Fri.Jan 10, 2020

6 Unique InfoSec Metrics CISOs Should Track in 2020

Dark Reading

You might not find these measurements on a standard cybersecurity department checklist. But they can help evaluate risks you haven't even considered yet

Transforming defense software development with Agile and DevOps

Information Management Resources

Companies are moving away from the traditional waterfall approach and adopting commercial software best practices such as the Agile and DevOps methodologies that are lean, iterative and incremental. Software development Software professionals Software architects

39

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Hackers Increasingly Probe North American Power Grid

Data Breach Today

But Electric Sector, Driven by Regulators, Has Been Adapting, Experts Say Hackers have been increasingly probing the North American power grid for weaknesses, but the industry - driven in part by regulators - is increasingly able to identify and repel attackers, industrial cybersecurity experts say

Alleged Member of Neo-Nazi Swatting Group Charged

Krebs on Security

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Voting Machine Firm CEOs Open to Greater Federal Oversight

Data Breach Today

Congress Wants Security Vulnerabilities Addressed to Thwart Foreign Interference The CEOs of the three largest voting machine manufacturers testified before a U.S.

More Trending

Facebook's FTC Privacy Settlement Challenged in Court

Data Breach Today

Federal Judge Still Considering Objections From Privacy Groups Six months after Facebook agreed to a landmark privacy settlement with the U.S.

CISA warns that Pulse Secure VPN issue CVE-2019-11510 is still exploited

Security Affairs

The US DHS CISA agency is warning organizations that threat actors continue to exploit the CVE-2019-11510 Pulse Secure VPN vulnerability. The U.S.

Georgia Man Charged With Making 'Fake' HIPAA Violation Claims

Data Breach Today

158
158

Albany County Airport authority hit by a ransomware attack

Security Affairs

Officials at the Albany County Airport Authority revealed that New York airport servers were infected with ransomware on Christmas.

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

UK Fines Dixons Carphone for Massive Breach

Data Breach Today

Retailer's Missteps Led to 'Careless Loss of Data,' Privacy Watchdog Says British regulators have fined Dixons Carphone $653,000 for a breach that exposed millions of payment card details and personal data due to point-of-sale malware.

Retail 151

Facebook Says Encrypting Messenger by Default Will Take Years

WIRED Threat Level

Mark Zuckerberg promised default end-to-end encryption throughout Facebook's platforms. Nearly a year later, Messenger's not even close. Security Security / Security News

Analysis: 'Orwellian' Surveillance in 2020

Data Breach Today

The latest edition of the ISMG Security Report discusses "Orwellian" surveillance activity in 2020 via the ToTok app. Also featured: the controversy over enabling law enforcement to circumvent encryption; the cyberattack risks posed by IoT devices

IoT 141

Cable Haunt flaw exposes 200M+ Broadcom-based cable modems at remote hijacking

Security Affairs

A flaw, dubbed Cable Haunt, in Broadcom’s cable modem firmware exposed as many as 200 million home broadband gateways in Europe alone, at risk of remote hijackings.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Analysis: 'Orwellian' Suveillance in 2020

Data Breach Today

The latest edition of the ISMG Security Report discusses "Orwellian" surveillance activity in 2020 via the ToTok app. Also featured: the controversy over enabling law enforcement to circumvent encryption; the cyberattack risks posed by IoT devices

IoT 141

Two MageCart groups competed to steal credit cards data from Perricone MD ‘s European skincare sites

Security Affairs

Two MageCart groups have planted software skimmers on multiple European websites for the Perricone MD anti-aging skincare. Two distinct MageCart groups have compromised multiple European websites for the Perricone MD anti-aging skin-care brand with the intent of stealing customer payment card info.

Sales 75

Reality Check: How Vulnerable Is the Power Grid?

Data Breach Today

Is it possible that a nation-state actor such as Iran could create a cybersecurity incident that compromises the U.S. power grid? Bernie Cowens, most recently CISO at the nation's largest electric utility, says that's unlikely because the power grid is more cybersecure than you might think

Police Surveillance Tools from Special Services Group

Schneier on Security

Special Services Group, a company that sells surveillance tools to the FBI, DEA, ICE, and other US government agencies, has had its secret sales brochure published. Motherboard received the brochure as part of a FOIA request to the Irvine Police Department in California.

FOIA 73

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Quantum-Proof Cryptography: How It Would Work

Data Breach Today

Researchers are attempting to develop new forms of cryptography that could not be cracked by powerful quantum computing devices that are in the works. Divesh Aggarwal, principal investigator at Singapore's Center for Quantum Technologies, describes the efforts

IT 109

Are we there yet?

OpenText Information Management

Everyone who has taken a long road trip with children has heard that incessant question from the back seat: “Are we there yet?” In a customer journey that same question is often asked, but buyers and sellers have different agendas and ideas about what getting “there” means.

Friday Squid Blogging: Stuffed Squid with Vegetables and Pancetta

Schneier on Security

A Croatian recipe. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here. squid

Weekly Update 173

Troy Hunt

I really should have started the video about 3 minutes earlier. Had I done that, you'd have caught me toppling backwards into the frangipani tree whilst trying to position my chair and camera which frankly, would have made for entertaining viewing.

Dixons Carphone hit with £500,000 fine for massive data breach

IT Governance

Dixons Carphone is facing a £500,000 fine from the ICO (Information Commissioner’s Office), following a cyber attack that affected millions of customers.

GDPR 59

Oil-and-Gas APT Pivots to U.S. Power Plants

Threatpost

Researchers say that physically disruptive attacks aren't imminent, but an increased focus on U.S. electrical-grid operators doesn't bode well.

82

7 must-have features for end-to-end data visibility

OpenText Information Management

Have you ever headed out to your car on a cold, winter morning only to find the windshield completely frosted with ice? If you’re in a hurry, you may not scrape all the frost off the windshield or wait long enough for the car’s defroster to fully perform the job.

Cloud 56

Cisco Webex Bug Allows Remote Code Execution

Threatpost

Cisco patched two high-severity flaws this week, in its Webex and IOS XE Software products. Vulnerabilities Web Security Cisco cisco conferencing cisco IOS Cisco IOS XE Software Cisco WebEx cross site forgery request high severity flaw patch vulnerability Webex

IT 82

Unlocking insights trapped in unstructured wine reviews

OpenText Information Management

At this year’s Forrester Data Strategy & Insights conference in Austin, TX, Forrester’s Boris Evelson presented a live technology challenge to OpenText and another vendor in his session, “Best in Class Platforms.”

How China Stole an Entire Airplane via Industry Week

IG Guru

China stands alone in the world in the way it engages in broad-based, pervasive industrial espionage through the use of human sources, cyber-intrusion, and outright theft across a countless number of industries. The post How China Stole an Entire Airplane via Industry Week appeared first on IG GURU.

IT 56

Indian National Pleads Guilty to Multimillion-Dollar Call Center Scam

Dark Reading

The India-based call centers scammed US victims out of millions of dollars between 2013 and 2016

80

Increase Business Asset Visibility and Action With An Information Asset Inventory

Everteam

This week, Everteam hosted a webinar called Conducting an Information Assets Inventory. In this session, we covered the what, how, and why of an information asset inventory process. Below are some key takeaways from the discussion.

ROT 52

Major Brazilian Bank Tests Homomorphic Encryption on Financial Data

Dark Reading

The approach allowed researchers to use machine learning on encrypted data without first decrypting it