Fri.Jan 10, 2020

6 Unique InfoSec Metrics CISOs Should Track in 2020

Dark Reading

You might not find these measurements on a standard cybersecurity department checklist. But they can help evaluate risks you haven't even considered yet

Transforming defense software development with Agile and DevOps

Information Management Resources

Companies are moving away from the traditional waterfall approach and adopting commercial software best practices such as the Agile and DevOps methodologies that are lean, iterative and incremental. Software development Software professionals Software architects

35

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Hackers Increasingly Probe North American Power Grid

Data Breach Today

But Electric Sector, Driven by Regulators, Has Been Adapting, Experts Say Hackers have been increasingly probing the North American power grid for weaknesses, but the industry - driven in part by regulators - is increasingly able to identify and repel attackers, industrial cybersecurity experts say

Alleged Member of Neo-Nazi Swatting Group Charged

Krebs on Security

Voting Machine Firm CEOs Open to Greater Federal Oversight

Data Breach Today

Congress Wants Security Vulnerabilities Addressed to Thwart Foreign Interference The CEOs of the three largest voting machine manufacturers testified before a U.S.

AutoAI: Synchronize ModelOps and DevOps to drive digital transformation

IBM Big Data Hub

AutoAI, a feature of IBM Watson Studio, helps application developers and data scientists work in concert to increase yields for model and app investments, and orchestrate ModelOps with DevOps

More Trending

Police Surveillance Tools from Special Services Group

Schneier on Security

Special Services Group, a company that sells surveillance tools to the FBI, DEA, ICE, and other US government agencies, has had its secret sales brochure published. Motherboard received the brochure as part of a FOIA request to the Irvine Police Department in California.

FOIA 82

Georgia Man Charged With Making 'Fake' HIPAA Violation Claims

Data Breach Today

Prosecutors: Defendant Reported Hospital Worker for HIPAA Crimes That Never Happened In a bizarre "whistleblower" case, federal prosecutors have charged a Georgia man in connection with an alleged "intricate scheme" involving falsely reporting that a Savannah hospital worker committed criminal HIPAA violations.

158
158

A Facebook Bug Exposed Anonymous Admins of Pages

WIRED Threat Level

A bad code update allowed anyone to easily reveal which accounts posted to Facebook Pages—including celebrities and politicians—for several hours. . Security Security / Privacy

UK Fines Dixons Carphone for Massive Breach

Data Breach Today

Retailer's Missteps Led to 'Careless Loss of Data,' Privacy Watchdog Says British regulators have fined Dixons Carphone $653,000 for a breach that exposed millions of payment card details and personal data due to point-of-sale malware.

Retail 151

CISA warns that Pulse Secure VPN issue CVE-2019-11510 is still exploited

Security Affairs

The US DHS CISA agency is warning organizations that threat actors continue to exploit the CVE-2019-11510 Pulse Secure VPN vulnerability. The U.S.

Analysis: 'Orwellian' Surveillance in 2020

Data Breach Today

The latest edition of the ISMG Security Report discusses "Orwellian" surveillance activity in 2020 via the ToTok app. Also featured: the controversy over enabling law enforcement to circumvent encryption; the cyberattack risks posed by IoT devices

IoT 141

Albany County Airport authority hit by a ransomware attack

Security Affairs

Officials at the Albany County Airport Authority revealed that New York airport servers were infected with ransomware on Christmas.

Analysis: 'Orwellian' Suveillance in 2020

Data Breach Today

The latest edition of the ISMG Security Report discusses "Orwellian" surveillance activity in 2020 via the ToTok app. Also featured: the controversy over enabling law enforcement to circumvent encryption; the cyberattack risks posed by IoT devices

IoT 141

Major Brazilian Bank Tests Homomorphic Encryption on Financial Data

Dark Reading

The approach allowed researchers to use machine learning on encrypted data without first decrypting it

Reality Check: How Vulnerable Is the Power Grid?

Data Breach Today

Is it possible that a nation-state actor such as Iran could create a cybersecurity incident that compromises the U.S. power grid? Bernie Cowens, most recently CISO at the nation's largest electric utility, says that's unlikely because the power grid is more cybersecure than you might think

Cable Haunt flaw exposes 200M+ Broadcom-based cable modems at remote hijacking

Security Affairs

A flaw, dubbed Cable Haunt, in Broadcom’s cable modem firmware exposed as many as 200 million home broadband gateways in Europe alone, at risk of remote hijackings.

Quantum-Proof Cryptography: How It Would Work

Data Breach Today

Researchers are attempting to develop new forms of cryptography that could not be cracked by powerful quantum computing devices that are in the works. Divesh Aggarwal, principal investigator at Singapore's Center for Quantum Technologies, describes the efforts

IT 109

Indian National Pleads Guilty to Multimillion-Dollar Call Center Scam

Dark Reading

The India-based call centers scammed US victims out of millions of dollars between 2013 and 2016

73

Facebook Says Encrypting Messenger by Default Will Take Years

WIRED Threat Level

Mark Zuckerberg promised default end-to-end encryption throughout Facebook's platforms. Nearly a year later, Messenger's not even close. Security Security / Security News

Two MageCart groups competed to steal credit cards data from Perricone MD ‘s European skincare sites

Security Affairs

Two MageCart groups have planted software skimmers on multiple European websites for the Perricone MD anti-aging skincare. Two distinct MageCart groups have compromised multiple European websites for the Perricone MD anti-aging skin-care brand with the intent of stealing customer payment card info.

Sales 68

Unlocking insights trapped in unstructured wine reviews

OpenText Information Management

At this year’s Forrester Data Strategy & Insights conference in Austin, TX, Forrester’s Boris Evelson presented a live technology challenge to OpenText and another vendor in his session, “Best in Class Platforms.”

Synopsys Buys Tinfoil

Dark Reading

Tinfoil Security's dynamic application and API security testing capabilities will be added to Synopsys Software Integrity Group

Are we there yet?

OpenText Information Management

Everyone who has taken a long road trip with children has heard that incessant question from the back seat: “Are we there yet?” In a customer journey that same question is often asked, but buyers and sellers have different agendas and ideas about what getting “there” means.

5 Tips on How to Build a Strong Security Metrics Framework

Dark Reading

The carpentry maxim "measure twice, cut once" underscores the importance of timely, accurate, and regular metrics to inform security leaders' risk decisions

Risk 57

7 must-have features for end-to-end data visibility

OpenText Information Management

Have you ever headed out to your car on a cold, winter morning only to find the windshield completely frosted with ice? If you’re in a hurry, you may not scrape all the frost off the windshield or wait long enough for the car’s defroster to fully perform the job.

Cloud 56

How China Stole an Entire Airplane via Industry Week

IG Guru

China stands alone in the world in the way it engages in broad-based, pervasive industrial espionage through the use of human sources, cyber-intrusion, and outright theft across a countless number of industries. The post How China Stole an Entire Airplane via Industry Week appeared first on IG GURU.

IT 56

Oil-and-Gas APT Pivots to U.S. Power Plants

Threatpost

Researchers say that physically disruptive attacks aren't imminent, but an increased focus on U.S. electrical-grid operators doesn't bode well.

80

The role of smart Personal Protection Equipment

OpenText Information Management

Health and safety regulations are among the toughest in force worldwide, but in 2018 there were 2.8 million workplace injuries in the U.S. alone that amounted to nearly $60 billion in direct U.S. workers compensation costs.

Dixons Carphone hit with £500,000 fine for massive data breach

IT Governance

Dixons Carphone is facing a £500,000 fine from the ICO (Information Commissioner’s Office), following a cyber attack that affected millions of customers.

GDPR 54

Cisco Webex Bug Allows Remote Code Execution

Threatpost

Cisco patched two high-severity flaws this week, in its Webex and IOS XE Software products. Vulnerabilities Web Security Cisco cisco conferencing cisco IOS Cisco IOS XE Software Cisco WebEx cross site forgery request high severity flaw patch vulnerability Webex

IT 77