnerabilities chrome browser Google Chrome Google Project Zero insecure password LastPass LastPass patches password manager Tavis Ormandy

Access 113

United States government files civil lawsuit against Edward Snowden

Security Affairs

The United States government sued Edward Snowden , the former CIA employee and NSA contractor, to block payment for his book, Permanent Record.

Cisco Extends Patch for IPv6 DoS Vulnerability

Threatpost

The bug was first found in 2016. Vulnerabilities Cisco CVE-2016-1409 Denial of Service DoS Huawei IPv6 Juniper patch vulnerability

112
112

Australia is confident that China was behind attack on parliament, political parties

Security Affairs

Australia ‘s intelligence is sure that China is behind the cyberattacks that hit its parliament and political parties, but decided to not publicly accuse it.

Cybercriminal's Black Market Pricing Guide

Dark Reading

Common prices criminals pay one other for products and services that fuel the cybercriminal ecosystem

Panda Threat Group Mines for Monero With Updated Payload, Targets

Threatpost

Though harboring unsophisticated payloads, the Panda threat group has updated its tactics - from targets to infrastructure - and successfully mined hundreds of thousands of dollars using cryptomining malware.

Mining 111

Impersonation Fraud Still Effective in Obtaining Code Signatures

Dark Reading

Fraudsters continue to attempt to fool certificate authorities into issuing valid digital certificates for legitimate organizations by impersonating an authoritative user. The reward? The ability to sign code with a legitimate signature

111
111

The hybrid career space between business and technology

OpenText Information Management

Christine Cole is a leader, a food lover and a connector of people. She’s also the Director and Product Suite Owner, Digital Workplace at Allstate Insurance Company of Canada.

Blog 71

Poll Results: Maybe Not Burned Out, But Definitely 'Well-Done'

Dark Reading

Staff shortages and an increasingly challenging job is turning up the heat on security pros, Dark Reading readers say

U.S. government innovates cyber security job fulfillment

Information Management Resources

A number of agencies recently commented on the progress the U.S. government has made in using creative and innovative approaches to hiring individuals for cyber security roles. Cyber security Data security Cyber attacks